Blog Post

Failover Clustering
2 MIN READ

Understanding the Repair Active Directory Object Recovery Action

John Marlin's avatar
John Marlin
Former Employee
Mar 15, 2019
First published on MSDN on Dec 13, 2013   One of the responsibilities of cluster Network Name resource is to rotate the password of the computer object in Active Directory associated with it. ...
Updated Nov 09, 2023
Version 4.0
Active Directory
failover clustering
network name
d1haus's avatar
d1haus
Copper Contributor
Oct 13, 2022

Same Issue here, two times Windows Server 2019 (build 1809) cluster  and one Windows Server 2022 (build 2009) cluster , different domains,

Error 1207 every hour; it works fine till mid september 2022. 

Patches installed since lastPwdSet @ Svr2019 kb5016623, kb2016737, kb5012170

- AD Permissions checked

- Port 464 checked

- add new roles checked

- october patched installed

- ClusterLog -> RotatePassword Exit 5 

 

Update: Oct 17 2022
- Traffic checked with Wireshark

 

I have a little hope that time is not running out till we get it fixed cause:

"Question: If a workstation does not change its password, will it not be allowed to log onto the network?
Answer: Machine account passwords as such do not expire in Active Directory. " see the link below

https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/machine-account-password-process/ba-p/396026

 

Update: Oct 18 2022

- Talked to Microsoft Support - there will be a patch soon. next month they said. AaronB1160 

- disabled GPO for the cluster nodes and objects (MSFT Windows Server 2019/2022 Security Compliance Baseline) to clear the Value "Deny access to this computer from network)

- unfortunatly still errors

 

Update: Nov 17 2022

- Microsoft delivered a private patch to us, it was only for testing purpose on Server 2022 and it worked.

- They are working on a patch for public release.

 

Update: Jan 2 2023

I'v got mail from MS on dec 22, short version: please test KB5020032 (preview)

https://support.microsoft.com/de-de/topic/22-november-2022-kb5020032-betriebssystembuild-20348-1311-vorschau-7ca1be57-3555-4377-9eb1-0e4d714d9c68

 

It was to late, the server 2022 cluster already installed the december patches the same night and the error was gone. (KB5021249)

 

MFisherIT 

We are still waiting for the Server 2019 solution. 

MS wrote: please install KB5021237 and KB5022554

I'll give an update asap.

 

Update: Jan 13 2023

We installed KB5022286 on a Server 2019 Clusters and it looks like the problem is solved.