First published on MSDN on Dec 13, 2013
One of the responsibilities of cluster Network Name resource is to rotate the password of the computer object in Active Directory associated with it. ...
Updated Nov 09, 2023
Version 4.0
Blog Post
Repairing may fail, when "Everyone - Read" Permission is missing on CNO and/or Resource Access Point DNS Records:
We noticed that this error is raised, when we tried to "repair" the CNO of a Windows Cluster holding a SQL Server Availability Group:
[Main Instruction]
There was an error repairing the active directory object for 'Cluster Name'.
[Expanded Information]
The specified directory service attribute or value does not exist.
The CNO and SQL Server Availablity Group were pre-Staged in AD. Also DNS Host entries were pre-staged prior creating the cluster. Manually created Host entries do not have an "Everyone Read" permission per design.
As long as these DNS Host records do not have an "Everyone Read" permission the repair might fail.
After adding "Everyone-Read" to the DNS Record of the SQL Listener repairing worked as expected.
If the Resource Access Point is created by SMSS automatically the everyone permission of its DNS Record will not be set automatically. You need to add it manually after creating the listener.
This might be a bug and might be fix by either updating the repair function to use the authenticated user for access DNS or by adding the "everyone read" permission during the SQL Server Availability creation automatically.