Cannot join existing Cluster - Access is denied

All, Having a problem joining an existing 2 node cluster. Windows 2K3 SP2..

I recently had a problem and had to reboot node 1 of my 2 node cluster. Upon
reboot the cluster service would not start.

After some troubleshooting i decided to evict node 1 from my cluster, with
the idea of re-adding it once that was completed.

Using the cluster administrator, Add Node Wizard, i assign my hostname of
node 1 and it goes through the feasibility screens with no problem. However,
when it actually tries to add the node to the cluster it fails. I am getting
access is denied errors. Speficially one error that i cannot find any info on
is:

Description
"A problem occured when the wizard attempted to verify if whether this node
can interoperate with the sponsor cluster"

Status
Access is denied

I have verified all the obvious, Cluster service account pwd, member of
local admin, user rights assignments, ect..

I am thinking that NTLMv2 is part of this problem somewhere - but not sure
where.. Before i rebooted node1, it uptime was 228 days..

I have verified that all my NTLMv2 req., NTLM SSP (clients,servers) are
consistent between my Domain controller, node 1 and node 2.

I really need some assistance on this one - plesae advise..

TIA

-Drumgod

Drum on .. .. . . .

Check into the two URLs. No change.

Just to note - i have node 2 up and running. It is currently hosting my
cluster. So i dont think the quorum is corrupt.

Our network is a government network and we are strictly governed by security
settings of the DISA GOLD DISK and RETINA. And since these cluster servers
have not been rebooted in 228 day (until just recently) im sure its one of
the security changes required by either of thoses software package - i just
dont have a clue as to which one..

I have just discovered another sympton. On node 2 (the only working cluster
node) i can access the cluster administration GUI no problem.

On node1, and one of my W2K3 Domain Controllers, i can open the cluster
administration GUI - but once i try to establish a connection to my cluster i
get:

An error occured attempting to open cluster node 'MYCLUSTERNAME'
Access is denied
Error ID: 5(00000005)

Have you tried a /forcecleanup already?

I'm just speculating but I would either figure you might have a corrupt
quorum log or a corrupt clusdb. I'd start with the quorum but here are
some links:

http://support.microsoft.com/?id=245762

http://support.microsoft.com/?id=224999

Very odd...In my domains I can see any cluster from any management
console. Is the domain membership somehow skewed? Is this a DC, how does
the DCDIAG look?

I agree with Ryan, I think this is possibly an issue with your cluster
service account. I would guess that if you re-start the cluster service on
your currently working node, it would then also fail to restart. Any changes
to the cluster service account won't take affect in the cluster until the
cluster service is restarted.

I'd recommend reviewing the following KB and ensure that the permissions and
user rights are assigned properly to your cluster service account:

http://support.microsoft.com/kb/269229

I recommend using the RPCPing utility to verify connectivity between servers,
specifically between the cluster node and the node you're trying to add to
the cluster.

I was also unable to open Cluster Administrator and connect to the cluster
network name, though using a "." worked just fine.

In my case, anonymous RPC access had been restricted, and removing the
restriction resolved my issue.

Getting an 'access is denied' error when trying to connect to the cluster
using Cluster Administrator and the cluster network name, and an getting an
'access denied' result when using RPCPing may indicate restricted RPC access.

Make sure the following registry entries do not exist, and are not being
created by policy:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsNT\RPC
RestrictRemoteClients
EnableAuthEpResolution

Deleting the RPC key fixed my problem.

Dudes ...!!! YES , clearing the RPC reg settings fixed me up . ( I had to do it on the Active node as well as the node to be re-added), and it does seem to need a reBOOT to take effect.

Afer that - I was able to rpcping -s server_name
get response of
Completed 1 calls in 15 ms
66 T/S or 15.000 ms/T

YES !!!!!!!!!!!!!!!

And am now able to launch the cluster administrator from anywhere.

I now have both nodes back in the cluster ( last test is to fail over).

Things that didn't work.
Also - ( I tried removing member from domain and readding)
setting the password to 15 characters ( and setting all services to use it)
and reboothing both notes ( no matter what was not able to add the second node ) until I adjusted this reg entry.
I kept getting can't save , and access errors.

================ Fix was this ============================
on active node
and on member to add.

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win dowsNT\RPC
RestrictRemoteClients ( exported first and then deleted)
EnableAuthEpResolution (exported first then deleted )

rebooted both nodes. ( could now add the second node).

Thanks very much for posting "Rick B" u rock.

cheers.

who can help me to create a server cluster head-tail..? please.

Quote:

---

Originally Posted by ed.edwin

who can help me to create a server cluster head-tail..? please.

---

To create a cluster, follow the below steps:

1.Open Cluster Administrator.

2.In the Open Connection to Cluster dialog box that appears, in Action, select Create new cluster, then click OK.

3.The New Server Cluster Wizard appears. Click Next to continue.

Important
During the cluster creation process (using the Quorum button on the Proposed Cluster Configuration page) you will be able to select a quorum resource type (that is, a Local Quorum resource, Physical Disk or other storage class device resource, or Majority Node Set resource). For information on how these quorum resource types relate to the different cluster models, see "Choosing a cluster model" in Related Topics.

4.Upon completion of the New Server Cluster Wizard, click Finish.