Here is a little background info to help set the stage. An admin changes the permission on the Shared Folder (not the File Share Cluster Resource) that is clustered from Read to Full Control. This works when connecting to the node explicitly but not with the cluster name. So he fails over the resource to the other node and notices that the permissions had reset to Read. This is where I get called in. I’m thinking this is going to be a very easy 30 second fix (which it ended up being…but more on that later). I had the admin explain to me what process was followed to change the permission. Right away I knew that changing the permission on the Shared Folder and not the File Share resource was an issue.
I went into to Cluster Administrator (cluadmin.msc) and went to alter the permissions from Read to Full Control for the group in question and I was presented with the following error:
An error occurred validating the cluster security descriptor
The RPC server is unavailable
Error ID -2147023174 (800706ba)
As most of you know this is a very generic error. In fact if there is one error I can’t stand from Microsoft it is “The RPC server is unavailable” error. After doing some research and testing we found that we couldn’t even add a new Security Principal to the permissions of this cluster. It mentioned that the Computer was not part of the domain. In hind sight I wish I would have got the entire error for you but I forgot to grab the screen cap for that one. The name it was referencing was the clustered name. Well the cluster name is not going to have an Active Directory account so I went to check in DNS and sure enough there was no record for this cluster name in DNS. After adding the record into DNS we were able to immediately change the permission.
There I go again assuming things were set up correctly initially. I really need to break that wall down and start from the very beginning when I’m troubleshooting. Ah the things we take for granted when looking at a problem.