"Mark Harris" <MarkHarris@discussions.microsoft.com> wrote in message
news:55172FD1-E68F-4F3E-B08D-66ECD992F7EE@microsoft.com...
> Dear all
>
> Firstly, please note that this is PURELY a Clustering / Active Directory
> question and nothing to do with SQL Server ... there just wasn't any other
> clustering newsgroups around!!
>
> Anyway, we have as Server2003 Cluster and i'm trying to setup a group that
> has a Network Name Resource that has the "Kerberos Authentication"
> checkbox
> ticked.
> The point we're at now is that we've Pre-created the AD Computer Object
> (and
> waited until it's fully replicated across the DC's), and out of pure
> frustration, we've made the Cluster Service account a domain administrator
> ... however, when we try to bring the Network Name resource online it
> fails
> and gives the following event-log message -
>
> "The computer account for Cluster resource 'xxxxx Network Name' in domain
> lala.poe.com could not be created for the following reason: Unable to
> create
> computer account.
>
> The text for the associated error code is: The account already exists.
>
> The Cluster Service Account may lack the proper access rights to Active
> Directory. The domain administrator should be contacted to assist with
> resolving this issue."
>
> As a domain admin, the cluster service account has more than enough rights
> to "Hijack" the existing computer object (to which it also has a "FUll
> Control" ACL), so we're a bit confused as to why it's trying to create a
> new
> one!???
>
> The site where the Clust er is based does have multiple DC's and we're
> wondering if this is part of the issue ??
> We've already tried everything is THIS article :
>
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/clustering/srclscbp.mspx >
> ... and are now at something of a loss as to what to do to get it working
> correctly!
>
> HELP!!
>
> Cheers
>
>
> Mark
