Always-On: Part 2 – Building Failover Cluster with minimum permissions.

In Part-1 we saw how to configure the Domain controller along with the Active Directory, DHCP and DNS and added two other nodes named Node1 and Node2 into the domain (testing.ao in my case)

In this part we will try to configure clusters using a domain account with minimum permissions.

If you are following along no need to do the steps mentioned here, it is for checking the error we get when having insufficient permissions.

I am creating a user named “clustertester” in AD.

AD users and Computers Adding User

In the User Accounts, at both the nodes, add this user and choose “Standard User” as permission.

I have also created a user named “admin” in AD and provided it administrator permission at both the nodes.

So we have three accounts,
1. Clusterbuilder: This is a domain account but not a local admin.
2. Administrator: This is a local account but an admin.
3. Admin: This is a domain account having administrator permission on both the nodes.

Test 1

I have logged in as local admin (Administrator user, I should have chosen a more appropriate named user, my bad) on both the servers and will try installing “Failover Clustering” feature.

Adding Failover Clustering feature

When I tried opening Failover Cluster Manager it prompted the below error and opened the Failover Cluster Manager.

Failed error

Test 2

Once that is done I logged in as Clusterbuilder user on node1 to install failover cluster.

But when I tried adding node it gave the below error.

Insufficient permissions for Create Cluster

So we need the Local Administrator permission by minimum to Create Cluster.

Test 3

We are able to add the Servers in Create Cluster wizard when using a Domain account which has local administrator permission at both the end.

Adding Servers

It will validate the configuration and let it complete, and even let you provide the cluster name.

Adding Cluster name

Everything goes fine but when actually building the cluster begins it fails with the below error.

Errors with local admin account

In the next blog we’ll see how to proceed in building the cluster with minimum permissions to the account creating the cluster.

One thought on “Always-On: Part 2 – Building Failover Cluster with minimum permissions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s