CNO Pre Staging (DAGs)
Hello there,
Recently I had been helping a customer in a migration from Exchange Server 2010 to Exchange Server 2013. All went pretty normal, actually some of the steps were easier than I thought they would be, but there was a tiny little (and very annoying) surprise – the DAG creation kept failing…
Basically I just assumed that all would be good and would be pretty much next, next, finish… And that I’d not need to do nothing manually.
CNO Pre Staging is something that I assumed that would not need to do, however that was the only way to make it work…
Basically I run New-DatabaseAvailabilityGroup and all went well… After that was the time to do start adding members, and when doing it was getting the bellow failure:
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API ‘”CreateCluster() failed with 0×5. Error: Access is denied”‘ failed.. [Server: MBX1.fabrikam.int]
Only way to fix it was either:
- Disable CNO, assign “Full Control” to ETS on the DAG object and remove mailbox server from permissions list on CNO. Add mailbox server to DAG.
- Delete CNO from AD and pre-stage CNO using process described in https://technet.microsoft.com/en-us/library/ff367878(v=exchg.150).aspx. Add mailbox server to DAG.
After that all was good…
Bottom line here is, and after some good email threads with some colleagues, the CNO for a DAG should always be pre staged regardless of Exchange version, Windows version, or AD version. It greatly reduces the failures due to access denied for the many other reasons that can cause access denied.
After running into this, I’ll pre stage regardless of version used from now on, save a lot of headache.
Thanks a million,