"No mapping between account names and security IDs was done" error when adding a node to a SQL Server 2008 Failover Cluster
Content provided by Microsoft
Consider the following scenario:
You configure a Microsoft SQL Server 2008 Failover Cluster by using domain local group option in the "Cluster security policy" dialog box.
After the installation is complete, the domain local groups are dropped and re-created in the Active Directory by having the same name or a different name.
In this scenario, if you try to add a new node to an existing instance, the SQL Server Setup program fails, and you receive the following error message:
SQL Server Setup has encountered the following error:
"No mapping between account names and security IDs was done."
"Error code 0x84BB0001."
The security ID (SID) that was originally assigned to the domain group is no longer valid. Changing the domain groups that are used for SQL Server 2008 Failover cluster installation is not supported. This is because the security configuration information is set by using the SID of the domain groups that are used during the original setup. An example of such security configuration information is an access control list on files and folders that are used by the SQL Server Failover instance. Even though you re-create the domain group by using the same name, the SID will be different. Therefore, the permission set of the original SID is no longer valid.
Note: Domain migration for SQL Server 2008 Failover Cluster instance is also not supported.