Events are logged in the system event log, and you cannot bring a network resource online by using Cluster Administrator in Windows Server 2003, Enterprise Edition or in Windows 2000 Advanced Server


Symptoms


You cannot bring a network resource online on a computer that is running Microsoft Windows Server 2003, Enterprise Edition or on a computer that is running Microsoft Windows 2000 Advanced Server. Additionally, the following events are logged in the system event log:
Event Type:Warning

Event Source:ClusSvc

Event Category:(19)

Event ID:1119

Date:5/13/2004

Time:10:09:44 AM

Computer:Server Name
Description: The registration of DNS name ServerName.DomainName.com for resource NetworkName over adapter NetworkConnectionName failed for the following reason:



DNS signature failed to verify.




For more information, see Help and Support Center at http://support.microsoft.com.

Data:

0000: 00002338

Event Type:Error

Event Source:ClusSvc

Event Category:(19)

Event ID:1196

Date:5/13/2004

Time:10:09:44 AM

Computer:ServerName
Description: The required registration of the DNS name(s) associated with Cluster resource NetworkName failed for the following reason:



DNS signature failed to verify.





Please check with your network adminstrator for the best recovery action. For more information, see Help and Support Center at http://support.microsoft.com.

Event Type:Error

Event Source:ClusSvc

Event Category:(3)

Event ID:1069

Date:5/13/2004

Time:10:09:44 AM

Computer:ServerName
Description:

Cluster resource ResourceName in Resource Group GroupName failed.



For more information, see Help and Support Center at http://support.microsoft.com.

Cause


This issue may occur if a failure occurs during DNS name registration of the cluster resource.

Resolution


To resolve this issue, fix any problems that are related to DNS name registration. To do this, follow these steps:
  1. Check to make sure the zone properties for dynamic registration allows Secure only updates or Nonsecure and secure updates. To do this, follow these steps:
    1. Log on to the DNS server, and then start the DNS utility. To do this, click Start, click Run, type dnsmgmt.msc, and then click OK.
    2. Under the object for the DNS server that contains the cluster host (A) record, expand Forward Lookup Zones, and then click the forward lookup zone that contains the cluster host record.
    3. Right-click the zone, and then click Properties.
    4. Click the General tab, make sure that one of the following options are selected in the Dynamic updates list, and then click
      OK:
      • Secure only
      • Nonsecure and secure
  2. If DNS is configured for dynamic updates, the Cluster service account must have permission to register records in DNS because network names are registered in DNS by the Cluster service account. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

    302389 Description of the properties of the Cluster Network Name resource in Windows Server 2003

  3. Typically, events that state that "DNS signature failed to verify" are logged when a permission error occurs on the DNS record. This event may be logged if the Cluster service account does not have sufficient permissions in the access control list (ACL) of the DNS record. To resolve this issue, remove and then re-create the DNS record for the cluster. To do this, follow these steps:
    1. Log on to the DNS server, and then start the DNS utility.
    2. Under the object for the DNS server that contains the cluster host (A) record, expand Forward Lookup Zones, and then click the forward lookup zone that contains the cluster host record.
    3. In the right pane, right-click the cluster host record, and then click Delete.
    4. Click Yes to confirm the removal of this record.
    5. Quit the DNS utility.
    6. Log on to the cluster node, and then restart the Cluster service. To do this, click Start, click Run, type services.msc, and then click OK.
    7. In the Services (Local) list, right-click Cluster service, and then click Restart.
    8. Log on to the DNS server, and then make sure that the host record for the cluster has been created successfully. Also, make sure that all nodes use the same Cluster service account.

      Note If you do not see the DNS record for the cluster that is using the DNS utility, use the LDP utility. In this scenario, the ACL may be modified so that you cannot see this record by using the DNS utility. You must use the LDP utility to delete the DNS record for the cluster.

Workaround


To work around this issue, use the Cluster command-line utility to set the "DNS Registration Must Succeed" private property to "Not Required." To do this, follow these steps:
  1. Start Cluster Administrator. To do this, click Start, point to Programs, point to Administrative Tools, and then click Cluster Administrator.
  2. Right-click the corresponding Network Name resource, and then click Take offline.
  3. Open a command prompt on one of the cluster nodes, and then type the following command:
    cluster res "network name resource" /priv requiredns=0
  4. In Cluster Administrator, right-click the cluster resource, and then click Bring Online.

References


For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

235529 Kerberos support on Windows 2000-based server clusters

252764 Cluster service generates additional DNS traffic

259179 Problems registering cluster network names with dynamic DNS

823686 Cluster node does not fail over successfully after you change the Cluster service account