Article ID: 871236 - View products that this article applies to.
This article describes some of the changes that have been made to Cluster service-related event log messages in Microsoft Windows Server 2003 Service Pack 1 (SP1) and Update Rollup 1 for Microsoft Windows 2000 Service Pack 4 (SP4).
The Cluster service is a service that requires a domain user account.
The server cluster Setup program changes the local security policy for this account by granting a set of user rights to the account. Additionally, this account is made a member of the local Administrators group.
If one or more of these user rights are missing, the Cluster service may stop immediately during startup or later, depending on when the Cluster service requires the particular user right.
In Windows Server 2003 and Windows 2000 Server, you receive notification that a user right that was not granted to the Cluster service account was required for cluster operation. However, this notification does not indicate which required user right is missing.
Windows Server 2003 SP1 and Update Rollup 1 for Windows 2000 SP4 include changes that help resolve this issue. These changes are in the Service Control Manager (SCM) program and in the Cluster service.
Changes to Service Control ManagerThe Cluster service now detects when the Cluster service account is not a member of the local Administrators group. In this scenario, the following error is logged:
Event Source: Service Control Manager
Additionally, the SCM has been modified to detect when the Cluster service account does not have the “Log on as a Service” user right assigned. In this scenario, a new event, Event ID 7041, appears in the system event log. Event ID 7041 appears as follows:
Event Source: Service Control Manager
Changes to the Cluster serviceWhen the Cluster service starts, it now checks the user rights that are granted to the Cluster service account together with the Cluster service account's group membership.
If an incorrect configuration is detected, the Cluster service stops, and an appropriate message is either displayed on the computer or logged in the system event log. In this scenario, the Cluster service starts and continues to run only after the appropriate corrections are made to the Cluster service account. Therefore, the server cluster administrator is quickly alerted that a problem exists with the Cluster service account configuration.
In this scenario, the Cluster service logs Event ID 1234 in the system event log. Event ID 1234 appears as follows:
The Cluster Service Account (CSA) is missing the following required user rights
(privileges) in order to correctly operate:
In Windows Server 2008, the failover cluster does not use a domain user account to run the Cluster service. Instead, the Windows Server 2008 failover cluster logs on by using the Local System account. Therefore, the information in this article does not apply.
C:\WINDOWS\cluster>net start clussvc
The Cluster Service service is starting.
The Cluster Service service could not be started.
A system error has occurred.
System error 1314 has occurred.
A required privilege is not held by the client.
However, if this setting is changed, the Cluster service fails to start. Additionally, you may receive the following error message in the Services management console:
Additionally, an event that resembles the following event is logged in the System log:
Service: Windows could not start the Cluster Service service on Local Computer.
Error 1297: A privilege that the service requires to function properly does not exist in the service account configuration.
Log Name: System
For more information about the rights that are required for a server cluster in Windows 2000 and in Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:
269229For more information about how to configure and secure a server cluster, visit the following Microsoft Web site:
(https://support.microsoft.com/kb/269229/ )How to manually re-create the Cluster service account
Article ID: 871236 - Last Review: April 30, 2008 - Revision: 5.0