I just built a test cluster with 2 MS SQL Server 2014 machines, 1 domain controller, an 1 file share witness. (All of them are Windows2016-based.) The 2 MS SQL Server machines are a WSFC members.
When I created the Always On Availability Group, all steps succeeded except creating a listener.
If I try to repeat adding a listener to this AAG, I receive a message:
Cluster network name resource ‘myaag_mylistener’ failed to create its associated computer object in domain ‘mydomain.lan’ during: Resource online.
The text for the associated error code is: Access is denied.
Please work with your domain administrator to ensure that:
- The cluster identity ‘MYWSFC$ ‘ has Create Computer Objects permissions. By default all computer objects are created in the same container as the cluster identity ‘MYWSFC$ ‘.
- The quota for computer objects has not been reached.
- If there is an existing computer object, verify the Cluster Identity ‘MYWSFC$ ‘ has ‘Full Control’ permission to that computer object using the Active Directory Users and Computers tool.
What I tried:
- Create a computer object: mydomain.lan/Computers/mylistener and give the mydomain\MYWSFC$ "Full control" on it;
- Remove the object mydomain.lan/Computers/mylistener and grant the mydomain\MYWSFC$ account permissions to create computer objects within mydomain.lan/Computers (List contents, Read all properties, Read permissions, Create computer objects);
- In ADSI Edit, DC=mydomain,DC=lan: ms-DS-MachineAccountQuota raised from 10 to 15 (although there are only 5 machine accounts including mylistener$ ).
What could still be wrong?