Still can’t create an AAG listener

I just built a test cluster with 2 MS SQL Server 2014 machines, 1 domain controller, an 1 file share witness. (All of them are Windows2016-based.) The 2 MS SQL Server machines are a WSFC members.

When I created the Always On Availability Group, all steps succeeded except creating a listener.

If I try to repeat adding a listener to this AAG, I receive a message:

Cluster network name resource ‘myaag_mylistener’ failed to create its associated computer object in domain ‘mydomain.lan’ during: Resource online.

The text for the associated error code is: Access is denied.

Please work with your domain administrator to ensure that:

  • The cluster identity ‘MYWSFC$ ‘ has Create Computer Objects permissions. By default all computer objects are created in the same container as the cluster identity ‘MYWSFC$ ‘.
  • The quota for computer objects has not been reached.
  • If there is an existing computer object, verify the Cluster Identity ‘MYWSFC$ ‘ has ‘Full Control’ permission to that computer object using the Active Directory Users and Computers tool.

What I tried:

  1. Create a computer object: mydomain.lan/Computers/mylistener and give the mydomain\MYWSFC$ "Full control" on it;
  2. Remove the object mydomain.lan/Computers/mylistener and grant the mydomain\MYWSFC$ account permissions to create computer objects within mydomain.lan/Computers (List contents, Read all properties, Read permissions, Create computer objects);
  3. In ADSI Edit, DC=mydomain,DC=lan: ms-DS-MachineAccountQuota raised from 10 to 15 (although there are only 5 machine accounts including mylistener$ ).

What could still be wrong?