Monday, August 23, 2010

MS Cluster 2008 vs DTC when the computer object has been manually added

Scenario : You have manually added the computer object (for each Cluster node and the cluster virtual name) on an specific OU on the AD.
You may find these error messages while trying to install MS DTC:

"is already in use in the Active Directory"
"Please work with your domain administrator to ensure that:
The cluster identity 'computername$' can create computer objects. By default all computer objects are created in the 'Computers' container; consult the domain administrator if this location has been changed.
The quota for computer objects has not been reached.
If there is an existing computer object, verify the Cluster Identity 'computername$' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool. "

Solution: The computer object for the virtual cluster name needs to have full access on the new computer object (for the DTC resource) that you add, in this case for the DTC virtual cluster name.

Let's say you have
Node1 ->Manually added
Node2 ->Manually added
ClusterX ->Manually added

And you want to install DTC, for which you need a new cluster name, and you create a new computer object on the AD:
DTC-Cluster ->Manually added

On the security properties for DTC-Cluster add full permissions to ClusterX computer object.


Anonymous said...


You are a life saver!!!

We have been searching high and low for a solution to this problem.


Anonymous said...

again thank you - but pleaase remember that the security TAB is under the 'Advanced' options in ADUC

Anonymous said...

Thank you my friend for sharing this solution. You saved from hours of searching,pain and sadness :))

Sony said...

This saved me a lot of work.

Thanks for sharing

Anonymous said...

Thanks for sharing..

R.K.Nair said...

Thank you . Saved my day. Was struggling to make AD admin understand the permission required.

Post a Comment