Skip to main content

"DNS bad key" on Windows Failover Cluster


I used to see two common errors on the new created Microsoft Failover Cluster. "DNS bad key" and CNO update error.





Cluster network name resource 'Cluster Name' failed registration of one or more associated DNS name(s):

DNS bad key





or





Cluster network name resource failed registration of one or more associated DNS names(s) because the access to update the secure DNS Zone was denied.





The error "DNS bad key" is more often rather than the other error. I did a lot of study on the internet. The issue was fixed after applying the following steps:





  1. Right click the Windows button - Click Run.
  2. Run following command to enter Network Connections.
    ncpa.cpl
  3. Go to Properties of the network adapter that you are using for Microsoft Failover Cluster.
  4. Go to Internet Protocol Version 4 (TCP/IPv4) - Advanced - DNS tab.
  5. Deselect the Register this connection's addresses in DNS.




Screenshot of the key option to fix the issue.




The cluster error events appears in event log in regular frequency. If you want to test it without waiting. You can initiate a core cluster resource failover to test it.





How to move core cluster resource?





Microsoft Cluster Failover - Right click the cluster - More actions - Move Core Cluster Resources.






Popular posts from this blog

Connect-NsxtServer shows "Unable to connect to the remote server"

When you run Connect-NsxtServer in the PowerCLI, it may show "Unable to connect to the remote server".  Because the error message is a little bit confusing with other login issues. It's not easy to troubleshoot. The actual reason is the NSX-T uses a self-signed certificate, and the PowerCLI cannot accept the certificate automatically. The fix is super easy. You need to set the PowerCLI to ignore the invalid certificate with the following command: Set-PowerCLIConfiguration -Scope User -InvalidCertificateAction:Ignore -Confirm:$false

Setup Terraform and Ansible for Windows provisionon CentOS

Provisioning Windows machines with Terraform is easy. Configuring Windows machines with Ansible is also not complex. However, it's a little bit challenging to combine them. The following steps are some ideas about handling a Windows machine from provisioning to post configuration without modifying the winrm configuration on the guest operating system. Install required repos for yum. yum -y install https://repo.ius.io/ius-release-el7.rpm yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum -y install https://packages.endpointdev.com/rhel/7/os/x86_64/endpoint-repo.x86_64.rpm yum -y install epel-release yum -y install yum-utils yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo Install  Terraform . sudo yum -y install terraform Install  Ansible . sudo yum -y install ansible Install  Kerberos . yum -y install gcc python-devel krb5-devel krb5-libs krb5-workstation

How to List All Users in Terraform Cloud

Terraform has a rich API. However, the API documentation does not mention how to list all users. We can leverage the organization membership API and the PowerShell command  Invoke-RestMethod  to get a user list. 1. Create an organization token in Terraform Cloud. 2. Create the token variable ( $Token ) in PowerShell. $Token = "abcde" 3. Create the API parameters variable in PowerShell. $params = @{ Uri = "https://app.terraform.io/api/v2/organizations/ZHENGWU/organization-memberships?page%5Bsize%5D=100" Authentication = "Bearer" Token = $Token ContentType = "application/vnd.api+json" } Note: You need to replace ZHENGWU with your own organization name. And I used 100 at the end of the URI to retrieve the first 100 users. It can be any number.  4. Retrieve the API return and list the user's email address. $Test = Invoke-RestMethod @params $Test.data.attributes.email