As we saw previously, Windows Server 2012 introduced some changes with regards to creating a Database Availability Group (DAG). For example, you may have encountered this issue Add-DatabaseAvailabilityGroupServer – You Must Provide A Value For This Property.
The issue below is another example where the pre-work to create the underlying DAG computer network object (CNO) was not done fully.
Starting Scenario
The below is an Exchange 2013 CU23 server on Windows Server 2012 R2. The DAG was created with no issues.
Also note the DAG CNO already exists.
This is shown below.
Note there are 4 Exchange servers in this lab. We will start by adding server Exch-2 to the DAG.
Note that only the Exchange server objects are present initially, there is no object for the DAG at this time.
Unable to Add Server to DAG
Until we add the first mailbox server to the DAG, there is no underlying cluster. The DAG is only a logical entity at this time, and resides in AD only.
Adding the first mailbox server to the DAG creates the underlying cluster and will add the Windows Failover Cluster feature if required.
Let's add the first server by running Add-DatabaseAvailabilityGroupServer as shown below. Spoiler alert -- it does not end well.
WARNING: The operation wasn't successful because an error was encountered. You may find more details in log file
"C:\ExchangeSetupLogs\DagTasks\dagtask_2020-11-19_18-28-39.870_add-databaseavailabiltygroupserver.log" on "TO-EXCH-2".
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from
incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API failed: "CreateCluster()
failed with 0x200b. Error: The attribute syntax specified to the directory service is invalid". [Server: TO-Exch-2.tailspintoys.org]
The first thing we need to check is the permissions set to the computer object as we are using Windows Server 2012 R2.
The DAG CNO will have been created as part of the attempt to add the first mailbox server to the DAG.
Permissions to DAG CNO
Go to Active Directory Users & Computers and make sure advance view is enable, then we want to review the permissions on the DAG CNO.
The first server to be added to the DAG is TO-Exch-2 so it's computer object is added the the DAG CNO with Full Control permission. This is shown below. Note that the documentation for adding the permissions is available here.
So now we should be good to go, right? Well.....
[Add-DatabaseAvailabilityGroupServer -Identity DAG-2013 -MailboxServer TO-Exch-2
WARNING: The operation wasn't successful because an error was encountered. You may find more details in log file
"C:\ExchangeSetupLogs\DagTasks\dagtask_2020-11-19_19-01-53.454_add-databaseavailabiltygroupserver.log" on "TO-EXCH-2".
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: Computer account 'DAG-2013' couldn't be validated by user 'NT AUTHORITY\SYSTEM'. Error: An attempt to use the specified cluster name failed because an enabled computer object with the given name already exists in the domain.
Why? Because an enabled computer object with the given name already exists in the domain.
Let's set that to be disabled. Right click the DAG computer object and disable it.
Note that the computer object now has the downwards pointing arrow to indicate that it is disabled.
If required, either force AD replication or wait.
Take Two
Now that the CNO is disabled, let's retry the task.
The server was added, and the underlying cluster was successfully created.
Cheers,
Rhoderick
In my case, cluster was corrupted on problematic server. I follow below steps to resolve.
If you face same problem in Exchange 2019 server:
Clear-ClusterNode -Name XXXXXX (Problematic Server) -Force (PowerShall)
Restart the server
Add-DatabaseAvailabilityGroupServer -Identity "DAG Name" -MailboxServer XXXXXX(Problematic Server)
Server should be added and validate the DAG members and FileShare.