Unable To Add Server to DAG Enabled Computer Object With The Given Name Already Exists

As we saw previously, Windows Server 2012 introduced some changes with regards to creating a Database Availability Group (DAG).  For example, you may have encountered this issue Add-DatabaseAvailabilityGroupServer – You Must Provide A Value For This Property.

The issue below is another example where the pre-work to create the underlying DAG computer network object (CNO) was not done fully.

Starting Scenario

The below is an Exchange 2013 CU23 server on Windows Server 2012 R2.   The DAG was created with no issues.

Also note the DAG CNO already exists.

This is shown below.

Note there are 4 Exchange servers in this lab.  We will start by adding server Exch-2 to the DAG.

Note that only the Exchange server objects are present initially, there is no object for the DAG at this time.

Unable to Add Server to DAG

Until we add the first mailbox server to the DAG, there is no underlying cluster.  The DAG is only a logical entity at this time, and resides in AD only.

Adding the first mailbox server to the DAG creates the underlying cluster and will add the Windows Failover Cluster feature if required.

Let's add the first server by running Add-DatabaseAvailabilityGroupServer  as shown below.  Spoiler alert -- it does not end well.

WARNING: The operation wasn't successful because an error was encountered. You may find more details in log file
"C:\ExchangeSetupLogs\DagTasks\dagtask_2020-11-19_18-28-39.870_add-databaseavailabiltygroupserver.log" on "TO-EXCH-2".

A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from
incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API failed: "CreateCluster()
failed with 0x200b. Error: The attribute syntax specified to the directory service is invalid". [Server: TO-Exch-2.tailspintoys.org]

The first thing we need to check is the permissions set to the computer object as we are using Windows Server 2012 R2.

The DAG CNO will have been created as part of the attempt to add the first mailbox server to the DAG.

Permissions to DAG CNO

Go to Active Directory Users & Computers and make sure advance view is enable, then we want to review the permissions on the DAG CNO.

The first server to be added to the DAG is TO-Exch-2 so it's computer object is added the the DAG CNO with Full Control permission. This is shown below. Note that the documentation for adding the permissions is available here.

So now we should be good to go, right?  Well.....

[Add-DatabaseAvailabilityGroupServer -Identity DAG-2013 -MailboxServer TO-Exch-2
WARNING: The operation wasn't successful because an error was encountered. You may find more details in log file
"C:\ExchangeSetupLogs\DagTasks\dagtask_2020-11-19_19-01-53.454_add-databaseavailabiltygroupserver.log" on "TO-EXCH-2".
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: Computer account 'DAG-2013' couldn't be validated by user 'NT AUTHORITY\SYSTEM'. Error: An attempt to use the specified cluster name failed because an enabled computer object with the given name already exists in the domain. 

 

Why? Because an enabled computer object with the given name already exists in the domain.

Let's set that to be disabled.  Right click the DAG computer object and disable it.

Note that the computer object now has the downwards pointing arrow to indicate that it is disabled.

If required, either force AD replication or wait.

Take Two

Now that the CNO is disabled, let's retry the task.

The server was added, and the underlying cluster was successfully created.

Cheers,

Rhoderick