http://blogs.technet.com/b/justinturner/archive/2006/12/14/cluster-service-failure-after-ad-lockdown.aspxUsers were unable to connect to their shares. John discovered that the Cluster service wasn't started, and that any attempts to start it resulted in an error 1068. He attempted to ping the virtual server's IP address and it returned a "request timed outen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/justinturner/archive/2006/12/14/cluster-service-failure-after-ad-lockdown.aspx#3145829Sat, 01 Nov 2008 22:59:49 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3145829derekmoore333<p>For one of the two machines the two machines, on which I had already tried to install a MS Cluster. I had to find this fix, in addition to the above to get RPC and Network connections back online. The second node RPC came online without these additional mods.</p> <p><a rel="nofollow" target="_new" href="http://www.eggheadcafe.com/software/aspnet/32648815/2003-server-r2--network.aspx">http://www.eggheadcafe.com/software/aspnet/32648815/2003-server-r2--network.aspx</a></p> <p>1. ON DOMAIN CONTROLLER Group Policy for this SQL CLUSTER, Go to Computer Configuration - Windows Settings - Local Policies – User right Assignment- look for &quot;Bypass traverse checking&quot; Policy and add NETWORK SERVICE.</p> <p>2. ON LOCAL SQL SERVER, Open Windows Explorer and Go to \Windows\Registration folder - go to properties - Security tab -</p> <p>add the following accounts with permissions.</p> <p>a.Administrator - Full rights</p> <p>b.System - Full rights</p> <p>c.everyone - Read / Modify(WRITE) and List</p> <p>Then click &quot;APPLY&quot; and go to &quot;General&quot; tab and click on the &quot;Advance&quot;</p> <p>button. Here click the &quot;Inheritance option&quot; and finally click &quot;OK&quot;</p> <p>3. Open regedit</p> <p>a.go to &quot;My Computer\HKEY_CLASSES_ROOT_\CLSID&quot;. Right click on it and</p> <p>select &quot;Permissions&quot; and add &quot;Authenticated Users&quot; with &quot;Full Permissions&quot;</p> <p>b.Go to &quot;My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services&quot;.</p> <p>Right click and select &quot;Permissions&quot; and add &quot;Network Service&quot; and &quot;Local</p> <p>Service&quot; with &quot;Full Permissions&quot;</p> <p>4.Finally go to &quot;My</p> <p>Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs and set</p> <p>the &quot;ObjectName&quot; to &quot;NT Authority\NetworkService&quot;</p> <p>5.Reboot the promblematic server and check if the issue still exists.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3145829" width="1" height="1">http://blogs.technet.com/b/justinturner/archive/2006/12/14/cluster-service-failure-after-ad-lockdown.aspx#3031745Mon, 07 Apr 2008 18:23:17 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3031745g<p>BRILLIANT! &nbsp;Thanks for the leg work and making me look good to my director!</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3031745" width="1" height="1">http://blogs.technet.com/b/justinturner/archive/2006/12/14/cluster-service-failure-after-ad-lockdown.aspx#2990458Wed, 12 Mar 2008 06:32:09 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2990458Steve Ferrarini<p>Justin,</p> <p> &nbsp; &nbsp;Great information! &nbsp;I almost passed by because of the title, but this was exactly what we needed.</p> <p>Thanks again for the investigative work, and making it available for us to find!</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=2990458" width="1" height="1">http://blogs.technet.com/b/justinturner/archive/2006/12/14/cluster-service-failure-after-ad-lockdown.aspx#2657920Tue, 18 Dec 2007 23:25:35 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2657920Phil Petersen<p>Thanks. Thanks. Thanks. I've been fighting this problem for days and days at one of customers sites (away from home). Thanks for getting me home for the HOLIDAYS.</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=2657920" width="1" height="1">http://blogs.technet.com/b/justinturner/archive/2006/12/14/cluster-service-failure-after-ad-lockdown.aspx#2182941Tue, 16 Oct 2007 16:09:48 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2182941Rich Gautier<p>You just saved me hours of work. &nbsp;Thank you for your breakout of this problem. &nbsp;It affected us during a security patch and reboot session this morning, even though it only affected some of our machines, the advice and underlying reasons were dead on.</p> <p>Thank you very much for sharing this info.</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=2182941" width="1" height="1">http://blogs.technet.com/b/justinturner/archive/2006/12/14/cluster-service-failure-after-ad-lockdown.aspx#2008324Fri, 21 Sep 2007 14:42:19 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2008324Mr Steve<p>We had some issues with 2003 SP1 and the Time Service - after a reinstall of SP1 to fix the issue, we had the COM+ and RPC issue also. &nbsp;In our case, the &quot;Impersonate...&quot; policy was never defined in the DCP. &nbsp;Just performing the final restart now, and i'd just like to take the chance to backup Meir's comment that indeed - Justin - YOU ARE THE MAN!!! &nbsp;:0)</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=2008324" width="1" height="1">http://blogs.technet.com/b/justinturner/archive/2006/12/14/cluster-service-failure-after-ad-lockdown.aspx#1967386Sun, 16 Sep 2007 15:42:38 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1967386Michele Maran<p>Thanks for the greats tips. Problem solved for me during Active Directory upgrade from win2k to win2k3.</p> <p>I remeber that installation of Norton Antivirus Client Server Suite ask me to change impersonate key of domain group policy years old.</p> <p>Thanks a lot</p> <p>Michele Maran from Italy</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=1967386" width="1" height="1">http://blogs.technet.com/b/justinturner/archive/2006/12/14/cluster-service-failure-after-ad-lockdown.aspx#1861863Thu, 30 Aug 2007 19:19:10 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1861863Meir<p>Justin you're the man, you saved my weekend (after foolishly applying a malformed security policy).</p> <p>Your article is really helpful and important.</p> <p>I think the title &quot;Cluster service failure after AD lockdown&quot; is a bit illusive, it doesn't reflect the real context of the problem. it can happen actually on any domain member (SQL server services also failed) </p> <p>Thanks again!</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=1861863" width="1" height="1">http://blogs.technet.com/b/justinturner/archive/2006/12/14/cluster-service-failure-after-ad-lockdown.aspx#1715801Tue, 07 Aug 2007 08:56:34 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1715801JL<p>Just wanted to let you know you saved our bacon with this article. THANKS!</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=1715801" width="1" height="1">http://blogs.technet.com/b/justinturner/archive/2006/12/14/cluster-service-failure-after-ad-lockdown.aspx#1692895Fri, 03 Aug 2007 17:13:40 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1692895Dan Capor<p>Thank you Justin,</p> <p>This problem had plagued our network for a few months. I had only stumbled upon the temportary fix of setting each machine's RPC service to Local System Account, but it was just a bandaid on a gushing wound.</p> <p>Thank you, Thank you, Thank you.</p> <p>~Dan</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=1692895" width="1" height="1">