logging on as the cno failed with error 1326

In this blog I would share my learning about fixing error LogonUserExEx fails for user & GetToken - Logging on as the CNO failed with error 1326. 000006ac.00000508::2014/06/02-18:23:51.645 INFO [RCM] Res MOMP-BI-DTC: OnlineCallIssued -> OnlinePending( StateUnknown ) 000006ac.00000d00::2014/06/02-18:23:51.644 INFO [GEM] Node 1: Sending 1 messages as a batched GEM message 00000b9c.00000c70::2014/06/02-18:23:54.298 INFO [RES] Network Name : Using provider IP Address 10.153.9.27, ip address 10.153.9.27, mask 255.255.255.224, prefix length 27 00000b9c.00000b90::2014/06/02-18:23:54.303 INFO [RES] Network Name : Getting Read/Write private properties Security Events: 4625 - An account failed to log on Subject: Node server, Account for which logon failed: CNO Some errors from the cluster log: 2050 - [RES] Network Name: [NNLIB] LogonUserEx fails for user mgclsqldev$: 1326 (useSecondaryPassword: 0) 00000b9c.00000e34::2014/06/02-18:23:51.807 INFO [RES] Network Name : Getting Read only private properties If you have feedback for TechNet Support, contact tnmff@microsoft.com. I have recently deployed 2 node cluster based on Windows Server 2012 R2. 000006ac.00000d00::2014/06/02-18:23:51.923 INFO [RCM] Res MOMP-BI-DTC: [Terminating to Failed] -> Failed( StateUnknown ) container. 00000b9c.00000f54::2014/06/02-18:23:51.920 INFO [RES] Network Name : Getting Read only private properties This may impact the availability of the clustered service or application. 00000b9c.00000f44::2014/06/02-18:23:51.650 INFO [RES] Network Name: Agent: Sending request Netname/InitializeIndirect to NN:Agent Best practices and the latest news on Microsoft FastTrack, The employee experience platform to help people thrive at work, Expand your Azure partner-to-partner network, Bringing IT Pros together through In-Person & Virtual events. {EDED3F30-E2F5-4BF4-B943-EA9083F27678} 11 2010-05-26 11:22:37.146 UTC +120 EAdminUI_84 8.4.2721.0 frmMacroStepEditor RenderMacroStepScript 230 MacroUtilities_84.AFWHelper.ReportAFWError -2147219667 Unable to render parameter libraryname~~~~Unable to set parameter object for ParameterRendererspecifylibraryname with ProgID of MacroAControls_84.peLibraryList~~~~E1008 Failed to logon to CAM. 'Cognos8' or 'namespacename'), Launch IBM Cognos 8 Controller Configuration from the Start Menu, Open the section 'Web Services Server' - 'External data - Framework Manager import', Ensure that the section 'Namespace' is correctly filled in with the value of (for example 'Cognos8' or 'namespacename'), Launch Cognos 8 Controller Configuration from the Start Menu, Ensure that the section 'User id' is correctly filled in (e.g. 00000b9c.00000f54::2014/06/02-18:23:51.661 INFO [RES] Network Name : Configuration: Setting 'StatusKerberos' in clusdb returned status 0 To run Repair, your Domain User account must have Reset Password. There are many causes for this issue, like DNS pointing is not correct, more than 5 minutes time skew between DC, Secure channel issue, Connectivity problem between DC, etc. I would recommend you to delete MSDTC resource and create a new one. 00000b9c.00000b90::2014/06/02-18:23:51.923 INFO [RES] Network Name: Agent: --- 7 modules for instance: af5cd5d2-b4d8-4182-aaf2-543cfaaea290: 000006ac.00000e4c::2014/06/02-18:23:51.644 INFO [RCM-rbtr] giving default token to group MOMP-BI-DTC handle is invalid. 00000b9c.00000440::2014/06/02-18:23:24.482 INFO [RES] Network Name: Agent: ---- Module: Dns with states: Offline/Idle (BeingBorn) The return code was 1008. Right click the OU/Container you want the VCO to reside in and click New -> Computer. In the example below, we are creating the listener object in the Computers container. Please check if the below information is helpful to you: For Event ID 4612 and 1202, there is a name resolution or network connectivity issue. When using Repair on the Cluster Name, it will use the credentials of the currently logged on user and reset the computer objects password. PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME 3140 2824 000006ac.00000e4c::2014/06/02-18:23:51.644 INFO [RCM] TransitionToState(MOMP-BI-DTC) Failed-->OnlineCallIssued. In PlanningErrorLog.csv Essentially I share my business secrets to optimize SQL Server performance. 000006ac.00000508::2014/06/02-18:23:51.921 INFO [RCM] TransitionToState(MOMP-BI-DTC) ProcessingFailure-->[WaitingToTerminate to Failed]. Solution: Check the filesys.ini file on the Cognos planning servers, ensure that they use UNC path to the Cognos planning applications. Save the configuration, and restart the Cognos service. TaskSetSize=0 000006ac.00000508::2014/06/02-18:23:51.657 INFO [NM] Received request from client address fe80::7d50:c223:e832:b6d3. Provide a name for the object (this will be your listener name) and click OK.". Therefore, it is a best practice to edit the permissions of the cluster name account (by using the Active Directory Users and Computers snap-in) to give the administrators of the cluster the 000006ac.00000d78::2014/06/02-18:23:24.482 INFO [RCM] Res MOMP-BI-DTC: [Terminating to Failed] -> Failed( StateUnknown ) VCO is a virtual computer object which is a listener in Always On scenario. Understand the Effect of Fast Logon Optimization and Fast Startup on Group Policy 00000b9c.00000e34::2014/06/02-18:23:51.914 INFO [RES] Network Name : Configuration: InitializeReplyCreation of NetName (type Singleton), result: 6, IsCanceled: false Otherwise it is working fine. 00000b9c.00000f54::2014/06/02-18:23:51.661 INFO [RES] Network Name: Agent: CanModuleBeInitializedImp - Module can be initialized, current state Closing cluster fails to reset CNO password in AD (Network Steve Forum) 00000b9c.00000c70::2014/06/02-18:23:54.296 INFO [RES] Network Name : Performing actual online of resource. 28 November 2022, [{"Product":{"code":"SSEP7J","label":"Cognos Business Intelligence"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"Cognos Connection","Platform":[{"code":"PF033","label":"Windows"}],"Version":"1.1;8.1;8.2","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SSEP7J","label":"Cognos Business Intelligence"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"Install and Config","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SUNSET","label":"PRODUCT REMOVED"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"ReportNet","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}}], How to disable anonymous access to Cognos Connection, Select Security -> Authentication -> Cognos in the explorer tree window, In the Properties window, change the value for Allow Anonymous Access to False, Save the configuration, and restart the Cognos service. 000006ac.00000508::2014/06/02-18:23:51.800 INFO [GEM] Node 1: Sending 1 messages as a batched GEM message Cluster Name Resource not coming ONLINE Some important information these errors tell us: 1 The domain controller where those permissionsare beingchecked. 6. SQL SERVER Steps to Generate Windows Cluster Log? It is working with Planning 10.1.1 RTM on the client machine. Understanding the Repair Active Directory Object Recovery Action It can be found in Failover Cluster Manager (CluAdmin.msc)by right-clicking on the Network Name, selecting More Actions, and then clicking Repair Active Directory Object. 00000b9c.00000f54::2014/06/02-18:23:51.922 INFO [RES] Network Name : Configuration: Closing (PreviousState: Initializing, Created: false, Type: Singleton) 000004f8.00002154::2014/03/18-15:32:06.491 INFO [RCM] rcm::RcmGum::SetDependencies(ag_aglisten) Link : http://technet.microsoft.com/en-us/library/cc731002(WS.10).aspx#BKMK_steps_password. 000006ac.00000634::2014/06/02-18:23:54.294 INFO [RCM] TransitionToState(MOMP-BI-DTC) OnlineCallIssued-->OnlinePending. 00000b9c.00000f54::2014/06/02-18:23:51.661 INFO [RES] Network Name : AccountAD: Initializing Name: MOMP-BI-DTC, NetbiosName: MOMP-BI-DTC, Type: Singleton, Created: false 00000b9c.00000f54::2014/06/02-18:23:51.922 INFO [RES] Network Name: Agent: Closing (9dd9cbb4-4a48-4314-aa0f-366a69e3f75a,AccountAD) Sharing best practices for building any app with .NET. They have restricted the Reset Password permissions on the Cluster Name Object (CNO) for that computer object. Jun 27, 2013 at 1:17 No, i cant be wrong with my username or password. Search results are not available at this time. Reset password permission for the cluster name account. PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME 4244 3968 00000b9c.00000e34::2014/06/02-18:23:51.922 INFO [RES] Network Name : Entering Offline thread 000006ac.00000d78::2014/06/02-18:23:54.294 INFO [GEM] Node 1: Sending 1 messages as a batched GEM message Let me explain the situation and the steps I took to fix the error. the CNO full permission on the default computer OU. Pinal Dave is an SQL Server Performance Tuning Expert and independent consultant with over 21 years of hands-on experience. can New container = false. I have trimmed the cluster logs and kept only interesting messages. Start the Cognos 8 Planning service. Domain Admin user is used for performing this operation. Look Recommended hotfixes and updates for Windows Server 2012-based failover clusters. I have been a lot of times in such issues. (eventid 1196), -Cluster network name resource 'FS01' failed registration of one or more associated DNS name(s) for the following reason:The 00000b9c.00000440::2014/06/02-18:23:54.304 INFO [RES] Network Name: Agent: Sending request Netname/Initialize to NN:9dd9cbb4-4a48-4314-aa0f-366a69e3f75a:AccountAD 000006ac.00000e4c::2014/06/02-18:23:51.644 INFO [RCM] rcm::RcmGroup::UpdateStateIfChanged: (MOMP-BI-DTC, Failed --> Pending) 00000b9c.00000440::2014/06/02-18:23:51.913 INFO [RES] Network Name : Identity: Obtaining Windows Token for Name: MOMP-BI, SamName: MOMP-BI$, Type: Singleton, Result: 1326, LastDC: \\MOMPDC01.manpower.gov.om You were using the cluster for 2 years and the issue started manifesting recently ? 000006ac.00000634::2014/06/02-18:23:54.294 INFO [RCM] Res MOMP-BI-DTC: OnlineCallIssued -> OnlinePending( StateUnknown ) For example in the CreateCluster.mht snippet below you can infer that there was a problem with configuring a Cluster Name Object for the cluster. 00000b9c.00000f54::2014/06/02-18:23:51.802 INFO [RES] Network Name: Agent: Sending request Netname/PasswordChange to NN:9dd9cbb4-4a48-4314-aa0f-366a69e3f75a:Configuration In Menu > View -> check Advanced Features. On the properties window, I have highlighted these messages. 00000b9c.00000440::2014/06/02-18:23:24.482 INFO [RES] Network Name: Agent: ---- Module: Netbios with states: Offline/Idle (BeingBorn) Resolving The Problem. TaskSetSize=0 00000b9c.00000440::2014/06/02-18:23:24.482 INFO [RES] Network Name: Agent: --- 7 modules for instance: af5cd5d2-b4d8-4182-aaf2-543cfaaea290: SQL SERVER - LogonUserExEx Fails for User & GetToken - Logging on as If several clusters are using the same domain account as their Cluster service account, you may receive this error message before you create ten computer objects in a given cluster. Modified date: PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME 3140 2824 000006ac.00000508::2014/06/02-18:23:51.921 INFO [RCM] Res MOMP-BI-DTC: OnlinePending -> ProcessingFailure( StateUnknown ) With Windows Server 2012 , things changed and the Active Directory configuration have to meet the fail over cluster requirements. The thread got ignored apparently after my last reply. etc. The return code was 1008. He holds a Masters of Science degree and numerous database certifications. 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.) 000006ac.00000508::2014/06/02-18:23:54.294 INFO [RCM] Res MOMP-BI-DTC: Failed -> OnlineCallIssued( StateUnknown ) this event in the FailoverClustering-Manager/Admin log actually, it seems the Cluster events view in FCM doesn't contain events from this log. She primarily focuses on the database domain, helping clients build short and long term multi-channel campaigns to drive leads for their sales pipeline. Attempt to create the availability group listener. 00000b9c.00000c70::2014/06/02-18:23:54.300 INFO [RES] Network Name: Agent: Sending request Netname/InitializeIndirect to NN:Agent The return code was 1008. To run Repair, you must have the "Reset Password" permissions to the CNO computer object. 00000b9c.00000f44::2014/06/02-18:23:51.648 INFO [RES] Network Name : Using provider IP Address 10.153.9.27, ip address 10.153.9.27, mask 255.255.255.224, prefix length 27 DCPROMO fails with LDAP bind errors - Tek-Tips CM-REQ-4159 Content Manager returned an error in the response header. 00000b9c.00000440::2014/06/02-18:23:51.838 INFO [RES] Network Name: [NN] Setting crypto access members for decrypt. 00000b9c.00000e34::2014/06/02-18:23:51.921 INFO [RES] Network Name: Agent: OnInitializeReply, Failure on (9dd9cbb4-4a48-4314-aa0f-366a69e3f75a,Configuration): 6 000006ac.00000d78::2014/06/02-18:23:24.482 INFO [RCM] rcm::RcmGroup::UpdateStateIfChanged: (MOMP-BI-DTC, Pending --> Failed) If thepassword is different from what is stored in the cluster database,the cluster service will be unable to logon to the computer object and the Network Name willfail tocome online. 00000b9c.00000b90::2014/06/02-18:23:51.923 INFO [RES] Network Name: Agent: OnCloseReply (9dd9cbb4-4a48-4314-aa0f-366a69e3f75a,AccountAD) result: 0 There are a number of different potential causes for this. Logon aborted.. Cross-reference information. - Go to Cookie Settings section Please try again later or use one of the other support options on this page. 00000b9c.00000440::2014/06/02-18:23:51.800 INFO [RES] Network Name : Configuration: LastDc Changed, configOnly: 1 PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME None\None None\None 4244 3968 Interview Question of the Week #211, How to Disable Batch Mode in SQL Server? I'm sorry, don't remove it, it's a huge mistake. [RES] Network Name : AccountAD: PopulateNetnameADState DCFlags 1073745937 LdapReferralAllowed 0 [RES] Network Name: [NNLIB] FindSuitableDCNew objectName ProdListener, username WinCluster$, firstChoiceDCName \\DC01.domain.com [RES] Network Name: [NNLIB] Found first choice DC that has the object ProdListener DCName \\DC01.domain.com. Error when doing synchronize with Planning Analyst in Cognos Planning Contributor Administrator Console from a macro. 00000b9c.00000f54::2014/06/02-18:23:51.800 INFO [RES] Network Name: Agent: Sending request Netname/LastDcChange to NN:9dd9cbb4-4a48-4314-aa0f-366a69e3f75a:Configuration 00000b9c.00000e34::2014/06/02-18:23:51.836 INFO [RES] Network Name : Identity: Module is not yet initialized. 00000b9c.00000f44::2014/06/02-18:23:51.647 INFO [RES] Network Name : Obtaining IP info for resource IP Address 10.153.9.27 PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME 4244 2604 00000b9c.00000c70::2014/06/02-18:23:54.300 INFO [RES] Network Name: Agent: Initializing (9dd9cbb4-4a48-4314-aa0f-366a69e3f75a,Configuration) As a consequence, its dynamic DNS record is missing and Live Migration doesn't work. by SSWUG Research (Pinal Dave) SQL Always-On feature is so tied to cluster that sometimes you would need to look at various logs to fix a failure. In C8ITK.log 000006ac.00000508::2014/06/02-18:23:24.481 INFO [GEM] Node 1: Sending 1 messages as a batched GEM message 000006ac.00000d78::2014/06/02-18:23:51.919 INFO [GUM] Node 1: executing request locally, gumId:530, my action: /dm/update, # of updates: 1 the cluster computer account itself and to both cluster nodes' computer objects (through a group that both nodes are members of). 00000b9c.00000f54::2014/06/02-18:23:51.914 WARN [RES] Network Name : AccountAD: Slow operation has exception (6)' because of '::ImpersonateLoggedOnUser( GetToken() )' We haven't opened a support ticket with MS about this. 00000b9c.00000440::2014/06/02-18:23:51.849 INFO [RES] Network Name: [NNLIB] LsaCallAuthenticationPackage success with a request of size 96, result size 0 (status: 0, subStatus: 0) Answers 0 Sign in to vote Hi, Thanks for your post. 000006ac.00000508::2014/06/02-18:23:51.800 INFO [GUM] Node 1: executing request locally, gumId:526, my action: /dm/update, # of updates: 1 00000b9c.00000440::2014/06/02-18:23:51.836 INFO [RES] Network Name : Identity: Obtaining new token 000006ac.00000d78::2014/06/02-18:23:24.482 INFO [RCM] HandleMonitorReply: TERMINATERESOURCE for 'MOMP-BI-DTC', gen(19) result 0/0. 000006ac.00000508::2014/06/02-18:23:54.294 INFO [RCM] TransitionToState(MOMP-BI-DTC) Failed-->OnlineCallIssued. "HTTP/1.1 500 Erreur Interne de Servlet". PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME 4244 3968 Start CAC (contributor administration console) and test again your macro. What are the detailed results of that please? Network Access: Error 1326:Logon failure: unknown user name or bad Anyway, the issue is not important to us anymore, as the problematic cluster will be phased out soon and we don't have those issues on 2012R2 clusters (living on the same AD and OUs as the 2012 cluster). I have still had problems even with that configuration since the security is tightened on the parent OUs too. 00000b9c.00000b90::2014/06/02-18:23:51.923 INFO [RES] Network Name: Agent: ---- Module: AccountAD with states: Closing/Ending (BeingBorn) CNO is in custom OU. 0000125c.00000f0c::2014/01/14-21:48:31.533 WARN [RES] Network Name : AccountAD: Slow operation has exception ERROR_ACCESS_DENIED(5)' because of 'status' Fix: 1. Unfortunately no. Here is the Clustering & High-Availability Blog's solution to setting up permissions on the OU: 00000b9c.00000c70::2014/06/02-18:23:54.294 INFO [RES] Network Name : Initializing config info This topic lists the Failover Clustering events from the Windows Server System log (viewable in Event Viewer). 00000b9c.00000b90::2014/06/02-18:23:51.923 INFO [RES] Network Name : Configuration: Finish Closing NetName (type Singleton) Module AccountAD, result 0, remaining 0 (0) 00000b9c.00000f54::2014/06/02-18:23:51.923 INFO [RES] Network Name : Configuration: Closed error 1326 logon failure: unknown user name or bad password 00000b9c.00000440::2014/06/02-18:23:54.301 INFO [RES] Network Name : Configuration: Calling initialize of the configuration implementation In order to confirm that a lack of CNO permissions is responsible for listener creation failure, launch Powershell with elevated privileges and generate the cluster log on the node hosting the availability group primary replica, where you failed to create the listener: Confirm the problem is CNO permissions. Let me explain the situation and the steps I took to fix the error. 00000b9c.00000b90::2014/06/02-18:23:51.923 INFO [RES] Network Name: Agent: ---- Module: Dns with states: Offline/Idle (BeingBorn) Example Open the Active Directory Users and Computers Snap-in (dsa.msc). PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME PLANNINGSERVERNAME\UserName CD\PLANNINGSERVERNAME 3140 2824 000006ac.00000d00::2014/06/02-18:23:51.923 INFO [RCM] rcm::RcmGroup::UpdateStateIfChanged: (MOMP-BI-DTC, Pending --> Failed) If you do it manually it works fine. As said above in the thread, the CNO has FULL permissions Select Security -> Authentication -> Cognos in the explorer tree window. Have you ever opened any PowerPoint deck when you face SQL Server Performance Tuning emergencies? Above message in Planningerrorlog.csv is found when executing the macro. The The CNO is critical because other cluster accounts are created by it. 00000b9c.00000f44::2014/06/02-18:23:51.645 INFO [RES] Network Name : Initializing config info Please open the Contributor Admin Console and reset the Credential Path. " 00000b9c.00000f54::2014/06/02-18:23:51.916 INFO [RES] Network Name : Getting Read/Write private properties Full permission for CNO is already assigned on Custom OU. Did you tried this: Place the CNO and the nodes in a new OU and block the inheritance, GPO update and retest, http://blogs.technet.com/b/askcore/archive/2012/03/27/why-is-the-cno-in-a-failed-state.aspx, - granted Full Access permissions on this OU (with full inheritance) to the CNO and cluster nodes (computer accounts), - moved the CNO and nodes computer accounts to this OU. 00000b9c.00000f44::2014/06/02-18:23:51.921 ERR [RES] Network Name : Online thread Failed: (0)' because of 'Initializing netname configuration for MOMP-BI-DTC failed with error 6.' 00000b9c.00000f54::2014/06/02-18:23:51.815 INFO [RES] Network Name: [NN] Setting crypto access members for decrypt. Error 1326 when you change domain account password in Windows 0000125c.00000f0c::2014/01/14-21:48:31.533 ERR [RES] Network Name: [NNLIB] Binding to This isn't a new cluster, it's been running for about 2 years now, but this problem manifested recently. 00000b9c.00000e34::2014/06/02-18:23:51.922 INFO [RES] Network Name : Performing actual offline of resource. 000006ac.00000508::2014/06/02-18:23:24.482 INFO [RCM] moved 0 tasks from staging set to task set. 000006ac.000008ac::2014/06/02-18:23:24.482 INFO [RCM] ignored non-local state Failed for group MOMP-BI-DTC {EDED3F30-E2F5-4BF4-B943-EA9083F27678} 6 2010-05-26 11:22:37.099 UTC +120 MacroAControls_84 8.4.2721.0 peLibraryList RenderSimpleParameter 120 MacroUtilities_84.AFWHelper.ReportAFWError -2147219667 E1008 Failed to logon to CAM. Are you sure about that? Reference:Pinal Dave (https://blog.sqlauthority.com), First appeared on SQL SERVER LogonUserExEx Fails for User & GetToken Logging on as the CNO Failed With Error 1326, SQL SERVER LogonUserExEx Fails for User & GetToken Logging on as the CNO Failed With Error 1326, INFO [RES] Network Name: [NNLIB] PopulateKerbKDCLookupCache DC flags 0. {EDED3F30-E2F5-4BF4-B943-EA9083F27678} 1 2010-05-26 11:22:37.052 UTC +120 MacroUtilities_84 8.4.2721.0 AFWHelper ReportAFWError 140 MacroUtilities_84.AFWHelper.ReportAFWError -2147219667 E1008 Failed to logon to CAM. The most relevant error is Changing Password for object ProdListener on DC: \\DC01.domain.com result: 5. 00000be0.00001a4c::2014/03/18-15:32:06.492 ERR [RHS] Online for resource ag_aglisten failed. only this one ? Moreover, the functional level of my domain / forest is Windows 2008. Recommended updates for Windows Server 2012-based failover clusters
What Type Of Compound Is Cuso4?, Articles L

logging on as the cno failed with error 1326 2023