Exchangemaster GmbH company logo

Exchangemaster GmbH - A Swiss IT Consultancy
Services
References
Partners
Contact
Getting Started
FAQs
Presentations
Articles
Community
Search
Popular
Tell-a-Friend
Follow Me

Follow exchangemaster on Twitter

Who's Online
We have 84 guests online
Syndicate
FAQ 000114 - Unable to add a second node to a DAG - error 0x80070721 PDF Print E-mail
User Rating: / 12
PoorBest 
Written by Dejan Foro   
May 28, 2013 at 05:06 AM

This article applies to:

Windows Server 2008 R2

Exchange 2010 SP3

 PROBLEM

 

When you try to add a second not to a Database Availability Group via Exchange management console, the following error occurs:

 

A database availability group administrative operation failed. Error: The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API '"AddClusterNode() (MaxPercentage=12) failed with 0x80070721. Error: A security package specific error occurred"' failed. [Server: EXCHANGE03.exchangemasterslab.net]

An Active Manager operation failed. Error An error occurred while attempting a cluster operation. Error: Cluster API '"AddClusterNode() (MaxPercentage=12) failed with 0x80070721. Error: A security package specific error occurred"' failed..

 

 

A security package specific error occurred
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.3.123.3&t=exchgf1&e=ms.exch.err.ExC9C315

Warning:
The operation wasn't successful because an error was encountered. You may find more details in log file "C:\ExchangeSetupLogs\DagTasks\dagtask_2013-05-27_13-34-19.752_add-databaseavailabiltygroupserver.log".


Exchange Management Shell command attempted:
Add-DatabaseAvailabilityGroupServer -MailboxServer 'EXCHANGE04' -Identity 'cluster'


CAUSE

 

An option is set in the Domain Controller Group Policy to deny NTLM Authentication requests.  

The option is found in the  Domain Controller Group Policy under

  Policies

    Windows Settings

       Security Settings

         Local Policies

             Security Options

                 Network Security:Restrict NTLM:NTLM Authentication in this domain - Deny all

 

 

SOLUTION

 

Setting this Option to Disable will remove the restriction and things will begin to work normally.

Do not forget to run gpupdate on the servers if you want the change to be applied immediately.

 

 

 

Last Updated ( May 27, 2013 at 03:55 PM )
<Previous   Next>