Adding a node to Cluster - "No mapping between account names and security IDs was done."

  • I get this when I try to add the passive node in a cluster to SQL Server;

    No mapping between account names and security IDs was done.

    Any ideas? I've checked and tried everything I can find in the KB articles, including checking languages and localisation, AD and local group memberships of the domain accounts. SQL is up and running on the active node with no issues. This happens when I run setup on the passive node as the SQL service account with the same media I used on the active node.

    Here's the install log, server names changed to protect the guilty:

    Overall summary:

    Final result: Failed: see details below

    Exit code (Decimal): -2068052377

    Exit facility code: 1212

    Exit error code: 1639

    Exit message: Failed: see details below

    Start time: 2011-09-23 11:35:05

    End time: 2011-09-23 11:40:37

    Requested action: AddNode

    Log with failure: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20110923_113347\sql_engine_core_inst_Cpu64_1.log

    Exception help link: http://go.microsoft.com/fwlink?LinkId=20476&ProdName=Microsoft+SQL+Server&EvtSrc=setup.rll&EvtID=50000&ProdVer=10.50.2500.0

    Cluster properties:

    Machine name: PASSIVE-NODE

    Product Instance Instance ID Feature Language Edition Version Clustered

    Sql Server 2008 R2 Management Tools - Basic 1033 Enterprise Edition 10.51.2500.0 No

    Sql Server 2008 R2 Management Tools - Complete 1033 Enterprise Edition 10.51.2500.0 No

    Sql Server 2008 R2 Client Tools Connectivity 1033 Enterprise Edition 10.51.2500.0 No

    Sql Server 2008 R2 Client Tools Backwards Compatibility 1033 Enterprise Edition 10.51.2500.0 No

    Sql Server 2008 R2 Integration Services 1033 Enterprise Edition 10.51.2500.0 No

    Machine name: ACTIVE-NODE

    Product Instance Instance ID Feature Language Edition Version Clustered

    Sql Server 2008 R2 MSSQLSERVER MSSQL10_50.MSSQLSERVER Database Engine Services Enterprise Edition 10.51.2500.0 Yes

    Sql Server 2008 R2 MSSQLSERVER MSSQL10_50.MSSQLSERVER SQL Server Replication Enterprise Edition 10.51.2500.0 Yes

    Sql Server 2008 R2 MSSQLSERVER MSSQL10_50.MSSQLSERVER Full-Text Search Enterprise Edition 10.51.2500.0 Yes

    Sql Server 2008 R2 Management Tools - Basic 1033 Enterprise Edition 10.51.2500.0 No

    Sql Server 2008 R2 Management Tools - Complete 1033 Enterprise Edition 10.51.2500.0 No

    Sql Server 2008 Integration Services 1033 Enterprise Edition 10.2.4000.0 No

    Machine Properties:

    Machine name: PASSIVE-NODE

    Machine processor count: 24

    OS version: Windows Server 2008 R2

    OS service pack:

    OS region: United States

    OS language: English (United States)

    OS architecture: x64

    Process architecture: 64 Bit

    OS clustered: Yes

    Product features discovered:

    Product Instance Instance ID Feature Language Edition Version Clustered

    Sql Server 2008 R2 Management Tools - Basic 1033 Enterprise Edition 10.51.2500.0 No

    Sql Server 2008 R2 Management Tools - Complete 1033 Enterprise Edition 10.51.2500.0 No

    Sql Server 2008 R2 Client Tools Connectivity 1033 Enterprise Edition 10.51.2500.0 No

    Sql Server 2008 R2 Client Tools Backwards Compatibility 1033 Enterprise Edition 10.51.2500.0 No

    Sql Server 2008 R2 Integration Services 1033 Enterprise Edition 10.51.2500.0 No

    Package properties:

    Description: SQL Server Database Services 2008 R2

    ProductName: SQL Server 2008 R2

    Type: RTM

    Version: 10

    Installation location: C:\Software\SQL2K8_ENT_x64_R2_SP1\x64\setup\

    Installation edition: ENTERPRISE

    Slipstream: True

    SP Level 1

    User Input Settings:

    ACTION: AddNode

    AGTSVCACCOUNT: DOMAIN\Xsql-agent

    AGTSVCPASSWORD: *****

    ASSVCACCOUNT: <empty>

    ASSVCPASSWORD: *****

    CONFIGURATIONFILE: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20110923_113347\ConfigurationFile.ini

    CUSOURCE:

    ENU: True

    FAILOVERCLUSTERGROUP: SQL Server (MSSQLSERVER)

    FAILOVERCLUSTERNETWORKNAME: SQLCLUSTER

    FARMACCOUNT: <empty>

    FARMADMINPORT: 0

    FARMPASSWORD: *****

    FTSVCACCOUNT: NT AUTHORITY\LOCALSERVICE

    FTSVCPASSWORD: *****

    HELP: False

    INDICATEPROGRESS: False

    INSTANCENAME: MSSQLSERVER

    PASSPHRASE: *****

    PCUSOURCE: C:\Software\SQL2K8_ENT_x64_R2_SP1\PCU

    PID: *****

    QUIET: False

    QUIETSIMPLE: False

    SQLSVCACCOUNT: DOMAIN\xsql-server

    SQLSVCPASSWORD: *****

    UIMODE: Normal

    X86: False

    Configuration file: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20110923_113347\ConfigurationFile.ini

    Detailed results:

    Feature: Database Engine Services

    Status: Failed: see logs for details

    MSI status: Passed

    Configuration status: Passed

    Feature: SQL Server Replication

    Status: Failed: see logs for details

    MSI status: Passed

    Configuration status: Passed

    Feature: Full-Text Search

    Status: Failed: see logs for details

    MSI status: Passed

    Configuration status: Passed

    Rules with failures:

    Global rules:

    There are no scenario-specific rules.

    Rules report file: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20110923_113347\SystemConfigurationCheck_Report.htm

  • what messages do the individual logs show?

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

  • Here's a log fragment around the error. I can see that there looks like a missing group sid in AD, or is it a local group it's looking for?

    Detail.log

    2011-09-23 12:15:22 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Microsoft\Microsoft SQL Server to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20110923_121003\Registry_SOFTWARE_Microsoft_Microsoft SQL Server.reg_

    2011-09-23 12:15:22 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20110923_121003\Registry_SOFTWARE_Microsoft_Windows_CurrentVersion_Uninstall.reg_

    2011-09-23 12:15:22 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Microsoft\MSSQLServer to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20110923_121003\Registry_SOFTWARE_Microsoft_MSSQLServer.reg_

    2011-09-23 12:15:23 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Wow6432Node\Microsoft\Microsoft SQL Server to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20110923_121003\Registry_SOFTWARE_Wow6432Node_Microsoft_Microsoft SQL Server.reg_

    2011-09-23 12:15:23 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20110923_121003\Registry_SOFTWARE_Wow6432Node_Microsoft_Windows_CurrentVersion_Uninstall.reg_

    2011-09-23 12:15:23 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Wow6432Node\Microsoft\MSSQLServer to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20110923_121003\Registry_SOFTWARE_Wow6432Node_Microsoft_MSSQLServer.reg_

    2011-09-23 12:15:23 Slp: No mapping between account names and security IDs was done.

    2011-09-23 12:15:23 Slp: Watson bucket for exception based failure has been created

    2011-09-23 12:15:23 SQLEngine: ERROR: Group SID S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582 is invalid.

    2011-09-23 12:15:23 SQLEngine: FulltextConfigurationPrivate.InstallClustered completed

    2011-09-23 12:15:23 SQLEngine: FulltextConfigurationPrivate.Install completed

    2011-09-23 12:15:23 Slp: SlpConfigAction.ExecuteAction(actionId: FulltextConfigAction_install_shutdownnoinstance_Cpu64) completed

    2011-09-23 12:15:23 Slp: Checkpoint: INSTALL:SHUTDOWNNONINSTANCE:SQL_FULLTEXT_ADV

    2011-09-23 12:15:23 Slp: Completed Action: FulltextConfigAction_install_shutdownnoinstance_Cpu64, returned True

    2011-09-23 12:15:23 Slp: Completed Action: PreMsiTimingConfigAction, returned True

    2011-09-23 12:15:23 Slp: ----------------------------------------------------------------------

    sql_engine_core_inst_Cpu64_1

    === Verbose logging started: 23/09/2011 12:15:25 Build type: SHIP UNICODE 5.00.7600.00 Calling process: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x64\setup100.exe ===

    MSI (c) (B4:BC) [12:15:25:438]: Resetting cached policy values

    MSI (c) (B4:BC) [12:15:25:438]: Machine policy value 'Debug' is 0

    MSI (c) (B4:BC) [12:15:25:438]: ******* RunEngine:

    ******* Product: C:\Software\SQL2K8_ENT_x64_R2_SP1\x64\setup\sql_engine_core_inst_msi\sql_engine_core_inst.msi

    ******* Action:

    ******* CommandLine: **********

    MSI (c) (B4:BC) [12:15:25:453]: Client-side and UI is none or basic: Running entire install on the server.

    MSI (c) (B4:BC) [12:15:25:453]: Grabbed execution mutex.

    MSI (c) (B4:BC) [12:15:25:453]: Cloaking enabled.

    MSI (c) (B4:BC) [12:15:25:453]: Attempting to enable all disabled privileges before calling Install on Server

    MSI (c) (B4:BC) [12:15:25:453]: Incrementing counter to disable shutdown. Counter after increment: 0

    MSI (s) (28:40) [12:15:25:453]: Running installation inside multi-package transaction C:\Software\SQL2K8_ENT_x64_R2_SP1\x64\setup\sql_engine_core_inst_msi\sql_engine_core_inst.msi

    MSI (s) (28:40) [12:15:25:453]: Grabbed execution mutex.

    MSI (s) (28:90) [12:15:25:453]: Resetting cached policy values

    MSI (s) (28:90) [12:15:25:453]: Machine policy value 'Debug' is 0

    MSI (s) (28:90) [12:15:25:453]: ******* RunEngine:

    ******* Product: C:\Software\SQL2K8_ENT_x64_R2_SP1\x64\setup\sql_engine_core_inst_msi\sql_engine_core_inst.msi

    ******* Action:

    ******* CommandLine: **********

    MSI (s) (28:90) [12:15:25:453]: Machine policy value 'TransformsSecure' is 1

    MSI (s) (28:90) [12:15:25:453]: Machine policy value 'DisableUserInstalls' is 0

    MSI (s) (28:90) [12:15:25:453]: Specified instance {9FFAE13C-6160-4DD0-A67A-DAC5994F81BD} via transform :InstID02.mst;:InstName01.mst is already installed. MSINEWINSTANCE requires a new instance that is not installed.

    MSI (s) (28:90) [12:15:25:453]: MainEngineThread is returning 1639

    MSI (s) (28:40) [12:15:25:453]: User policy value 'DisableRollback' is 0

    MSI (s) (28:40) [12:15:25:453]: Machine policy value 'DisableRollback' is 0

    MSI (s) (28:40) [12:15:25:453]: Incrementing counter to disable shutdown. Counter after increment: 0

    MSI (s) (28:40) [12:15:25:453]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

    MSI (s) (28:40) [12:15:25:453]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

    MSI (s) (28:40) [12:15:25:453]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2

    MSI (s) (28:40) [12:15:25:453]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2

    MSI (s) (28:40) [12:15:25:453]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1

    MSI (s) (28:40) [12:15:25:453]: Restoring environment variables

    MSI (c) (B4:BC) [12:15:25:453]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1

    MSI (c) (B4:BC) [12:15:25:453]: MainEngineThread is returning 1639

    === Verbose logging stopped: 23/09/2011 12:15:25 ===

    ConfigurationFIle.ini

    ;SQLSERVER2008 Configuration File

    [SQLSERVER2008]

    ; Specifies a Setup work flow, like INSTALL, UNINSTALL, or UPGRADE. This is a required parameter.

    ACTION="AddNode"

    ; Displays the command line parameters usage

    HELP="False"

    ; Specifies that the detailed Setup log should be piped to the console.

    INDICATEPROGRESS="False"

    ; Setup will not display any user interface.

    QUIET="False"

    ; Setup will display progress only without any user interaction.

    QUIETSIMPLE="False"

    ; Specifies that Setup should install into WOW64. This command line argument is not supported on an IA64 or a 32-bit system.

    X86="False"

    ; Detailed help for command line argument ENU has not been defined yet.

    ENU="True"

    ; The directory for the extracted service pack files used to update the setup media.

    PCUSOURCE="C:\Software\SQL2K8_ENT_x64_R2_SP1\PCU"

    ; Parameter that controls the user interface behavior. Valid values are Normal for the full UI, and AutoAdvance for a simplied UI.

    UIMODE="Normal"

    ; Specify a default or named instance. MSSQLSERVER is the default instance for non-Express editions and SQLExpress for Express editions. This parameter is required when installing the SQL Server Database Engine (SQL), Analysis Services (AS), or Reporting Services (RS).

    INSTANCENAME="MSSQLSERVER"

    ; Specifies the name of the cluster group for the SQL Server failover cluster instance.

    FAILOVERCLUSTERGROUP="SQL Server (MSSQLSERVER)"

    ; Specifies the name of the SQL Server failover cluster instance. This name is the network name that is used to connect to SQL Server services.

    FAILOVERCLUSTERNETWORKNAME="SQLCLUSTER"

    ; Agent account name

    AGTSVCACCOUNT="DOMAIN\Xsql-agent"

    ; A port number used to connect to the SharePoint Central Administration web application.

    FARMADMINPORT="0"

    ; Account for SQL Server service: Domain\User or system account.

    SQLSVCACCOUNT="DOMAIN\xsql-server"

    ; Add description of input argument FTSVCACCOUNT

    FTSVCACCOUNT="NT AUTHORITY\LOCALSERVICE"

  • Thanks for taking the time to look BTW.

  • I'm beginning to think I may have to check the AD groups for the service accounts that I used for security on the primary node.

    I'll add the service accounts into AD groups with local admin on both nodes and try again. The accounts have local admin in their own right, but maybe this isn't what it's checking for. There's a chance that it's using a local (node) group created by setup.

  • How do I change the AD Group that I specified as part of the cluster security policy?

  • I'm now looking at a re-install using a slipstreamed sp3.

  • Dr Pliers (9/26/2011)


    How do I change the AD Group that I specified as part of the cluster security policy?

    so you used legacy group security and not Service SID based security?

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

  • I thought I'd used SID security, and I've checked that I'm adding the new node with the same credentials. That's why I thought that the SID mismatch might be something to do with the AD group, but maybe I'm on the wrong track.

    In Create a New SQL Server Failover Cluster (Setup) (Step 16) it talks about being able to use both, as you mention.

    16. Use this page to specify Cluster Security Policy.

    Windows Server 2008 and later versions - Service SIDs (server security IDs) are the recommended and default setting. The option to specify domain groups is available but not recommended. For information about service SIDs functionality on Windows Server 2008, see Setting Up Windows Service Accounts.

    I'm a bit confused though, because Setting Up Windows Service Accounts says

    ...For SQL Server failover clustering installation or SQL Server installation on a domain controller, ACLs will be set for the SQL Server service SID instead of being set for the SQL Server service group, on Windows Vista and Windows Server 2008 operating systems.

    So even if I did select legacy AD group, it'd use ACLs for the service SID anyway. Which should be ok, because I use the same AD account when I setup both nodes.

    Am I right in my original reading of this message? I assume that it's a mismatch between the AD credentials (or their groups) that I've supplied on setup for the 2nd node and the original node.

  • Mike P Barron (9/26/2011)


    I thought I'd used SID security,

    What option did you select during installation?

    Mike P Barron (9/26/2011)


    it talks about being able to use both

    No, you use either not both

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

  • I seem to remember seeing this when I built some machines that were on VMs and the SQL boxes were built from the same base image as the AD controller.. Can you tell us a little about physical and virtual in this arrangement.

    CEWII

  • They're both physical boxes. But you might be onto something here, as they came from a "standard" image. It mightnbe that the sysprep System ID generation didn't work correctly. I'll explore that option.

    Thanks.

  • Both the nodes OS were installed from original media.

    I think I'm going to have to remove the SQL Instance and re-install.

Viewing 13 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic. Login to reply