DX Application Performance Management

Hi,

I installed SysEDGE, Advanced Encryption and MSCS AIM version 5.7.1 on a 2008 Windows and used nodecfgutil.exe to configure a cluster.

but I got an error:

**** Choose Managed Node ****
1. Microsoft Cluster
0. Go Back to Previous Menu
*******************************
Enter choice: 1

Enter following information for the Microsoft Cluster Node...

(At any point to go back to previous menu, Enter 'CTRL Q')

1. Cluster Name: ************.yyyyyy.zzzz.local
2. User Name: XXXXX\YYYYY
3. Password: ***********

CAAC1016 Authenticating, please wait...

CAAC1018 Credential authentication FAILED !!


Press any key to continue . . .

The password caontains only @ as special character and the user is Domain Admin.

Someone can help me?

Hi,
When specifying the Username: XXXXX\YYYYY
please try the following: Username or Username@DomainName

Example:
**** Choose Managed Node ****
1. Microsoft Cluster
2. Microsoft Exchange Server and Active Directory
0. Go Back to Previous Menu
*******************************
Enter choice: 2
Enter following information for the Microsoft Exchange Server and Active Directory Node...

(At any point to go back to the previous menu, Enter 'CTRL Q').

1. Domain Name: mydomain
2. User Name: administrator
3. Password: ************
4. Management Entity: 0
5. Management Mode: 0

CAAC1016 Authenticating, please wait...
CAAC1018 Credential authentication SUCCESSFUL.'

Hth,
Mohindra

Hi Mohindra,

I got the same error:

**** Choose Managed Node ****
1. Microsoft Cluster
0. Go Back to Previous Menu
*******************************
Enter choice: 1

Enter following information for the Microsoft Cluster Node...

(At any point to go back to previous menu, Enter 'CTRL Q')

1. Cluster Name: abxxetxxxxxxv.yyyy.adfa.local
2. User Name: F530***@DOMAIN
3. Password: ***********

CAAC1016 Authenticating, please wait...

CAAC1018 Credential authentication FAILED !!


Press any key to continue . . .

Hi,
Assuming you have validate this user/password works by logging into the AIM server you are trying to configure, is this server on the same domain as the Cluster server?
Can you try a local admin account located on the cluster?

hth,
Mohindra

Running Spectrum 9.2.3 and systemEDGE 5.7.1

I have been receiving the same error message. The only way I can get it to work is by using an account that has administrative access to the cluster resources but that is not good security practice nor will it pass muster with our auditing.

I have a systemEDGE 5.7.1 with the MSCS AIM on a 2008 R2 server setup as a proxy. We are running 2008 R2 on our MS clusters.

I have a working AD account that we assigned read-only cluster resource access to per MS Technet http://technet.microsoft.com/en-us/library/ee460969.aspx

I have tried logging in with the following formats and get the same error as mentioned in this thread:
1. username
2. username@domain
3. domain\username

All fail with the same error,

I have tried to work with CA support but it turns out support does not have a set of procedures detailing what all needs to be done to setup an account with read-only access properly to work with this feature. I find this perplexing since the cluster management feature had to be tested and I WOULD assume it was not tested with only an admin account...

It was also suggested that I use an account with admin access to the cluster as Spectrum feature is read-only anyways. That is not going to fly with auditing....

diego.ramalho wrote:

Hi Mohindra,

I got the same error:

**** Choose Managed Node ****
1. Microsoft Cluster
0. Go Back to Previous Menu
*******************************
Enter choice: 1

Enter following information for the Microsoft Cluster Node...

(At any point to go back to previous menu, Enter 'CTRL Q')

1. Cluster Name: abxxetxxxxxxv.yyyy.adfa.local
2. User Name: F530***@DOMAIN
3. Password: ***********

CAAC1016 Authenticating, please wait...

CAAC1018 Credential authentication FAILED !!


Press any key to continue . . .

...and yes all the clusters I am trying to work with are on the same domain as the AIM.

:)

Chris,
The AIM is making calls to the cluster using WMI.
The account would need the same rights as Cluster Manager Admin to be able to collect and gather metrics.
I know the documentation is not there on the exact rights but we can find out.

Hth,
Mohindra

Please correct me if I understood you wrong, you are saying that the account that I use to setup the cluster must have admin access to the cluster resources?

Does anyone know what WMI Authentication Level the nodecfgutil.exe is attempting to use when trying to authenticate to the cluster?

Is it one of the following:

Connection
Default
None
Packet
Packet integrity
Packet privacy

Can this Authentication Level that the utility uses be changed to match what is in use on a given clients network?

Thanks
:)

Also, what WMI namespaces is the nodecfgutil.exe trying to connect to?

I assume just MSCluster and CIMV2, are there any others or is that it?


Thanks :)

Is this thread dead? I'm still having this issue and I have done the following testing on a clean test bed of servers freshly installed (2008 R2 SP1) not influenced by any corporate security policies because it is not part of the corp network here.

I have given the cluster monitoring AD account the following permissions:

1. Full DCOM access on the cluster nodes through membership
2. Full WMI access to the Root namespace and subnamespaces.
3. Member of the local Users group of the cluster nodes.

Also this AD account does not have a complex password or special characters. (I only did that to rule that out)

With nodecfgutil.exe I can connet to a cluster successfully if I use an account that is a member of Local Admin group on the cluster nodes. As soon as I use an account not a member of this group, I get the errors stated in this thread. BUT, if I use WMI Object Browser tool from the proxy (same server as nodecfgutil.exe) and remotely connect to the cluster using the same AD account, I can access WMI no problem.

I have turned on WMI Activity trace logs and watched the Windows Security logs and I am not getting any access denied messages (in fact security log shows authentication successful to the cluster node and WMI does not indicate any access issues) when running nodecfgutil.exe yet nodecfgutil.exe returns an access denied everytime.

So my question is, what is nodecfgutil.exe looking at that it believes it needs to return a access denied?