cancel
Showing results for 
Search instead for 
Did you mean: 

Failed to update computer account error type 2 error code 0x000522

ash22
Level 3

Service Group appears online on primary node with no problems. Switch to secondary and the following error appears in lanman log:

"Failed to update Computer account in Active directory (error_type:2, error_code:0x00000522" and the LanMan Resource fails to online

hardware/build identical on both cluster nodes. SFW HA v5.1 installed on both nodes. All resources probed successfully. 

Any ideas anyone?

 

......not solved yet!

1 ACCEPTED SOLUTION

Accepted Solutions

Wally_Heim
Level 6
Employee

HI ash22,

 

Error 522 is privilege not held.  Check the privilege of the user account for the HAD Helper service.  You can do this by running the following command:

 

     hadhelper.exe /showconfig

 

If it shows you missing privileges then run this command on all nodes to reconfigure the Had Helper service acocunt:

 

     hadhelper.exe /configure /user:<user_name>

 

Replace <user_name> with the domain/user name of the account that Had Helper service should start with.

 

Thanks,

Wally

 

View solution in original post

6 REPLIES 6

Wally_Heim
Level 6
Employee

HI ash22,

 

Error 522 is privilege not held.  Check the privilege of the user account for the HAD Helper service.  You can do this by running the following command:

 

     hadhelper.exe /showconfig

 

If it shows you missing privileges then run this command on all nodes to reconfigure the Had Helper service acocunt:

 

     hadhelper.exe /configure /user:<user_name>

 

Replace <user_name> with the domain/user name of the account that Had Helper service should start with.

 

Thanks,

Wally

 

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Agree 100% with Wally.

If AD/DNS has been manually updated, you can set 'ADUpdateRequired' to 0. The default is supposed to be 0, but some of the wizards (SQL for one) sets this attribute to 1.

Wally_Heim
Level 6
Employee

The problem with disabling the AD and DNS updates is that certain security methods (such as Kerberos) stops working during failover.   Some normal operations of applications like Exchange and SQL depend on Kerberos security.  If you disable AD and DNS updates then test your application throughly to ensure that it is working as you expect it to.

-Wally

ash22
Level 3

Re-configuring the had helper account on the secondary node was successful (hadhelper /config), but the same errors were generated in Lanman log.

Switching Service Group to primary was successful.  

Re-setting all attributes to "False" on Lanman works fine, and the Service Group comes online on both nodes. 

Extract from Lanman log:

 

2010/09/14 14:21:02 VCS ERROR V-16-10051-3007 Lanman:MDTC_SG-Lanman:online:Failed to update computer Account in Active Directory (error_type:2, error_code:0x0000522)
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:*** Start of debug information dump for troubleshooting ***
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:Listing resource (MDTC_SG-Lanman) attributes:
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:m_VirtualName = MDTC_SG
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:m_IsMultiNet = 0
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:ipAddress = 10.1.77.7, 0x074D010A
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:subnetMask = 255.255.255.240, 0xF0FFFFFF
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:numMultiNet = 0
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:m_IsUpdateDNS = 1
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:m_IsUpdateAD = 1
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:m_IsDNSCritical = 1
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:m_IsADCritical = 1
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:m_ADContainer = OU=Virtual Servers,DC=domain2,DC=local
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:Number of DNS options configured 0
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:Number of additional servers specified = 0
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:m_AliasName is empty
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:m_TsipKeyFile is empty
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:m_Ttl = 0
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:
 
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:(2) CRegKey::Open failed for Software\Veritas\VCS\BundledAgents\Lanman\__Global__.
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:(2) _GetDWORDValue failed. Subkey = Software\Veritas\VCS\BundledAgents\Lanman\__Global__, Name = SkipLSASSPatch
 
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:hadhelper PID = 1532
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:Netbios(NCBASTAT) returned 0x00000005
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:AdapterStatus() returned 2, 0x00000839
 
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:AdapterStatus() returned 2, 0x00000839
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:nb.CheckForDuplicate() returned 2, 0x00000839
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:Netbios(NCBASTAT) returned 0x00000005
 
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:AdapterStatus() returned 2, 0x00000839
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:AdapterStatus() returned 2, 0x00000839
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:nb.CheckForDuplicate() returned 2, 0x00000839
 
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:Querying DNS Entries for MDTC.domain2.local in 10.1.77.2
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:Querying DNS Entries for 7.77.1.10 in-addr.arpa. in 2.77.1.10
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:LsaCallAuthenticationPackage(ii=0, op=1) succeeded but protocolStatus is 0x00000522
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:_PerformCredentialOperation(VCS_LSA_OPERATION_ADD) returned 2, 0x00000522
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:_UpdateNewlyCreatedAccount() returned 2, 0x00000522
 
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:compAcct.Add() returned 2, 0x00000522
 
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:*** End of debug information dump for troubleshooting ***
 
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:*** Start of debug information dump for troubleshooting ***
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:CLanManAgent::Online() returned 2, 0x00000522
2010/09/14 14:21:02 VCS DBG_21 V-16-50-0 Lanman:MDTC_SG-Lanman:online:*** End of debug information dump for troubleshooting ***
2010/09/14 14:21:02 VCS ERROR V-16-10051-3032 Lanman:MDTC_SG-Lanman:online:Attempt to online the Lanman resource has failed. error_type:2, error_code:0x00000522

 

 

 

 

 

Zahid_Haseeb
Moderator
Moderator
Partner    VIP    Accredited

try this

 

http://www.symantec.com/business/support/index?page=content&id=TECH54363

 

http://www.symantec.com/business/support/index?page=content&id=TECH74594

 

Wally_Heim
Level 6
Employee

Hi ash22,

I'm not sure if you have resolved this by now or not.  If not here is a troubleshooting process to help determine where the problem is at.

 

1. Offline the Lanman resource.

2.  Disable the ADUpdateRequired, ADCriticalForOnline, DNSUpdateRequired and DNSCriticalForOnline attributes.

3.  Test online of the Lanman resource - you already tested to this point so this should be Ok for you.

4.  Offline the Lanman resource.

5.  Enable the ADUpdateRequired and ADCriticalForOnline attributes.

6.  Test online of the Lanman resource. 

        If the Lanman onlines then AD updates are not causing your problem.

        If the Lanman does not online then we need to investigate why Lanman can not update AD.

7.  Offline the Lanman resource.

8.  Disable ADUpdateRequired and ADCriticalForOnline attributes.

9.  Enable DNSUpdateRequired and DNSCriticalForOnline attributes.

10.  Test online of the Lanman resource.

        If the Lanman onlines then DNS updates are not causing your problem.

        If the Lanman does not online then we need to investigate why Lanman can not update DNS.

 

Typically, I see DNS updates failing when the HADHelper service account has not been given permission to update DNS.  With a default domain and windows DNS security settings the HADHelper service account should have rights to update DNS with the privileges that HADHelper sets.  However, if addtional securty is set to tighten down DNS updates then addtional privileges/permissions may need be granted to the HADHelper service account.

 

I see AD update issues when the HADHelper service account does not have rights to create or modify the virtual server's Computer Object in AD.

 

Please let me know if you are having problems updating DNS, AD or both.

Thanks,

Wally