I can tell you how many times I have heard about this error. This can appear in any of the situation where SQL needs to create a cluster network name resource in the WSFC Cluster. Here are the two situations I can think of:
- Installing SQL Server Failover Cluster instance.
- Creating listener in the AlwaysOn availability group.
Below is the error which was sent by one of my clients. This appeared while creating listener from management studio.
Here is the text of the message.
The WSFC cluster could not bring the Network Name resource with DNS name ‘<DNS name>’ online. The DNS name may have been taken or have a conflict with existing name services, or the WSFC cluster service may not be running or may be inaccessible. Use a different DNS name to resolve name conflicts, or check the WSFC cluster log for more information.
The attempt to create the network name and IP address for the listener failed. The WSFC service may not be running or may be inaccessible in its current state, or the values provided for the network name and IP address may be incorrect. Check the state of the WSFC cluster and validate the network name and IP address with the network administrator.
Above error can be caused due to many reasons which can cause network name or client access point resource in cluster creation to fail. One of the most common cause would be where the Domain Administrator does not allow the CNO “Read All Properties” and “Create computer Objects” permissions. You might see “Access is denied” in the event log.
Here are the steps, which are also known as prestaging of virtual computer object (VCO) in domain controller.
- If possible, connect to domain controller. Ensure that we are logged in as a user that has permissions to create computer objects in the domain.
- Open the Active Directory Users and Computers Snap-in (dsa.msc).
- In Menu > View -> Advanced Features. (Otherwise, we would not see option explained in next steps)
- Right click the OU/Container where we want the VCO to be created and click “New” -> “Computer”
- Provide a name for the object (This will be your SQL Server Network Name in FCI or Listener Name in AG) and click “OK”:
- Right click on the on the VCO which we just created and select “Properties”. Click the security tab and then click “Add”:
- Enter the CNO (Make sure to select “Computers” option in the “Object Types” window) and click “OK”. The CNO is a Cluster Name Object. This is the name of the Windows Cluster name NOT listener or FCI name.
- Give CNO “Full Control” over the VCO.
If all above steps are followed, we should not get access denied and if we try creating Listener, it should be successful.
What are the other errors you have seen while creating listener?
Reference: Pinal Dave (https://blog.sqlauthority.com)
18 Comments. Leave new
I’ve been working with NUMA and SQL Server. It seems to work work well as a standalone solution. However, I have a client that wishes to use NUMA in a 2016 availability group. For the AG network listener(s), how do you assign the node mask? It is fairly straight forward using SS configuration manager, but clusters and AG do not seem to write their IP address to a registry location that I can find.
I didn’t get the question. Can you please elaborate?
Hi,
I’m also having the same issue with AG creation. I have implemented the above solution and granted CNO permission to MSSQL server service account user and also checked the solution from “http://www.sqlservercentral.com/articles/always+on/145147/”.
But still getting the same error message on AG creation.
Here are the (dummy)details i’m using for MSSQL cluster setup.
windows login: “example.com\lokesh” (granted CNO permission)
MSSQL service account: “example.com\mssql_svc_acc” (grantes CNO permission)
Can you please suggest what else permissions do i need to assign & to which user account?
Also having the same problem on my labs, if I find the solution I would gladly post Here
D.C: Server 2012 R2 + 2 2012 R2 With SQL 2016 Developer for testing purposes
What’s the error you see in event log? Which resource is failing to come online. Network Name or IP Address.
This worked for me thanks.
Great. Thanks for taking time and updating me, Ryan.
I have the same issue. I applied the pre-staging of virtual computer but still getting the message below:
The WSFC cluster could not bring the Network Name resource with DNS name ‘’ online. The DNS name may have been taken or have a conflict with existing name services, or the WSFC cluster service may not be running or may be inaccessible.
any other suggestion would be appreciated. Thanks
That’s DNS error not AD related, which I attempted to fix.
Thanks Pinal,
This post helped to resolve the listener issue promptly.
Regards
Riyaz
Thanks you so much, i’m very fan for this page, always help me when i have problems
Thank you…I followed your steps and was able to get by this error.
I have the same issue, but after give the full control the issue is still exist, can you give me some advice,thank you!
I have attempt to use the way as bellow:
Launch Failover Cluster Manager.
In the Roles pane, right-click the availability group resource and choose Add Resource and then Client Access Point.
Enter a DNS Name and click in the affirmative through the rest of the wizard to create the CAP. The CAP is created, the IP Address resource comes online, but the network name resource fails to come online.
Right-click the Network Name resource, click the General tab and check the DNS Status, it will read “DNS handle is invalid.” but my issue display OK, cannot bring the resource online, so I can’t contnue with this way.
i have created listener but unable to connect ssms with listener name on secondary nodes .please suggest
Thank you Pinal. Your article served its purpose for me to narrow down to the exact issue. Much Appreciated.
Worked for me. Thanks
Worked for me, thank you :)
Thanks. This work for me