After a few hours of unsuccessfull Googling and scouring all over the Internet, I have to go back to my good old friend at StackExchange. My problem is associated with a dissfuctional Microsoft Failover Cluster running on a pair of Windows Server 2008 R2 Enterprise Nodes.
In a nutshell: The network Name resource can't be brought online. Every time I try to do that (by right-click the netname and selecting "Bring This Resource Online") I fail. The event Viewer logs this entry:
EventID: 1207
Source: Failover Clustering
Cluster network name resource 'SQL Network Name (DMT-1NETNAME)' cannot be brought online. The computer object associated with the resource could not be updated in domain 'DMTDevOps.com' for the following reason:
Unable to obtain the Primary Cluster Name Identity token.
The text for the associated error code is: An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client.
The cluster identity 'DMT-SQLCLUSTER1$' may lack permissions required to update the object. Please work with your domain administrator to ensure that the cluster identity can update computer objects in the domain.
I looked all over for the EventID and the descriptions found here, and it is not like there is no documentation online on how to fix it, the problem is that the solutions are related to giving the computer object for the service or application certain privileges (which I did) but nothing has changed.
I fully control the domain (it is a test environment) and I'm the only one using it so there is no change that "someone" has unadvertantly changed something (like destroying computer accounts or changing Active Directory to prevent a new computer object from being created (something that was suggested on many blogs related to this error).
When I try to "Validate this cluster" the report shows that there are no errors… so all is good on that front as well. Also computers can connect to the domain just fine.
The only thing that changed since last time this worked is that this nodes are VMS and I used a previous snapshot of them (when the cluster was working just fine). For some reason the trust relationship after loading those snapshots was broken and I had to run netdom resetpwd to make that work again, but other than that, all is exactly the same as it was when the cluster was just fine.
Here is a log that was generated by the cluster, hopefully this sheds some additional light to somebody knowledgeable and willing to help:
Cluster.log. Notice the tail of that log (at 15:54), that's exactly when I attempted to bring the resource (Server Name) online.
All help is appreciated!
Best Answer
I'm answering my own question as, after a few more hours of investigation, I managed to find a fix to it. I will try to document the things I did for anybody else who runs into this same problem.
There were a combination of actions that I did, not entirely sure what fixed it of all this, but I assume is the "Repair Active Directory Object" on Failover Cluster Manager
First I re-composed the computer network accounts for both SQL ClusterNodes (DMT-AClusNode and DMT-BClusNode) in Active Directory by loggin as a local admin and issuing this: netdom resetpwd /s:dmtdevops.com /ud:dmtdevops.com\admnistrator /pd:*
Then I went to the Active Directory Domain Controller (Active Directory Users and Computers) and used the "Delegate Control..." (right click on Domain Name on the left panel) to delegate as much control as possible to both the computer accounts on the nodes (DMT-ACLUSNODE and DMT-BCLUSNODE) and also the computer accounts for the Cluster Name Object (DMT-SQLCLUSTER1) and the Virtual Computer Object (DMT-1NETNAME).
I also made changes in the Group Policy Management (DMTDevOps.com --> Group Policy Objects --> Default Domain Policy --> Right Click --> Edit...) then (Default Domain Policy --> Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Local Policies --> User Right Assignment --> Add Workstations to Domain policy) On that policy I added all the computer accounts that I mentioned on the previous step (DMT-ACLUSNODE, DMT-BCLUSNODE, DMT-SQLCLUSTER1 and DMT-1NETNAME)
Finally (and this is what I believe fixed the problem) I selected "Repair Active Directory Object" on Failover Cluster Manager"