Error during installation of an SQL server Failover Cluster Instance

A common issue I've run into while helping with SQL Server Failover Cluster (FCI) installations is the failure of the Network Name. In the following post I'll discuss a bit of background, the common root cause, and how to resolve it.


The SQL Server Database Engine service is dependent on the Network Name resource. A failure of the Network Name will result in the SQL Server Resource not coming online.

When the Windows Failover Cluster (WFC) is initially configured a Cluster Name object (CNO) will be created. The CNO is visible as a computer object in your Activity Directory Users and Computer snap-in (dsa.msc). By default the CNO will be created in the Computers container and granted specific permissions:


After a successful SQL Server FCI installation you will now see a Virtual Computer Object (VCO) for the SQL Server Network Name:


*Note: After the CNO is created any additional Network Name resource in the cluster is considered a Virtual Computer Object. VCO’s are simply Computer objects in which the CNO has permissions to change the properties or reset the password.


But what if the CNO does not possess the required permissions to create computer objects in the “Computers” container?

It is in the above scenario where we commonly see the following errors during SQL Server FCI installation:


The following error has occurred:

The cluster resource 'SQL Server (SQL2012)' could not be brought online due to an error bringing the dependency resource 'SQL Network Name(VSQL2012)' online. Refer to the Cluster Events in the Failover Cluster Manager for more information.

A user encountering the same issue while installing a pre-SQL Server 2012 version may see:

The cluster resource 'SQL Server (MSSQLSERVER)' could not be brought online.  Error: The resource failed to come online due to the failure of one or more provider resources. (Exception from HRESULT: 0x80071736)

System log:

Cluster network name resource 'SQL Network Name (VSQL2012)' failed to create its associated computer object in domain '' during: Resource online.

The text for the associated error code is: A constraint violation occurred.

Please work with your domain administrator to ensure that:

- The cluster identity 'CLUS2012$' has Create Computer Objects permissions. By default all computer objects are created in the same container as the cluster identity 'CLUS2012$'.

- The quota for computer objects has not been reached.

- If there is an existing computer object, verify the Cluster Identity 'CLUS2012$' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool.

Cluster log:

[RES] Network Name: [NNLIB] Creating object VSQL2012 using ADSI in OU OU=SQL,DC=motox,DC=com on DC: \\, result: 8239

[RES] Network Name: [NNLIB] Failed to create Computer Object VSQL2012 in the Active Directory, error 8239


The common cause of the Network Name resource failure is insufficient permissions. More specifically, the permission "Create Computer Objects" has not been granted to the Cluster Name Object(CNO).

“…when you create a failover cluster and configure clustered services or applications, the failover cluster wizards create the necessary Active Directory computer accounts (also called computer objects) and give them specific permissions. The wizards create a computer account for the cluster itself (this account is also called the cluster name object or CNO) and a computer account for most types of clustered services and applications”

When the SQL Server Network Name is first brought online during the FCI installation process, the CNO identity is used to create the VCO(as long as the VCO doesn’t already exist). If the required permissions are not granted to the CNO, the creation of the VCO will fail and so will your SQL Server FCI installation.

*Note: The Create Computer objects right only applies to Domain Functional Levels above Windows Server 2003. For Windows Server 2003 the required privilege is “Add Workstations to the Domain”.


Option #1

We must grant the permissions "Read all properties" and "Create Computer objects" to the CNO via the container. Here's an example of granting the required permissions for demonstration purposes:

1. Open the Active Directory Users and Computers Snap-in (dsa.msc).

2. Locate “Computers” container:


3. Make sure "Advanced Features" is selected:


4. Open the properties of the container and click the "Security" tab. Click "Add" and add the CNO. Make sure to select “Computers” option in the “Object Types” window:



5. Click "Advanced", highlight the CNO, and click "Edit":


6. Make sure "Read all properties" and "Create Computer objects" are checked. Click OK until you're back to the AD Users and Computer window:


7. Retry your previously failed installation. Note that with SQL Server 2012 there will be a “retry” button.

Option # 2

We can also “Pre-Stage” the VCO, which is useful in situations where the Domain Administrator does not allow the CNO “Read All Properties” and “Create computer Objects” permissions:

1. Ensure that you are logged in as a user that has permissions to create computer objects in the domain.

2. Open the Active Directory Users and Computers Snap-in (dsa.msc).

3. Select View -> Advanced Features.

4. Right click the OU/Container you want the VCO to reside in and click “New” -> “Computer”


5. Provide a name for the object (This will be your SQL Server Network Name) and click “OK”:


6. Right click on the on the VCO you just created and select “Properties”. Click the security tab and then click “Add”:


7. Enter the CNO (Make sure to select “Computers” option in the “Object Types” window) and click “OK”.



8. Highlight the CNO, check the following permissions, and click “OK”.


Allowed To Authenticate

Change Password

Receive As

Reset Password

Send As

Validate write To DNS Host Name

Validate Write To Service Principle Name

Read Account Restrictions

Write Account Restrictions

Read DNS Host Name Attributes

Read MS-TS-GatewayAccess

Read Personal Information

Read Public Information

*Note: You can replace step #8 by giving the CNO “Full Control” over the VCO

9. Install SQL Server and the Network Name resource should start without issue.


Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory

Before Installing Failover Clustering

Add workstations to domain

Troy Moen – Support Escalation Engineer

Comments (20)
  1. Finally!  This will save MANY hours in the future!   Thanks!

  2. Brandon O'Daniel says:

    Awesome!  Thank you so much for posting this!  

  3. Ondo says:

    Thanks for this info, it helped a lot!

    However, why is it like this? Is there not some way how cluster instance can be installed automatically without these help steps?

  4. Kcysiu says:



  5. Luc says:

    Many thanks! This info was a great help.

  6. SQLfrndz says:

    Even after you followed the above steps , if still not resolved, do not cance your installation then try ipconfig /flushdns and run ipconfig /registerdns then it will work.

  7. kristobal says:

    Thank you very much for this article, it saved me from deep frustration

  8. Marc Williams says:

    I had been struggling with this until I found your article, many thanks!!

  9. Edilasio Paulo says:

    Thank you a lot for your support! But I need understand something…The Object CLUS2012, we have to create it?This object appears on your machine automatically or you have used as name as example?

  10. Scott Grow says:

    Thank you so much. I tried Option #1 (no go) I then did Option #2 (It worked Perfect) Thank you again

  11. aridislamzt says:

    Thanks for your excellent article.

  12. Lewis Worley says:

    Wow.  Black magic.  But well described, saved me a rebuild and reinstall.  Thanks!

  13. Khalid Abubacker says:

    You are Awesome!!!!! Thanks very very very much

  14. majid malek says:

    this is such a life saver ! thanks man for sharing this awesome guide
    feeling lucky to find this after few hours struggling this problem

  15. Seyed says:

    Great post.
    Thank you

  16. Arda says:

    Hi, I have a problem about change server name. I received an error (Error Code: 0x8007005) “Cluster network name resource ‘SQL Network Name (OLD_NAME)’ failed to perform a name change operation. The domain controller ‘\\DC…’ where computer object ‘OLD_NAME’ was being renamed, could not be contacted. The error code was ‘5’. Ensure a writeable domain controller is accessible and check for any connectivity issue.” So not change name. What can I do? Thanks.

  17. Great! The second option solved my problem in installation time.

  18. Sam says:

    Restarting the cluster service let the permissions take effect so I could continue my install by pressing ‘retry’


    This blog helped us after 2 days of toiling clueless over the error while we were attempting Always on installation.SQL Server listener was failing to get created with ambigous errors.Further research in cluster logs lead to this error which was fixed by AD admins.Thanks a lot for the information

  20. Winfanity says:

    Thanks for this writeup. Our issue was the name already existed in the domain and the re-installation was using the same name.

    The name was disabled for some reason. It started working after i enabled the accounts.

Comments are closed.

Skip to main content