How to Troubleshoot Create Cluster Failures

First published on MSDN on May 07, 2012

In this blog, I will outline the steps in order to troubleshoot “Create ” failures with Windows Server 2012 or later Failover Clustering.

Step 1: Run the Cluster Validation Tool

The validation tool runs a suite of tests to verify that your hardware and settings are compatible with failover clustering. The first thing to do when , and something you should do every time you create a cluster is to run the Validate tool. To run cluster validation:

  1. Open the Failover Cluster Manager snap-in (
  2. Select
    Validate Cluster

    Note:   You can also use the Failover Clustering Windows PowerShell® cmdlet,


    , to validate your cluster.
  3. Navigate to
    directory and open the Validation Report .MHT file (.HTM in Win2016)
  4. Review any tests that report as

The validation summary provides a starting point to drill down further into the failure.  For instance, in the example below we can detect an invalid Windows Firewall Configuration.

It is also useful to investigate the warnings flagged by validate. For example, the Configuration test warning below flags a potential cluster creation problem:

Step 2: Analyze the CreateCluster Log

If you cannot successfully create a cluster after all your validation tests are passing, the next step is to examine the CreateCluster.mht file. This file is created during the cluster creation process through the “Create Cluster” wizard in Failover Cluster Manager or the Create-Cluster Failover Clustering Windows PowerShell® cmdlet. The file can be found in the following location:

Note:  In Windows the report is changed from .MHT to .HTM

The admin level logging in the CreateCluster.mht file can help you determine the step at which the cluster creation process failed. For example in the CreateCluster.mht snippet below you can infer that there was a problem with configuring a Cluster Name Object for the cluster.

Step 3: Turn on Cluster API Debug Tracing

If you are unable to pinpoint the root cause of the failure by neither the Validate report nor the Create Cluster log, then verbose debug logging can be enabled. Debug tracing can be turned on with the following steps:

  1. Open Event Viewer (
  2. Click View then “
    Show Analytic and Debug Logs
  3. Browse down to
    Applications and Services Logs Microsoft Windows FailoverClustering-Client Diagnostic

  4. Right-click on
    and select “
    Enable Log
  5. Attempt to create a cluster
  6. Right-click on
    and select “
    Disable Log

    Note: The debug tracing will be generated to the Diagnostic channel and viewable only after you disable logging.
  7. Left-click on Diagnostic to view the logging captured.

The following are examples of events generated to the Diagnostic channel when cluster creation fails when the Cluster Name Object cannot be added to the clusterou container. In this case, the cluster administrator does not have the
Read All Properties
permission on the organizational unit (OU) in .

Step 3b: Turn on Cluster API Event Log Tracing Programmatically

You can also turn on the Cluster API event log tracing programmatically. The debug information obtained will be the same as Step 3 but you are able to set this up using a script. The following are the steps to configure:

  1. Run to start the logging:

    logman start clusapiLogs -p {a82fda5d-745f-409c-b0fe-18ae0678a0e0} -o clusapi.etl -ets
  2. Attempt to create a cluster
  3. Run to stop the logging:

    logman stop clusapiLogs -ets
  4. Run to generate the dump file:

    tracerpt clusapi.etl -of CSV –o c:report.csv
  5. Open the generated Comma Separated Value (CSV) dump file and examine the User Data column for potential issues. Note that the ‘-o' parameter determines where the CSV dump file is generated.

The following are some examples of Cluster API event log traces found for a “create cluster” failure.

CreateCluster: Create cluster test-33 will be using a Read-Write DC


CreateClusterNameCOIfNotExists: Failed to create computer object test-33 on DC with OU ou=clusterou

“CreateCluster: Create cluster failed with exception. Error = 8202

msg: Failed to create cluster name test-33 on DC Error 8202.

Step 4: Generate the Cluster.log file

The cluster log provides verbose logging for the cluster service and allows advanced . The cluster log can be generated even when the cluster creation fails by specifying the node to collect the log on. You can generate the cluster log using the Failover Clustering Windows PowerShell® cmdlet


Get-ClusterLog –Node

Note:  The default verbosity level for the cluster log is 3. This proves to be sufficient for most debugging purposes. However, if this verbosity level is not capturing the data you need, you can increase the verbosity level .  On a Windows PowerShell® console run:

(Get-Cluster).ClusterLogLevel = 5

This generates significant spew so the default level should be restored once the is completed.

The cluster log can be generated in local time using Failover Clustering Windows PowerShell®:

Get-ClusterLog -UseLocalTime

Bonus Tip:

The number one reason for create cluster failures is due to misconfigured permissions in environments resulting in failures while creating the Cluster Name Object (CNO).


“How to Create a Cluster in a Restrictive Active Directory Environment”

“Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory”

Did you really review the links above? Here's a quick test… How would you fix the following “Create Cluster” errors?

1.       An enabled computer account (object) for was found.


1.       Verify that the cluster name you attempting to use for the new cluster is not already being used by a cluster in production. If it is, you should chose another name for the cluster.  In other words you need to ensure that you can take over the computer name with no adverse repurcussions.

2.       On the Domain Controler,  launch the
Active Directory Users and Computers
snap-in (type dsa.msc)

3.       Navigate to the OU you which has the cluster name you are trying to use. In this case you are searching for “Test-8”. You might have to search multiple OUs to find the conflicting cluster name.

4.       Delete the existing Cluster Name Object (CNO), “Test-8” or disable it by right-clicking on the CNO and selecting disable.

2.       You do not have permissions to create a computer account (object) in Active Directory


1.       On the Domain Controler launch the
Active Directory Users and Computers
snap-in (type

2.       On the
menu, make sure that
Advanced Features
is selected

3.       Navigate to the OU you are trying to create your Cluster Name Object (CNO) in. By default this will the same OU as that of the node you are trying to create a cluster from.

4.       Right-click on the OU and select Properties and then the Security tab.

5.       Ensure that the Cluster Administrator has

Create all child objects


6.       Select the



7.       Click


, type the name of the cluster administrator account for the


8.       In the



dialog box, locate the

Create Computer objects


Read All Properties

permissions, and make sure that the


check box is selected for each one.

A final note:

In this blog I have focused on “Create Cluster” failures. However, the same troubleshooting steps can also be used for “Add node” failures (failures encountered while adding a node to a cluster).


Subhasish Bhattacharya

Senior Program Manager

Clustering &



This article was originally published by Microsoft’s Failover Clustering Blog. You can find the original article here.