May 29, 2018 at 3:03 am
This is a two (2) nodes Windows Failover Cluster on MS Azure cloud with a SQL Server 2014 Always-On Availability Group running on it. We need to insert 3rd node in the Failover Cluster (and the Always-On AG). When trying to insert new node (using Failover Cluster Manager on one of the existing nodes), I get this error message: "KEYSET DOES NOT EXIST". I have read some posts that this is related to permissions on directory "C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\" and its contents and I have followed advice to modify these permissions - but this did not solve the problem.
Has anyone seen this before? Any ideas would be appreciated.
Thanks.
Panos Tsapralis.
May 29, 2018 at 6:18 pm
ptsapralis - Tuesday, May 29, 2018 3:03 AMThis is a two (2) nodes Windows Failover Cluster on MS Azure cloud with a SQL Server 2014 Always-On Availability Group running on it. We need to insert 3rd node in the Failover Cluster (and the Always-On AG). When trying to insert new node (using Failover Cluster Manager on one of the existing nodes), I get this error message: "KEYSET DOES NOT EXIST". I have read some posts that this is related to permissions on directory "C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\" and its contents and I have followed advice to modify these permissions - but this did not solve the problem.Has anyone seen this before? Any ideas would be appreciated.
Thanks.
Panos Tsapralis.
It's almost always that permission issue. I'd try to verify the permissions were set correctly using Process Monitor. Set the path to begin with the path to the RSA folder,, try to add the node and when you get the error, look for any failures in Process Monitor.
Process Monitor v3.50
Sue
May 30, 2018 at 4:29 am
Hi Sue. Thanks for the hint. Eventually, this was not related to permissions. After a lot of unsuccessful investigation, I had to engage Microsoft Support and they found out that registry key "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\MACHINEGUID" had an incorrect value: last digit was missing! I can't even imagine how this could have happened on my system - nevertheless, when this value was fixed, everything moved forward smoothly and the new node entered the cluster.
Thanks again for the hint - it will certainly prove useful at some other occasion.
May 30, 2018 at 10:41 am
ptsapralis - Wednesday, May 30, 2018 4:29 AMHi Sue. Thanks for the hint. Eventually, this was not related to permissions. After a lot of unsuccessful investigation, I had to engage Microsoft Support and they found out that registry key "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\MACHINEGUID" had an incorrect value: last digit was missing! I can't even imagine how this could have happened on my system - nevertheless, when this value was fixed, everything moved forward smoothly and the new node entered the cluster.Thanks again for the hint - it will certainly prove useful at some other occasion.
That one is odd....thanks for posting back!
Process Monitor is a great tool to use when you may have permissions issues - use it for that a lot
Sue
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply