I recently came across an error where the Cluster Service stopped on a Windows Server 2012 R2 failover cluster and would not start. Event Logs generated were:
Event ID: 7024
The Cluster Service service terminated with the following service-specific error:
Keyset does not exist
Event ID: 7031
The Cluster Service service terminated unexpectedly. It has done this 282 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
After numerous failed attempts to get the Cluster Service to start I evicted the node from the cluster and ran Clear-Clusternode. When joining the node back into the cluster I got the error “Keyset does not exist” once again.
The fix was to correct the permissions on the C:\ProgramData\Microsoft\Crypto\RSA folder.
Every item (System File) under the MachineKeys folder should be configured as follows:
Inheritence – Off
Owner : Administrators
SYSTEM – Full Control
Administrators – Full Control
Once the permissions have been set correctly on the MachineKeys items, the MachineKeys folder should be set as follows:
Inheritence – Off
Owner: Administrators
Administrators – Full Control (This folder only)
Everyone – Read + Write (This folder only)
After the above permissions were set I was able to join the node back to the cluster and the cluster service started. I still haven’t found a root cause as to why the permissions changed. I was able to identify the correct permissions by looking at a working cluster node.
Technical Architect at Symity
Thanks! This fix worked for me on a Win2k12R2 cluster hosting a SQL2014 clustered instance.
Thank you… Was having same issue failing over one of the SQL cluster name causing error” Kerberos Authentication support enabled. Failed to add required credentials to the LSA – the associated error code is ‘-2146893802′”, Above really works. Thank you so much.
There is a single file in that folder that has an extra set of permissions .. to do with networking.. do not change it’s permissions else you loose RDP ability ..
thank you, never had this weird behavior and this seems the only place where the actual problem and solution is been posted, saved me hours of troubleshooting with support
Chris la que has liado
I spent lot of hours in trying to fix this through different set of checks and procedures and tried to google too but nowhere I did get appropriate solution.
This worked perfectly! Thank you so much Chris, you saved my days!!!