Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. "No mapping between account names and security IDs was done" error when adding a node to a SQL Server 2008 Failover Cluster

"No mapping between account names and security IDs was done" error when adding a node to a SQL Server 2008 Failover Cluster

Symptoms

Consider the following scenario:
  • You configure a Microsoft SQL Server 2008 Failover Cluster by using domain local group option in the "Cluster security policy" dialog box. 
  • After the installation is complete, the domain local groups are dropped and re-created in the Active Directory by having the same name or a different name.

In this scenario, if you try to add a new node to an existing instance, the SQL Server Setup program fails, and you receive the following error message:

SQL Server Setup has encountered the following error:
"No mapping between account names and security IDs was done."
"Error code 0x84BB0001."

↑ Back to the top

Cause

The security ID (SID) that was originally assigned to the domain group is no longer valid. Changing the domain groups that are used for SQL Server 2008 Failover cluster installation is not supported. This is because the security configuration information is set by using the SID of the domain groups that are used during the original setup. An example of such security configuration information is an access control list on files and folders that are used by the SQL Server Failover instance. Even though you re-create the domain group by using the same name, the SID will be different. Therefore, the permission set of the original SID is no longer valid.

Note: Domain migration for SQL Server 2008 Failover Cluster instance is also not supported.

↑ Back to the top

Resolution

Reinstallthe SQL Server Failover instance.

NoteThis issue was first fixed in SQL Server 2008 Service Pack 2. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

968382 How to obtain the latest service pack for SQL Server 2008

 

↑ Back to the top

More Information

If the domain local groups are deleted and re-created, you might receive the following error message when you try to start the SQL Server service:

initerrlog: Could not open error log file ''. Operating system error = 3(The system cannot find the path specified.).

References:

SQL Server 2008 Failover Clustering White Paper

↑ Back to the top

Keywords: vkball, kb

↑ Back to the top

Article Info
Article ID : 2019402
Revision : 1
Created on : 1/8/2017
Published on : 8/25/2010
Exists online : False
Views : 274