Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1049 Source: ClusSvc

Source
Level
Description
Cluster IP Address resource "Spooler IP" cannot be brought online because address 10.41.120.95 is already present on the network. Please check your network configuration.
Comments
 
BCRS Rehearsal Cluster and DC/AD Recovery Summary: This article describes how to recovery Active Directory Cluster services after BCRS Rehearsal test also issues you have to consider with which could appear during/after such as test.
Symptoms:
1. Netlogon: The RPC server is unavailable
2. Majority Node Set resource has failed to come online
3. Cluster IP Address resource ''''Spooler IP'''' cannot be brought online because address 10.41.120.95 is already present on the network.
5. vCluster resource "MNS" in Resource Group "Cluster Group" failed

ME919117
ME932465
ME937444
ME258078

How to create resource via Command line:
cluster res "Disk G:" /create /type:"Physical Disk" /group:"Oracle SOP"
Cluster res "Disk G:" /priv Drive="G:"
cluster res "Disk G:" /priv signature="901ADF37"

Check SCSI reservation by HPprutil.exe Utility
C:\Program Files\Hewlett-Packard\HP MPIO DSM\EVA DSM\x86\HPprutil.exe

Step 1:  How to repair AD/DC
1. NTDSUTIL
a. Set size FSMO roles to new DC even you will be able to list them on new server you have to do it anyway ( make sure that you have PW to restore AD services )
b. If done then restart KDC Service and Netlogon service
c. Check if Netlogon share is working fine also security/permissions defined
d. Check if domain name is accessible ( in my case cp.com )
e. Modify registry key below to Hex-Value 4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtFrs\Parameters\Backup/Restore\Process at Startup]
"BurFlags"=dword:00000004
f. Execute Dcdiag /fix parameter
g. Restart DC
h. Execute : Dcdiag /fix and netdiag /fix again
After-that issue with AD should disappeared in case that the issue will be still then there is recommended AD authoritative restore.

Step 2:  How to repair Cluster and its resources after BRCS
Activity / Tips
1. Open Device Manager -> Storages and look if disks are available if not apply these changes:
- Change ClusterDiskDriver to "disable" & stop
- Change ClusterNetworkDriver to "disable" & stop
2. If disks are still not accessable reboot the server
3. Open Device Manager -> Storages and and check if disks are available:
- Assign right drive letters to disks
- Change ClusterDiskDriver to "system" & start
- Change ClusterNetworkDriver to "demand" & start
4. Open Device Manager -> Services and startup the Cluster Service with option "-fixquorum"
5. If Cluster Service doesn't start check dependencies and fix issues from Event Logs
6. Open Cluster Admin Console and check that:
- All disks are online (resources)
- Change Cluster Quorum Disk to another disk
- Stop Cluster Service remove option "-fixquorum" and start-up service again
- Change Cluster Quorum Disk to original Quorum Disk
- Restart Cluster Service
7. For 2nd node of the cluster you can install new server and add this server into to existing cluster or redo above steps also for 2nd cluster node (don’t forgot 1st cluster node must be powered down during this action).

Additionally you can check recommendations/tips in paragraph no. 2 - in my case was root cause of issue corrupted clusdb

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...