This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.
This security update is rated Critical for Windows Hyper-V on Windows Server 2008, Windows Server 2008 R2, Windows 8 and Windows Server 2012, and Windows 8.1 and Windows Server 2012 R2. For more information, see the Affected Software section.
The security update addresses the vulnerabilities by correcting how Hyper-V initializes system data structures in guest virtual machines. For more information about the vulnerabilities, see the Vulnerability Information section.
You have two or more 2012 R2 up-to-date nodes and want to create new failover cluster. Logged user is Domain Admin.
You install the required features:
Install-WindowsFeature FailoverClustering -IncludeManagementTools
Run validation tests and it’s green:
Test-Cluster -Node node1,node2
Run cluster creating:
New-Cluster -Name TestCluster -Node node1,node2 -StaticAddress 192.168.1.100 -NoStorage
and you receive:
Adding special permissions to the computer object failed. Trying to add ‘Full-Access’ permissions for security principal to computer object CN=,OU=,DC=,DC= failed. Verify that the user running create cluster has permissions to update the computer object in Active Directory Domain Services. The parameter is incorrect.
- Steps for prestaging required objects don’t work too.
- Changing user rights or adding new user for cluster creating –> no luck
- No time synchronization issues between nodes and DCs
- Networks are configured properly
- Validation tests are all “green”
- Firewall is disabled
1. Create new computer object for cluster name (Go to ADUC –> your OU –> new –> computer)
3. Turn on view with advanced features
4. Right click on CNO (computer object for new cluster) and go to Security tab –> select Advanced
5. Click on “Disable Inheritance” (for 2012/2012 R2) or clear “Allow inheritable permissions from parent to propagate to this object and all the child objects” (2008/2008R2) and “Remove all inherited permissions from this object”
6. Right click on the new cluster name and disable it (prestaged computer object from step 1)
7. Go back to the failover cluster wizard and try to create cluster again