Availability Group Listener Creation Fails because of CNO Permission

The most common issue we face when creating Availability Group Listner in SQL Server using SQL Server Management Studio(SSMS)

Below is the Error Screenshot we get :

To conclude that the above error is for CNO Permission Issue, please generate the cluster logs on your Primary replica and go through the logs , once it confirms the issue is with Lack of CNO Permission in Active Directory to read and create computer objects for Listener

CNO is nothing but Cluster Name Object which is a Cluster Name in my case it is AWON

To resolve CNO Permission Issue follow below instructions:

To fix we have to GRANT below 2 permissions to CNO :

  1. Read all Properties
  2. Create Computer Objects

For providing above permissions proceed with given steps:

  • Open Active Directory Users and Computers ( shortcut to open from powershell : dsa.msc )
  • Click on VIEW and select ‘ Advanced Features
  • Locate your container where the listener is getting created, in my case it will locate on COMPUTER as shown in below
  • select computer–> right click –>Properties
  • Now click on ADD button and enter your CNO name. In my case it is AWON$
  • Now click on object types and enable check box COMPUTERS then click on OK ->OK
  • And now you will be back to Computer Properties TAB, click on ADVANCED TAB –>Advanced Security Settings for computers Pop window will be opened–>Select your CNO ( Mine is AWON ) from Permission Entries –> Click on EDIT button
  • A pop window ‘ Permission entry for Computers ‘ will be opened , now Enable check boxes for ‘ Read all Properties ‘ and ‘ Create Computer Objects ‘ –>click OK –> Again click OK –> click Apply –> click OK as shown below :

Now try again to create Listener and it will get created without any issue.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.