| Component | EnvironmentValidator - ValidateCluster |
|---|---|
| Severity | Critical - blocks deployment |
| Applicable Scenarios | Deployment |
During deployment, cluster validation may fail with an "administrative privileges" error when running Test-Cluster against one or more nodes. Despite the error message, this is not a permissions problem. The affected nodes were not properly rebooted after joining the domain, leaving their authentication in an incomplete state.
The deployment fails during cluster validation with one of these error messages:
Failed to execute Test-Cluster: You do not have administrative privileges on the server <NodeName>
Access is denied
An error occurred opening cluster <NodeName>
During the domain join phase of deployment, nodes must be rebooted for their Kerberos credentials to be fully registered in Active Directory. In some deployments, one or more nodes are not rebooted after domain join. When cluster validation later runs Test-Cluster, it cannot authenticate to those nodes using Kerberos, producing the "administrative privileges" error.
Reboot each node mentioned in the error message:
Restart-Computer -ComputerName <FailingNodeName> -ForceWait 2-3 minutes for the reboot to complete.
From another node, verify you can connect to the rebooted node:
Invoke-Command -ComputerName <FailingNodeName> -ScriptBlock { whoami }If this returns a username successfully, the issue is resolved.
Resume the deployment from the Azure portal by navigating to the deployment and selecting Resume or Retry.
You can also verify cluster validation manually before resuming:
Test-Cluster -Node <Node1>, <Node2>This should now succeed without "administrative privileges" errors.
This issue is being addressed in an upcoming release.