Fix AOAG Listener Error 19471: Kerberos Status is Showing The handle is Invalid
I was configuring AlwaysOn Availability Group between two replicas. Everything was configured successfully but Listener was failed to create with an error 19471. I have already explained how to fix listener error 19471 in attached article but this has not helped me. Here i will explain another aspect of this error along with their fix.
AlwaysOn Listener Error 19471
When i checked the AlwaysOn High Availability folder in SSMS on any of the replica, everything was working fine. AOAG was configured successfully and working fine but listener was not configured due to below listener error 19471. You can see this in below screenshot.
I tried creating Listener name using “Add Listener…” wizard in SSMS but failed with same error. I observed root cause of this issue during following steps given in my last article that i have attached in first paragraph. Make sure to clear all entries from DNS for your listener Name and IP, if there is any.
Kerberos Status: The handle is Invalid
First we will create a Client Access Point(CAP) in FCM for this listener name to check the status of NetBIOS, DNS & Kerberos that will help us to go deeper inside the issue.
- Launch Failover Cluster Manager and click on Roles tab from left side pane. Here you can see your availability group role in right side pane.
- Right click on this role and select “Add Resources” then “Client Access Point“.
- Enter the Listener name and its IP address and click on Next button to proceed.
- Click on Finish button of final screen to create the Listener Client Access Point in FCM.
- Once CAP will be created in FCM, it will be in Offline state. Right click on listener CAP and click on “Bring Online” to bring it online. You can see Listener IP comes online but Listener name still shows in offline state.
Now double click on listener client access point or right click on it and choose properties. You will get CAP property window as shown in below image.
You can see, this time issue is with Kerberos status that is showing as “The handle is invalid“. Earlier DNS status was not ok in last article.
Fix Kerberos Status The handle is invalid
When i look into Active Directory server, i found that listener name object was showing as disabled as shown in below image.
I decided to enable it and then to create listener. Right click on listener name object on AD that are showing in disable mode with down arrow and click on “Enable Account” button as per below image.
You can see, listener name account is enabled and down arrow that are showing during disabled mode is not showing now.
Once you enabled the listener name object in AD, bring your listener CAP online in FCM. Right click on listener client access point and click on bring online. You can see listener CAP is showing online now.
When you will launch its property window, you will see the status of NetBIOS, DNS and Kerberos are showing OK now. Close this property window to proceed.
Now we will follow same process that we have followed in my last article. We will remove this listener CAP from FCM and then add listener in AOAG in SSMS. Right click on CAP in FCM and click on Remove button to delete it.
Once CAP will be removed, launch the SSMS and connect to your Primary Replica. Expand AlwaysOn High Availability folder followed by Availability Group. Now you can right click on Availability Group Listeners and click on Add Listener option. You will get below window to configure it.
Enter the listener name, port and then add its IP. Once you entered all details, click on OK button to create the listener. This time, listener will be created on all replicas. You can see i have just created listener for my alwayson availability group that are showing in below image for both replicas.
- How to fix Listener Error 19471: DNS Status is showing “The handle is invalid” for Listener CAP in FCM
- Fix Error 976: Cannot connect to Secondary Replica
- How to fix error 15141: The server principal owns one or more endpoint(s) and cannot be dropped
- Fix Error 15434: Could not drop login ‘XXX\yyyy’ as the user is currently logged in
Latest posts by Manvendra Deo Singh (see all)
- Understanding Hybrid Buffer Pool in SQL Server - December 30, 2018
- Fix:VIEW SERVER STATE permission was denied on object ‘server’, database ‘master’ - August 30, 2018
- SQL Server Error 5184: Cannot use file ‘I:\Path\Techyaz.mdf’ for clustered server - August 29, 2018