Clustered Resource Error 1227 Kerberos Authentication Enabled

While deploying a Windows Server 2012 R2 clustered file server I ran into the following cluster event which caused the clustered resource to fail: “Network Name resource ‘Cluster Name’ (with associated network name Resource Name) has Kerberos Authentication support enabled. Failed to add required credentials to the LSA – the associated error code is ‘1068’.”

It was also surrounded by cluster resource failure codes such as event 1254, 1205 and 1069 indicating the failure to online the resource. This issue prevented the clustered file server from coming online on certain cluster nodes. The error context can be seen below:

The interesting part about this issue is that the clustered resource came online on the original node where it was created, but in a planned or unplanned failure scenario it would fail to come online on another cluster node.

After attempting to repair the resource several times, I found a solution: stop the role on the cluster node that’s the current owner, move it in an offline state to the cluster node(s) that are failing and bring the resource online. There’s a chance this also could be related to the permissions of the cluster on the OU where the clustered resource resides, so make sure the cluster object has sufficient permissions to create and update objects within that particular OU. After this process, it can now be moved, whether planned or unplanned, to the failing node without issue.

Hopefully this helps anyone who may encounter this issue.