For a while, Microsoft’s KnowledgeBase article 976424, titled Error code when the kpasswd protocol fails after you perform an authoritative restore: "KDC_ERROR_S_PRINCIPAL_UNKNOWN", has been available to solve issues with unexpected behavior after authoritatively restoring the krbtg account on Windows Server 2008 and Windows Server 2008 R2-based Domain Controllers.
Now, in KnowledgeBase article 2784261, titled Recommended hotfixes and updates for Windows Server 2012-based Failover Clusters, Microsoft recommends the hotfix for Windows Server 2012-based Failover Clusters, quoting:
Install on every domain controller running Windows Server 2008 Service Pack 2 or Windows Server 2008 R2 in order to add a Windows Server 2012 failover cluster. Otherwise Create Cluster may fail when attempting to set the password for the cluster computer object with error message: CreateClusterNameCOIfNotExists (6783): Unable to set password on <ClusterName$>
These days, most fail-over clusters are deployed to provide a robust, scalable and highly-available virtualization platform using Hyper-V. If you plan a Windows Server 2012-based Fail-over Cluster in your environment running Windows Server 2008 or Windows Server 2008 R2-based Domain Controllers, apply this hotfix during the next service window.
Note:
Domain Controllers need to restart to apply this hotfix.
Related KnowledgeBase articles
Error code when the kpasswd protocol fails after you perform an authoritative restore: "KDC_ERROR_S_PRINCIPAL_UNKNOWN"
The kpasswd protocol fails with a KDC_ERR_S_PRINCIPAL_UNKNOWN error after you perform an authoritative restore on the krbtgt account in a Windows Server 2008 domain
Recommended hotfixes and updates for Windows Server 2012-based Failover Clusters
Further reading
The System Center Connector Robert Smit Cluster MVP
Tipjar
Robert Smit, a Dutch Microsoft MVP on Fail-over Clustering and my friend, pointed this out to me on twitter this morning.
Login