Remove cluster aware updating
This can occur when the target server principal name (SPN) is registered on an account other than the account the target server is using.Ensure that the target SPN is only registered on the account used by the server.Launch the Cluster-Aware Updating Wizard and then run Apply Updates To This Cluster.
The problem is that you might get recurring an Kerberos Security error in Server Manager on one of your cluster nodes.
"The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server "server name".
The target name used was HTTP/server_name.domain.local. This indicates that the server failed to decrypt the ticket provided by the client.
This would be done as follows, with a proxy called The Proxy. Internal that operates on TCP 80: netsh winhttp set proxy The Proxy. Internal:80 “” CAU will require a computer account that will be used by the cluster to create a HA role that enables the cluster to self-manage the orchestrated patching, even if the nodes of the cluster are being rebooted.
The setup wizard does allow you to let the cluster create a computer account in Active Directory, but this will get some anonymous name.