Event ID 6032 is logged if a clustered share resource fails over or is moved to another cluster node in a Windows Server 2003-based server cluster

Article translations Article translations
Article ID: 935648 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

In a Windows Server 2003-based server cluster, the following event is logged in the SYSTEM log many times if a clustered file share resource fails over or is moved to another cluster node:

Event Type: Error
Event Source: EFS
Event Category: None
Event ID: 6032
Date: date
Time: time
User: N/A
Computer: computer name
Description: EFS does not support encryption over network sessions established using the NTLM protocol.

This event is also logged every time that you try to copy an encrypted file to a folder on the clustered share resource.

CAUSE

This problem occurs if the clustered file share resource is not configured to store files that are encrypted by using Encrypting File System (EFS).

RESOLUTION

To resolve this problem, configure the clustered share resource to allow for the storage of EFS files. To do this, follow these steps.

Step 1: Configure roaming user profiles

Roaming user profiles are required to support storing EFS files on remote shared resources. For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
324749 How to create a roaming user profile in Windows Server 2003
302082 How to create a roaming user profile in Windows 2000

Step 2: Configure each cluster node to be trusted for delegation

Configure the computer account for each cluster node to be trusted for delegation. To do this, follow these steps:
  1. Start "Active Directory Users and Computers." To do this, click Start, click Run, type dsa.msc, and then click OK.
  2. Locate and then click the container in which the cluster nodes are located. By default, the cluster nodes are in the Computers container.
  3. In the details pane, right-click a cluster node that hosts the clustered share resource, and then click Properties.
  4. Click to select the Trust computer for delegation check box, click OK on the message that states that this option lets the computer be trusted for delegation, and then click OK.
  5. Repeat steps 3 and 4 for each cluster node that may host the clustered share resource.
  6. Restart each cluster node that is trusted for delegation.

Step 3: Configure the Network Name resource to support Kerberos

Kerberos support must be enabled on the Network Name resource. To configure this option, follow these steps.

Note After you follow these steps, a computer object that represents the cluster name that is configured for the Network Name resource appears in the Active Directory directory service. You must trust this computer object for delegation.
  1. Start the Cluster Administrator tool, and then connect to the server cluster.
  2. Locate the appropriate Network Name resource, right-click the resource, and then click Take Offline.

    Note The Network Name resource must be offline to enable Kerberos support.
  3. Right-click the Network Name resource, and then click Properties.
  4. In the ResourceName Properties dialog box, click the Parameters tab.
  5. Note the name that appears next to Name. This name is the name of the computer object that appears in the Computers container in Active Directory Users and Computers.
  6. Click to select the Enable Kerberos Authentication check box, and then click OK.
  7. Right-click the Network Name resource, and then click Bring Online.

Step 4: Configure the cluster to be trusted for delegation

Configure the computer account that appears for the <virtual server name of the share> to be trusted for delegation. To do this, follow these steps:
  1. Start Active Directory Users and Computers.
  2. Locate and then click the Computers container.
  3. In the details pane, right-click the cluster name, and then click Properties.
  4. Click to select the Trust computer for delegation check box, click OK on the message that states that this option lets the computer be trusted for delegation, and then click OK.
  5. Take the Network Name resource offline, and then bring the Network Name resource online.

MORE INFORMATION

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
895092 Recommended hotfixes for Windows Server 2003-based server clusters

Properties

Article ID: 935648 - Last Review: July 31, 2009 - Revision: 3.0
APPLIES TO
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Keywords: 
kbexpertiseadvanced kbclustering kbefs kbtshoot kbprb KB935648

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com