A Network Name resource that has the Kerberos protocol enabled does not come online on the first attempt in a Windows Server 2008 failover cluster

Article ID: 950806 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

You are using the Migrate Services and Applications Wizard in Windows Server 2008 Failover Clustering, and your Windows Server 2003 source cluster has Kerberos authentication enabled. In this case, the resources in the newly migrated resource group do not appear online as expected. If Kerberos authentication is not enabled on the source cluster, this problem does not occur.
Back to the top | Give Feedback

CAUSE

This problem occurs because of changes in Windows Server 2008 Failover Clustering and how computer objects are created in Active Directory. If Kerberos authentication is enabled, the Migrate Services and Applications Wizard does not capture the Cluster Service Account (CSA) information. The wizard cannot bring the resource in the newly migrated resource group online without this information. The Cluster Name Object (CNO) cannot capture the computer object that is created in the Windows Server 2003 server cluster.
Back to the top | Give Feedback

RESOLUTION

To resolve this problem, follow these steps for each resource in the newly migrated resource group:
  1. Right-click the resource.
  2. Select Bring this Resource Online. The resource will now be in a failed state.
  3. Right-click the resource.
  4. Select Bring this Resource Online.
  5. You are prompted for a user name and a password for the Windows Server 2003 Cluster Service Account. After you enter this information, the resource appears online.
Note If the resource depends on another resource, the other resource must be online before you follow these steps. If the resource still does not come online, you must delete the Virtual Computer Object (VCO) in Active Directory.
Back to the top | Give Feedback

MORE INFORMATION

To avoid this problem, modify the Discretionary Access Control List (DACL) for all computer objects that are created by the Windows Server 2003 server cluster by granting the Cluster Name Object (CNO) Full Control permissions. However, you have to do this before you migrate Network Name resources from a Windows Server 2003 server cluster to a Windows Server 2008 failover cluster.
Back to the top | Give Feedback

Properties

Article ID: 950806 - Last Review: September 11, 2010 - Revision: 2.1
APPLIES TO
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
Keywords: 
kbclustering kbexpertiseinter kbtshoot kbprb KB950806
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top