Article ID: 311799 - View products that this article applies to.
This article was previously published under Q311799
This article has been archived. It is offered "as is" and will no longer be updated.
Cluster resources that use a cryptographic provider from a third-party provider do not come online in a mixed-version cluster after you upgrade to Windows Server 2003 or after the nodes are upgraded.
To resolve this problem, use the Cluster.exe utility to set the Cryptographic Service Provider private property key length and the effective key length for the third-party cryptographic provider that encrypts and decrypts data for the failing resource type. To do so:
key_lengthAlso review the cryptographic provider documentation for information about how to add the cryptographic checkpoint.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
To view the private properties for a cluster, use the /priv parameter without any options. For example, to see the private properties for the OpsClust cluster, type the following command at a command prompt:
cluster opsclust /privYou can use the private property if you have a third-party resource or a program that uses a third-party cryptographic provider that is not supplied by Microsoft.
Note For information about troubleshooting this problem, see the "A Third-Party Resource Fails to Come Online in a Mixed-Version Cluster or While Upgrading a Cluster" section in the "Group and Resource Failure Problems" topic in the Help file.
If you have security concerns about the cryptographic checkpoint data that is written to the quorum when you import resource data to a cluster node before you bring the resource online, you can use this private property to change the encryption levels for any of the cryptographic providers (that are supplied by third-party developers or by Microsoft) that are used by the Cluster service.
Article ID: 311799 - Last Review: February 28, 2014 - Revision: 9.3