NTLM Dependency on Windows Failover Clusters

Article ID: 2720392 - View products that this article applies to.
Expand all | Collapse all

SUMMARY

When you disable NT LAN Manager (NTLM) authentication on a Windows Server 2008 or Windows Server 2008 R2 Failover Cluster, you may get following error during various configuration steps are performed on the cluster.  

Error Code: 80070721
A security package specific error occured.


For example you will get above error when running Cluster Validation and when you create the Cluster. 
This Error is logged because the cluster service has a dependency on NTLM.

CAUSE

This Behavior is by design. Microsoft recommends not to disable NTLM when Cluster Services are used.

MORE INFORMATION

There are certain parts of the cluster code that rely on NTLM. Cluster Shared Volumes and the Network Topology wizard are some examples. 

NTLM can be disabled by following GPO:

  • Network Security: Restrict NTLM:Incoming NTLM traffic - Deny all accounts
  • Network Security: Restrict NTLM:Outgoing NTLM traffic to remote Servers - Deny all
947049 Description of the failover cluster security model in Windows Server 2008
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2720392 - Last Review: June 4, 2012 - Revision: 1.0
APPLIES TO
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
Keywords: 
KB2720392

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com