Cluster service does not start on a joining node in Windows 2000 cluster
The device, \Device\Scsi\Scsi/Fibre Controller, did not respond within the timeout period.
Event ID 1009
The Clustering Service could not join an existing cluster and could not form a new cluster. The Clustering Service has terminated.
Event ID 7031
The Cluster Service service terminated unexpectedly. It has done this X time(s). The following corrective action will be taken in XXXXXX milliseconds. Restart the service.
The Cluster service does not function properly using NTLM 2. All cluster authentication is handled internally to the Cluster service after using RPC datagrams to form a cluster. The only time the Cluster service contacts a domain controller for authentication is when the cluster is first formed to validate the Cluster service account. Every node that requests to join a cluster is validated by using RPC communication over the private network by the node that owns the quorum resource. Only LM or NTLM authentication is used.
LmCompatibility settings range from 0 to 5. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
If you permit or force NTLM 2 by using either a local security policy or by using a domain security policy, a cluster can be formed, but a cluster node cannot be joined. When you install the Cluster service on nodes other than the first and the LmCompatibilityLevel setting is set to something other than 0 (zero), the installation stops working when you are prompted to enter the name of the cluster to join. The error message is:
The node cannot join the cluster because it cannot communicate with node NODE1 over any network configured for internal cluster communication. Check the network configuration of the node and the cluster.
Event ID 7023:
The Cluster Service service terminated with the following error: A security package specific error occurred.
Date Time Version Size File name ----------------------------------------------------------------- 5/31/2001 11:13p 5.0.2195.3663 501,520 Lsasrv.dll (56-bit) 5/31/2001 03:31p 5.0.2195.3649 130,320 Adsldpc.dll 5/31/2001 03:30p 5.0.2195.3649 354,576 Advapi32.dll 5/31/2001 03:37p 5.0.2195.3649 519,440 Instlsa5.dll 5/31/2001 03:31p 5.0.2195.3649 142,608 Kdcsvc.dll 5/30/2001 02:55p 5.0.2195.3649 209,008 Kerberos.dll 5/29/2001 09:26a 5.0.2195.3649 69,456 Ksecdd.sys 5/29/2001 09:26a 5.0.2195.3649 501,520 Lsasrv.dll 5/29/2001 09:26a 5.0.2195.3649 33,552 Lsass.exe 5/30/2001 02:54p 5.0.2195.3649 111,616 Msv1_0.dll 5/31/2001 03:31p 5.0.2195.3652 908,560 Ntdsa.dll 5/31/2001 03:31p 5.0.2195.3649 382,736 Samsrv.dll 5/31/2001 03:31p 5.0.2195.3649 123,664 Wldap32.dllImportant This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
To resolve this problem, return the NTLM authentication level to its default level of Send LM and NTLM responses. Follow these steps on each node in your Windows 2000-based cluster:
- In Control Panel, double-click Administrative Tools.
- Start the Local Security Policy tool.
- Expand Local Policies, and then click Security Options.
- Double-click Lan Manager Authentication Level, and then click Send LM and NTLM responses.
- Click OK, and then quit Local Security Policy Editor.
- Restart the server.
- Start Registry Editor.
- Locate, and then click the following registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Double-click lmcompatibilitylevel.
- Change the Radix setting to Decimal, and then type 0 (the number zero) in the Data box, and then click OK.
- Quit Registry Editor.
- Restart the server.
For more information about incompatabilities that may occur when you modify security settings and user rights, click the following article number to view the article in the Microsoft Knowledge Base:
Article ID: 272129 - Last Review: 02/28/2014 04:20:43 - Revision: 3.0
- kbnosurvey kbarchive kbhotfixserver kbqfe kbbug kbclustering kberrmsg kbfix kbsecurity kbwin2000presp3fix kbwin2000sp3fix KB272129