Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. NTLM Dependency on Windows Failover Clusters

NTLM Dependency on Windows Failover Clusters

View products that this article applies to.

Summary

When you disable NT LAN Manager (NTLM) authentication on a Windows Server 2008 or Windows Server 2008 R2 Failover Cluster, you may get following error during various configuration steps are performed on the cluster.  

Error Code: 80070721
A security package specific error occured.


For example you will get above error when running Cluster Validation and when you create the Cluster. 
This Error is logged because the cluster service has a dependency on NTLM.

↑ Back to the top

Cause

This Behavior is by design. Microsoft recommends not to disable NTLM when Cluster Services are used.

↑ Back to the top

More Information

There are certain parts of the cluster code that rely on NTLM. Cluster Shared Volumes and the Network Topology wizard are some examples. 

NTLM can be disabled by following GPO:

  • Network Security: Restrict NTLM:Incoming NTLM traffic - Deny all accounts
  • Network Security: Restrict NTLM:Outgoing NTLM traffic to remote Servers - Deny all
947049 Description of the failover cluster security model in Windows Server 2008

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2720392
Revision : 1
Created on : 1/7/2017
Published on : 6/4/2012
Exists online : False
Views : 202