Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Cluster Network Name Does Not Come Online After You Upgrade to Windows Server 2003


View products that this article applies to.

Symptoms

Cluster resources that use a cryptographic provider from a third-party provider do not come online in a mixed-version cluster after you upgrade to Windows Server 2003 or after the nodes are upgraded.

↑ Back to the top


Resolution

To resolve this problem, use the Cluster.exe utility to set the Cryptographic Service Provider private property key length and the effective key length for the third-party cryptographic provider that encrypts and decrypts data for the failing resource type. To do so:
  1. From a command prompt, run the following command, where cluster name is the name of the cluster, CSP is the name of the cryptographic provider, and key_length and effective_key_length are the key length and the effective key lengths for the RC2 algorithm in bits:
    cluster cluster nameCSP=key_length,effective_key_length:MULTISTR
    This command sets the encryption levels (key lengths) for a cryptographic key that is used to export (encrypt) and import (decrypt) resource data (cluster and cluster application cryptographic checkpoints). The imported and exported resource data is saved to the quorum. For more information about how to use Cluster.exe, see the cluster Help documentation.
  2. Depending on the resource, either bring the resource online or re-create the resource to add the new cryptographic checkpoint.
The cryptographic key is generated by a cryptographic provider that uses the RC2 block encryption method. Review the documentation for your cryptographic provider to obtain valid values for the following RC2 encryption algorithm parameters:
key_length
effective_key_length
Also review the cryptographic provider documentation for information about how to add the cryptographic checkpoint.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

↑ Back to the top


More information


To view the private properties for a cluster, use the /priv parameter without any options. For example, to see the private properties for the OpsClust cluster, type the following command at a command prompt:
cluster opsclust /priv
You can use the private property if you have a third-party resource or a program that uses a third-party cryptographic provider that is not supplied by Microsoft.

Note For information about troubleshooting this problem, see the "A Third-Party Resource Fails to Come Online in a Mixed-Version Cluster or While Upgrading a Cluster" section in the "Group and Resource Failure Problems" topic in the Help file.

If you have security concerns about the cryptographic checkpoint data that is written to the quorum when you import resource data to a cluster node before you bring the resource online, you can use this private property to change the encryption levels for any of the cryptographic providers (that are supplied by third-party developers or by Microsoft) that are used by the Cluster service.

↑ Back to the top


Keywords: KB311799, kbbug

↑ Back to the top

Article Info
Article ID : 311799
Revision : 12
Created on : 2/28/2007
Published on : 2/28/2007
Exists online : False
Views : 142