Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to perform a rolling upgrade of a Windows 2003 RC2-based cluster server to the release version of Windows Server 2003


View products that this article applies to.

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 (http://support.microsoft.com/kb/256986/ ) Description of the Microsoft Windows registry

↑ Back to the top


Summary

When a node joins an existing server cluster, the cluster service performs a version check to make sure that the node that is joining has a version of the operating system that is compatible with the rest of the cluster nodes. The check makes sure that only validated and supported configurations run in a mixed-version environment during a rolling upgrade. The checks are based on major operating system versions such as Windows NT 4.0 and Windows 2000. The rules that the cluster service implements do not cover upgrades from release candidate to release candidate.

Microsoft supports and validates rolling upgrades from Windows Server 2003 RC1 or RC2 to the release version of Windows Server 2003 (Windows Server 2003 RTM). However, you must first turn off the version check feature. For more information about how to do this, see the "More Information" section.

To reduce the chance that a rogue program compromises the cluster, the default cluster security descriptor that controls access to the cluster configuration and management APIs has been changed from the Windows Server 2003 RC1 and RC2 releases. If you upgrade the operating system to Windows Server 2003 RTM, you do not fix the security descriptor automatically. To make sure that the cluster is as secure as possible, manually fix the cluster security descriptor.

↑ Back to the top


More information

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To turn off the version check feature, follow these steps:
  1. On the node that you are not upgrading, start the Computer Management console.
  2. Click Services and Applications.
  3. Click Service in the left pane, and then double-click Cluster Service.
  4. Click Stop to stop the Cluster service
  5. Using Registry Editor, set the cluster service startup parameters to ignore version checking
    1. Start Registry Editor.
    2. Locate the following registry key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Clussvc\Parameters
    3. Add a new DWORD value. To do so, right-click the Parameters key, click New, click DWORD, and then type NoVersionCheck.
    4. Set the NoVersionCheck value to 1.
  6. Restart the Cluster service from the Computer Management console from step 4
  7. Upgrade the other node from Windows Server 2003 RC1 or Windows Server RC2 to Windows Server 2003 RTM.

    Note: After you upgrade the node, the Cluster service does not start. You receive the following error event message in the event log:
    Event ID: 1071
    Source: ClusSvc
    Description: Cluster node Number attempted to join but was refused. The error code was 5075.
    For more information, see Help and Support Center at http://support.microsoft.com

    If you use the command net helpmsg 5075, you can see that this event log error corresponds to the following message:
    The cluster join operation failed due to incompatible software versions between the joining node and its sponsor.
  8. Use Registry Editor to set the cluster service startup parameters to ignore version checking on the node that you upgraded in the previous step. To do so, follow these steps:
    1. Start Registry Editor.
    2. Locate, and then click the following key in the registry:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Clussvc\Parameters
    3. Right-click the Parameters key, click New, click DWORD, and then type NoVersionCheck.
    4. Set the NoVersionCheck value to 1
  9. Start the Computer Management console on the node that you upgraded in the previous step, and then click Services and Applications.
  10. Click Service in the left pane, and then double-click Cluster Service.
  11. Click Start to start the Cluster service. The upgraded node joins the cluster.

    Repeat steps 7 through 11 on all cluster nodes to upgrade them to Windows Server 2003 RTM.
  12. After you update all the nodes, delete the registry key on all the nodes in the cluster. Use Registry Editor to remove the NoVersionCheck key on each node. To do so, follow these steps:
    1. Start Registry Editor.
    2. Locate the following key in the registry:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Clussvc\Parameters
    3. Right-click the NoVersionCheck value, and then click Delete.


    The cluster service now checks the versions until it is restarted (deleting the NoVersionCheck key is not dynamic). You can select when to restart the cluster service. However, until you restart the cluster service, nodes that use other versions of the Windows operating system may join the cluster.

Fixing the cluster security descriptor

In Windows Server 2003 RC1 and RC2, the following accounts and groups are present in the cluster security descriptor:
  • Local Administrators group
  • SYSTEM
  • SERVICE
To check the current cluster security descriptor, follow these steps:
  1. On one node in the cluster, start Cluster Administrator.
  2. Right-click the cluster name in the left navigation pane, and then click Properties.
  3. Click the Security tab.

    The current contents of the cluster security descriptor appear.
The SERVICE security ID is granted to all accounts that are given the �run as service� right. By default, this may include many services that do not have to have access to the cluster. Because of security changes in Windows Server 2003, the Microsoft Transaction Coordinator (MSDTC) service now runs under the Network Service account, therefore you must add the Network Service security ID to the cluster security descriptor to make sure that the MSDTC service works correctly in the cluster. The cluster security descriptor must contain the following accounts and groups:
  • Local Administrators group
  • SYSTEM
  • SERVICE
To fix the cluster security descriptor after the upgrade to Windows Server 2003, type the following commands at a command prompt (press ENTER after each command):

Cluster /prop Security=NETWORKSERVICE,grant,f:security
Cluster /prop Security=SERVICE,revoke:security

References

For more details of how to perform rolling upgrade see the "Getting Started" section on "Installing and Upgrading on Cluster Nodes" in the Help and Support for Windows Server 2003.

↑ Back to the top


Keywords: KB811272, kbhowto, kbclustering

↑ Back to the top

Article Info
Article ID : 811272
Revision : 12
Created on : 2/28/2007
Published on : 2/28/2007
Exists online : False
Views : 436