Microsoft KB Archive/883398

= Cluster Services does not work correctly in a Windows Server 2003 SP1-based cluster that has the Internet Connection Firewall enabled =

Article ID: 883398

Article Last Modified on 5/21/2007

-

APPLIES TO


 * Microsoft Windows Server 2003 Service Pack 1
 * Microsoft Windows Server 2003 Service Pack 1

-





SYMPTOMS
Cluster Services in a Microsoft Windows Server 2003 Service Pack 1-based cluster do not start and log the following error in the event log:

Event ID: 1107

Source: ClusSvc

Description: Cluster node xxxxxxx failed to make a connection to the node over network 'Public'.



CAUSE
This behavior occurs if the following conditions are true:
 * The Internet Connection Firewall (ICF) is enabled on the cluster-based server computer.
 * The Cluster Server check box in the Select the server roles that the selected server performs list is not selected in the Security Configuration Wizard.

Additionally, for a cluster node join to work, you must select the Join a cluster check box in the Select Administration and other Options page in the Security Configuration Wizard.



RESOLUTION
To resolve this behavior, follow these steps:
 * 1) Click Start, point to Administrative Tools, and then click Security Configuration Wizard.
 * 2) After you create, edit or apply a security policy and reach the Role-Based Service Configuration page, click Next.
 * 3) In the Select Server Roles page, click All roles in the View list.
 * 4) Under Select the server roles that the selected server performs, click to select the Cluster server check box, and then click Next.
 * 5) In the Select Client Features page, select the client features that you want the selected server to perform, and then click Next.
 * 6) In the Select Administration and Other Options page, click to select the Join a cluster check box, and then click Next.

Note If the Join a cluster option is not available, click All options in the View list.
 * 1) Complete the Security Configuration Wizard.



MORE INFORMATION
The Security Configuration Wizard that is included with Windows Server 2003 Service Pack 1 (SP1) helps you select the functional role that is performed by your computer. Additionally, it minimizes attack vulnerability by authoring security policies at the same time.

Note The Security Configuration Wizard is a Windows optional component that you can install by using the Add/Remove Windows Components feature in the Add or Remove Programs tool. For each cluster resource to work correctly, you must select the appropriate server or client role for the cluster resource. For a cluster resource to work correctly, in the Security Configuration Wizard, you must select all the appropriate server roles that the selected server performs. This is in addition to the Cluster server role.

For more information about the Security Configuration Wizard that is included in Windows Server 2003 SP1, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/technologies/security/configwiz/default.mspx



STATUS
This behavior is by design.

