Microsoft KB Archive/827885

= Cluster nodes may fail when the CachedLogonsCount value in the registry is set to zero =

Article ID: 827885

Article Last Modified on 9/5/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition

-



SYMPTOMS
When the CachedLogonsCount value in the registry is set to zero, cluster nodes may fail if intra-cluster communications are required while a domain controller is unavailable. You may experience the following symptoms:
 * Nodes may be unexpectedly removed from the cluster.
 * Access denial errors may be logged in the cluster log for node-to-node communication activity.
 * When you try to join nodes, remote procedure call (RPC) errors and timeouts may occur.

The clustered node that experiences the problem may log the following event in the cluster log: [NM] Received advice that node has failed with error 5

. Event error 1726 may also be logged. This event error indicates that an RPC communication failure occurred.



CAUSE
This problem occurs when a joining node experiences timeouts if either the joining node or an active node cannot promptly contact a domain controller. The cluster service uses authenticated logical RPC channels for cluster communication. Logical RPC channels require authentication between nodes every time that the channels create a new binding for a joining node. The domain controller for a joining node forces the joining node to establish bindings. Therefore, the domain controller authenticates with all active nodes in the cluster to make sure that all nodes in the cluster are active before the joining node can participate in the cluster. If the channels cannot establish the bindings, the joining node cannot participate in the cluster. Each binding can only support one outstanding RPC request at a time.

During ordinary cluster service operation, multiple calls that overlap may consume all preestablished bindings. If a new RPC request is initiated while all the preestablished bindings are in use, the RPC run time automatically establishes a new binding. If the new binding cannot be established, the RPC request fails. Failure of an RPC request may cause the node to be removed from the cluster and may also cause unexpected resource group failures. The cluster service can use cached credentials to satisfy network logon requests from other nodes if a domain controller becomes temporarily unavailable. When the CachedLogonsCount value is set to zero, cached credentials cannot be used to satisfy requests.



RESOLUTION
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows XP and Windows Vista

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To resolve this problem, Microsoft recommends that you set the CachedLogonsCount value back to the original value of 10 or to another number that is greater than zero. You must modify the CachedLogonsCount value on all cluster nodes. Do not do this until a domain controller is available for authentication. To modify the CachedLogonsCount value, follow these steps.  Click Start, and then click Run. In the Open box, type regedit, and then click OK. In Registry Editor, locate the following subkey:

 Double-click the CachedLogonsCount value, set the value to 10, and then click OK. Restart the cluster nodes.

Alternatively, you can also use Group Policy Object Editor to set the value. To set the value by using Group Policy Object Editor, follow these steps:
 * 1) From a cluster node, click Start, and then click Run.
 * 2) In the Open box, type gpedit.msc, and then click OK.
 * 3) In the Group Policy snap-in, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then expand Security Options.
 * 4) Locate the Interactive Logon:Number of Previous Logons to Cache value.
 * 5) Double-click the Interactive Logon:Number of Previous Logons to Cache value, and then increase the value to a number that is greater than zero.

The default value is 10.
 * 1) Click OK, quit Group Policy Object Editor, and then restart the server.

You must repeat this process on all cluster nodes.

After you restart all the cluster nodes, cached logons will be available to the cluster nodes if a domain controller becomes unavailable. For more information about how to check the effective domain or organizational unit policy settings, click the following article number to view the article in the Microsoft Knowledge Base:

321709 How to use the Group Policy Results tool in Windows 2000



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Additional query words: OU

Keywords: kbnetwork kbprb kbclustering KB827885

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.