Microsoft KB Archive/935648

= Event ID 6032 is logged if a clustered share resource fails over or is moved to another cluster node in a Windows Server 2003-based server cluster =

Article ID: 935648

Article Last Modified on 8/28/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems

-



SYMPTOMS
In a Windows Server 2003-based server cluster, the following event is logged in the Application log many times if a clustered share resource fails over or is moved to another cluster node: Event Type: Error

Event Source: EFS

Event Category: None

Event ID: 6032

Date:

Time:

User: N/A

Computer:

Description: EFS does not support encryption over network sessions established using the NTLM protocol.

This event is also logged every time that you try to copy an encrypted file to a folder on the clustered share resource.



CAUSE
This problem occurs if the clustered share resource is not configured to store files that are encrypted by using Encrypting File System (EFS).



RESOLUTION
To resolve this problem, configure the clustered share resource to allow for the storage of EFS files. To do this, follow these steps.

Step 1: Configure roaming user profiles
Roaming user profiles are required to support storing EFS files on remote shared resources. For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

324749 How to create a roaming user profile in Windows Server 2003

302082 How to create a roaming user profile in Windows 2000

Step 2: Configure each cluster node to be trusted for delegation
Configure the computer account for each cluster node to be trusted for delegation. To do this, follow these steps:
 * 1) Start &quot;Active Directory Users and Computers.&quot; To do this, click Start, click Run, type dsa.msc, and then click OK.
 * 2) Locate and then click the container in which the cluster nodes are located. By default, the cluster nodes are in the Computers container.
 * 3) In the details pane, right-click a cluster node that hosts the clustered share resource, and then click Properties.
 * 4) Click to select the Trust computer for delegation check box, click OK on the message that states that this option lets the computer be trusted for delegation, and then click OK.
 * 5) Repeat steps 3 and 4 for each cluster node that may host the clustered share resource.
 * 6) Restart each cluster node that is trusted for delegation.

Step 3: Configure the Network Name resource to support Kerberos
Kerberos support must be enabled on the Network Name resource. To configure this option, follow these steps.

Note After you follow these steps, a computer object that represents the cluster name that is configured for the Network Name resource appears in the Active Directory directory service. You must trust this computer object for delegation.
 * 1) Start the Cluster Administrator tool, and then connect to the server cluster.
 * 2) Locate the appropriate Network Name resource, right-click the resource, and then click Take Offline.

Note The Network Name resource must be offline to enable Kerberos support.
 * 1) Right-click the Network Name resource, and then click Properties.
 * 2) In the   Properties dialog box, click the Parameters tab.
 * 3) Note the name that appears next to Name. This name is the name of the computer object that appears in the Computers container in Active Directory Users and Computers.
 * 4) Click to select the Enable Kerberos Authentication check box, and then click OK.
 * 5) Right-click the Network Name resource, and then click Bring Online.

Step 4: Configure the cluster to be trusted for delegation
Configure the computer account that appears for the cluster name to be trusted for delegation. To do this, follow these steps:
 * 1) Start Active Directory Users and Computers.
 * 2) Locate and then click the Computers container.
 * 3) In the details pane, right-click the cluster name, and then click Properties.
 * 4) Click to select the Trust computer for delegation check box, click OK on the message that states that this option lets the computer be trusted for delegation, and then click OK.
 * 5) Take the Network Name resource offline, and then bring the Network Name resource online.



MORE INFORMATION
For more information, click the following article number to view the article in the Microsoft Knowledge Base:

895092 Recommended hotfixes for Windows Server 2003-based server clusters

Additional query words: MSCS

Keywords: kbexpertiseadvanced kbclustering kbefs kbtshoot kbprb KB935648

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.