exchange 2003 cluster swapping back and forth after domain admin password change

hi,

i have an exchange 2003 active-passive 2 node cluster whose resources are failing over back and forth between nodes everymorning at the same time ever since i changed the domain admin password.
the complete fail over is taking about 20 minutes.

there are other errors with active sync and ese. everything started when i changed the password. if i change it back, the flip-flop stops. i have to change the password.
LVL 1
mehrdadalaeiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
You're probably using the domain admin account to run the cluster service (and/or other services as well).
Accounts that are used for interactive logons should never be used to run services as well.
Create dedicated user accounts ("ServiceCluster" or whatever) to run services, and give them only the necessary permissions to do their tasks.
So for a short-time workaround, you can of course just update the password for the service account, but then you should check the service accounts on all machines, check how to change the account in question, and then do so.

Changing the cluster account is a bit more involved than just going into the Services console and setting a new account. Check here for details:

Change the account under which the Cluster service runs
http://technet2.microsoft.com/windowsserver/en/library/ec513ba0-08a6-493b-889f-6403f974657f1033.mspx?mfr=true

How to manually re-create the Cluster service account
http://support.microsoft.com/kb/269229

How to change the Cluster service account password
http://support.microsoft.com/kb/305813
0
mehrdadalaeiAuthor Commented:
hi,

thank you for your quick response and i think you have it right. just was hoping you could help me confirm a couple things.
so for now, i changed the domain admin password on the dc. then i ran the command you see below and it was successful. is that password change associated to the domain admin account?
i did this while all resources and services were online...do i only need to run this once on only one of the cluster nodes? it shows that both nodes were successfull.


C:\Documents and Settings\Administrator.SAFELIFE>cluster /cluster:safelifeex /ch
angepassword:temppassword /skipdc
Verifying cluster node availability...
Verifying support for password change operation...
Verifying that all clusters use the same service account...

Skipping password change on domain controller.

Changing password on cluster safelifeex...
The password change on node SLEX1 of cluster safelifeex succeeded.
The password change on node SLEX2 of cluster safelifeex succeeded.
0
oBdACommented:
That password change is associated with the stored credentials for whatever account is configured to run the cluster service on the nodes in the cluster. Yes, this command only needs to be executed once per cluster.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.