Credentials on Network Load Balancing

I have configured NLB on 2 servers using the local administrator account and everything works fine.
I have created another user and made it a member of the local administrators group but when this account is used, NLB does not show the 2nd server in the cluster, only itself. Error message is displayed at the bottom saying "Access denied. Error connection to SERV02"

Logged in as administrator I can see both servers in the cluster.
Any one have any suggestions?
vnetrixsupportAsked:
Who is Participating?
 
bgoeringCommented:
Thinking about this the issue is likely because the SID (Security IDentifier) behind the named account is different on each system while built in accounts (like administrator) have the same "well known" SID on each system. Thus when accessing the NLB manager when it connects to the other system with the Administrator account, because the SID for Administrator is the same on both systems, the access works. When accessing via the named user account the SID is different and unrecognzied, so the access to the other system fails.

To get around that you need named user accounts with identical SIDs. I am unaware of any tool that allows you to specify the SID when creating a user account. However, it MAY be possible to do programmatically but I wouldn't guarentee that to be the case.

What you can do is to create the first node, add the named user to the first node, then use some tool such as Ghost or Acronis to clone an exact copy (without sysprep) to the 2nd system. At this point you should be able to reconfigure the machine name, unique network settings, etc. on the 2nd system and create your NLB cluster. The cluster will be manageable by the named user because it will have the same SID as the original named user on the cloned system.

A few possibilities...
1. Continue to use Administrator for the task
2. Clone the machine as described above
3. Look for a tool or program to create users with identical SIDs
4. Upgrade to a domain infrastructure where a named domain account would have the same SID on all the machines in the domain

Good Luck
0
 
bgoeringCommented:
If this is not a domain account then you need to create the 2nd account on both servers using the same password. Then put it in the administrators group on both servers.

If you were to change the password for the administrator account on the 2nd server then it wouldn't work either.
0
 
vnetrixsupportAuthor Commented:
It is not part of a domain.

I have created the same user account with the same password on both servers and this 2nd account is a member of the administrators group on both servers.

Definately something to do with the 2nd account as when I log in with the administrator account everything works fine.

Logged in with the 2nd account, when i do START>RUN \\SERVER2\C$ it asks me for credentials and vice versa on the SERVER1 as well. Logged on with administrator I get access straight away.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
bgoeringCommented:
What windows version?
0
 
bgoeringCommented:
You might want to take a look at http://networking.nitecruzr.net/2005/06/file-sharing-under-windows-xp.html

This article talks about XP and Vista, but the concepts and processes are the same for setting this up between Windows 2003 (same as XP) and Windows 2008 (same as Vista). Without a domain infrastructure you need to set up the machines in a workgroup.
0
 
vnetrixsupportAuthor Commented:
Thanks for the links. Both servers are 2008STD.
0
 
bgoeringCommented:
Have they been set up in a workgroup?
0
 
vnetrixsupportAuthor Commented:
Yes they are in a workgroup. They are basically exactly the same setup as one another.
0
 
vnetrixsupportAuthor Commented:
Hey thanks for that - it makes perfect sense now and I will explore the options you have kindly provided.

Many thanks again!
0
 
bgoeringCommented:
You are welcome - hope it all works out for you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.