?
Solved

Credentials on Network Load Balancing

Posted on 2011-04-21
10
Medium Priority
?
2,553 Views
Last Modified: 2012-05-11
I have configured NLB on 2 servers using the local administrator account and everything works fine.
I have created another user and made it a member of the local administrators group but when this account is used, NLB does not show the 2nd server in the cluster, only itself. Error message is displayed at the bottom saying "Access denied. Error connection to SERV02"

Logged in as administrator I can see both servers in the cluster.
Any one have any suggestions?
0
Comment
Question by:vnetrixsupport
  • 6
  • 4
10 Comments
 
LVL 28

Expert Comment

by:bgoering
ID: 35447835
If this is not a domain account then you need to create the 2nd account on both servers using the same password. Then put it in the administrators group on both servers.

If you were to change the password for the administrator account on the 2nd server then it wouldn't work either.
0
 

Author Comment

by:vnetrixsupport
ID: 35465504
It is not part of a domain.

I have created the same user account with the same password on both servers and this 2nd account is a member of the administrators group on both servers.

Definately something to do with the 2nd account as when I log in with the administrator account everything works fine.

Logged in with the 2nd account, when i do START>RUN \\SERVER2\C$ it asks me for credentials and vice versa on the SERVER1 as well. Logged on with administrator I get access straight away.
0
 
LVL 28

Expert Comment

by:bgoering
ID: 35466520
What windows version?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 28

Expert Comment

by:bgoering
ID: 35466837
You might want to take a look at http://networking.nitecruzr.net/2005/06/file-sharing-under-windows-xp.html

This article talks about XP and Vista, but the concepts and processes are the same for setting this up between Windows 2003 (same as XP) and Windows 2008 (same as Vista). Without a domain infrastructure you need to set up the machines in a workgroup.
0
 

Author Comment

by:vnetrixsupport
ID: 35467400
Thanks for the links. Both servers are 2008STD.
0
 
LVL 28

Expert Comment

by:bgoering
ID: 35467692
Have they been set up in a workgroup?
0
 

Author Comment

by:vnetrixsupport
ID: 35467920
Yes they are in a workgroup. They are basically exactly the same setup as one another.
0
 
LVL 28

Accepted Solution

by:
bgoering earned 2000 total points
ID: 35468283
Thinking about this the issue is likely because the SID (Security IDentifier) behind the named account is different on each system while built in accounts (like administrator) have the same "well known" SID on each system. Thus when accessing the NLB manager when it connects to the other system with the Administrator account, because the SID for Administrator is the same on both systems, the access works. When accessing via the named user account the SID is different and unrecognzied, so the access to the other system fails.

To get around that you need named user accounts with identical SIDs. I am unaware of any tool that allows you to specify the SID when creating a user account. However, it MAY be possible to do programmatically but I wouldn't guarentee that to be the case.

What you can do is to create the first node, add the named user to the first node, then use some tool such as Ghost or Acronis to clone an exact copy (without sysprep) to the 2nd system. At this point you should be able to reconfigure the machine name, unique network settings, etc. on the 2nd system and create your NLB cluster. The cluster will be manageable by the named user because it will have the same SID as the original named user on the cloned system.

A few possibilities...
1. Continue to use Administrator for the task
2. Clone the machine as described above
3. Look for a tool or program to create users with identical SIDs
4. Upgrade to a domain infrastructure where a named domain account would have the same SID on all the machines in the domain

Good Luck
0
 

Author Comment

by:vnetrixsupport
ID: 35468431
Hey thanks for that - it makes perfect sense now and I will explore the options you have kindly provided.

Many thanks again!
0
 
LVL 28

Expert Comment

by:bgoering
ID: 35468442
You are welcome - hope it all works out for you
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question