Cluster issue following security tweaks (DISA Gold)

After applying several Default Domain policy tweaks from Sep-Oct 2008 DISA
Gold disk (a US Government security configuration/assesment tool), both of
our 2-node, active/passive, Windows 2003 sp2 Clusters started throwing errors
on restart or reboot.

We started seeing the following failures:
1) The cluster nodes could not communicate; the cluster network interfaces
showed "unavailable". Additionally the event log showed repeated series of 2
event ID 1107 (one for each NIC) and 1 1079, as described here:
http://support.microsoft.com/kb/317232, but failed to respond to the
Resolution listed.

2) Trying to start the service using the GUI yielded "Error 1067: The
process terminated unexpectedly."

Attempting to run cluster.exe from a CMD window resulted in a RPC "no
endpoints" error, which led me back to two of the DISA Golfd policy fixes:
-- RPC Endpoint mapper Client Authentication
-- Restriction for Unauthenticated RPC clients
Both are found under Computer Configuration -> Administrative Templates ->
System -> Remote Procedure Call.

Setting these two back to the "not configured" setting and forcing the
policy update immediately freed the clusters of the errors and allowed normal
startup.

Note: it's is possible (likely?) that only one of these policy items is
responsible for the problem, but in the interest of restoring service I
flipped them both back.

My reasons for posting this issue are two:
1) To document this for others who might encounter it, and
2) To ask if anyone has any insight into this: is there further
configuration that would allow the cluster to run correctly with these
enabled?

Did you contact support for this "package/tool" and ask them what their best
practices are for clustering ?



"GDKenoyer" <> wrote in message
news:180B1BC2-8E97-4CB7-96EF-...
> After applying several Default Domain policy tweaks from Sep-Oct 2008 DISA
> Gold disk (a US Government security configuration/assesment tool), both of
> our 2-node, active/passive, Windows 2003 sp2 Clusters started throwing
errors
> on restart or reboot.
>
> We started seeing the following failures:
> 1) The cluster nodes could not communicate; the cluster network interfaces
> showed "unavailable". Additionally the event log showed repeated series
of 2
> event ID 1107 (one for each NIC) and 1 1079, as described here:
> http://support.microsoft.com/kb/317232, but failed to respond to the
> Resolution listed.
>
> 2) Trying to start the service using the GUI yielded "Error 1067: The
> process terminated unexpectedly."
>
> Attempting to run cluster.exe from a CMD window resulted in a RPC "no
> endpoints" error, which led me back to two of the DISA Golfd policy fixes:
> -- RPC Endpoint mapper Client Authentication
> -- Restriction for Unauthenticated RPC clients
> Both are found under Computer Configuration -> Administrative Templates ->
> System -> Remote Procedure Call.
>
> Setting these two back to the "not configured" setting and forcing the
> policy update immediately freed the clusters of the errors and allowed
normal
> startup.
>
> Note: it's is possible (likely?) that only one of these policy items is
> responsible for the problem, but in the interest of restoring service I
> flipped them both back.
>
> My reasons for posting this issue are two:
> 1) To document this for others who might encounter it, and
> 2) To ask if anyone has any insight into this: is there further
> configuration that would allow the cluster to run correctly with these
> enabled?

Yep, a case has just been openned.

gdk

"Edwin vMierlo [MVP]" wrote:

> Did you contact support for this "package/tool" and ask them what their best
> practices are for clustering ?