Using Kerberos in Windows 2000 Clustering

From: Shaun Rumbelow (shaun.rumbelow_at_sth.nhs.uk.donotspam)
Date: 09/20/04 

Date: Mon, 20 Sep 2004 03:37:05 -0700

Hi,

We have several clusters running Windows 2000 Advanced Server SP3. The
various clusters run Exchange 2000, SQL 2000 and File shares. KB235529
mentions that the clusters can use kerberos (if turned on) as stated below. I
also believe that Windows 2003 clustering has Kerberos turned on by default -
we are planning to upgrade some of the clusters to Windows 2003 and Exchange
2003.

My questions are:

1) Can 95 and 98 clients still use the cluster resources such as file shares
- can the clients still use LM rather than Kerberos? If so does this apply to
Windows 2000 and Windows 2003.
  
2) Am I correct in thinking that Exchange 2000 doesn't use kerberos and thus
kerberos couldn't be configured on the cluster servers? Does Exchange 2003
allow for kerberos and again can 9x clients use this.

Any help would be appreciated

KB235529
"This article describes the Kerberos authentication support for Windows
2000-based server clusters that has been added in Windows 2000 Service Pack 3
(SP3). With versions of Windows 2000 earlier than SP3, the Cluster service
does not publish Computer objects for virtual servers in Active Directory.
This means that virtual servers authenticate only by using NTLM or NTLM
version 2. With Windows 2000 SP3, you can configure virtual servers to permit
clients to authenticate by using the Kerberos authentication protocol. If
this is enabled, a Computer object is created for each corresponding Network
Name resource.

Kerberos authentication for the Network Name resource on which Microsoft
Exchange 2000 depends is not supported on a server cluster. Exchange 2000 was
not tested with the expectation that a cluster virtual server would support
Kerberos authentication; this configuration may not function properly. Future
versions of Exchange Server may take advantage of Kerberos authentication for
server clusters. " 

-- 
Thanks for your help
Shaun Rumbelowshaun.rumbelow@sth.nhs.uk.donotspam

Relevant Pages

  • RE: DST update for Exchange 2003 and Outlook 2003
    ... The Ldp GUI tool is included when you install Windows Server 2003 Support ... Microsoft CSS Online Newsgroup Support ... DST update for Exchange 2003 and Outlook 2003 ...
    (microsoft.public.exchange.admin)
  • RE: DST update for Exchange 2003 and Outlook 2003
    ... Majority of my users connect to Terminal Server and ... I also have users running on stand-alone PC's (Windows XP) ... run the Outlook Time Zone Data Update Tool or the Exchange calendar tool? ... 926666 Update for daylight saving time changes in 2007 for Exchange 2003 ...
    (microsoft.public.exchange.admin)
  • RE: Migrating from Win2k DCs to Win2k3 DCs; ADPrep question
    ... When you try to upgrade Windows 2000 DC to Windows 2003 while ... Exchange 2000 is installed. ... The reason is that Windows Server 2003 adprep ... 314649 Windows Server 2003 adprep /forestprep Command Causes Mangled ...
    (microsoft.public.windows.server.migration)
  • Re: upgrade from Win2k to win 2003 + exchange
    ... 842427 How to upgrade Exchange 2000 Server to Exchange Server 2003 in an ... 314649 Windows Server 2003 adprep /forestprep Command Causes Mangled ... > This is almost what I am looking for in order to upgrade our exchange 2000 ...
    (microsoft.public.exchange.setup)
  • Re: Need a good hardware cluster solution
    ... You don't need a third-party solution to use NLB and server clusters. ... Standard or Enterprise Edition of Exchange) and you can cluster back-end ... Windows Cluster Service found in Windows 2000 Advanced Server, ...
    (microsoft.public.exchange.admin)