Discussion:
Windows 2003 NLB Access Denied Adding Server To Cluster
(too old to reply)
Frank Lamb
2006-08-15 05:29:32 UTC
Permalink
Sorry this is so long, but I wanted to describe things I have tired to
get NLB working in Windows 2003.

Three servers involved:

WEBS1 - Windows 2003 Web Edition
WEBS2 - Windows 2003 Web Edition
SERVER - Windows 2003 Standard Edition, with active directory.

Both WEBS1 & WEBS2 are in the domain with SERVER, I login to the domain
on both machines as Administrator when doing stuff like NLB setup.

I have no problems or error messages on any of the servers regarding
NLB. I have configured WEBS1 with a cluster (it is the only member),
and we access the virtual IP Address for our websites - works fine.

I want to add WEBS2 into the cluster, but I receive a authentication
prompt when attempting to connect from WEBS1 or SERVER. The message states:

Specify the credentials of a user with administrative privileges on host
"webs2"

No matter what I enter, it will not accept it. I have tried as the
local WEBS2 admin and as the administrator for the domain... always get
the same prompt.

I tried enabling the NLB logging, but it does not log anything when I
get the accesses denied. It only logs items regarding changes to config
etc.

I found the following URL, which is quite detailed about
troubleshooting, while it is a couple of years old it was helpful.

http://download.microsoft.com/download/3/2/3/32386822-8fc5-4cf1-b81d-4ee136cca2c5/NLB_Troubleshooting_Guide.htm

I can ping between the machines no problem. I've actually got file
replication of websites working fine between WEBS1 & WEBS2 which works
without any issues.

I ran wbemtest.exe as directed in the URL above to test access between
the servers.

Click "Connect" and connect to "\\webs2\root\cimv2" namespace.

I get access denied doing this, which is at least consistent with the
result I see in NLB Manager.

The troubleshooting document states the problem could be RPC is not
enabled (I confirmed the service is running) or a firewall in between
the servers. There is no firewall involved as both are on the same
switch and use the 192.168.x.x address space.

I'm at a loss a this point, if anyone has a suggestion on how to further
trouble shoot this problem I would most appreciate hearing from you.
Rodney R. Fournier [MVP]
2006-08-15 14:55:01 UTC
Permalink
Are you saying Server is a Domain Controller? You have to test pings from a
client or non-NLB server, not from one of the nodes.

Cheers,

Rodney R. Fournier

MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Sorry this is so long, but I wanted to describe things I have tired to get
NLB working in Windows 2003.
WEBS1 - Windows 2003 Web Edition
WEBS2 - Windows 2003 Web Edition
SERVER - Windows 2003 Standard Edition, with active directory.
Both WEBS1 & WEBS2 are in the domain with SERVER, I login to the domain on
both machines as Administrator when doing stuff like NLB setup.
I have no problems or error messages on any of the servers regarding
NLB. I have configured WEBS1 with a cluster (it is the only member), and
we access the virtual IP Address for our websites - works fine.
I want to add WEBS2 into the cluster, but I receive a authentication
Specify the credentials of a user with administrative privileges on host
"webs2"
No matter what I enter, it will not accept it. I have tried as the local
WEBS2 admin and as the administrator for the domain... always get the same
prompt.
I tried enabling the NLB logging, but it does not log anything when I get
the accesses denied. It only logs items regarding changes to config etc.
I found the following URL, which is quite detailed about troubleshooting,
while it is a couple of years old it was helpful.
http://download.microsoft.com/download/3/2/3/32386822-8fc5-4cf1-b81d-4ee136cca2c5/NLB_Troubleshooting_Guide.htm
I can ping between the machines no problem. I've actually got file
replication of websites working fine between WEBS1 & WEBS2 which works
without any issues.
I ran wbemtest.exe as directed in the URL above to test access between the
servers.
Click "Connect" and connect to "\\webs2\root\cimv2" namespace.
I get access denied doing this, which is at least consistent with the
result I see in NLB Manager.
The troubleshooting document states the problem could be RPC is not
enabled (I confirmed the service is running) or a firewall in between the
servers. There is no firewall involved as both are on the same switch and
use the 192.168.x.x address space.
I'm at a loss a this point, if anyone has a suggestion on how to further
trouble shoot this problem I would most appreciate hearing from you.
Frank Lamb
2006-08-16 00:43:31 UTC
Permalink
Hi Rodney,

Yep, SERVER is a domain controller. I can ping between the three
servers in question and to any other computer on the network. I can
also ping from my workstation to any of the three servers without any
problem. There is no apparent communication problem between any of the
servers.

WEBS1 & WEBS2 both have dual NIC's configured as follows:

WEBS1 Nic #1 192.168.20.51
Nic #2 192.168.20.61
With virtual IP as 192.168.20.28

WEBS2 Nic #1 192.168.20.52
Nic #2 192.168.20.62
No virtual IP yet, as I can't get it in the cluster

SERVER Nic #1 192.168.20.22 <- Only one NIC, not in cluster.

WEBS1 & WEBS2 can not be domain controllers as they are Web edition, but
they are members of the domain. When I login to the webservers I login
as domain\administrator and my login is successfully validated against
the domain controller SERVER.

I can also successfully connect to shares on the servers without any
problem using the domain administrator account - which to me says I
should have access to administer the cluster on the local box.

I just don't know what else to look at right now... any tips?
Post by Rodney R. Fournier [MVP]
Are you saying Server is a Domain Controller? You have to test pings from a
client or non-NLB server, not from one of the nodes.
Cheers,
Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Sorry this is so long, but I wanted to describe things I have tired to get
NLB working in Windows 2003.
WEBS1 - Windows 2003 Web Edition
WEBS2 - Windows 2003 Web Edition
SERVER - Windows 2003 Standard Edition, with active directory.
Both WEBS1 & WEBS2 are in the domain with SERVER, I login to the domain on
both machines as Administrator when doing stuff like NLB setup.
I have no problems or error messages on any of the servers regarding
NLB. I have configured WEBS1 with a cluster (it is the only member), and
we access the virtual IP Address for our websites - works fine.
I want to add WEBS2 into the cluster, but I receive a authentication
Specify the credentials of a user with administrative privileges on host
"webs2"
No matter what I enter, it will not accept it. I have tried as the local
WEBS2 admin and as the administrator for the domain... always get the same
prompt.
I tried enabling the NLB logging, but it does not log anything when I get
the accesses denied. It only logs items regarding changes to config etc.
I found the following URL, which is quite detailed about troubleshooting,
while it is a couple of years old it was helpful.
http://download.microsoft.com/download/3/2/3/32386822-8fc5-4cf1-b81d-4ee136cca2c5/NLB_Troubleshooting_Guide.htm
I can ping between the machines no problem. I've actually got file
replication of websites working fine between WEBS1 & WEBS2 which works
without any issues.
I ran wbemtest.exe as directed in the URL above to test access between the
servers.
Click "Connect" and connect to "\\webs2\root\cimv2" namespace.
I get access denied doing this, which is at least consistent with the
result I see in NLB Manager.
The troubleshooting document states the problem could be RPC is not
enabled (I confirmed the service is running) or a firewall in between the
servers. There is no firewall involved as both are on the same switch and
use the 192.168.x.x address space.
I'm at a loss a this point, if anyone has a suggestion on how to further
trouble shoot this problem I would most appreciate hearing from you.
Rodney R. Fournier [MVP]
2006-08-16 14:27:42 UTC
Permalink
Call me slow today, but at this point (since you can ping) I am not sure
what your exact question/issue is. Can you restate it for the slow people in
the crowd?

Cheers,

Rodney R. Fournier

MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Post by Frank Lamb
Hi Rodney,
Yep, SERVER is a domain controller. I can ping between the three servers
in question and to any other computer on the network. I can also ping
from my workstation to any of the three servers without any problem.
There is no apparent communication problem between any of the servers.
WEBS1 Nic #1 192.168.20.51
Nic #2 192.168.20.61
With virtual IP as 192.168.20.28
WEBS2 Nic #1 192.168.20.52
Nic #2 192.168.20.62
No virtual IP yet, as I can't get it in the cluster
SERVER Nic #1 192.168.20.22 <- Only one NIC, not in cluster.
WEBS1 & WEBS2 can not be domain controllers as they are Web edition, but
they are members of the domain. When I login to the webservers I login as
domain\administrator and my login is successfully validated against
the domain controller SERVER.
I can also successfully connect to shares on the servers without any
problem using the domain administrator account - which to me says I should
have access to administer the cluster on the local box.
I just don't know what else to look at right now... any tips?
Post by Rodney R. Fournier [MVP]
Are you saying Server is a Domain Controller? You have to test pings from
a client or non-NLB server, not from one of the nodes.
Cheers,
Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Post by Frank Lamb
Sorry this is so long, but I wanted to describe things I have tired to
get NLB working in Windows 2003.
WEBS1 - Windows 2003 Web Edition
WEBS2 - Windows 2003 Web Edition
SERVER - Windows 2003 Standard Edition, with active directory.
Both WEBS1 & WEBS2 are in the domain with SERVER, I login to the domain
on both machines as Administrator when doing stuff like NLB setup.
I have no problems or error messages on any of the servers regarding
NLB. I have configured WEBS1 with a cluster (it is the only member), and
we access the virtual IP Address for our websites - works fine.
I want to add WEBS2 into the cluster, but I receive a authentication
Specify the credentials of a user with administrative privileges on host
"webs2"
No matter what I enter, it will not accept it. I have tried as the local
WEBS2 admin and as the administrator for the domain... always get the
same prompt.
I tried enabling the NLB logging, but it does not log anything when I get
the accesses denied. It only logs items regarding changes to config etc.
I found the following URL, which is quite detailed about troubleshooting,
while it is a couple of years old it was helpful.
http://download.microsoft.com/download/3/2/3/32386822-8fc5-4cf1-b81d-4ee136cca2c5/NLB_Troubleshooting_Guide.htm
I can ping between the machines no problem. I've actually got file
replication of websites working fine between WEBS1 & WEBS2 which works
without any issues.
I ran wbemtest.exe as directed in the URL above to test access between
the servers.
Click "Connect" and connect to "\\webs2\root\cimv2" namespace.
I get access denied doing this, which is at least consistent with the
result I see in NLB Manager.
The troubleshooting document states the problem could be RPC is not
enabled (I confirmed the service is running) or a firewall in between the
servers. There is no firewall involved as both are on the same switch
and use the 192.168.x.x address space.
I'm at a loss a this point, if anyone has a suggestion on how to further
trouble shoot this problem I would most appreciate hearing from you.
Frank Lamb
2006-08-17 01:08:57 UTC
Permalink
Sure, here is the problem in a nutshell.

I can't add a new server to the NLB cluster. When I attempt to add it,
I am asked for a username & password with permissions on the remote server.

From all testing I think I 'should' have permissions. I can't
determine if I don't have permissions, or if the problem is being caused
by some other issue.
Post by Rodney R. Fournier [MVP]
Call me slow today, but at this point (since you can ping) I am not sure
what your exact question/issue is. Can you restate it for the slow people in
the crowd?
Cheers,
Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Post by Frank Lamb
Hi Rodney,
Yep, SERVER is a domain controller. I can ping between the three servers
in question and to any other computer on the network. I can also ping
from my workstation to any of the three servers without any problem.
There is no apparent communication problem between any of the servers.
WEBS1 Nic #1 192.168.20.51
Nic #2 192.168.20.61
With virtual IP as 192.168.20.28
WEBS2 Nic #1 192.168.20.52
Nic #2 192.168.20.62
No virtual IP yet, as I can't get it in the cluster
SERVER Nic #1 192.168.20.22 <- Only one NIC, not in cluster.
WEBS1 & WEBS2 can not be domain controllers as they are Web edition, but
they are members of the domain. When I login to the webservers I login as
domain\administrator and my login is successfully validated against
the domain controller SERVER.
I can also successfully connect to shares on the servers without any
problem using the domain administrator account - which to me says I should
have access to administer the cluster on the local box.
I just don't know what else to look at right now... any tips?
Post by Rodney R. Fournier [MVP]
Are you saying Server is a Domain Controller? You have to test pings from
a client or non-NLB server, not from one of the nodes.
Cheers,
Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Post by Frank Lamb
Sorry this is so long, but I wanted to describe things I have tired to
get NLB working in Windows 2003.
WEBS1 - Windows 2003 Web Edition
WEBS2 - Windows 2003 Web Edition
SERVER - Windows 2003 Standard Edition, with active directory.
Both WEBS1 & WEBS2 are in the domain with SERVER, I login to the domain
on both machines as Administrator when doing stuff like NLB setup.
I have no problems or error messages on any of the servers regarding
NLB. I have configured WEBS1 with a cluster (it is the only member), and
we access the virtual IP Address for our websites - works fine.
I want to add WEBS2 into the cluster, but I receive a authentication
Specify the credentials of a user with administrative privileges on host
"webs2"
No matter what I enter, it will not accept it. I have tried as the local
WEBS2 admin and as the administrator for the domain... always get the
same prompt.
I tried enabling the NLB logging, but it does not log anything when I get
the accesses denied. It only logs items regarding changes to config etc.
I found the following URL, which is quite detailed about troubleshooting,
while it is a couple of years old it was helpful.
http://download.microsoft.com/download/3/2/3/32386822-8fc5-4cf1-b81d-4ee136cca2c5/NLB_Troubleshooting_Guide.htm
I can ping between the machines no problem. I've actually got file
replication of websites working fine between WEBS1 & WEBS2 which works
without any issues.
I ran wbemtest.exe as directed in the URL above to test access between
the servers.
Click "Connect" and connect to "\\webs2\root\cimv2" namespace.
I get access denied doing this, which is at least consistent with the
result I see in NLB Manager.
The troubleshooting document states the problem could be RPC is not
enabled (I confirmed the service is running) or a firewall in between the
servers. There is no firewall involved as both are on the same switch
and use the 192.168.x.x address space.
I'm at a loss a this point, if anyone has a suggestion on how to further
trouble shoot this problem I would most appreciate hearing from you.
James M.
2007-02-07 13:31:01 UTC
Permalink
Frank,

Any word on a fix for this? I am experiencing the same.

James
Post by Frank Lamb
Sure, here is the problem in a nutshell.
I can't add a new server to the NLB cluster. When I attempt to add it,
I am asked for a username & password with permissions on the remote server.
From all testing I think I 'should' have permissions. I can't
determine if I don't have permissions, or if the problem is being caused
by some other issue.
Post by Rodney R. Fournier [MVP]
Call me slow today, but at this point (since you can ping) I am not sure
what your exact question/issue is. Can you restate it for the slow people in
the crowd?
Cheers,
Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Post by Frank Lamb
Hi Rodney,
Yep, SERVER is a domain controller. I can ping between the three servers
in question and to any other computer on the network. I can also ping
from my workstation to any of the three servers without any problem.
There is no apparent communication problem between any of the servers.
WEBS1 Nic #1 192.168.20.51
Nic #2 192.168.20.61
With virtual IP as 192.168.20.28
WEBS2 Nic #1 192.168.20.52
Nic #2 192.168.20.62
No virtual IP yet, as I can't get it in the cluster
SERVER Nic #1 192.168.20.22 <- Only one NIC, not in cluster.
WEBS1 & WEBS2 can not be domain controllers as they are Web edition, but
they are members of the domain. When I login to the webservers I login as
domain\administrator and my login is successfully validated against
the domain controller SERVER.
I can also successfully connect to shares on the servers without any
problem using the domain administrator account - which to me says I should
have access to administer the cluster on the local box.
I just don't know what else to look at right now... any tips?
Post by Rodney R. Fournier [MVP]
Are you saying Server is a Domain Controller? You have to test pings from
a client or non-NLB server, not from one of the nodes.
Cheers,
Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Post by Frank Lamb
Sorry this is so long, but I wanted to describe things I have tired to
get NLB working in Windows 2003.
WEBS1 - Windows 2003 Web Edition
WEBS2 - Windows 2003 Web Edition
SERVER - Windows 2003 Standard Edition, with active directory.
Both WEBS1 & WEBS2 are in the domain with SERVER, I login to the domain
on both machines as Administrator when doing stuff like NLB setup.
I have no problems or error messages on any of the servers regarding
NLB. I have configured WEBS1 with a cluster (it is the only member), and
we access the virtual IP Address for our websites - works fine.
I want to add WEBS2 into the cluster, but I receive a authentication
Specify the credentials of a user with administrative privileges on host
"webs2"
No matter what I enter, it will not accept it. I have tried as the local
WEBS2 admin and as the administrator for the domain... always get the
same prompt.
I tried enabling the NLB logging, but it does not log anything when I get
the accesses denied. It only logs items regarding changes to config etc.
I found the following URL, which is quite detailed about troubleshooting,
while it is a couple of years old it was helpful.
http://download.microsoft.com/download/3/2/3/32386822-8fc5-4cf1-b81d-4ee136cca2c5/NLB_Troubleshooting_Guide.htm
I can ping between the machines no problem. I've actually got file
replication of websites working fine between WEBS1 & WEBS2 which works
without any issues.
I ran wbemtest.exe as directed in the URL above to test access between
the servers.
Click "Connect" and connect to "\\webs2\root\cimv2" namespace.
I get access denied doing this, which is at least consistent with the
result I see in NLB Manager.
The troubleshooting document states the problem could be RPC is not
enabled (I confirmed the service is running) or a firewall in between the
servers. There is no firewall involved as both are on the same switch
and use the 192.168.x.x address space.
I'm at a loss a this point, if anyone has a suggestion on how to further
trouble shoot this problem I would most appreciate hearing from you.
Chuck Timon [Microsoft]
2007-02-08 06:00:34 UTC
Permalink
This post might be inappropriate. Click to display it.
Loading...