Security Considerations (Server Clusters: Frequently Asked Questions for Windows 2000 and Windows Server 2003)
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Q. How do I update the cluster service account password?
A. The cluster service account on ALL nodes in the cluster must match to ensure that the intra-cluster communication can be successfully authenticated. The cluster service itself sends messages between cluster nodes under a variety of conditions and if any of those communications fail, the cluster node will be removed from the cluster (i.e. the cluster service will be stopped). It is not possible to determine when the cluster service will establish communication and therefore there is no clear window that allows the cluster service account to be changed in a reliable way while ensuring that the cluster remains running.
Windows 2000
On Windows 2000, the cluster account password can only be reliably changed using the following steps:
Stop the cluster service on ALL nodes in the cluster
Change the password of the cluster service account at the domain controller
Update the service control manager password on ALL cluster nodes
Re-start the cluster service on all the cluster nodes
Windows Server 2003
The cluster.exe command on Windows Server 2003 has the ability to change the cluster account password dynamically without shutting down the cluster service on any of the nodes. The cluster.exe command changes the domain account password and updates the service control manager account information about all nodes in the cluster.
Cluster /cluster:cluster_name1[,cluster_name2,]/changepassword*[:new_password[,old_password]]* [/skipdc] [/force] [/options]
For more information refer to the online help for Windows Server 2003.
Q. What other security considerations and best practices do I need to worry about for Server clusters?
A. For security best practices, see the online help for Windows Server 2003.