Dear All,I would like to disable Kerberos Authentication on some of mine file servers which is member of 2003 domain, and only use NTLM on these servers. I prefer not to touch domain group policy and use only local group policy to avoid affecting other servers.Issue:Windows 2003 file servers, and running some high availability solution, i.e. ServerA with Name "Master" and ServerB with Name "Replica", on the system failure of "Master" we would like to redirect user traffic through updating DNS record on server and point the Master A record to Replica IP. I have applied the registry listed in http://support.microsoft.com/default.aspx/kb/281308, However, user still fail connecting to target "Replica" even after updating DNS, since user connecting to "Master" using Kerberos Authentication which prevent user connecting to "Replica" even after updateing DNS record. Client is running WinXP SP2We are trying to make it transparent to user as much as possible, so avoid asking user changing their network path.Any suggestion would be much appreciated!ThanksRoy

More info! User is mapping to file shareusing hostname "Master" but not IP address. ThanksRoy

Hello,in my opinion this does not belong to kerberos either to DNS. But for a real high availability solution use clustering, exact that what applies to your needs, 2 servers with a SAN attached where the data is located.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Weber,Thanks for your comments, however, the SAN storage and its accessory are quite pricey, comparing with two standard along servers.Moroever, there is a single point of failure on the shared storage, which is not ideal.Therefore, I would be good if I can find a way to disable kerberos on these servers.Thanks,RoyRoy

Hello,check this article about:http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Network/TemporarilydisablingKerberos.htmlBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Roy, I am afraid that it is not possible to disable Kerberos authentication. If I understand correctly, the share folders on both file servers are synchronized. You are looking for a method to redirect the user traffic to Replica when Master is down. My suggestion is you can implement DFS to meet the requirement. In this way, when the current target is unavailable, the client machine will automatically connect to the next available target. In addition, you can synchronize the share folders automatically via FRS (or DFS Replication if they are Windows Server 2003 R2). For more information about DFS, please refer to the following article: Distributed File System: Frequently Asked Questions http://www.microsoft.com/windowsserver2003/techinfo/overview/dfsfaq.mspx Thanks.