COMMAND

    IPSEC

SYSTEMS AFFECTED

    Windows 2000

PROBLEM

    Paolo Spinelli  found following.   He experienced  problems  using
    IPSEC within a clustered environment.  Both nodes have  IPSecurity
    enabled.  And IPSEC policy is "Require Security".  He applied same
    policy to the test client  and everything is working well,  but if
    you force  a fail-over  you can't  restablish a  valid SA with the
    node owning the failed resource.   The only way Paolo figured  out
    is to modify (or simply assign and unassign policy on the client).

SOLUTION

    This issue is addressed in

        http://support.microsoft.com/support/kb/articles/Q248/3/46.ASP