Windows NLB clustering and SIDs

A colleague has been working to set up a MS NLB cluster for a set of .NET machines. As is our standard practice, these are created as ESX VMs, and for convenience, we create them based on our standard template. Then the VMware guest customization process runs, and we have a VM we can turn over to the application team.

The problem in this case (the reason I'm involved in a Windows issue) is that NLB wasn't starting. There were various false-starts with configuration items randomly disappearing (why is only one of the NICs in the selection box on this system?).

Somehow, it was suggested that maybe the reason NLB wouldn't start was because the SID of the two VMs was the same. Of course, no, since we run the guest customization which does a NewSID(1m). That'd be impossible.

But it turns out that the SIDs were the same, popping the machines out of the domain and newsid'ing them resolved the issue. Whod'a thunk?

On further reflection, the system's SID is probably the best option for a locally-unique identifier to use to map the loadbalancing traffic via NLB. There has to be some way for all the cluster members to agree on who cares about which packets, so why not use the SID as part of the hash function? Makes perfect sense, since SIDs are, of course, unique.