if the External NIC goes down
We have 2 ISA 2006 Enterprise in an array, I guess by design if the External NIC of any array member goes down the internal VIP user are connecting to will still try to send traffic to that ISA server because it doesn’t know the external NIC is down, that creates timeouts for web request for cretin users… is there any solution for this?
I was thinking of a script that will ping some external ip’s and if it times out it will automatically do a Drain and Stop on that ISA server so it fails over to the other array member… is there a script out there already? can this be done?
Please Help!
Answers
You get the 502 bad gateway for the intra-array IP because of server-side CARP. Each array member will query its peers every so often to determine their status as well as for content which CARP determines the content is held by another ISA. If that ISA is unresponsive, ISA will log a 502 for that request.
302 response is probably correct, depending on the cahe contents and the upstream site.
Are you sure NLB is operating properly?
What do you get when you run 'wlbs display' in a comand window?
Jim Harrison Forefront Edge CS- Marked As Answer byAshvini Singhal - MSFTOwnerWednesday, November 26, 2008 8:07 PM
All Replies
- Hi,
the ISA NLB mechanism is aware when the external NIC connection goes down. NLB handles this. You doesn't need to scriot something when the internal and external NICs are NLB enabled.
regards Marc
www.nt-faq.de
www.it-training-grote.de in my tests if i disabled the external NIC or unplugged the cable NLB was still sending traffic to that array member
Hello Joes12,
Do we have NLB enabled on both interface of the ISA server? If yes, then what Marc informed is absolutely true and the ISA Integrated NLB should take care of this. However, if you have NLB only on the internal network, then the external interfaces are not registered with NLB service and the outbound traffic from the internal clients may still hit that paricular node which has it's external NIC down.
Is is always recommended to have NLB on both Networks.
I am not sure if we have a readymade script available, however you can use connectivity verifiers on the ISA server to send traffic to an External IP (any external website like www.msn.com) and if the connectivity verifiers times out you can configure it to generate an alert, which can take an action like stop a service (e.g. firewall service), or run an executable.
But this process will not be full-proof. What if the IP that the connectivity verifiers is connecting to is down at any moment OR if you have configured to send request to any website by it's hostname, and the DNS stops working for some reason. In all these situation, the connectivity verifiers will fail and take an action (as programmed). This will make the traffic to stop passing through this server even though there is no issues with the NIC card.
Same will even be true for any script that you can come up with.Regards,
Ashvini Singhal
MSFT- Hi,
how much packets are arriving the disconnected NIC? With the NIC disabled or cable unplugged your connection to the internet should be established without problems - Is this true?.
I tried the same in my test environment and Internet is still accessable when one interface is down.
regards Marc
www.nt-faq.de
www.it-training-grote.de - I have NLB enabled on both interfaces, when i disable the external NIC i get these results
in the browser i get
- Error Code: 502 Proxy Error. An address has not yet been associated with the network endpoint. (1228)
- IP Address: 74.125.45.104
- Date: 11/7/2008 4:04:38 PM [GMT]
- Server:
- Source: proxy
in ISA logging i can see that it dose go to other server but the HTTP Status Codes are
302 Moved Temporarily: from the client ip to desination ip
and
502 Bad Gateway : from the client ip to the intra-array ip - btw, if i configure a connectivity verifier and lets say shut the service with a no connectivity alert then it still wont failover the right way stoping the service is not the same as a Drain and Stop (which i think removes it from NLB) which the alert cant do! also if the service is stopped it will have to be started manually since the connectivity verifier needs to be able to get out to check if the internet connection is back up since it cant get out if the service is stopped....
You get the 502 bad gateway for the intra-array IP because of server-side CARP. Each array member will query its peers every so often to determine their status as well as for content which CARP determines the content is held by another ISA. If that ISA is unresponsive, ISA will log a 502 for that request.
302 response is probably correct, depending on the cahe contents and the upstream site.
Are you sure NLB is operating properly?
What do you get when you run 'wlbs display' in a comand window?
Jim Harrison Forefront Edge CS- Marked As Answer byAshvini Singhal - MSFTOwnerWednesday, November 26, 2008 8:07 PM
- ok below is the results of the wlbs display command, i ran this command after i unplugged the cable of the external NIC.. im not sure what i'm looking for...
WLBS Cluster Control Utility V2.4 (c) 1997-2003 Microsoft Corporation.
Cluster 192.168.254.210
=== Configuration: ===
Current time = 11/10/2008 11:34:20 AM
ParametersVersion = 4
VirtualNICName =
AliveMsgPeriod = 1000
AliveMsgTolerance = 5
NumActions = 100
NumPackets = 200
NumAliveMsgs = 66
ClusterNetworkAddress = 02-bf-c0-a8-fe-d2
ClusterName = External
ClusterIPAddress = 192.168.254.210
ClusterNetworkMask = 255.255.255.0
DedicatedIPAddress = 192.168.254.11
DedicatedNetworkMask = 255.255.255.0
HostPriority = 2
ClusterModeOnStart = STOPPED
PersistedStates = SUSPENDED
DescriptorsPerAlloc = 512
MaxDescriptorAllocs = 512
TCPConnectionTimeout = 60
IPSecConnectionTimeout = 86400
FilterICMP = DISABLED
ScaleSingleClient = 0
NBTSupportEnable = 1
MulticastSupportEnable = 0
MulticastARPEnable = 1
MaskSourceMAC = 1
IGMPSupport = DISABLED
IPtoMcastIP = ENABLED
McastIPAddress = 0.0.0.0
NetmonAliveMsgs = 0
EffectiveVersion = V2.1
IPChangeDelay = 60000
IPToMACEnable = 1
ConnectionCleanupDelay = 300000
RemoteControlEnabled = 0
RemoteControlUDPPort = 2504
RemoteControlCode = 0x0
RemoteMaintenanceEnabled = 0x0
CurrentVersion = V2.4
InstallDate = 0x490A03B2
VerifyDate = 0x0
NumberOfRules = 1
BDATeaming = ENABLED
TeamID = {5601BF8D-2D28-46D2-B4DC-0983B2B6532E}
Master = DISABLED
ReverseHash = DISABLED
IdentityHeartbeatPeriod = 10000
IdentityHeartbeatEnabled = ENABLED
PortRules
Virtual IP addr Start End Prot Mode Pri Load Affinity
ALL 0 65535 Both Multiple Equal S
=== Event messages: ===
#1490 ID: 0x4007004B Type: 4 Category: 0 Time: 11/10/2008 11:16:50 AM
NLB Cluster 192.168.100.210 : Current NLB host state successfully updated in the registry.000C0000 005A0004 00000000 4007004B 00000000 00000000 00000000 00000000
00000000 00000000 000803DD 00000000 00000000#1488 ID: 0x40070006 Type: 4 Category: 0 Time: 11/10/2008 11:16:50 AM
NLB Cluster 192.168.100.210 : Cluster mode stopped.000C0000 005A0004 00000000 40070006 00000000 00000000 00000000 00000000
00000000 00000000 00053377 00000000 00000000#1483 ID: 0x40070045 Type: 4 Category: 0 Time: 11/10/2008 11:16:35 AM
NLB Cluster 192.168.254.210 : Initiating convergence on host 2. Reason: Host 3 is leaving the cluster.000C0000 005A0004 00000000 40070045 00000000 00000000 00000000 00000000
00000000 00000000 00060BD1 00000000 00000000#1480 ID: 0x4007001D Type: 4 Category: 0 Time: 11/10/2008 10:49:35 AM
NLB Cluster 192.168.254.210 : Host 2 converged as DEFAULT host with host(s) 2,3 as part of the cluster.000C0000 005A0004 00000000 4007001D 00000000 00000000 00000000 00000000
00000000 00000000 00061532 00000000 00000000#1478 ID: 0x4007003F Type: 4 Category: 0 Time: 11/10/2008 10:49:29 AM
NLB Cluster 192.168.254.210 : Initiating convergence on host 2. Reason: Host 3 is joining the cluster.000C0000 005A0004 00000000 4007003F 00000000 00000000 00000000 00000000
00000000 00000000 00060A7D 00000000 00000000#1476 ID: 0x4007003A Type: 4 Category: 0 Time: 11/10/2008 10:49:20 AM
NLB Cluster 192.168.100.210 : Consistent bi-directional affinity (BDA) teaming configuration detected again. The team in which this cluster participates has been re-activated.000C0000 005A0004 00000000 4007003A 00000000 00000000 00000000 00000000
00000000 00000000 00050735 00000000 00000000#1474 ID: 0x4007001C Type: 4 Category: 0 Time: 11/10/2008 10:49:19 AM
NLB Cluster 192.168.100.210 : Host 2 converged with host(s) 2,3 as part of the cluster.000C0000 005A0004 00000000 4007001C 00000000 00000000 00000000 00000000
00000000 00000000 00061550 00000000 00000000#1472 ID: 0x4007001D Type: 4 Category: 0 Time: 11/10/2008 10:49:16 AM
NLB Cluster 192.168.254.210 : Host 2 converged as DEFAULT host with host(s) 2 as part of the cluster.000C0000 005A0004 00000000 4007001D 00000000 00000000 00000000 00000000
00000000 00000000 00061532 00000000 00000000#1470 ID: 0xC0070037 Type: 1 Category: 0 Time: 11/10/2008 10:49:13 AM
NLB Cluster 192.168.100.210 : Inconsistent bi-directional affinity (BDA) teaming configuration detected on host 3. The team in which this cluster participates will be marked inactive and this cluster will remain in the converging state until consistent teaming configuration is detected.000C0000 005A0004 00000000 C0070037 00000000 00000000 00000000 00000000
00000000 00000000 00060A18 00000000 00000000#1468 ID: 0x4007004B Type: 4 Category: 0 Time: 11/10/2008 10:49:13 AM
NLB Cluster 192.168.100.210 : Current NLB host state successfully updated in the registry.000C0000 005A0004 00000000 4007004B 00000000 00000000 00000000 00000000
00000000 00000000 000803DD 00000000 00000000
=== IP configuration: ===
Windows IP Configuration
Host Name . . . . . . . . . . . . : ServerName
Primary Dns Suffix . . . . . . . : Domain
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Domain
Ethernet adapter Internal:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 02-BF-C0-A8-64-D2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.210
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.100.109
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.100.118
Ethernet adapter External:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2
Physical Address. . . . . . . . . : 02-BF-C0-A8-FE-D2
=== Current state: ===
Host 2 is disconnected from the network.
Cluster 192.168.100.210
=== Configuration: ===
Current time = 11/10/2008 11:34:20 AM
ParametersVersion = 4
VirtualNICName =
AliveMsgPeriod = 1000
AliveMsgTolerance = 5
NumActions = 100
NumPackets = 200
NumAliveMsgs = 66
ClusterNetworkAddress = 02-bf-c0-a8-64-d2
ClusterName = Internal
ClusterIPAddress = 192.168.100.210
ClusterNetworkMask = 255.255.255.0
DedicatedIPAddress = 192.168.100.109
DedicatedNetworkMask = 255.255.255.0
HostPriority = 2
ClusterModeOnStart = STOPPED
PersistedStates = SUSPENDED
DescriptorsPerAlloc = 512
MaxDescriptorAllocs = 512
TCPConnectionTimeout = 60
IPSecConnectionTimeout = 86400
FilterICMP = DISABLED
ScaleSingleClient = 0
NBTSupportEnable = 1
MulticastSupportEnable = 0
MulticastARPEnable = 1
MaskSourceMAC = 1
IGMPSupport = DISABLED
IPtoMcastIP = ENABLED
McastIPAddress = 0.0.0.0
NetmonAliveMsgs = 0
EffectiveVersion = V2.1
IPChangeDelay = 60000
IPToMACEnable = 1
ConnectionCleanupDelay = 300000
RemoteControlEnabled = 0
RemoteControlUDPPort = 2504
RemoteControlCode = 0x0
RemoteMaintenanceEnabled = 0x0
CurrentVersion = V2.4
InstallDate = 0x48ECCC90
VerifyDate = 0x0
NumberOfRules = 1
BDATeaming = ENABLED
TeamID = {5601BF8D-2D28-46D2-B4DC-0983B2B6532E}
Master = ENABLED
ReverseHash = DISABLED
IdentityHeartbeatPeriod = 10000
IdentityHeartbeatEnabled = ENABLED
PortRules
Virtual IP addr Start End Prot Mode Pri Load Affinity
ALL 0 65535 Both Multiple Equal S
=== Event messages: ===
#1490 ID: 0x4007004B Type: 4 Category: 0 Time: 11/10/2008 11:16:50 AM
NLB Cluster 192.168.100.210 : Current NLB host state successfully updated in the registry.000C0000 005A0004 00000000 4007004B 00000000 00000000 00000000 00000000
00000000 00000000 000803DD 00000000 00000000#1488 ID: 0x40070006 Type: 4 Category: 0 Time: 11/10/2008 11:16:50 AM
NLB Cluster 192.168.100.210 : Cluster mode stopped.000C0000 005A0004 00000000 40070006 00000000 00000000 00000000 00000000
00000000 00000000 00053377 00000000 00000000#1483 ID: 0x40070045 Type: 4 Category: 0 Time: 11/10/2008 11:16:35 AM
NLB Cluster 192.168.254.210 : Initiating convergence on host 2. Reason: Host 3 is leaving the cluster.000C0000 005A0004 00000000 40070045 00000000 00000000 00000000 00000000
00000000 00000000 00060BD1 00000000 00000000#1480 ID: 0x4007001D Type: 4 Category: 0 Time: 11/10/2008 10:49:35 AM
NLB Cluster 192.168.254.210 : Host 2 converged as DEFAULT host with host(s) 2,3 as part of the cluster.000C0000 005A0004 00000000 4007001D 00000000 00000000 00000000 00000000
00000000 00000000 00061532 00000000 00000000#1478 ID: 0x4007003F Type: 4 Category: 0 Time: 11/10/2008 10:49:29 AM
NLB Cluster 192.168.254.210 : Initiating convergence on host 2. Reason: Host 3 is joining the cluster.000C0000 005A0004 00000000 4007003F 00000000 00000000 00000000 00000000
00000000 00000000 00060A7D 00000000 00000000#1476 ID: 0x4007003A Type: 4 Category: 0 Time: 11/10/2008 10:49:20 AM
NLB Cluster 192.168.100.210 : Consistent bi-directional affinity (BDA) teaming configuration detected again. The team in which this cluster participates has been re-activated.000C0000 005A0004 00000000 4007003A 00000000 00000000 00000000 00000000
00000000 00000000 00050735 00000000 00000000#1474 ID: 0x4007001C Type: 4 Category: 0 Time: 11/10/2008 10:49:19 AM
NLB Cluster 192.168.100.210 : Host 2 converged with host(s) 2,3 as part of the cluster.000C0000 005A0004 00000000 4007001C 00000000 00000000 00000000 00000000
00000000 00000000 00061550 00000000 00000000#1472 ID: 0x4007001D Type: 4 Category: 0 Time: 11/10/2008 10:49:16 AM
NLB Cluster 192.168.254.210 : Host 2 converged as DEFAULT host with host(s) 2 as part of the cluster.000C0000 005A0004 00000000 4007001D 00000000 00000000 00000000 00000000
00000000 00000000 00061532 00000000 00000000#1470 ID: 0xC0070037 Type: 1 Category: 0 Time: 11/10/2008 10:49:13 AM
NLB Cluster 192.168.100.210 : Inconsistent bi-directional affinity (BDA) teaming configuration detected on host 3. The team in which this cluster participates will be marked inactive and this cluster will remain in the converging state until consistent teaming configuration is detected.000C0000 005A0004 00000000 C0070037 00000000 00000000 00000000 00000000
00000000 00000000 00060A18 00000000 00000000#1468 ID: 0x4007004B Type: 4 Category: 0 Time: 11/10/2008 10:49:13 AM
NLB Cluster 192.168.100.210 : Current NLB host state successfully updated in the registry.000C0000 005A0004 00000000 4007004B 00000000 00000000 00000000 00000000
00000000 00000000 000803DD 00000000 00000000
=== IP configuration: ===
Windows IP Configuration
Host Name . . . . . . . . . . . . : ServerName
Primary Dns Suffix . . . . . . . : Domain
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Domain
Ethernet adapter Internal:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 02-BF-C0-A8-64-D2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.210
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.100.109
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.100.118
Ethernet adapter External:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2
Physical Address. . . . . . . . . : 02-BF-C0-A8-FE-D2
=== Current state: ===
Host 2 is stopped and does not know convergence state of the cluster.
- HI Joes12,
Have you tried http://support.microsoft.com/default.aspx/kb/891992 and disabled DHCPMediaSense?
Add or modify DisableDHCPMediaSense with a value of 1.
DisableDHCPMediaSense
\HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services
\Tcpip
\Parameters
\DisableDHCPMediaSense
Regards
MS
Regards MS
