DirectAccess with external NLB wizard failing
-
Friday, December 21, 2012 3:23 PM
Windows Server 2012 Direct Access with External NLB
Hi! (Yaniv Naor and Shuresh Chandra, please reply)
I'm trying to implement this at a customer site and I'm having a hard time finding documentation and solutions. The wizard is failing:
"Required IP addresses have not been provided. Specify at least 123.123.123.123 as InternetVirtualIPAddress."
Here is what I've done:
Windows 2012 Server DA1 installed with Remote Access Role and Direct Access is working fine (tested). Two network cards, one external and one Internal. Installed in Edge mode. Internal IP 10.10.10.10 External IP 123.123.123.120
Windows 2012 Server DA2 installed with Remote Access Role installed. Not configured. Internal IP 10.10.10.10 External IP 123.123.123.121
The IP address 123.123.123.123 is an available IP address given during the wizard when it asks for External DIP.
I have several questions:
1. Why is the wizard asking for External and Internal DIP when I am using an external NLB? The server should not bother with these settings since all virtual/dedicated IPs are handled by the External NLB.
2. I have to provide an external DIP for during the wizard. It says that my current primary DIP (the one set on the external network card) will be used as the cluster VIP. Again referring to Q1. How am I going to get the wizard to leave these addresses alone? The Cluster VIP is already taken on the External NLB box with IP 123.123.123.200.
3. In my current configuration, what IPs should I input in the wizard to make this work?
I've read through the following workarounds which was necessary to make the wizard run at all:
http://gallery.technet.microsoft.com/scriptcenter/Workaround-for-DirectAccess-a8e7aa8b
Are there any ways to manually implement the external NLB through PowerShell?
Thank you for any help. It seems we are among the very first to implement this.
Emil Rakoczy
CompTIA Security+, EUCIP Operate CiscoCNA(Expired), HP ASE (Expired) Checkpoint CSA, Novell CNA MCSA 2000:Security 2003:Security MCSE NT4 MCSE 2000:Security 2003:Security MCTS - Configuring: Windows 7&Vista, Applications & Network Infrastructure, Active Directory, SBS 2011, 2008 R2 Server & Desktop Virtualization MCITP - 2008 Server & Enterprise Administration, R2 Virtualization Administration MCT 2002-2012
All Replies
-
Wednesday, December 26, 2012 5:56 PM
Ive found out some things by myself.
1. The wizard is asking for an internal Dedicated IP addresse because it weill asume that the IP you have set on your EXTERNAL NIC will continue to be the address you will use for the cluster. In other words, the point of contact that you have already distributed to all your clients. Not a bad idea, but in my case a huge hassle. It will save you the trouble of recreating A records in the DNS if you've used a DNS name af a point of contact, or recreating certificates for your external IP etc etc..
Anyhow. I don't understand why the wizard has to be so wizardish. It's what I hated about wizards when they first showed up in Windows 95. They take away control during configuration. I want the wizard to ask me if I want to change the external/internal IPs of the current DA box, and instead tell me that I must remember to set an external IP on my NLB box . The way it is today is just not working.
2. Haven't found any ways here to override the wizard yet. And I don't understand what the internal VIP is going to do exactly. Are they going to cluster themselves internally? Confused.
3. I'm waiting with the configuration. The Workaround broke my solution.
How to correct a broken DA solution? Go into the Remote Access console. Select Remove Configuration. It deletes all GPOs etc. Run the setup wizard again to recreate a new configuration from scratch. Takes only 4-5 minutes and leaves the rest of the installation intact (roles, certificates etc).
I have contacted MS on this matter, awaiting an answer. Will keep you posted.
Emil
CompTIA Security+, EUCIP Operate CiscoCNA(Expired), HP ASE (Expired) Checkpoint CSA, Novell CNA MCSA 2000:Security 2003:Security MCSE NT4 MCSE 2000:Security 2003:Security MCTS - Configuring: Windows 7&Vista, Applications & Network Infrastructure, Active Directory, SBS 2011, 2008 R2 Server & Desktop Virtualization MCITP - 2008 Server & Enterprise Administration, R2 Virtualization Administration MCT 2002-2012
-
Friday, February 08, 2013 3:07 PMDid you have any result? Ive got the same error. Im trying to use Windows load balancing on the internal and external nics
-
Friday, February 08, 2013 8:11 PM
Nothing and nobody seems to care. :/ Had to drop putting up a second DA server.
Emil
CompTIA Security+, EUCIP Operate CiscoCNA(Expired), HP ASE (Expired) Checkpoint CSA, Novell CNA MCSA 2000:Security 2003:Security MCSE NT4 MCSE 2000:Security 2003:Security MCTS - Configuring: Windows 7&Vista, Applications & Network Infrastructure, Active Directory, SBS 2011, 2008 R2 Server & Desktop Virtualization MCITP - 2008 Server & Enterprise Administration, R2 Virtualization Administration MCT 2002-2012
-
Friday, February 08, 2013 8:57 PM
I found this but I cant get it to work
http://gallery.technet.microsoft.com/scriptcenter/Workaround-for-DirectAccess-8af8fb1c
Basically I think you need forced tunnelling on. I don't know if I enable it then disable it I may be able to get the config in?
What did MS come back to you with? Do you have support?
I'm going to log a call with them if I cant get it fixed
-
Friday, February 08, 2013 10:31 PM
It makes no sense to demand forced tunelling in order to get NLB to work. Force tunelling is just forcing all network traffic from the clients to go through the DA server. Ie. absolutlely all traffic, even internet surfing.
Haven't heard anything from MS no, the support case supposedly was logged by the customer itself. Don't think it was done.
To me it just looks like an unfinished feature, and they didn't need to do anything because it's seldom used. Please do log a case at MS and tell me if you find out anything :)
Emil
CompTIA Security+, EUCIP Operate CiscoCNA(Expired), HP ASE (Expired) Checkpoint CSA, Novell CNA MCSA 2000:Security 2003:Security MCSE NT4 MCSE 2000:Security 2003:Security MCTS - Configuring: Windows 7&Vista, Applications & Network Infrastructure, Active Directory, SBS 2011, 2008 R2 Server & Desktop Virtualization MCITP - 2008 Server & Enterprise Administration, R2 Virtualization Administration MCT 2002-2012
-
Friday, February 15, 2013 5:20 PM
There have been some hotfixes for 2012 DA, one of which might be relevant to the issue described:
http://support.microsoft.com/kb/2748603
http://www.evrenbanger.com/2013/01/directaccess-hotfix-summary/
-
Monday, February 18, 2013 8:09 AM
Hi,
I have Created Step by Step Video on Windows Server 2012 Direct Access in a Cluster with Windows NLB and wants
to share with all.Windows Server 2012 Direct Access in a Cluster with Windows NLB Part 1
http://www.youtube.com/watch?v=8N8Uf_r7GPg
Windows Server 2012 Direct Access in a Cluster with Windows NLB Part 2
http://www.youtube.com/watch?v=xb8onRKZvqI
Hope this will help
-
Monday, February 18, 2013 8:18 AM
Hi,
I have Created Step by Step Video on Windows Server 2012 Direct Access in a Cluster with Windows NLB and wants
to share with all.Windows Server 2012 Direct Access in a Cluster with Windows NLB Part 1
http://www.youtube.com/watch?v=8N8Uf_r7GPg
Windows Server 2012 Direct Access in a Cluster with Windows NLB Part 2
http://www.youtube.com/watch?v=xb8onRKZvqI
Hope this will help
-
Monday, March 18, 2013 10:11 AM
Hello,
I'd the same issue. First of all you need to copy the script for the NLB towards a text file for editing.
Mentioned here: http://technet.microsoft.com/en-us/library/jj134175.aspx
But additionally, you need to add the second internet address as well, in the command line.
Then it worked fine for me
.png)
