none
Problem adding a member to an UAG array RRS feed

  • Question

  • Do I need to follow a specific order to activate the array, NLB and DirectAccess ?

    I'm quite a bit disappointed. I've started a new installation of two server :2 UAG SP1 + (FOREFRONT TMG SP1 + UPDATE1)

    I 've validated the directaccess configuration on the first server server. everything worked find( teredo / IPHTTPS). So I decided to create an array and configure NLB. I'v followed these steps :http://technet.microsoft.com/en-us/library/ee191502.aspx

    The manager node is correctly configured but the second doesn't get the DirectAccess Configuration. The link with the configuration storage server is broken.It seems that as soon as apply the nlb configuration something goes wrong. It says that the intra-array configuration is not correctly configured. I check the configuration on TMG, everything is right.

    Do I miss something ?

    Thanks for your help.



    GuillaumeJ
    Thursday, December 16, 2010 11:35 AM

Answers

  • I'm back with this nice NLB incident and i've found something.

    My two UAG servers cannot register their NLB MAC correctly (a Microsoft case is open to know why), but the workaround is to use netsh ( not the ARP command) to register the mac correctly on my wW2K8 R2 SP1 server.

    the command :

    netsh interface ip add neighbors "INTERNAL Network" @IP @NLBMAC

    GuillaumeJ

     


    GuillaumeJ
    • Marked as answer by Gui J Thursday, June 16, 2011 8:24 PM
    Thursday, June 16, 2011 8:23 PM

All replies

  • Hi Guillaume,

    Yes, the order of the steps is very important.

    Do it in the Test Lab first and you'll see what you need to do.

    We have a Test Lab Guide for UAG RTM, and the steps for setting up NLB are the same:

    http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=7fb64cad-5dac-471a-9fbf-a6c9d03ffbad

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Thursday, December 16, 2010 4:14 PM
    Moderator
  • Hi Thomas,

    I restart the configuration. the standalone UAG server configured for DirectAcces server works nicely( TEREDO / IPHTTPS).

    I strictly follow the test lab guide to add my new DirectAccess server in the Array and to an NLB.

    My two servers are physical / 2 network cards / Windows 2008 R2 Ent / NLB in unicast. The GPO are correctly applicated.

    Here are the error event I received after application of the configuration :

    Event ID:      21273
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:     Description:
    Forefront TMG cannot determine array member's status. Therefore, any attempts to establish VPN site to site tunnels may not succeed. Forefront TMG will check array member's status periodically. When the array member's status can be determined, tunnels will be established, as necessary.

     Forefront TMG may not be able to determine array member's status for one of these reasons: the array member cannot successfully present credentials; the Firewall service is not responding; the intra-array communication is not functional.

    eventID 21272 :

    Log Name:      Application
    Source:        Microsoft Forefront TMG Control
    Date:          17/12/2010 12:06:28
    Event ID:      21257
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Description:
    Configuration changes made may result in loss of connectivity to the configuration storage server XXXXXXX and cannot be applied. This alert is caused by connectivity or authentication issues, or by Forefront TMG configuration settings. The error description is: The server is not operational.

     Log Name:      Application
    Source:        Microsoft Forefront TMG Control
    Date:          17/12/2010 12:06:28
    Event ID:      21271
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Description:
    Configuration changes saved to the configuration storage server could not be applied to Forefront TMG services. After 5 attempts to apply the changes, Forefront TMG postpones any new attempts to apply these changes, and will only renew attempts when a new configuration is saved to the configuration storage server. Recent alerts may indicate the reason for this failure.

    The NLB is correctly configured on the array manager. The new member revert his configuration to the old one.

    In the activation monitor. I have this message for the member node :configuration files could not be loaded from the TMG storage.

     


    GuillaumeJ
    Friday, December 17, 2010 11:35 AM
  • I'm back with this nice NLB incident and i've found something.

    My two UAG servers cannot register their NLB MAC correctly (a Microsoft case is open to know why), but the workaround is to use netsh ( not the ARP command) to register the mac correctly on my wW2K8 R2 SP1 server.

    the command :

    netsh interface ip add neighbors "INTERNAL Network" @IP @NLBMAC

    GuillaumeJ

     


    GuillaumeJ
    • Marked as answer by Gui J Thursday, June 16, 2011 8:24 PM
    Thursday, June 16, 2011 8:23 PM