locked
UAG Web farms dont work. Verifiers dont use the host header RRS feed

  • Question

  • Hi all,

    I just want to explain my problem in detail, as it seems to me that this is a UAG problem.

    server1 - 192.168.1.10 has IIS and  hosts a website with the host name site1.contoso.com on port 80

    We create an Application in UAG (portal hostname), and select to use Web Farm

    WE define in  the servers tab: IP address 192.168.1.10, select Replace the host header with the following (site1.contoso.com), and define the public host name as site1.contoso.com. The testing of the farm is done with HTTP GET.

    This does not work. The farm verifier is checking the ip address 192.168.1.10 with out using the host header. When you try to access the app u are presented with the error that no webfarm servers are available.

    Also if u check the TMG Connectivety Verifier, you can see that TMG is using the IP address and not the hostheader for checking the connectivety.

    Then we set to use PING for verifing the farm, and every thing works.

    Can some help me, are we making some mistakes in the configuration or is this a UAG bug.

    Thanks

    Zarko

     

    Thursday, December 15, 2011 12:47 PM

All replies

  • Why don't you use FQDNs in the servers tab?

    Is IIS configured to support the FQDN of the server in the host header field?

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, December 15, 2011 12:50 PM
  • HI Jason,

    this was just and example, if I have 2 servers that host the same site with the same hostname

    server1 - 192.168.1.10  hostname site1.contoso.com

    server2 - 192.168.1.11 hostname site1.contoso.com

    The only way i cant achive this is to use a physical NLB like Cisco NLB (i create a VIP and then a DNS A record pointing to that IP), or to use UAG - which doesnt work.

    Thanks

    Zarko

    Thursday, December 15, 2011 12:55 PM
  • Have you been through the examples here: http://technet.microsoft.com/en-us/library/dd857356.aspx

    In some scenarios, I have had to avoid using HTTP GET verifiers and change to the Establish a TCP connection option but that tends to only occur when using the same SSL certificate (with a shared common name of site1.contoso.com) on the SharePoint servers and the cert doesn't have the server FQDN defined as a SAN; it often depends on the SPS/IIS setup and SSL certificates involved on the SharePoint side.

    In your example, you could try using server1.internaldns.com and server2.internaldns.com in the servers tab and then use the Replace the host header option with web farm name = site1.contoso.com - maybe you could try that?

    It would be useful to understand if SharePoint is using HTTP or HTTPS and how you currently have the application defined in UAG...

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, December 15, 2011 1:10 PM
  • Hi Jason,

    Ill try the TCP connection, but this is more a general question, as it seems that this is a UAG bug, im just publishing a web site that is hosted on two servers on HTTP, no SSL or anything, and it doesnt work.

    IT just weard for me that no one from Microsoft tested this to see if it works. Or I doing something wrong?

    Thanks

    Thursday, December 15, 2011 1:24 PM
  • I would try using my example or one of the walkthroughs define in the link above.

    It think you just need to understand how UAG needs to be configured for SharePoint (no offence).

    P.S. The TCP connection is applicable when using SSL with certain certificate name limitations, so probably ignore that for now if you are using HTTP on SharePoint.

    As I said, provide some more detail on what you have done in UAG and how SPS is configured - this makes it easier to be specific...

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, December 15, 2011 1:41 PM
  • Thanks Jason,

    But im not publishing SharePoint. Im just publishing a website that is hosted on two servers. To access the site u need to use the hostheader. I dont have the hostheader value defined in DNS. When i set the farm to use PING it works, when i set to use HTTP GET it doesnt.

    Zarko

    Thursday, December 15, 2011 1:54 PM
  • Sorry <blush> it sounds like a typical SharePoint scenario, so the same theory should apply; SharePoint has the same host header requirements for example.

    If you are having problems with name resolution, you can use the hosts file on the UAG server as a simple workaround for testing...

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, December 15, 2011 2:03 PM
  • No worries Jason.

    Ill see what i can do.

    Thanks

    Zarko

    Thursday, December 15, 2011 2:14 PM