none
DirectAccess Server Health Check URL RRS feed

  • Question

  • I am looking at using an external hardware load-balancer with a DirectAccess 2012 R2 implementation.  Besides an ICMP echo-reply, does anyone know of a specific URL I could plug in as a health check to determine the DA server availability.

    Thanks...

    Tuesday, December 9, 2014 2:46 PM

All replies

  • Hi There - the F5 LTM / GTM will do this natively - not sure about other HWLB such as Kemp but I would suggest they will have this ability.

    John Davies

    Tuesday, December 9, 2014 3:05 PM
  • We are using Kemp LoadMaster.  The virtual services for the NLS are using an https health check against each server in the cluster.  The virtual services for the DA connection are using a 443 TCP connection for the health check.  As John said, I'm sure most, if not all, load balance solutions will offer this functionality.
    Tuesday, December 9, 2014 4:44 PM
  • Hi,

    A subject I'm currently working on. IPHTTPS, it's only TCP443, it does not proove that DirectAccess works. Because i wanted to avoid to write complex check rules, I choose to rely on Powershell.

    A simple Get-RemoteAccessHealth -verbose | Where {$_.HealthState -ne "Disabled"} return status for all involved components (whatever your configuration). Each component can be OK or KO. I have a script that parse this result and write a simple text file with OK or KO. This file is designed to be consumed by the HLB Appliance throught IIS (available on the DirectAccess Gateway). With such approach, monitoring DirectAccess health is becoming easy.

    So your HLB applicance can detect if one of your DirectAccess Gateway is not operational (eg Failing OTP or expired certificate) and remove it from your pools.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Tuesday, December 9, 2014 5:16 PM
  • Top Marks Benoit - like the approach !

    J


    John Davies

    Tuesday, December 9, 2014 5:22 PM
  • Hi,

    I hope to have some time to publish a post on that subject. You can also use the same approach to manage service availability (OPENED/MAINTENANCE) to manage the patch management of your DirectAccess Gateway. Just a simple XML file to be consumed by the HLB. SCCM agent just have to configure the status before patching and update it after reboot.

    The only problem to manage at HLB level is the "false positive case" : What happend if XML file is not up to date? Simple, Always always start the powershell with by the XML file delete. If powershell script happend to hang or crash, HLB will detect that XML file is missing. Simple by design but business compliant!


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Tuesday, December 9, 2014 6:48 PM