locked
UAG 2010 SP2 - DirectAccess Array Prerequisite Issue RRS feed

  • Question

  • Hello,

    I'm stumped.

    I have a 2-node UAG 2010 SP2 array using external load balancing. When I run the DA Server Config Wizard, and choose External Load Balancing, I get the following error message:

    The UAG DirectAccess server requires an IPv4 or IPv6 address on the internal-facing interface. Configure an IPv4 or IPv6 address on the internal-facing interface.  Detected on: <UAGArrayMgrServer>

    Both UAG servers have a private IPv4 address on their internal-facing interfaces.  There is no error for the 2nd UAG server, which is an array member, and this leads me to believe that this server is ok.

    I've done a lot of verification and troubleshooting concerning the settings on the 2 UAG servers, and I've included the details below.  I would really appreciate another set of eyes on this, and/or some pointers on where to investigate further.

    • The server name listed in the error is the array manager. The 2nd UAG server, which is a member, is not listed or called out in a separate error.
    • Both servers are identical, new, clean, bare metal installs. They are not virtual. Besides drivers, and management software, no other software has been installed.
    • Operating System is Server 2008 R2 SP1, fully patched.
    • Both servers have a dedicated internal NIC with 1 private IPv4 address (details below).
    • Both servers have a dedicated external NIC with multiple public IPv4 addresses (2 of the IPs are consecutive).
    • Both servers have the Internal NIC as the first item in the binding order.
    • There are no hidden or ghost network adapters.
    • Static routes have been configured on both servers, and verified to be the same (details below).
    • There are no issues with connecting to internal resources from the UAG servers. Including connections to SCCM, the DCs, and Enterprise CAs.
    • ISATAP has been enabled in DNS, and A Records have been created for both internal IPv4 UAG server addresses, and the load balancer VIP.
    • In the Network Config Wizard, the Internal/External Adapters have been properly assigned.
    • The internal IPv4 addresses on the UAG servers are included in the Internal Network Range.
    • SSTP has been configured for VPN access to internal networks requiring additional security.
    • NC has not been configured, and is not in use.
    • A trunk has been configured to accommodate the VPN access.
    • The Remote Network Access application assigned to the trunk works as expected.
    • In the Network Config Wizard, the DHCP address ranges for SSTP used on both UAG servers have been excluded from the Internal Network Range.
    • The DHCP ranges and the internal UAG server IPs are on the same /24 network segment.

     

    UAG SERVER 01 (ARRAY MANAGER)

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : <UAGServer1>
       Primary Dns Suffix  . . . . . . . : domain.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : Yes
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : domain.com

    Ethernet adapter Internal:

       Connection-specific DNS Suffix  . : domain.com
       Description . . . . . . . . . . . : Internal NIC
       Physical Address. . . . . . . . . : <Removed>
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::1c58:9b8a:7eaf:bd0e%19(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.10.41.7(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 637541240
       DHCPv6 Client DUID. . . . . . . . : <Removed>

       DNS Servers . . . . . . . . . . . : 10.40.96.28
                                           10.40.96.25
       NetBIOS over Tcpip. . . . . . . . : Enabled


      
    UAG SERVER 02 (ARRAY MEMBER)

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : <UAGServer2>
       Primary Dns Suffix  . . . . . . . : domain.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : Yes
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : domain.com

    Ethernet adapter Internal:

       Connection-specific DNS Suffix  . : domain.com
       Description . . . . . . . . . . . : Internal NIC
       Physical Address. . . . . . . . . : <Removed>
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::705f:c7aa:d83b:b875%19(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.10.41.8(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 654318456
       DHCPv6 Client DUID. . . . . . . . : <Removed>

       DNS Servers . . . . . . . . . . . : 10.40.96.28
                                           10.40.96.25
       NetBIOS over Tcpip. . . . . . . . : Enabled


    STATIC ROUTES ON BOTH UAG SERVERS

    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
             10.0.0.0        255.0.0.0       10.10.41.1  Default
           172.16.0.0      255.240.0.0       10.10.41.1  Default
          10.129.10.0    255.255.255.0       10.10.41.8  Default
             Public.0    255.255.255.0       10.10.41.1  Default
             Public.0    255.255.255.0       10.10.41.1  Default
             Public.0    255.255.255.0       10.10.41.1  Default
             Public.0    255.255.255.0       10.10.41.1  Default
             Public.0    255.255.255.0       10.10.41.1  Default
             Public.0    255.255.255.0       10.10.41.1  Default
              0.0.0.0          0.0.0.0       10.10.41.1  Default
              0.0.0.0          0.0.0.0       PublicIP.1  Default

     

    Regards,
    John

    Wednesday, February 6, 2013 10:18 PM

All replies

  • Are you using ISATAP at all in your environment? You have to externalize the ISATAP role when doing external load balancing, so you must make sure that there aren't ISATAP DNS entries that are pointing at your UAG servers.

    If that is not the case, maybe try running through the "Network Interfaces" wizard available from the Admin menu in UAG first to make sure that UAG has correctly identified which NIC is external and which is internal?

    Wednesday, February 13, 2013 7:09 PM