locked
Non-Integrated NLB IP missing RRS feed

  • Question

  • Hello everyone!

    I have 2 UAG boxes joined to a single array.  In the TMG management, everything appears to look okay including storage sync.

    I tried disjoining the boxes from the array and rejoining.

    However, if I have 1 trunk and it ask for 2 IP addreses, UAG is unable to detect the IP address of the other box.

    Anyone seen this issue?

    Thanks

    Dennis

    Friday, June 4, 2010 12:24 PM

Answers

  • Hi Everyone,

    So this has been a very interesting problem.  The steps below are what I tried and did not work...

    1) Reloading the UAG configuration from file >> reload did not work
    2) dis-join and re-join array did not work
    3) Switching who is the array manager did not work
    4) We did not have NLB enabled as we are using the external Celestix Global Load Balancer (XLB)

    So here is what I did do...

    It was my belief that UAG uses the TMG avalaibility nodes more critically then originally assumed.  I reviewed the internal firewall logs between the network nods that each UAG appliance sits on.  The firewall showed that UAG was trying to communicate with random UDP ports first in the 10k range, then on the 50k range, then on the 30k range... very strange.

    I then had the firewall team open port 1024 and up so that TMG's node avaliability (not the same as configuration storage sync), that uses RPC.  After that, I verified in TMG that I had all green lights.  Loaded back UAG and the IP addresses were showing again.

    I do have a question though, can we specify the range that TMG uses for node avaliability?

    Is my configuration even a supported configuration in UAG?  Same network and windows domain,  just on 2 different switches with a firewall between them.

    Thanks,
    Dennis

     

     

    • Marked as answer by Erez Benari Tuesday, June 29, 2010 6:47 PM
    Monday, June 7, 2010 7:50 PM
  • I cannot see any reason as to why this wouldnt be supported.

    Microsoft best practice does say to place UAG behind a firewall, only requirement is no NAT and 2 Public IPs, Thats all.

    • Marked as answer by Erez Benari Tuesday, June 29, 2010 6:47 PM
    Wednesday, June 9, 2010 4:54 AM

All replies

  • Hi Dennis,

     

    Try this: on the UAG Management console, File menu -> Reload Configuraiton. See if this brings back the missing IP address.

     

    Regards,

    -Ran

    Sunday, June 6, 2010 7:59 AM
  • Hi Dennis. I have seen that recently. Before enabling NLB I could assign a trunk an IP frrm each box. But when using NLB I am not able any longer of using "dedicated" IP address as the secondary node's combo is empty. I haven´t tried to reload but I have restarted the servers several times since then. Any chance that reload will do what restart does not?

    Thks


    // Raúl - I love this game
    Monday, June 7, 2010 12:35 PM
  • Hi Everyone,

    So this has been a very interesting problem.  The steps below are what I tried and did not work...

    1) Reloading the UAG configuration from file >> reload did not work
    2) dis-join and re-join array did not work
    3) Switching who is the array manager did not work
    4) We did not have NLB enabled as we are using the external Celestix Global Load Balancer (XLB)

    So here is what I did do...

    It was my belief that UAG uses the TMG avalaibility nodes more critically then originally assumed.  I reviewed the internal firewall logs between the network nods that each UAG appliance sits on.  The firewall showed that UAG was trying to communicate with random UDP ports first in the 10k range, then on the 50k range, then on the 30k range... very strange.

    I then had the firewall team open port 1024 and up so that TMG's node avaliability (not the same as configuration storage sync), that uses RPC.  After that, I verified in TMG that I had all green lights.  Loaded back UAG and the IP addresses were showing again.

    I do have a question though, can we specify the range that TMG uses for node avaliability?

    Is my configuration even a supported configuration in UAG?  Same network and windows domain,  just on 2 different switches with a firewall between them.

    Thanks,
    Dennis

     

     

    • Marked as answer by Erez Benari Tuesday, June 29, 2010 6:47 PM
    Monday, June 7, 2010 7:50 PM
  • I cannot see any reason as to why this wouldnt be supported.

    Microsoft best practice does say to place UAG behind a firewall, only requirement is no NAT and 2 Public IPs, Thats all.

    • Marked as answer by Erez Benari Tuesday, June 29, 2010 6:47 PM
    Wednesday, June 9, 2010 4:54 AM