none
Direct Access NLB setup question RRS feed

  • Question

  • Hello, everytime I turn NLB on, clients can no longer connect.   Where am I going wrong?   Any assistance is greatly appreciated.

    My single server setup is working flawlessly.   

    Windows server 2012

    Dual nic setup / 1 public ip natted to our dmz ip.    We'll say 192.168.0.15
    1 internal ip / We'll say 10.11.10.5

    When I enable NLB, it asks for new ips.   Once done, I now look like this in the Summary.

    External DIP:   192.168.0.20
    External VIP:   192.168.0.15

    Internal DIP:  10.11.10.10
    Internal VIP:   10.11.10.5

    Once complete, I lose connection to the server and no clients can connect.    Operation Status is all green but the high availability is red x.

    Do I need to do something with the new ips?  Make a new public ip to point to the new external DIP?   Does my da.domain.org need to point to the new DIP?

    Thank you for any help.





    • Edited by CSMatMan Friday, August 1, 2014 2:04 PM
    Friday, August 1, 2014 1:28 PM

Answers

  • Hi There - so to answer a few questions. No you don't need additional NIC's for NLB. The DA Server needs external and internal , when enabling NLB it will take care of itself. The VMware docs were for reference with regards Multicast / Unicast, VMware recommend MultiCast where you can (and works well).

    During the config using your IP's

    External DIP:   192.168.0.20
    External VIP:   192.168.0.15

    Internal DIP:  10.11.10.10
    Internal VIP:   10.11.10.5

    Make sure the DA Server is configured with the Internal / External Address as follows - 10.11.10.5 and 192.168.0.15 - when enabling WNLB and asked for the DIP this is where you put in 10.11.10.10 and 192.168.0.20. In the instances i have setup before this is where things get a little messy and i have ended up switching between DA Configuration and WNLB and NIC's. By default WNLB will set the Load Balancer to UniCast. On changing this is where i have seen the IPv6 Address go missing, and also i have seen Internal NIC's configured as expected but external NIC's not take the DA Server Settings. Best course of action

    Setup WNLB - do the settings (DIP's and VIP's as stated)

    Reboot / GPUpdate DA Server

    Check WNLB change to MultiCast (making sure ARP Entries are done as per Doc - first Layer 3 Swtich you come to)

    Check IPv6 Address

    Check all NIC Settings

    Test DA


    John Davies

    • Marked as answer by CSMatMan Tuesday, August 5, 2014 12:38 PM
    Tuesday, August 5, 2014 8:31 AM

All replies

  • Hi,

    You must change your public DNS records for IPHTTPS to point to the external VIP.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Friday, August 1, 2014 5:29 PM
  • Hi,

    Thanks for the response.    I could be misreading but looking at my configuration above, the external VIP in my post shows it already pointing to the public DNS record.    

    Friday, August 1, 2014 6:12 PM
  • Hi,

    Yes my response was not complete. To start, let's check your hotfix. Microsoft provide a list of recommanded hotfix for DirectAccess : http://support.microsoft.com/kb/2883952/en-us. I remember that one or more are related to NLB. Can you provide content on the Network load Balancing event log?


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Saturday, August 2, 2014 4:27 PM
  • Are you using virtual servers on VMware? Do you need a static ARP entry?

    See http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006580

    Saturday, August 2, 2014 9:58 PM
  • Hi There - i have also seen instances in WNLB for DirectAccess where the IPv6 Address gets removed from the WNLB during configuration - perhaps check this is still present as well. If it has been removed copy the DA Servers IPv6 Address back in to the WNLB. Also seen this removed whilst changing from Unicast to Multicast

    John Davies

    Monday, August 4, 2014 10:56 AM
  • Hi There - there are a couple of articles on VMware with regards Unicast (default for DirectAccess) and MultiCast - I used VMware, ARP and MultiCast in another project (which is where I saw the IPv6 Address) disappear for no good reason.

    http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006580

    http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1006778


    John Davies

    Monday, August 4, 2014 3:08 PM
  • Hello, yes vmware.  I'll look at this asap and keep you posted.


    Thank you

    Monday, August 4, 2014 3:17 PM
  • Thank you.  I'll go ahead and install some of the hotfixes mentioned in the link.   I'll keep you posted.
    • Edited by CSMatMan Monday, August 4, 2014 3:18 PM
    Monday, August 4, 2014 3:18 PM
  • Thank you John.

    So if I understand correctly, for unicast, I need to add an additional external nic and internal nic for communication outside of the NLB?   Am I even remotely following :)


    • Edited by CSMatMan Monday, August 4, 2014 4:35 PM
    Monday, August 4, 2014 4:34 PM
  • I notice when I go to the NLB Manager and change the internal DA cluster from unicast to multicast, I regain internet network access to the DA server.   I can ping and rdp into it.   I switch it back to unicast and connection dies again.   
    Monday, August 4, 2014 7:20 PM
  • Hi There - so to answer a few questions. No you don't need additional NIC's for NLB. The DA Server needs external and internal , when enabling NLB it will take care of itself. The VMware docs were for reference with regards Multicast / Unicast, VMware recommend MultiCast where you can (and works well).

    During the config using your IP's

    External DIP:   192.168.0.20
    External VIP:   192.168.0.15

    Internal DIP:  10.11.10.10
    Internal VIP:   10.11.10.5

    Make sure the DA Server is configured with the Internal / External Address as follows - 10.11.10.5 and 192.168.0.15 - when enabling WNLB and asked for the DIP this is where you put in 10.11.10.10 and 192.168.0.20. In the instances i have setup before this is where things get a little messy and i have ended up switching between DA Configuration and WNLB and NIC's. By default WNLB will set the Load Balancer to UniCast. On changing this is where i have seen the IPv6 Address go missing, and also i have seen Internal NIC's configured as expected but external NIC's not take the DA Server Settings. Best course of action

    Setup WNLB - do the settings (DIP's and VIP's as stated)

    Reboot / GPUpdate DA Server

    Check WNLB change to MultiCast (making sure ARP Entries are done as per Doc - first Layer 3 Swtich you come to)

    Check IPv6 Address

    Check all NIC Settings

    Test DA


    John Davies

    • Marked as answer by CSMatMan Tuesday, August 5, 2014 12:38 PM
    Tuesday, August 5, 2014 8:31 AM
  • Thanks John.  I'll give the MultiCast a shot as you describe and keep you posted.
    Tuesday, August 5, 2014 11:54 AM
  • John, you are the man.  Much appreciated.

    Looks like I needed to change both to multiCast and reboot.   Once that was done, everything looked good but DNS broke.   Sure enough I had to add the ipv6 back into the cluster IP Addresses.  

    Thank you!

    Also, one other thing to note is I had to change the default state for both clusters (internal and external nics) to "Started".

    Tuesday, August 5, 2014 12:41 PM
  • Hi There - no problems - just helping  - forgot to mention - yes on reboots and (occasionally) the default state may have to be amended - thank you for reminding me - glad i could help.

    John Davies

    Tuesday, August 5, 2014 1:43 PM