2012 R2 Load-Balanced RDS farm

Similar Messages

• Load balancing RDS Licensing for Citrix

  Hi all,
  Currently we are in the middle of upgrading our Citrix farm from 4.5/2003 to 6.5/2008 R2.  In relation to TS Licensing, we are using per device CALs.  The CALs are split between 2 2003 domain controllers that are published to the forest. 
  Licenses are checked out from both.
  In our test environment for 6.5, I set up the same layout.  I have 2 2008 R2 servers with just the RD Licensing role installed and I installed 500 per device licenses on each to start with.  The servers are not published but I have specified in
  group policy for the 6.5 test environment for the terminal servers to point to the 2 servers.  The plan is shortly before we do go live, add all new licenses, publish them to the forest (because there are other apps that need the licenses beyond Citrix),
  and retire the old license servers.
  Now in the test environment, all licenses are being checked out from the server listed first in the group policy and none from the second server.  I was thinking that they would split between the 2 on their own but I must be mistaken.
  So here are my questions...
  Is there a way to force balancing now while they are only referenced in the GPO for the test farm?
  Once they are published to the forest, does that set it to load balance?
  If no load balancing occurs in either situation, does that mean that licenses will not be checked out on the second server until all licenses have been checked out on the first server?
  Is there a better implementation route I should have followed for 2008 R2?
  Thanks!

  Hi,
  How are things going? I just want to check the status of the issue. If you have any update or concern, please feel free to let us know.
  Best Regards,
  Aiden
  If you have any feedback on our support, please click
  here
  Aiden Cao
  TechNet Community Support

• Load Balancing on RDS 2012 R2 does not work

  Hello,
  I'm working on a test deployment with 3 Session Hosts,  GW/WA/CB on one server and licensing on another.  
  GW and CB are also on a Failover cluster so i don't want High Availability now (I want to start with simpler and work out the errors first) 
  One issue is when I try load balancing option on my Collection's Properties by changing the relative weight of the servers, nothing happens at all. All the sessions are created on a single server (GW/WA/CB) and nothing on the server I want to redirect to.
  Any help is appreciated!

  Hi,
  Thank you for posting in Windows Server Forum.
  Please see that you have added following registry key to the connection broker.
  HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\ClusterSettings
  DefaultTsvUrl  tsv://VMResource.1.Virtualpool1
  After this you can use “mstsc /admin” to perform remote desktop.
  In addition, we can use DNS RR method to configure Load Balancing. Please check below thread for information.
  2012 R2 Load-Balanced RDS farm
  https://social.technet.microsoft.com/Forums/en-US/2ec5e96e-7ca6-44b5-85f8-5286c6881dea/2012-r2-loadbalanced-rds-farm?forum=winserverTS
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Load Balancing Microsoft RDS server

  Hi there, we have two servers hosting remote desktop service roles, is there any way to setup load balancing on these two? 
  Say setup a pointer "xxx.rdsfarm.com"? The pointer points to two servers with round robin? We have third party LB doing load-balance work for Citrix Xenapp. 
  Thanks
  Regards
  Ying Liu
  Ying Liu MCSE, CCNAV

  Hi Ying,
  Thank you for your posting in Windows Server Forum.
  Can you please let me know the OS Version of RDS Server?
  Yeah, you can load balance the two RDS Server and can combine with RDCB server for setting up RDS load balancing environment. Please check below article for information.
  1.  Remote Desktop Server farms explained (Part 1)
  2.  2012 R2 Load-Balanced RDS farm
  To load balance sessions in an RD Session Host server farm, you can use the RD Connection Broker Load Balancing feature together with Domain Name System (DNS) round robin. To configure DNS, you must create a DNS host resource record for each RD Session Host
  server in the farm that maps the RD Session Host server’s IP address to the RD Session Host server farm name in DNS.
  Checklist: Create a Load-Balanced RD Session Host Server Farm by Using RD Connection Broker
  Hope it helps!
  Thanks,
  Dharmesh

• Load Balancing Time Out Settings

  Hi, getting error below and I'm sure its to do with Time Out on Load Balancing, anyone confirm as don't want to mess around with IIS...
  The average of the most recent heartbeat intervals [499] for request [Ping] used by clients is less than or equal to [540].
  Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity
  to be processed.
  For more information about how to configure firewall settings when using Exchange ActiveSync, see Microsoft Knowledge Base article 905013, "Enterprise Firewall Configuration for Exchange ActiveSync Direct Push Technology" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=905013).
  Currently timeout is set to 5mins on LB...
  Thanks!

  I'm talking about Health Check Time Values below;
  http://blogs.vmware.com/vsphere/2012/11/load-balancing-using-vcloud-networking-and-security-5-1-edge.html
  Parameter
  Description
  Interval
  Interval at which a server is pinged.
  Timeout
  Time within which a response from the server must be received.
  Health Threshold
  Number of consecutive successful health checks before a server is declared operational.
  Unhealth Threshold
  Number of consecutive unsuccessful health checks before a server is declared dead.

• Server Load-balancing and ACL router decision

  Hello,
  My 2 server farm distribution switches are running in "hybrid" mode, with CAT OS on the switch and IOS on the MSFC.
  My server team is asking to block traffic to a specific server that is load balanced using Cisco's CSM load-balancer which is also installed in the chassis.
  The question that I have is this.
  Does anyone know in what order the MSFC will inspect and apply the ACL and when will the CSM make the load balancing decision?
  The reason I need to know this is that the CSM is setup in bridged mode, where traffic to the server comes into the MSFC with a destination IP of a VIP which resides on the CSM. Subsequently, the CSM forwards the traffic to the one of the real servers in the load-balanced server farm after it makes its load-balancing decision. Which ocurrs first??
  Does anyone have any info on what ocurrs first and so forth??
  Is there a link to Cisco's website that explains this process??
  Thanks in advance for your help.
  Tony

  Tony,
  It sounds as if your setup is like this:
  Client VLAN----MSFC----VLAN A----CSM----Server VLAN
  With VLAN A and Server VLAN being the same IP subnet.
  In this case all client traffic reaching the VIPs on the CSM first traverses the MSFC. So, if you want to block traffic to a specific VIP or Server IP you can do that on the MSFC's Interface for Client VLAN. You could configure an access list that filters inbound traffic on that VLAN interface.
  Make sense?
  -Brad

• Timesheet Update Issue-- After Load Balancing of server

  Hi Recently we have applied Load balancing to our production and development server, but we are getting error while trying to save and submit timesheet for resource . The jobs are failing and blocking the Queue 
  This is the error message 
  General
  Queue:
  GeneralQueueJobFailed (26000) - TimesheetUpdate.UpdateTimesheetMessage. Details: id='26000' name='GeneralQueueJobFailed' uid='187a8888-6c29-4c92-a39e-4b9999096259' JobUID='6c18188f-c49f-4e10-9f18-00e393ac4820' ComputerName='MUCPMOF1'
  GroupType='TimesheetUpdate' MessageType='UpdateTimesheetMessage' MessageId='1' Stage=''. For more details, check the ULS logs on machine " XXXXXXXXXX " for entries with JobUID
  6c18188f-c49f-4e10-9f18-00e393ac4820.
  This is due to Load balancing , as when we undo the load balancing there are no issue with timesheet updates .anyone has any idea ????Regards

  Hi Priyanshu,
  Did you solved the load balancing issue ? We are interested by your answer, we are on the verge to implement Project Server (2013) on a load balancing SharePoint Farm, and we wonder if it is supported (we found no document to prove it, esp for reporting
  or timesheet). We have heard rumours that says it does not work on reporting.
  Regards
  www.e-labor.net
  Didier Maignan | http://didiermaignan.unblog.fr

• Exchange 2013 Load Balancing Question

  Hey Everyone,
      I have recently started building up my companies Exchange 2013 environment and ran into some questions that I can't seem to find clear answers for on Google.
      First, a little bit about my set up:
  2 CAS Servers
  2 Mailbox Servers
  Citrix NetScaler load balancing the external URL (Controlling all incoming ports 25, 80, 443, 587, 993, and 995) to both of my CAS servers
  This is not doing SSL offloading, it's just forwarding encrypted traffic to the CAS servers
  I have configured a DAG between the 2 mailbox servers and am able to actively move the database my user account is on between the 2 copies with outlook disconnecting / reconnecting in about 10 - 15 seconds of moving it.
  My questions started when I saw what Outlook was filling in for the "Server" field once autodiscover set it up.  I found this very strange server name in it:  *** Email address is removed for privacy ***
  Once I read up on it, I think i understand what it does.   If i understand correctly, this weird URL is sort of like an old CAS array from Exchange 2010.  When I started testing the failover is when I started running into issues.
  When I shut down one of my mailbox servers, my outlook will lose connection and it won't come back.  The mailbox database that my user account is on successfully failed over to the other DAG copy but outlook never correctly connects.  I
  believe this issue has something to do with the new CAS functions of Exchange 2013 since DAG works fine.
  If I look at my "Connection Status" in Outlook, I see that there are several connections open.  All of them have a Proxy server address of "exchange.domain.com" and out of the 3 that show up there, they are all pointed to
  the weird URL mentioned above.
  Whew, long post but let me summarize my questions below:
  1)  If exchange is configured to be fully redundant, why does my outlook disconnect when I shut down one of the servers?
  2)  What is the weird URL pointing to that I mentioned above that is showing in outlook?
  3)  How can I get outlook to correctly not lose it's connection when any 1 of the servers goes down?
  Thanks,
  Zac

  Hi,
  According to your description, it seems that the load balancer did not configure successfully.
  I recommend you refer to the following article to configure the load balancer for Exchange 2013 :
  http://blogs.vmware.com/vsphere/2012/11/load-balancing-using-vcloud-networking-and-security-5-1-edge.html 
  Hope this helps!
  Thanks.
  Niko Cheng
  TechNet Community Support

• FIM Load Balancing and SPN's - Strange behaviour

  I have a FIM setup in a domain
  I have mycorp.com and a domain in the same forest contractor.mycorp.com (fictional setup)
  I have 2 servers built in the contractors.mycorp.com domain
  Id1
  Id2
  Id1 has the Service and portal on wss3 in SharePoint farm mode, Sp central admin is on this as well
  Id2 has the service and is a load balanced SharePoint farm.
  I have NLB setup and working the service name is identity.mycorp.com pointing at the IP of the NLB
  I have a CNAME identity pointing at identity.mycorp.com
  Identity.mycorp.com is used as the name of the Service and the Portal.
  In the ApplicationHost.config I have
  <system.webServer>
     <security>
        <authentication>
           <windowsAuthentication enabled="true" useKernelMode="true"
  useAppPoolCredentials="true" />
        </authentication>
     </security>
  </system.webServer>
  I have kernel mode enabled, and I have Windows authentication enabled in the IIS console on id1 and id2.
  The app pool credentials are a domain account SPService for SharePoint Service, the app pool is set on both id1 and id2 servers. The root domain account mycorp\SPService us used.
  In
  c:\inetpub\wwwroot\wss\VirtualDirectories
  I have set
  <resourceManagementClient
  requireKerberos="true"
  I have registered the alternate URL mappings for SharePoint as
  Identity
  Identity.myCorp.com
  I have registered SPN's for
  Setspn –S FIMService/identity.myCorp.com myCorp\FIMService
  Setspn –S FIMService/identity  myCorp\FIMService
  Setspn –S HTTP/identity.myCorp.com myCorp\SPService
  Setspn –S HTTP/identity myCorp\SPService
  I have configured delegation for both accounts in ADUC for the identity.mycorp.com
  So all is well and I installed everything fine.
  Now my problem is that if I go to id1 and browse to http://identity/identitymanagement I get redirected , and authenticated with my admin account to
  http://id1/IdentityManagement/default.aspx
  On id1 if I go to http://identity.myCorp.com/identitymanagement I get prompted for credentials, when I enter myCorp\FIMAdmin and my password I get redirected to the portal at
  http://id1/IdentityManagement/default.aspx
  If I try and authenticate to any of the previous URL's from other machines in my domain, including the load balanced box id2 I get "HTTP Error 401. The requested resource requires user authentication."
  Even if I try and browse to
  http://id1/identitymanagement from another machine I am getting 401. Only on
  http://id1 am I getting a result, even if there is a prompt.
  I am sure my SPN's are fine, there are no duplicate SPN's , I checked with the -x switch
  So my load balanced portal and service are not working as I would have thought , I have looked at
  http://blogs.msdn.com/b/webtopics/archive/2009/01/19/service-principal-name-spn-checklist-for-kerberos-authentication-with-iis-7-0.aspx
  http://social.technet.microsoft.com/Forums/en-US/484faae8-4df6-4b81-8b2d-9d75d5258e4f/fim-portal-http-error-401-the-requested-resource-requires-user-authentication?forum=ilm2
  http://social.technet.microsoft.com/wiki/contents/articles/4473.fim-http-error-401-the-requested-resource-requires-user-authentication.aspx
  http://setspn.blogspot.ie/2010/06/kerberos-basic-troubleshooting-tip-3.html
  The only thing that I can think of is that the machine is in the contractors.myCorp.com domain which makes the machine  
  unique from where the SPN's are registered, but if that was the case then browsing to the portal from
  http://id1 would certainly fail.
  Can anyone see anything wrong with my approach ?
  Normally I find SharePoint a pain, but this week it seems to be this.
  When I ran the fim service install I specified identity.myCorp.com as the name of the server
  Rob

  In my Load Balanced setup it helped a lot (on some strange behaviours) when I set up Load Balancer to keep session on one server.
  Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

• VMware vCloud Load Balancing SSL / HTTP

  Hi,
  I'm having issues with enabling SSL Health check for my CAS VMs, works fine when I select TCP however doesn't work when I change health check to SSL.  This relates to a previous issue I've raised (http://social.technet.microsoft.com/Forums/office/en-US/0b3e2573-99ed-49a0-9fbb-c46a629dcc50/exchange-2013-load-balancing-owaecp?forum=exchangesvravailabilityandisasterrecovery
  TCP is great but would much prefer to do an SSL check instead;
  Tests servers using SSLv3 client hello messages. The server is considered valid only when the response contains server hello messages.
  This url helps,
  http://blogs.vmware.com/vsphere/2012/11/load-balancing-using-vcloud-networking-and-security-5-1-edge.html
  The only other issue is I have a redirect at root mail.domain.com => mail.domain.com/owa  Could that be the issue because of the re-direct!
  Thanks ;)

  Hi,
  Try to redirect to HTTPs. More details as below:
  Simplify the Outlook Web App URL
  http://technet.microsoft.com/en-us/library/aa998359(v=exchg.150).aspx
  How to configure Exchange to redirect OWA HTTP requests to HTTPS requests in IIS 7
  http://support.microsoft.com/kb/975341
  Please correct me if there is any misunderstanding.
  Also find some external resource for your reference:
  Add a Pool Server to an Edge Gateway
  http://pubs.vmware.com/vcd-51/index.jsp?topic=%2Fcom.vmware.vcloud.admin.doc_51%2FGUID-C12B3954-155F-48AF-9855-E0DE026752D0.html
  Introduction to Gateway Services: Load Balancing
  http://vcloud.vmware.com/using-vcloud-hybrid-service/tutorials/introduction-to-gateway-services-load-balancing
  Disclaimer:
  Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure
  that you completely understand the risk before retrieving any suggestions from the above link.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Load Balancing 2012 R2 Session Host Collection with External Network Load Balancer

  Hi,
  We are moving from a 2008 R2 Remote Desktop session host deployment to 2012 R2. Previously, we used our Kemp hardware load balancer to distribute load between RDSH servers. We had a connection broker deployed so that if an existing disconnected session was
  detected during the initial connection, the user was directed back to that session.  
  In 2012 R2, we planned to again used the Kemp load balancer to main high availability for our RDSH collection, but are experiencing strange issues. It seems that the RD Connection Broker is also performing load balancing--the result being that initial connections
  to the RDSH collection may go to one RDSH server with the least connections through the Kemp, but then be redirected to a different RDSH server by the broker, even when there is no existing session for the user on that second server.
  Our question is: Should we not be using the Kemp balancer at all (how would this work)? Or should we disable load balancing by the connection broker (if so...how)?
  Further complicating our redirection issue with that the RDSH servers have multiple interfaces--one with public addresses and others with private. The connection broker seems to abritrarily pick among the destination RDSH server's available IP addresses
  for the redirection and trying to redirect to a private address will fail. We think we have worked around this by connecting to each RDSH server from a 2008 R2 server's RDSH Configuration console and choosing just the public adapter under the Network Adapters
  tab--is there no way to access this setting in 2012 R2?
  Thanks in advance!   
  Matthew

  Hi Matthew,
   As you are most likely already aware, inn Remote Desktop Services 2012 / R2 the Connection broker uses round robin DNS to load balance.
  To simplify things I would recommend that you let the connection broker load balance the sessions and use the KEMP to Load balance the RDweb and Gateway servers.
  Have a look at the following articles:
  http://ryanmangansitblog.wordpress.com/2013/03/11/create-a-rdwa-farm-using-a-kemp-load-balancer/
  http://ryanmangansitblog.wordpress.com/2013/03/31/rds-2012-configuring-a-rd-gateway-farm/
  http://ryanmangansitblog.wordpress.com/2013/09/05/load-balance-rds2012-rdwa-and-rdgw-using-sub-interfaces-on-kemps-loadmaster/
  As you have mentioned that you are migrating from a 2008R2 configuration, have a look at the following article:
  http://ryanmangansitblog.wordpress.com/2014/01/05/publish-rds-2008r2-desktop-on-rds-2012/
  Ryan Mangan | [email protected] | Help keep the forums tidy, if this has helped please mark it as an answer

• RDS 2008 R2 / Load Balancing, My 1st Setup. Help.

  I currently have a 2008 R2 RDS server setup with around 100 people accessing, unfortunately we're starting to see 100% CPU spikes which are lasting for long periods of time making the whole RD experience painful for the end users.  I've pinpointed the
  extra CPU usage to a specific program developed internally making changes to this program is not an option.
  My solution is to introduce a 2nd RDS server and load balance the users between them.  My original thought was to setup a Session Broker (VM) to handle the initial connection and then that would load balance between the two physical servers.
  Reading a bit more into it this is not looking like the way to go.  My best route would be to setup NLB on the two Sessions Hosts as the front end which are then connected to the Session Broker (VM).  This way after the initial connection the Sessions
  Hosts should check with the Session Broker for existing connections before deciding which physical server the end users end up on.
  Am I at least heading in the right direction with this setup or should I do it another way?  I also need to setup Web Access , can this be loaded on the Session Broker or do I need to do it on the physical Session Hosts and mirror the setup between
  the two?  And the same for the RD Gateway or can I do this on the Session Broker as well?
  Thanks for any advice given.

  Hi,
  Thank you for posting in Windows Server Forum.
  As you have commented that you are planning to load balance the RDSH server with RDCB, you can do the required steps for your environment. For this you need to check the following steps.
  - Install the RD Connection Broker role service on the server that you want to use to track user sessions for a farm.
  - Add the RD Session Host servers in the farm to the Session Broker Computers local group on the RD Connection Broker server.
  - Configure the RD Session Host servers in the farm to join a farm in RD Connection Broker, and to participate in RD Connection Broker Load Balancing.
  - Configure DNS round robin entries for RD Session Host servers in the farm.
  More information:
  Checklist: Create a Load-Balanced RD Session Host Server Farm by Using RD Connection Broker
  For more information, you can go through following links.
  1. Remote Desktop Server farms explained (Part 1)
  2. Building a 2008 R2 RDS Load Balanced Farm with RD Connection Broker
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Windows Server 2012 R2 - ADFS/Windows Network Load Balancing Converging Issue

  Hello,
  My name is Brandon. We have started upgrading our servers to Windows Server 2012 R2. We have some powerful servers for running ESXI 5.5 as the OS with the Guest Operating Systems as Windows Server 2012 R2. As far of our migrations/upgrades we have configured
  ADFS 2012 R2 into a Server Farm with Windows Network Load Balancing to add redundancy in the event a server goes down.
  I have been having issues with a Node with the Cluster getting stuck in the Status of Converging. The only way I have been able to get it back up is to restart the virtual server completely and it is temporary. When I first configure the Cluster the two
  virtual servers get added to the Node with no problems and fully converge. However, after some time a node will end up in Converging and this takes Authentication for ADFS down as the nodes can not be contacted over Port 443.
  Error: Host: server.domain.com Unable to connect to "server name"
  System
  Provider
  [ Name]
  Microsoft-Windows-NLB
  [ Guid]
  {F22AF71F-C4C3-425D-9653-B2F47B85DD30}
  EventID
  21
  I have tried using 1 & 2 Virtual NICs on the machines and still end up with communication issues. Could someone assist me with why I am having this issue? This is not an issue with a firewall. If it was a firewall it would never communicate the first
  time. Has anyone had experience with a similar configuration and how were you able to make it work?
  Below is my configuration.
  Static ARP Entry for Cluster IP Address has been added to our Layer 3 switch.
  Physical Server 1:
  ESXI 5.5 HOST
  1 NIC CONNECTED (shared with virtual guest)
  IP ADDRESS: 192.168.0.5
  SUBNET: 255.255.255.0
  DGW: 192.168.0.1
  Virtual Server 1 (Guest OS)
  Physical Server 2:
  ESXI 5.5 HOST
  1 NIC CONNECTED (shared with virtual guest)
  IP ADDRESS: 192.168.0.6
  SUBNET: 255.255.255.0
  DGW: 192.168.0.1
  Virtual Server 2 (Guest OS)
  Virtual Servers
  Virtual Server 1
  MS SERVER 2012 R2 (VIRTUAL)
  NLB NODE 2 
  VIRTUAL NETWORK ADAPTERS
   VNIC1 IP ADDRESS 192.168.0.10
  SUBNET: 255.255.255.0
  DGW: 192.168.0.1
   VNIC 2 (NLB)
  IP ADDRESS: 192.168.0.11
  SUBNET: 255.255.255.0
  Virtual Server 2
  MS SERVER 2012 R2 (VIRTUAL)
  NLB NODE 2
  VIRTUAL NETWORK ADAPTERS
   VNIC1
  IP ADDRESS 192.168.0.20
  SUBNET: 255.255.255.0
  DGW: 192.168.0.1
   VNIC 2 (NLB)
  IP ADDRESS: 192.168.0.21
  SUBNET: 255.255.255.0
  Cluster Configuration/Properties
  CLUSTER PROPERTIES CLUSTER IP: 192.168.0.30
  CLUSTER SUBNET: 255.255.255.0
  FULL INTERNET NAME: FS.DOMAIN.COM
  CLUSTER OPERATION MODE: MULTICAST
  PORT RULES:
  CLUSTER IP ADDRESS
  START
  END
  PROTOCAL
  MODE
  PRIORITY
  LOAD
  AFFINITY
  ALL
  80
  80
  BOTH
  MULTIPLE
  EQUAL
  NONE
  ALL
  443
  443
  BOTH
  MULTIPLE
  EQUAL
  NONE
  CLUSTER NODES:
  1.) SERVER1.DOMAIN.COM
  a. IP: 192.168.0.11
  2.) SERVER2.DOMAIN.COM
  a. IP: 192.168.0.21

  Hi,
  According to your description, my understanding is that：2 ESXI 5.5 physical devices (192.168.0.5 and 192.168.0.6), each of them has a virtual WS 2012 R2(192.168.0.10 and 192.168.0.20). Cluster the 2 virtual servers successfully, but they corrupt with event
  ID 21, and a restart of virtual device will resolve this problem temporarily.
  Event ID 21 means that NLB failed to converge due to inconsistencies in the port rules between this host and cluster host. This will occur if the number of port rules or the type of port rules are different between hosts.
  Ensure that all NLB hosts have identical port rules. Detailed steps you may reference:
  Event ID 21 — NLB Port Rules Configuration
  https://technet.microsoft.com/en-us/library/dd364034%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Windows Server 2012 R2 - Windows Network Load Balancing Converging Issue

  Hello,
  My name is Brandon. We have started upgrading our servers to Windows Server 2012 R2. We have some powerful servers for running ESXI 5.5 as the OS with the Guest Operating Systems as Windows Server 2012 R2. As far of our migrations/upgrades we have configured
  ADFS 2012 R2 into a Server Farm with Windows Network Load Balancing to add redundancy in the event a server goes down.
  I have been having issues with a Node with the Cluster getting stuck in the Status of Converging. The only way I have been able to get it back up is to restart the virtual server completely and it is temporary. When I first configure the Cluster the two
  virtual servers get added to the Node with no problems and fully converge. However, after some time a node will end up in Converging and this takes Authentication for ADFS down as the nodes can not be contacted over Port 443.
  Error: Host: server.domain.com Unable to connect to "server name"
  System
  Provider
  Name]
  Microsoft-Windows-NLB
  Guid]
  {F22AF71F-C4C3-425D-9653-B2F47B85DD30}
  EventID
  21
  I have tried using 1 & 2 Virtual NICs on the machines and still receive this error even if only 1 VNIC is assigned to the virtual machine. Could someone assist me with why I am having this issue? Has anyone had experience with a similar configuration
  and how were you able to make it work?
  Below is my configuration.
  Static ARP Entry for Cluster IP Address has been added to our Layer 3 switch.
  Physical Server 1:
  ESXI 5.5 HOST
  1 NIC CONNECTED (shared with virtual guest)
  IP ADDRESS: 192.168.0.5
  SUBNET: 255.255.255.0
  DGW: 192.168.0.1
  Virtual Server 1
  Physical Server 2:
  ESXI 5.5 HOST
  1 NIC CONNECTED (shared with virtual guest)
  IP ADDRESS: 192.168.0.6
  SUBNET: 255.255.255.0
  DGW: 192.168.0.1
  Virtual Server 2
  Virtual Servers
  Virtual Server 1
  MS SERVER 2012 R2 (VIRTUAL)
  NLB NODE
  2 – VIRTUAL NETWORK ADAPTERS
   VNIC1
  IP ADDRESS 192.168.0.10
  SUBNET: 255.255.255.0
  DGW: 192.168.0.1
   VNIC 2 (NLB)
  IP ADDRESS: 192.168.0.11
  SUBNET: 255.255.255.0
  Virtual Server 2
  MS SERVER 2012 R2 (VIRTUAL)
  NLB NODE
  2 – VIRTUAL NETWORK ADAPTERS
   VNIC1
  IP ADDRESS 192.168.0.20
  SUBNET: 255.255.255.0
  DGW: 192.168.0.1
   VNIC 2 (NLB)
  IP ADDRESS: 192.168.0.21
  SUBNET: 255.255.255.0
  Cluster Configuration/Properties
  CLUSTER PROPERTIES
  CLUSTER IP: 192.168.0.30
  CLUSTER SUBNET: 255.255.255.0
  FULL INTERNET NAME: FS.DOMAIN.COM
  CLUSTER OPERATION MODE: MULTICAST
  PORT RULES:
  CLUSTER IP ADDRESS  START END  PROTOCAL MODE   PRIORITY LOAD  AFFINITY
  ALL    80 80 BOTH  MULTIPLE  ..  EQUAL  NONE
  ALL    443 443 BOTH  MULTIPLE  ..  EQUAL  NONE
  CLUSTER NODES:
  1.) SERVER1.DOMAIN.COM
  a. IP: 192.168.0.11
  2.) SERVER2.DOMAIN.COM
  a. IP: 192.168.0.21

  Thank you for your response. It took me a while to figure it out, but the whole issue was related to the type of Virtual Network Adapter I was selecting.
  I changed the network adapter from E1000 to VMXNET 3 and have not had a single error in the event logs or Windows NLB.
  I read somewhere that VMXNET 3 is preferred for Windows Server 2012 R2.
  https://communities.vmware.com/thread/433792
  Leyuka       May 23, 2013 6:14 AM
  "Just a help for everyone with this problem :
  After 10 days of research for our virtual datacenter behind a vcloud as iias ,  i found a solution .
  I only run windows 2012 server .
  Install vmware tools , remove e1000 network card after a vm stop, add a card same vswitch etc BUT with a vmxnet3 TYPE . DONT USE DEFAULT CARD
  Start and enjoy this solution . E1000 and E1000e are just unstable in windows8 / windows 2012 , the network card reset randomly with or without heavy IO. No log in windows , and as a vcloud user i don"t have esxi logs (damn i don't like cloud) and provider
  don"t know why ..."

• KB2830477 breaks RDS load balancer connections

  All clients worked fine prior to KB2830477. Once that patch is installed the clients are unable to connect to our load balancer from outside our office; such as from home or on the road.
  Removal of that patch allows them to connect once again.
  The events on the RDS load balancer show clients connecting properly. The balancer sends the redirection info back to the client.
  The events on the RDS server where the client was redirected show nothing.
  It's as if the latest RDC patch breaks the ability for redirection. Or, perhaps, there's a special setting on our load balancer that needs to be updated due to this new patch?
  ... any helpful tips?
  Thanks,
  Jason Morrill

  Just some additional info regarding this problem.
  These first few paragraphs represent the eventviewer entries for the failed connection coming from outside our network:
  RD Connection Broker received connection request for user SOMEDOMAIN/someuser.
  Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.rdpfarm
  Initial Application = 
  Call came from Redirector Server = my.fqdn.org
  Redirector is configured as Farm member
  RD Connection Broker has successfully determined the end point for this connection request.
  Endpoint name = rdpfarm
  Endpoint type = Farm
  Resource plugin name = MS Terminal Services Plugin
  RD Connection Broker successfully processed the connection request for user SOMEDOMAIN/someuser. Redirection info:
  Target Name = RDSSERVER2
  Target IP Address = INSIDE_IP, OUTSIDE_IP
  Target Netbios = RDSSERVER2
  Target FQDN = my.fqdn.org
  Disconnected Session Found = 0x0
  ========================
  And the entries below come from the eventviewer when connecting successfully from within our intranet.
  ========================
  RD Connection Broker received connection request for user SOMEDOMAIN/someuser.
  Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.rdpfarm
  Initial Application = 
  Call came from Redirector Server = my.fqdn.org
  Redirector is configured as Farm member
  RD Connection Broker has successfully determined the end point for this connection request.
  Endpoint name = rdpfarm
  Endpoint type = Farm
  Resource plugin name = MS Terminal Services Plugin
  RD Connection Broker successfully processed the connection request for user SOMEDOMAIN/someuser. Redirection info:
  Target Name = RDSSERVER2
  Target IP Address = INSIDE_IP, OUTSIDE_IP
  Target Netbios = RDSSERVER2
  Target FQDN = my.fqdn.org
  Disconnected Session Found = 0x0
  This connection request has resulted in a successful session logon (User successfully logged on to the end point). Remote Desktop Connection Broker will stop monitoring this connection request.
  Session for user SOMEDOMAIN/someusersuccessfully added to RD Connection Broker's database.
  Target Name = my.fqdn.org
  Session ID = 2
  Farm Name = rdpfarm
  ========================
  It's almost as if something is failing and preventing a successful session logon. Like, perhaps, the updated RDC doesn't like how our internal and external IP addresses are being returned?