ACE 4700 load balancing Issue

Similar Messages

• SIP load balancing issue with ACE 4710

  SIP Load balancing Issue with ACE 4710
  I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
  rserver host CIN-VOX-31
    ip address 172.20.130.31
    inservice
  rserver host CIN-VOX-32
    ip address 172.20.130.32
    inservice
  serverfarm host CIN-VOX
    probe SIP-5060
    rserver CIN-VOX-31
      inservice
    rserver CIN-VOX-32
      inservice
  sticky sip-header Call-ID VOX_SIP_GROUP
    timeout 1
    timeout activeconns
    replicate sticky
    serverfarm CIN-VOX
  class-map match-all CIN_VOX_L4_CLASS
    2 match virtual-address 172.22.12.30 any
  class-map match-all CIN_VOX_SIP_L4_CLASS
    2 match virtual-address 172.22.12.30 udp eq sip
  policy-map type loadbalance sip first-match CIN_VOX_LB_SIP_POLICY
    class class-default
      sticky-serverfarm VOX_SIP_GROUP
  policy-map multi-match GLOBAL_DMZ_POLICY
     class CIN_VOX_SIP_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
    class CIN_VOX_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
  interface vlan 20
    description VIP_DMZ_VLAN
    ip address 172.22.12.4 255.255.255.192
    alias 172.22.12.3 255.255.255.192
    peer ip address 172.22.12.5 255.255.255.192
    access-group input PERMIT-ANY-LB
    service-policy input GLOBAL_DMZ_POLICY
  could you please help me on this...
  thanks
  Rakesh Patel

  I mean there should be one more statement-
  class-map type sip loadbalance match-any CIN_VOX_LB_SIP_POLICY 
  match sip header Call_ID header-value sip:
  and that will be called under-
  policy-map multi-match GLOBAL_DMZ_POLICY
     class CIN_VOX_SIP_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
  is that missing in your config ?

• Cisco ACE20 Load balancing issues

  Dear All,
  I have a problem with the ACE 20 load balance
  To start with following is our architectural request flow:
  Load Balancer --> Webseal /(reverse proxy) --> HTTP Server --> Portal Server
  We have Hardware Load Balancer Cisco ACE20.
  When we access our portal from Webseal server it works totally fine without any issue, but when we access the same application using ACE we face the following issues:
  1) Some of the links on do not work. For eg: We have a link "subscribe" which points to https://intranet/abc/wps/portal/subscription , whenever we click on this link, the request is directed to https://intranet/abc/wps/portal i.e homepage
  2) URL redirection does not work We have some links which have a url forwarding or redirection for example when we open https://intranet/ef/quickplace it forwards the requests to https://intranet/ef/quickplace/Main.nsf?opendocument....., but this redirection fails and again the request is thrown to homepage i.e https://intranet/abc/wps/portal
  3) The response of the request and the overall portal when accessed via ACE is very sluggish and it takes 20 seconds for homepage to load, whereas the homepage loads in 4 secs when accessed via webseal.
  below is the ACE details. Kindly provide the your inputs to resolve this issue. will rate all the suggestions
  Hardware Product Number: ACE20-MOD-K9
    Card Index:     207
    Hardware Rev:   2.3
    Feature Bits:   0000 0002
    Slot No. :      7
    Type:           ACE
  Software
    loader:    Version 12.2[120]
    system:    Version A2(1.4) [build 3.0(0)A2(1.4) adbuild_11:54:12-2009/03/05_/a
  uto/adbu-rel2/rel_a2_1_4_throttle/REL_3_0_0_A2_1_4]
    system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_4.bin
    installed license: ACE-SEC-LIC-K9

  Dear all,
  Please suggest on this issue.
  BS

• ITS load balancing issue

  Hi all,
  During our testing we are getting a load balancing issue.  However, one of the agates in our network is has more CPU power than compared to the other agates in our ITS network.  The memory on all the agate servers is the same. 
  Our current issue we are getting is the one agate that has more cpu power but acquires more sessions as compared to the other two agates.  It roughly gets 60 more sessions per agate process as compare to the other Agate servers.  Does having more cpu on a Agate affect the load balancing on ITS?  We are on ITS patch level 19 with the Hotfix. 
  Thanks,
  Jin Bae

  Hello Jin,
  yes, at (re)initialize the WGate retrieves the capacity from the AGates.
  This is an accumulated number based on CPU performance and the number of CPUs!
  The number can be seen in "wgate-status" as the "Capacity" of the AGate.
  When running multiprocess Agates the number is retrieved from the MManager and also involves the number of agate-processes.
  The WGate dispatches the load in proportion depending on these capacity numbers.
  By my knowledge there is no way that these values can be configured (fixed).
  Regards,
    Fekke

• CSS arrowpoint cookie load balancing issue

  Hi guys,
  I need some advice on a load balancing issue.
  We have connections hitting the CSS via a proxy environment. As a result i see only one source ip address. I want to use arrowpoint cookies for session stickeyness. However when i enable the rule the tcp session negotiation fails. The CSS sends a TCP/RST which terminates the session.
  Here's the rule config:
  content HTTP_rule
  add service ZSTS299102
  add service ZSTS281101
  vip address <filtered>
  add service LONS299102
  add service LONS281101
  balance weightedrr
  change service ZSTS299102 weight 5
  change service ZSTS281101 weight 5
  advanced-balance arrowpoint-cookie
  protocol tcp
  port 80
  url "/*"
  active
  Any help would be much appreciated.

  Remko,
  in L3/L4 the CSS sends the SYN directly to the server.
  So when the FIN comes in, we simply pass it to the server.
  With L5 the CSS spoofs the connection and we select the server only after receiving the GET.
  If there was some delay between the GET and the FIN, the CSS would have time to establish a connection with the server and the FIN could be simply forwarded.
  Unfortunately, in this case the FIN is right after the GET with no delay.
  Gilles.

• ACE to load balance Citrix servers

  Hello,
  Have anyone configured ACE Modules to load balance Citrix Servers (HTTP) ?
  Any special considerations needed?
  Many thanks,

  HI Javier,
  There is one complete design guide available on ciso site.
  Kindly go through the below mentioned URL for complete config for ACE to load balance CITRIX as follows:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/App_Networking/citrixdg_final.html
  You will get othe design guides also which can be very useful:
  http://www.cisco.com/en/US/netsol/ns751/networking_solutions_design_guidances_list.html
  Sachin Garg

• Using ACE to load balance HTTP/S traffic between client & proxy server using tcp 8080

  Folks,
  I have a scenario where ACE is in load balancing connections to a bunch of Websense servers in a one-armed topology.  ACE presents a single VIP to web browser clients and each client's browser proxy configuration is populated with the VIP DNS name.  Traffic then gets load balanced between the Websense servers.  The problem arises due to Websense requiring the 'X-Forwarded-For' HTTP header in order to obtain the source IP of the client.  
  ACE inserts this header into the standard HTTP 'proxied' traffic but doing this for HTTPS traffic has required the configuration of the ACE SSL proxy client server.
  So the problem I have is this:
  How to configure ACE to load balance both HTTP & HTTPS applications using a single VIP and tcp port number ie tcp 8080
  The ACE hardware being used is ACE20-MOD-K9  -  MODULE
  I have attempted to use a L7 class map to match all ciphers and attach this to a L7 Policy-Map but the documentation highlights the fact the 'match cipher' configuration is only available on the ACE appliance.  
  I believe I am on the correct track.  The HTTPS traffic must be identified and used to match against PolicyA and HTTP traffic matched against PolicyB
  I'm looking for ideas!  I'm hopeful someone must have solved this problem previously!!
  Regards,
  Simon

  Hi Simon,
  The classification has to work on different ports. Whether client types http or https doesn't matter to client. His request will reach VIP which will classify the traffic based on port, protocol first and then it can look into further detail to send the traffic to appropriate serverfarm.
  You can class-map match-any xxxxx
  2 match virtual-address x.x.x.x tcp any
  and then you configure further classification on the basis of L7 like  url, header etc. 
  But again, you will still need SSL termination on ACE.
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.

• ACE load balancing issue

  Hi,
  I have ACE module and 2 servers the problem i am facing is only one server is been serviced by ACE the other server is not getting much traffic at all.
  One server gets hit most of the time like 3 pkts goes to server 1 and 1 pkt goes to server 2.
  Could anyone tell me why is this issue that unequal load balancing is occoring on my device.
  Thanks in advance.

  here's the output of
  sh serverfarm det
  serverfarm : DNS, type: HOST
  total rservers : 2
  active rservers: 2
  description : -
  state : ACTIVE
  predictor : ROUNDROBIN
  failaction : -
  back-inservice : 0
  partial-threshold : 0
  num times failover : 0
  num times back inservice : 0
  total conn-dropcount : 0
  Probe(s) :
  DNS_PROBE, type = DNS
  ----------connections-----------
  real weight state current total failures
  ---+---------------------+------+------------+----------+----------+---------
  rserver: DNS-118-1
  10.0.0.1:0 8 OPERATIONAL 206 127901 1
  max-conns : - , out-of-rotation count : -
  min-conns : -
  conn-rate-limit : - , out-of-rotation count : -
  bandwidth-rate-limit : - , out-of-rotation count : -
  retcode out-of-rotation count : -
  load value : 0
  rserver: DNS-118-2
  10.0.0.2:0 8 OPERATIONAL 230 212332 4
  max-conns : - , out-of-rotation count : -
  min-conns : -
  conn-rate-limit : - , out-of-rotation count : -
  bandwidth-rate-limit : - , out-of-rotation count : -
  retcode out-of-rotation count : -
  load value : 0
  here's the output of
  sh service-policy L3L4_LOADB detail
  Status : ACTIVE
  Description: -----------------------------------------
  Context Global Policy:
  service-policy: L3L4_LOADB
  class: CLASS_MAP
  nat:
  nat dynamic 1 vlan 118
  curr conns : 325 , hit count : 340457
  dropped conns : 5
  client pkt count : 2697687 , client byte count: 179735431
  server pkt count : 2694477 , server byte count: 535957631
  conn-rate-limit : 0 , drop-count : 0
  bandwidth-rate-limit : 0 , drop-count : 0
  VIP Address: Protocol: Port:
  10.0.0.3 tcp eq 53
  10.0.0.3 udp eq 53
  loadbalance:
  L7 loadbalance policy: L7_LOADB
  VIP Route Metric : 77
  VIP Route Advertise : ENABLED-WHEN-ACTIVE
  VIP ICMP Reply : ENABLED-WHEN-ACTIVE
  VIP State: INSERVICE
  curr conns : 325 , hit count : 340462
  dropped conns : 5
  client pkt count : 2697687 , client byte count: 179735431
  server pkt count : 2694477 , server byte count: 535957631
  conn-rate-limit : 0 , drop-count : 0
  bandwidth-rate-limit : 0 , drop-count : 0
  L7 Loadbalance policy : L7_LOADB
  class/match : class-default
  LB action: :
  primary serverfarm: DNS
  state: UP
  backup serverfarm : -
  hit count : 340457
  dropped conns : 0

• Cisco ACE - Firewall load balancing

  I am using two sets of ACE load balancers for load balancing traffic across two firewalls (firewall load balancing).
  The solution works fine. I have a virtual address of 0.0.0.0 in either direction to match traffci going from the internal users to the internet and vice versa.
  The problem is that when I try to manage the load-balanced firewalls (either using SSH (or) HTTPS) from outside, then that connection also gets load balanced and when I try to connect to FW1 then sometimes this connection ends up on FW2 and vice versa and the connection gets dropped. I have a workaround in place where i am using a virtual address per firewall to connect to the real IP address of the firewall.
  Is there any other way of managing firewalls (which are defined as real-servers) in a FWLB setup.
  Attached is the configuration of the external ACE which has the two firewalls defined as the real-servers.
  access-list ALL line 8 extended permit ip any any
  probe icmp ICMP-Probe
    interval 15
    passdetect interval 60
  rserver host FW1-ASA
    ip address 10.11.71.10
    inservice
  rserver host FW2
    ip address 10.11.71.11
    inservice
  serverfarm host Firewalls
    transparent
    predictor leastconns
    rserver FW1-ASA
      inservice
    rserver FW2
      inservice
  serverfarm host Firewalls-NO-LB
    rserver FW1-ASA
      inservice
  serverfarm host Firewalls-NO-LB1
    rserver FW2
      inservice
  sticky ip-netmask 255.255.255.255 address source new-sticky
    timeout activeconns
    serverfarm Firewalls
  This is my workaround for connection to the IP address of the firewalls (for management)
  class-map match-any FW-Real
    2 match virtual-address 10.11.71.254 any
  class-map match-any FW-Real2
    2 match virtual-address 10.11.71.253 any
  class-map type management match-any Remote-Access
    201 match protocol telnet any
    202 match protocol http any
    203 match protocol https any
    204 match protocol ssh any
    205 match protocol snmp any
    206 match protocol icmp any
  class-map match-any fwlb
    2 match virtual-address 0.0.0.0 0.0.0.0 any
  policy-map type management first-match Remote-Management-Policy
    class Remote-Access
      permit
  policy-map type loadbalance first-match FWLB-No-LB
    class class-default
      serverfarm Firewalls-NO-LB
  policy-map type loadbalance first-match FWLB-No-LB1
    class class-default
      serverfarm Firewalls-NO-LB1
  policy-map type loadbalance first-match FWLB-l7slb
    class class-default
      serverfarm Firewalls
  policy-map multi-match Firewall-No-LB
    class FW-Real
      loadbalance vip inservice
      loadbalance policy FWLB-No-LB
  policy-map multi-match Firewall-No-LB1
    class FW-Real2
      loadbalance vip inservice
      loadbalance policy FWLB-No-LB1
  policy-map multi-match int70
    class fwlb
      loadbalance vip inservice
      loadbalance policy FWLB-l7slb
  interface vlan 70
    description "Client side"
    ip address 10.11.70.2 255.255.255.0
    no icmp-guard
    access-group input ALL
    access-group output ALL
    service-policy input Remote-Management-Policy
    service-policy input Firewall-No-LB --> connect to the real IP address of the firewall for management
    service-policy input Firewall-No-LB1  --> connect to the real IP address of the firewall for management
    service-policy input int70
    no shutdown
  interface vlan 71
    description "Firewall side"
    ip address 10.11.71.2 255.255.255.0
    mac-sticky enable
    no icmp-guard
    access-group input ALL
    access-group output ALL
    service-policy input Remote-Management-Policy
    no shutdown

  Hello,
  as i know, there is no others ways.
  You can only reduce your configuration by puting all your class undert the same policy-map:
  policy-map multi-match int70
    class FW-Real
      loadbalance vip inservice
      loadbalance policy FWLB-No-LB
    class FW-Real2
      loadbalance vip inservice
      loadbalance policy FWLB-No-LB1
    class fwlb
      loadbalance vip inservice
      loadbalance policy FWLB-l7slb
  interface vlan 70
    description "Client side"
    ip address 10.11.70.2 255.255.255.0
    no icmp-guard
    access-group input ALL
    access-group output ALL
    service-policy input Remote-Management-Policy
    service-policy input int70
    no shutdown

• Load-balancing issues with iPlanet and multiple clusters

  We're in performance test of a large-scale clustered deployment based on WLS 5.1sp10.
  Due to scalability/functionality issues, some of which we've seen firsthand and
  some of which we've been informed of by associates as well as BEA representatives,
  we've chosen to implement multiple clusters with a maximum of three nodes each.
  These clusters will be fronted by a web server tier consisting of iPlanet servers
  using the proxy plugin.
  Due to hardware constraints (both in test and in production), however, we've configured
  the iPlanet servers to route across the multiple clusters. In our test environment,
  for instance, we've got a single iPlanet server routing across two 3-node clusters,
  and the configuration in obj.conf is as follows:
  <Object name="application" ppath="*/application">
  Service fn="wl-proxy" \
  WebLogicCluster="clusterA_1:9990,clusterB_1:9991,clusterA_2:9990,clusterB_2:9991,clusterA_3:9990,
  clusterB_3:9991" \
  CookieName="ApplicationSession"
  </Object>
  Our issue is that the load-balancing doesn't appear to work across the clusters.
  We're seeing one cluster get about 90% of the load, while the other receives
  only 10%.
  So, the question (finally!) is: Is this configuration correct (i.e., will it
  work according to the logic of the proxy plugin), and is it appropriate for this
  situation? Are there other alternative approaches that anyone can recommend?
  Thanks in advance,
  cramer

  I use weblogic6.1 with sp2+windows 2000.I develop a web application and deploy
  it to cluster.Through HttpClusterServlets proxy of weblogic I found that a server
  in cluster almost get 95% of requests but another only get 5% of requests.Why???
  I don't set any special parameter.And the weight of the two clustered server is
  equal.I use round-robin arithmetic.
  Thanks!
  "cramer" <[email protected]> wrote:
  >
  We're in performance test of a large-scale clustered deployment based
  on WLS 5.1sp10.
  Due to scalability/functionality issues, some of which we've seen firsthand
  and
  some of which we've been informed of by associates as well as BEA representatives,
  we've chosen to implement multiple clusters with a maximum of three nodes
  each.
  These clusters will be fronted by a web server tier consisting of iPlanet
  servers
  using the proxy plugin.
  Due to hardware constraints (both in test and in production), however,
  we've configured
  the iPlanet servers to route across the multiple clusters. In our test
  environment,
  for instance, we've got a single iPlanet server routing across two 3-node
  clusters,
  and the configuration in obj.conf is as follows:
  <Object name="application" ppath="*/application">
  Service fn="wl-proxy" \
  WebLogicCluster="clusterA_1:9990,clusterB_1:9991,clusterA_2:9990,clusterB_2:9991,clusterA_3:9990,
  clusterB_3:9991" \
  CookieName="ApplicationSession"
  </Object>
  Our issue is that the load-balancing doesn't appear to work across the
  clusters.
  We're seeing one cluster get about 90% of the load, while the other
  receives
  only 10%.
  So, the question (finally!) is: Is this configuration correct (i.e.,
  will it
  work according to the logic of the proxy plugin), and is it appropriate
  for this
  situation? Are there other alternative approaches that anyone can recommend?
  Thanks in advance,
  cramer

• Could not retrieve Enterprise Global Template - Load balancer issue

  Hi,
  We have 4 Project Server 2010 servers. The 4 web servers are load balanced by networking team with sticky session configured.
  When we try to connect to the Project Server using MPP 2007 SP2, it fails saying 'Could not retrieve Enterprise Global template'. It works perfect when we point to a specific server by specifying the IP address for server name in the 'hosts'
  file.
  Earlier we observed some errors in the event viewer related to the SharePoint's internal load balancer for which restarted the 'Project Server Application' on each web server and it got fixed.
  Now, the only entries that we see related to load balancer are as mentioned below as Information (not errors).
  SharePoint Web Services Round Robin Service Load Balancer Event: Initialization
  Process Name: w3wp
  Process ID: 15080
  AppDomain Name: /LM/W3SVC/539065287/ROOT-1-130462463500778047
  AppDomain ID: 2
  Service Application Uri: urn:schemas-microsoft-com:sharepoint:service:ae7c7ee5c09b4e8198bdbb1ecb8c1c1b#authority=urn:uuid:9f626d347784423eb14bde4a1f4d13fc&authority=https://lonms12546:32844/Topology/topology.svc
  Active Endpoints: 4
  Failed Endpoints:0
  Endpoint List:
  http://lonxxx2532:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  http://lonxxx2545:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  http://lonxxx2546:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  http://lonxxx2566:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  Could the issue be due to network load balancer?
  Could the issue be due to Sticky session configuration on the load balancer.?
  How can we get to the root cause of the issue?
  Which logging category should we set to 'Verbose' that can give us some hint.
  Update: We tried to capture the requests through fiddler and observed that when fiddler is running on the client computer then the connection works perfectly fine even through the load balancer. Probably fiddler is reformatting the SOAP
  envelop of the web service requests the way it should before sending the request to the server.
  If we do not run fiddler and run some other similar tool (like Charles) then it again gives the issue and the request stucks at /PWA/_vti_bin/psi/winproj.asmx
  We ran Wireshark on the servers and found the following for that web service call:
  [TCP Previous segment not captured] Continuation or non-HTTP traffic.
  Please let me know if someone could provide any hint what can be done next.
  Regards, Amit Gupta

  There are several ways to configure your load balancer.   I would suggest that you work with the network engineer, the load balancer vendor and your project administrator to resolve this issue. 
  Basically you need URL to be resolved correctly.  Also, I don't believe PS2007 did a good job handling load balancing, so you may need to bring someone in good with IIS and see they can tweek IIS to manage the cache better.
  As I go back and look at your analysis, I think you should probably look at upgrading to Project Server 2013.  They made some improvement in load balancing and the management of distributive cache.
  I assume you have 4 WFE because you have thousands of project users.  Roughly how many  you have?  Over 1000, over 5000
  Have you tried to see if using two load balancing work?  How about just one front end.  I often see companies scaling SharePoint and Project server to extremes. 
  Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
  Website http://www.WhartonComputer.com
  Blog http://MyProjectExpert.com contains my field notes and SQL queries

• CSS load balancing issue

  Hi,
  I'm facing a problem with CSS while load balaning for the web application with two servers.
  The application is based on activex..
  Basically I have two servers running web application for which I have created VIP in the CSS, user hits the VIP address and they access the application, also we use the sticky thing as the application requires the session persistence.. everything is fine, but the problem starts when one of the server fails...
  Assume a user hits the VIP address and access the application, due to the sticky thing his session will be with server A (for eg.), now suddenly the server A fails and in that time the user was doing a transcation and inputting some data and after that he press the submit button on the page, as the server A is down the web page gets refreshed and he has to relogin to the application and redo the whole thing what he was doing in that particular transcation...
  Now the application guys are telling this problem should not happen as the CSS should be able to take care of the session getting reestablished to the other server B during the server A failure...
  Can someone through some lights on this... I'm bit confused now... as what I understand is that the webpage gets refreshed during a server failure because the tcp session id will get changed and the server B will not accept the same tcp session so it reinitiates the new session...
  Is my understanding right?? or is there something which we can do on the CSS to avoid this problem...
  Regards
  Vijay.

  Hi Gilles,
  Thanks for the clarification.
  I have two more issues too...
  1. The load balancing of the application between the two servers are not even. Actually the traffic from the users keep hitting only one server, I understand the point of sticky method used in our case, but even atleast the connection from another client machine should go to the other server,but it is not the case... traffic from all the clients goes to only one server..
  what could be the possible reason for the same...
  My config is as below...
  service SERVER-1
  port 80
  protocol tcp
  keepalive port 80
  keepalive type tcp
  redundant-index 4
  ip address 10.6.223.87
  active
  service SERVER-2
  port 80
  protocol tcp
  keepalive port 80
  keepalive type tcp
  ip address 10.6.223.77
  redundant-index 5
  active
  owner WEB
  content WEB
  add service SERVER-1
  add service SERVER-2
  redundant-index 104
  vip address 10.6.223.78
  protocol tcp
  port 80
  url "/webretrieve*"
  advanced-balance sticky-srcip
  active
  2. Slow response of the application when users access application through VIP address(CSS), what can be done further in the configuration to improve the performance?? or any thing else I can do...
  Regards

• JSF and load balancing issues

  Hello,
  We are having a difficult time getting our app to work correctly on our load balanced system. Any help / suggestions would be greatly appreciated.
  We have a very basic load balancer which is in round robin mode (this cannot be changed), two separate vms, each with an instance of apache(2.0.54) and tomcat(6.0.14). Each apache talks only to the tomcat on the same vm and the tomcats are configured to session replicate with each other (which is happening).
  When I log in to the app and start pressing a few buttons there are no problems for a little while. I then leave the screen idle for 1 minute and resume pressing buttons. The main session bean which holds information about where the user is and other key information, gets its constructor called and is set back to default and the page goes back to the main menu. Immediately before the bean is reset, the logs show the following:
  [MyApp] 17 Jun 2009 15:33:27,514 WARN: [ajp-8009-2 LoggerListener.onApplicationEvent(60)] : Authentication event AuthenticationSuccessEvent: v; details: (etc etc removed&hellip;)This is what the two logs look like:
  VM1 - Authentication event          
  VM2 - Main menu
  VM2 - Presss a button &ndash; progress a screen
  VM2 - Presss a button &ndash; progress a screen
  VM2 - Presss a button &ndash; progress a screen
  VM2 - Presss a button &ndash; progress a screen
  [wait 1 min]
  VM1 - Authentication event
  VM1 - Bean reset
  Processing continues, but screen is redirected to main menu
  We have the distributable tag in the web.xml file and javax.faces.STATE_SAVING_METHOD is set to client. Its set to client as the app will not work at all with it set to server (keeps asking for the user to re-log in).
  Thank you,
  Victoria

  Looks like a Tomcat issue to me. JSF is not going to timeout in 1 minute. You might want to check your Tomcat replication settings. Note try to do a very simple loadbalancing application that just echos the Tomcat is executing on.

• Load Balancing Issues SOMEBODY HELP ME!!

  Good Morning.
  A few days ago we implemented Load Balancing in our company, I printed a step by step procedure from MS and just follow it thinking that once I did that everything was going to be ok, but I am some issues that I managed to fix, but now I am stock in one
  that I just can't figure it out, here I go.
  When regular users try to connect to the Farm using the external IP they can't connect, we checked firewall seems to be ok, we check the configuration we did and we didn't miss any step, NOW here is the crazy part, when we use our Admin ID we can connect,
  so I thought maybe is an Active Directory thing, but I don't know where to look or what to do so my questions are,
  Can this be a licensing issue?
  Do I have to have my TSBroker as part of my group of PC in the firewall?
  Can it be a certificate issue? (not too sure because I can connect as an admin)
  Can it be permissions to log in to the servers?
  My co-worked is telling me now that if TS Broker sent them to TS1 they can connect but if TSBroker send them to the other two members of the farms they can't connect, TS1 is the original TS before this whole Load Balancing thing.
  we tried so many solutions that we can find online and come up with and nothing seems to be working, so what do I do? What did I do wrong when I configure the Load balancing? is there any step beside what MS told me that I am missing...
  PLEASE HELP!!
  Thank you..

  Hi Rodrigo,
  Thank you for posting in Windows Server Forum.
  What’s your server OS in your environment?
  Firstly see that, if you have not set up RD Licensing server and don’t have RDS CAL then your administrator can only get access for RDP connection (only 2 connection for Admin purpose). Now if you want more than 2 connection you need to setup RD Licensing server,
  activate it, purchase RDS CAL and install it. After installing, you need to see that your user have enough permission to access RDS server and your user must be added under “Remote Desktop User” local group under RDS Server. 
  As you have commented that your admin can able to connect so I think you must have the issue with user permission, please go through above points and check the result.
  Please check below article for more details.
  1. TS Session Broker Load Balancing Step-by-Step Guide (Server 2008)
  2. Checklist: Create a Load-Balanced RD Session Host Server Farm by Using RD Connection Broker (Server 2008 R2)
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Load balancing issues?

  Could someone help me with load balancing, current stats:
  I have a limited understanding, but from what I can make out, we have a significant number of clients being denied association and load balancing to different AP's but then the candidate count suggests a significant number of clients that failed to load balance, presumably because there wasnt an AP available in range that wasn't busy?
  Uptime is 27 days, client count can reach around 220 at busy times, 63 AP's in the building 1142's, 5508 controller. I am wondering if increasing the window size would offer a more robust solution, or will this just degrade user experience further?
  I am having a number of issues with failed client association now, and devices just not being able to operate wirelessly at all
  Client count reaching 25 on some AP's

  I guess per radio per AP client count is more in your case, clients more than the threshold are being shown busy status ( code 17 ) by AP. Therefore, clients are unable to associate to that AP. When the number of retries are over , they are denied. I guess there are network holes as well ( no coverage b/w the cells of differenet APs ). You can increase the window count , however, it depends on the AP model finally ( max. no. of  clients associated ).