Client accessing a specific server under a vip ACE Module
Hi All,
I have a need to allow QA/developers to check updated appliactions on a particluar server.
Is there any way on an ACE blade to allow a client to access a particular server under a vip?
The ACE is configured in Routed mode and the version is A2.3.4.
Any help or pdf's would be much appreciated.
Thanks.
Jack.
Hi,
Thanks for the response.
I have one more query, that I would appreciate some assistance with.
If I have an exisitng serverfarm with 6 rservers in it, is there any way to direct a specific client to a specific server.
I understand in one respect that if they are all inservice this may not be possible, but I thought I would ask the question anyway.
Thanks again for the assistance.
Jack
Similar Messages
-
Cannot access one specific server
Hi!
I'm using an eMac G4 to manage my website, very simple (Wordpress + images). I had no problems until last week, when my hosting company turned out some FTPs to prevent massive usage of other users. I tried to upload some files to my FTP and tried to send some emails with an associated account to that site but I couldn't. When my hosting company solved the problem I could access the FTP and download my email, but I could not upload anything nor send emails with attachments.
I thought it was my Internet connection, but it wasn't as I could upload files with a PC connected to the same DSL. I can use it with no problems with any other computer but my eMac. Besides, it's the only FTP I'm having trouble too.
I flushed my DNS and no changes. I introduced manually my DNS and no changes. I renewed my IP as I have dynamic IP and no changes. I checked if I got a firewall and no firewall. My hosting company doesn't know what to tell me and I don't know what to do.
Any clue on what might be happening?Hi again!
The problem remains. I upgraded to Tiger and I cannot upload files to ONLY ONE specific server. As the hosting company told me my IP address is not blocked from the server (and I have dynamic IP, so it doesn't matter), I pressume it is some kind of problem of my Network configuration. However, I don't know what to do.
Could it be my OSX be blocking uploading information to one specific server? Is there any "black list" or something at any plist?
It's really, really frustrating. Any ideas? -
How to force the Lync Client to a specific server in the pool
I am troubleshooting an issue and need my client to connect to a specific server in my enterprise pool.
I have tried a host fie, I have deleted the EndpointConfiguration.CACHE file and I still cannot get my client to connect to the specific front end.
Can anyone tell me how to do this?Using a host file should definitely work and I do this all the time for testing.
Are you using manual or automatic configuration? If it's manual then make sure that the name you specified resolves to the correct IP address by using PING.
If you are using automatic, use NSLOOKUP to determine what hostname it's trying to connect to and repeat the above.
This could either be sip.domain.com (as Edwin mentioned) or it could be the name of your Front End pool, depending on how it's configured.
The other thing you might want to try if everything looks correct and if you modified your HOSTS file while Lync was open, is just to Exit and re-open the Lync client.
If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
Georg Thomas | Lync MVP
Blog www.lynced.com.au | Twitter
@georgathomas
Lync Edge Port Check (Beta)
This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
HOWTO: Poll Server farm stats on ACE module
Hi All,
We are currently working on providing network monitoring information of our server farms programmed on our ACE modules, what is the best OID's to use?Hi Rob,
Unless there's something already out with the release of code 4.X and ACE 30 then I'd say the MIB that can help you here would be the .CISCO-ENHANCED-SLB-MIB
Here is the info from the SNMP object navigator
http://xrl.us/bk2vmo
Here is the list of supported MIBs by the ACE module just for reference and download
ftp://ftp.cisco.com/pub/mibs/supportlists/ace/ace-supportlist.html
HTH
Pablo -
Can You Manage Wireless Clients Access To Specific Websites?
Hi Team,
I am looking to use management functions like the ones I have used in Linksys WiFi Routers, such as limiting or denying access to certain external websites. I have been unable to find this capability in the Time Capsule (1TB), I just bought.
Can anyone shed some light on this area of enhanced management? Is this even possible?Hello gbelton10. Welcome to the Apple Discussion!
Is this even possible?
Sorry, but no. Unlike some other manufacturer's routers, the AirPort & Time Capsule do not provide this type of feature. One workaround is to use OpenDNS to filter the types of websites that can be accessed. -
Ssh access into virtual context on the ACE module A(2.2)
Hello,
I tried to configure:
Admin(conf)#context test
Admin(conf-context)#ssh key rsa1 1024
but this command ssh is not supported int this newest version. How can I configure the ssh access directly into virtual context on the ACE module??
Thank youHere's a link on how to configure it.
https://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/admin/guide/access.html#wp1049450
Hope that helps. -
Hi there,
We have one domain with 40 sites. On each site is a RODC, wich also has RDS. (RDS the old way, no broker installed)
The RODC's are 2008R2 and 2012R2 servers.
Everything works fine, however everyone can access all servers as a straight forward RDS user (no VDI).
Everyone is in the build in group for remote user.
I'd like to have people that work on ServerA only are able to contact serverA for RDS.
B on B, C on C and so on ... This for all 40 sites.
I made a policy for each site allowing RDS_A to access server A and so on. Is this the right way to do it, or can I do it having less GPO's ? I need 40 right now!!! Linking the policy to the right OU, containing the specific server.
Something is still wrong, because other people still can access serverA.
I get into it, but maybe I'm doing it wrong, so please give me some advice :)
Thanks,
Ben.
Ben van der MeerHi Ben,
Thank you for posting in Windows Server Forum.
You can achieve this through group policy but you can do one thing. You can create one group for one server (Suppose group A for server A, B for B, so on). After creating that group add particular user to that group and apply the group policy setting on that
group for particular group.
The group policy which can apply is “Allow users to connect remotely using Remote Desktop Services” under below mention path.
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
More information.
http://technet.microsoft.com/en-us/library/ee791922(v=ws.10).aspx
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
Real Servers not connected to ACE VLAN and Real Servers are clients accessing the VIP
Hi,
I have a very strange set up and need some help to get my config working
I have a ASA firewall with three VLANs
VLAN 1 = Internet
VLAN 2 = DMZ
VLAN 3 = Goes to ACE
On the ACE I have four VLANs
VLAN 3 = Goes to ASA
VALN 4 = Web Server Tier
VALN 5 = DB Tier
VALN 6 = VIPs
Our Application team have asked us to create a New VIP on the ACE with real servers in DMZ (Server A and Server B)
And they have told us that the cleints accessing the VIP will be Server A and Server B
I have always created VIPs with real servers directly connected to the ACE but not connected elsewhere.
I belive I have a big challenge of opening ports on the firewall etc to get this set up working. Also, should i use some sort of NAT / SNAT?
Could anyone guide me on this setup please?
RajHi Raj,
First of all it is possible to add servers in ACE which are HOP away from ACE interfaces. Here servers are HOP away but there VIP is part of ACE interface subnet. The only need is that servers return traffic towards client should be passed through ACE (so that ACE can manitain states and chage the source IP of the reply packet from server IP to VIP on which client has requested the connection).
When servers are HOP away and ACE do not come in path between server and client then we have to to do SNAT for intial client request. This configuration will force the return traffic from server to ACE (as server will NAT IP as client IP).
In your case DMZ-VIP which is created for two real servers A and B, will be accesses by these servers only. So it is a situation of server accessing there own VIP. For this scenario to work we have to have SNAT (no matter whether servers are directly connected or HOP away). So best solution here is VIP in VLAN 3, Rserevrs for this VIP in DMZ, and SNAT client request, using free IP in VLAN 3.
Also you have to open ports on firewall for both "real server Probes" and actual application ports, moreover policies modification on firewall for allowing traffic from DMZ to ACE VIP, DMZ to NAT IP and there vice versa traffic. -
Access Server through VIP (ACE 4710) but very slow
Re: Access Server through VIP (ACE 4710) but very slow
Hi Shiva
Kindly Help .....Accessing the server very slow.., Plz check my real configuration... this configuration is for application server and after this i have to configure more serverfarm for different server like webmail etc. in this ACE 4710. I have only one ACE 4710 .
ACE Version A4(2.0) = is there supports Probe with this version.??? without probe server will work but very slow. And plz guide Nat-pool is required
VIP :-- 172.16.15.8
LB/Admin# sh run
Generating configuration....
no ft auto-sync startup-config
logging enable
logging host 172.29.91.112 udp/514
resource-class RC1
limit-resource all minimum 10.00 maximum unlimited
boot system image:c4710ace-mz.A4_2_0.bin
hostname LB
interface gigabitEthernet 1/1
description Management
speed 1000M
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
description clientside
switchport access vlan 30
no shutdown
interface gigabitEthernet 1/3
description serverside
switchport access vlan 31
no shutdown
interface gigabitEthernet 1/4
no shutdown
context Admin
description Management
member RC1
access-list everyone line 8 extended permit ip any any
access-list everyone line 16 extended permit icmp any any
probe http probe1
description health check
interval 5
passdetect interval 10
request method head
expect status 200 200
open 1
rserver redirect https_redirect
description redirect traffic to https
webhost-redirection / 302
inservice
rserver redirect maintenance_page
description maintenance page displayed
webhost-redirection /sry.html 301
inservice
rserver host web1
ip address 192.168.10.3
inservice
rserver host web2
ip address 192.168.10.4
inservice
rserver host web3
ip address 192.168.10.5
inservice
serverfarm host http
rserver web1
inservice
rserver web2
inservice
rserver web3
inservice
serverfarm redirect https_redirect_farm
description Redirect traffic to https
serverfarm redirect maintenance_farm
description send user to maintenance page
parameter-map type connection paramap_http
description parameter connection tcp
exceed-mss allow
sticky ip-netmask 255.255.255.0 address source Sticky_http
timeout activeconns
serverfarm http
class-map match-all REMOTE-ACCESS
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
class-map match-all slb-vip
2 match virtual-address 172.16.15.8 tcp eq www
policy-map type management first-match remote_access
class class-default
permit
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match slb
class class-default
serverfarm http
policy-map type inspect http all-match slb-vip-http
class class-default
permit
policy-map multi-match client-vips
class slb-vip
loadbalance vip inservice
loadbalance policy slb
loadbalance vip icmp-reply active
inspect http policy slb-vip-http
connection advanced-options paramap_http
interface vlan 30
description "Client Side"
ip address 172.16.15.24 255.255.255.0
access-group input everyone
service-policy input client-vips
no shutdown
interface vlan 31
description "Server Side"
ip address 192.168.10.1 255.255.255.0
service-policy input remote_access
no shutdown
interface vlan 1000
description managment
ip address 172.29.91.110 255.255.255.0
service-policy input remote_mgmt_allow_policy
no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.15.1
snmp-server contact "PHQ"
snmp-server community phq group Network-Monitor
snmp-server trap-source vlan 1000
username admin password 5 $1$b2txbc5U$TA74D920oSdd2eOZ4hSFe/ role Admin domain
default-domain
username www password 5 $1$.GuWwQEK$r8Ub4OcE3l190d5GA4kvR. role Admin domain de
fault-domain
username prem password 5 $1$8C7eRKrI$it3UV4URZ26X4S/Bh6OEr0 role Admin domain d
efault-domain
ssh key rsa 1024 force
banner motd # "ro" #
Regards,
PremHi Shiva,
plz guide i'm new with ACE LB, also find my n/w design for connected ace to server. but server accessing very very slow, but when i connect through my old server software LB (with two interface)then accessing very fast. I just replace my old serverLB(with two interface) to ACE4710 and connect the same scenario then why not server accessing smoothly with VIP .Reply soon only I connect ACE's two interface with switch.....
Regards,
Prem -
Server 2012 R2 File Server - 2008 R2/Win7 Clients Access Denied. SMB 3 Encryption.
I've setup a Server 2012 R2 File Server. When creating shares I selected to enable encryption.
Now Windows 7 and 2008 R2 clients cannot access. Pretty clear that this is SMB 3 encryption the cause.
OK. So can I enable these Windows 7 and 2008 R2 clients to access encrypted SMB 3 shares?
I can find no answer or documentation on this.So can I enable these Windows 7 and 2008 R2 clients to access encrypted SMB 3 shares?
No, you can't. These Windows 7 and 2008 R2 clients talking to Windows Server 2012 R2, they will negotiate to the lowest common protocol which would be SMB 2.1 enabling communication, while not taking advantage of the SMB 3.0 specific capabilities (encryption
included).
There's no built-in encryption inside SMB 2.1 -
Hello
I am trying to install Exchange Server 2010 beta 1 onto a Windows Server 2008 R2 (build 7000) machine which has also been set up as a domain controller.
However when attempting to install the Client Access role, setup fails with the error below.
Does anyone know of a way to get around this please?
I have already searched for this error and not found any similar threads.
Also every time I press the code button on this forum it crashes the browser and I keep losing the message! (IE8 from within Server R2). Also the message box is very small, will not expand and keeps jumping to the top.
Thanks
Robin
[code]
Summary: 4 item(s). 1 succeeded, 1 failed.
Elapsed time: 00:00:01
Preparing Setup
Completed
Elapsed Time: 00:00:00
Client Access Role
Failed
Error:
The execution of: "$error.Clear(); Install-ExchangeCertificate -services "IIS, POP, IMAP" -DomainController $RoleDomainController", generated the following error: "Could not grant Network Service access to the certificate with thumbprint 2F320F5D5B5C6873E54C8AB57F604D8AFA31D18C because a cryptographic exception was thrown.".
Could not grant Network Service access to the certificate with thumbprint 2F320F5D5B5C6873E54C8AB57F604D8AFA31D18C because a cryptographic exception was thrown.
Access is denied.
Elapsed Time: 00:00:01
Mailbox Role
Cancelled
Finalizing Setup
Cancelled
[/code]
Robin WilsonHello
Thanks for all the replies.
I have since wiped the system and installed everything again and it all worked this time so not sure what was wrong last time. I did try to uninstall all Exchange components and then uninstall IIS and Application server, reboot and re-install but I received the same error still when it came to installing the client access role.
Walter: I just attempted the standard installation which should have used the default self-signed certificate. Everything was a fresh install done at the same time on a freshly formatted PC.
For info last time when it failed to work:
- Installed Windows Server 2008 R2
- Installed Domain Controller role using dcpromo. I set the forest and domain as Windows Server 2008 R2
- Added a forest trust between main domain and test Exchange domain (set up as ex2010.local)
- Installed IIS and Application Server role
- Installed Hyper-v role
- Installed Desktop Experience feature
- Installed Exchange and recieved the error
When it worked I set up the forest and domain in Windows Server 2008 mode (i.e. not R2), installed Exchange first and then set up the forest trust and then Hyper-v. It did say it failed to configure dns which was probably because it started trying to do automatic updates half way through the dcpromo! DNS seems to work ok though.
I did notice this time that Hyper-v gave a warning about the virtual network adapter not being set up correctly and the local network did not work correctly although I could access the internet. Not sure if this could have been related to the cause of the problem previously. For now I have disabled the virtual network until I get time to try and get it working and so the mail will work in the meantime.
I also noticed that Hyper-v added an extra 443 ssl binding to the default website so as it had 2 bindings on port 443 it refused to start. After deleting one it worked.
I decided to install Exchange onto a domain controller as it is only a test and I wouldn't do it in a live environment. I am also short of test machines! It didn't give me any warnings about this actually, I think previous versions warn you that it is not recommended.
Andreas and Chinthaka: I did not know about the requirement to run the domain at 2003 mode. The main domain is running in 2008 mode with Exchange 2007 so I assume this is just a temporary beta related requirement. It does seem to be working (second attempt) so far in a 2008 mode domain although I haven't had a chance to fully test it yet.
Thanks
Robin
P.S. Sorry it's taken me a while to reply!
Robin Wilson -
Windows 7 pro client cannot access folders on server 2003 domain server
I added a windows 7 64 bit client to a server 2003 32 bit domain 3 weeks ago and file sharing was working fine until today, 5/4/12. Now, when trying to access shared folders that reside on the server,
I get the following "access denied" message:
[…folder…] is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
The user name could not be found.
Strangely enough...
The windows 7 client
can open shared folders that reside on the XP clients in the domain
All the XP clients in the domain can access the server 2003 folders
All the XP clients and the server 2003 machine can access shared folders and printers on the windows 7 client.
The windows 7 client can ping the server 2003 machine and vice versa
I can “see” the server in my network list, but when I click on it, I get the same “access denied” message listed above.
So... the only problem is that the windows 7 client cannot access folders that reside on the windows server 2003 machine. There must be some sharing setting that got changed
by a recent windows update.
Here is what I have done/verified so far on the windows 7 client:
In advanced sharing settings for Home/Work, Public and Domain profiles:
network discovery is enabled
file and print sharing is enabled
use user accounts and passwords to connect to other computers is selected (I also tried allowing windows to manage homegroup connections instead, but the problem remained.)
40 -56 bit encryption is enabled
In “gpedit.msc” Local Policies/Security Settings:
enabled the following policies:
Network access: Allow anonymous SID/name translation
Network access: Let Everyone permissions apply to anonymous users
disabled the following policies:
Network access: Restrict anonymous access to Named Pipes and Shares
Network access: Do not allow anonymous enumeration of SAM accounts
Network access: Do not allow anonymous enumeration of SAM accounts and shares
What am I missing? Are there policies on the server that need to be adjusted?
Please help! My business is crippled if I cannot access server files from this workstation. Thank you in advance.As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous
steps should be helpful for many similar scenarios. <o:p></o:p>
If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You
can also choose to unmark the answer as you wish. <o:p></o:p>
In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar
problems. <o:p></o:p>
Thanks!<o:p></o:p>
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread. -
I am using a window 7 professional service pack 1 and I purchase REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER. but the seller did not send me any installation CD or instruction
on how to use it.
Please how can I use it on my window 7 professional service pack 1.
Thank you.Though Bill is absolutely correct for most CALs, Remote Desktop Services does have its own special licensing server. I haven't installed one on 2012, yet, but here is a step-by-step guide for 2008.
http://technet.microsoft.com/en-us/library/dd983943(v=ws.10).aspx
Here is a lab guide for 2012 -
http://technet.microsoft.com/en-us/library/jj134160.aspx
But, the explanation of your environment begs the question - what are you trying to do? You say you have a desktop OS and you are talking about Windows Server products. In that light, your question does not make a lot of sense.
. : | : . : | : . tim -
SQL2005 on winserver 2003. I have a view in Xdb that accesses tables in 2 different databases (Xdb and Ydb) on the same server. I have mixed mode security. I have a SQL user (XYuser) that has read access to all tables and views on both databases, yet when I try to access the view using a C# windows application I get the following error:
The server principal "XYuser" is not able to access the database "Ydb" under the current security context
This same scenario works under SQL 2000. I looked through the postings and tried to set TRUSTWORTHY ON on both databases but that didn't help. I can access any other views or tables on the SQL 2005 server, just not the one that joins the tables cross databases. Any help is much appreciated... johnThis appears to be a Login/Database Mapping issue. I was having this problem, but was able to resolve it as follows:
Using the SQL Server management Studio:
In the Object explorer, under the SERVER security folder (not the database security folder), expand Logins.
That is: ServerName -> Security -> Logins
NOT: ServerName -> Databases -> DatabaseName -> Security -> Users
Select the Login that is having the troubles. Right click on the Login and select ‘Properties.’
The ‘User Mapping’ page should list all databases on the server with a check mark on the databases that the Login has been mapped to. When I was getting the error, the database in question was not checked (even though the Login was assigned as a User on the database itself). Map the Login by checking the box next to the database name. Set the default schema. Then select the roles for the Login in the Database role membership list box. I selected db_datareader and public. After clicking OK to save the changes, the problem was resolved.
In order to ‘Map’ the Login, the Login must not already be as User on the database, so you may have to go to the database security (ServerName -> Databases -> DatabaseName -> Security -> Users) and delete the Login from the list of database Users before mapping the Login to the database. -
Dear all
During install Exchange 2013 through Powershell on Server 2012 I got this error in Mailbox role: Client Access service :
The following error was generated when "$error.Clear();
$BEVdirIdentity = $RoleNetBIOSName + "\OWA (Exchange Back End)";
new-OwaVirtualDirectory -Role Mailbox -WebSiteName "Exchange Back End" -DomainController $RoleDomainController
set-OwaVirtualdirectory -Identity $BEVdirIdentity -FormsAuthentication:$false -WindowsAuthentication:$true;
" was run: "An error occurred while creating the IIS virtual directory 'IIS://MONAMBX2.mona.local/W3SVC/2/ROOT/o
wa' on 'MONAMBX2'.".
The following error was generated when "$error.Clear();
$BEVdirIdentity = $RoleNetBIOSName + "\OWA (Exchange Back End)";
new-OwaVirtualDirectory -Role Mailbox -WebSiteName "Exchange Back End" -DomainController $RoleDomainController
set-OwaVirtualdirectory -Identity $BEVdirIdentity -FormsAuthentication:$false -WindowsAuthentication:$true;
" was run: "The operation couldn't be performed because object 'MONAMBX2\OWA (Exchange Back End)' couldn't be fo
und on 'MonaDc1.mona.local'.".
Any advice please !!I can't answer your question but I had a similar issue when I was trying to move our mailbox database off the C: drive. Our environment still has an Exchange 2007 server in it and when I was trying to move the database on the 2013 server, I would get
error messages saying the database does not exist. It seemed like it was trying to move the database on the 2007 server from the similar error messages that I was getting. To get around it, I deleted the database and created a new one on the drive
where we wanted it.
I discovered this when I was configuring the Antispam settings. I deleted our 2007 settings, added them to the 2013 shell, the settings appeared on our 2007 server. The shell on 2013 was making changes to 2007.
I'm not sure if there is a "Get|Set or New" command that I/we should be using when this happens. Or maybe my issues will be fixed if I just remove the Exchange 2007 server? I'm not ready to do that yet because I can't configure the spam filtering
on 2013 yet with its shell not being able to make the changes that we need.
I don't know if your environment is in coexistence mode like mine.
Hopefully someone else out there has an answer or can tell us when/how the shell can make the appropriate changes to the 2013 server. Does this happen after the 2007 server is removed?
Maybe you are looking for
-
Good day all, I am creating a validation on WBS element that should check the coding mask of the superior WBS element to validate that the lower level WBS being created is following the same sequence but this does not seem to work. What is the use of
-
can't get mail iphone5s only no problem with ipad2 or MacBook Pro why?
-
MX Navigator for MX882 stopped scanning, error message.
I have a Canon MX Pixma 882 (All-In-One printer). The computers runs Windows 7 (64 bit) that is on a HP Touchsmart 320 PC. The printer was connected by Wifi up till a few days ago, but has stopped working. Now it is connected by USB, so it copies, pr
-
HT3275 How can I delete a backup of one of my computers from a shared time capsule?
Hello, I have a Time Capsule which is used for backup with Time Capsule by two Macs. One of the Macs is currently offline and I want to delete it's backup manually from the Time Capsule. This operation takes very long and my impression is, it can not
-
How come time machine backup keeps failing?
I tried to backup my MacBook Pro yesterday, and this message keeps coming up. I don't know how to find the source of the file so I delete it. PLEASE HELP! Starting standard backup Backing up to: /Volumes/TOSHIBA EXT/Backups.backupdb Backup content si