CSS-11503 redundancy
Does anyone know if one can use a non-dedicated interface (i.e. one through which other traffic flows) for redundancy? I ask this as the pair of 11503's in question will only have the two gig interfaces available, both of their slots filled with SSL accelerators.
The documentation states that one must use a dedicated interface for redundancy, unfortunately with only 2 interfaces on an 11503 we don't have many choices....
Hi
Only a direct Connection between the CSSes is supported compare to the Usage Guidelines in
http://www.cisco.com/en/US/partner/products/hw/contnetw/ps792/products_command_reference_chapter09186a00801578c2.html#1139684
I'm havin more or less the same problem as I've a customer with 2 locations and the use ISC would help a lot. My only possibility to solve this is a DWDM link between those 2 locations but that's quite an expensive solution. Maybe the possibility of a using a VLAN (L2 infrastructure) for ISC like the FT-VLAN at the CSM would be great idea for the future...
Kind Regards
Joerg
Similar Messages
-
CSS 11503 in Active Active mode
Can we configure CSS 11503 in Active/Active mode, means can multiple context would be configured?
Thanks & Regards,
Shahzad.Here you go
Assumptions:
VIP 10.10.10.100 is Master on the CSS 2 and backup on the CSS1
VIP 10.10.10.101 is Master on the CSS1 and backup on the CSS1
Vlan 10 is the Server Vlan (Redundant Interfaces here)
Vlan 20 is the Client vlan (Redundant Vips here)
Services for VIP 10.10.10.100 (real server) have default gateway pointing to redundant interface 172.20.40.253
Services for VIP 10.10.10.101 (real server) have default gateway pointing to redundant interface 172.20.40.254
CSS #1
circuit VLAN10
ip address 172.20.40.1 255.255.255.0
ip virtual-router 1 priority 101 preempt
ip virtual-router 2
ip-redundant-interface 1 172.20.40.253
ip-redundant-interface 2 172.20.40.254
Circuit VLAN20
ip address 10.10.10.1 255.255.255.0
ip virtual-router 3 priority 101 preempt
ip virtual-router 4
ip redundant-vip 3 10.10.10.101
ip redundant-vip 4 10.10.10.100
CSS #2
circuit VLAN10
ip address 172.20.40.2 255.255.255.0
ip virtual-router 1
ip virtual-router 2 priority 101 preempt
ip-redundant-interface 1 172.20.40.253
ip-redundant-interface 2 172.20.40.254
Circuit VLAN20
ip address 10.10.10.2 255.255.255.0
ip virtual-router 3
ip virtual-router 4 priority 101 preempt
ip redundant-vip 3 10.10.10.101
ip redundant-vip 4 10.10.10.100
More details at
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/VIPRedun.html#wp1112245
Syed Iftekhar Ahmed -
Remove Health Care (keepalives) CSS 11503
Hi,
We normally distribute the load between two servers by checking if the server its active (using TCP 80), yesterday, we want to remove the Health Care (keepalives) due to a maintenance test, to sent the traffic direct to the server, but the service stop working.
We think we didn’t remove the health care properly, could anybody please help me to know hoe to remove it?
We are using CSS 11503, I’m adding the config.
ThanksCSS11503-2(config)# service Linux2
CSS11503-2(config-service[Linux2])# ip add 192.168.20.41
CSS11503-2(config-service[Linux2])# active
CSS11503-2(config-service[Linux2])# show service Linux2
Name: Linux2 Index: 33
Type: Local State: Alive
Rule ( 192.168.20.41 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Keepalive Encryption: Disabled
Last Clearing of Stats Counters: 08/12/2009 05:29:24
Mtu: 1500 State Transitions: 0
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
Weight Reporting: None
CSS11503-2(config-service[Linux2])# keepalive type none
CSS11503-2(config-service[Linux2])# show service Linux2
Name: Linux2 Index: 33
Type: Local State: Alive
Rule ( 192.168.20.41 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Keepalive Encryption: Disabled
Last Clearing of Stats Counters: 08/12/2009 05:29:24
Mtu: 1500 State Transitions: 1
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
Weight Reporting: None
CSS11503-2(config-service[Linux2])#
Same if the service is down before disabling the keepalive.
CSS11503-2(config-service[Linux2])# keepalive type icmp
CSS11503-2(config-service[Linux2])# show service Linux2
Name: Linux2 Index: 33
Type: Local State: Down
Rule ( 192.168.20.41 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Keepalive Encryption: Disabled
Last Clearing of Stats Counters: 08/12/2009 05:31:42
Mtu: 1500 State Transitions: 4
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 255
Weight Reporting: None
CSS11503-2(config-service[Linux2])# keepalive type none
CSS11503-2(config-service[Linux2])# show service Linux2
Name: Linux2 Index: 33
Type: Local State: Alive
Rule ( 192.168.20.41 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Keepalive Encryption: Disabled
Last Clearing of Stats Counters: 08/12/2009 05:36:08
Mtu: 1500 State Transitions: 5
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
Weight Reporting: None
Gilles. -
The senerio contains a PIX 515 E firewall,4507R Chassis switch and a CSS 11503. The servers in inside zone of the PIX is load balanced using a vip with default route specified in the CSS is the inside zone interface IP of the PIX
Now I would like to load balance the servers in the DMZ zone of the PIX with a separate vip(from DMZ zone) in the same CSS. Since the default route in CSS is towards the inside zone of the PIX, I am unable to see the load blanced pages from dmz. Is there any solution to load balance the servers of the 2 zones with 2 different vip's using a single css ?The default behavior is to use the calling device's CSS for the redirected calls. In your case it sounds like you want to use the redirecting device's CSS. I haven't tried this myself but I believe you will need to change the following registry entry on your PGs. You will want to use option 2 (ROUTEADDRESS_SEARCH_SPACE).
HKEY_LOCAL_MACHINE\SOFTWARE\Cisco
Systems,Inc.\ICM\IPCCL\PG1B\PG\CurrentVersion\JGWS\jgw1\JGWData\Dynamic
"UseRouteAddressSearchSpace"=dword:00000000
- Used to control behavior on CTI Route Points for Route Selects.
UseRouteAddressSearchSpace can be to set 0, 1, or 2 where :
DEFAULT_SEARCH_SPACE = 0
CALLINGADDRESS_SEARCH_SPACE = 1
ROUTEADDRESS_SEARCH_SPACE = 2 -
CSS 11503 load-balancing with MS Print Servers
We are trying to load-balance print server connections between 2 MS print servers. When we try to connect to the print servers name, (\\PS01) or even the VIP address, we get a Path not found error. However, if we direct the path to the actual name or ip address of the print servers (not the VIP), we can view all the queues and connect/print to them. Is this possible to do on the CSS 11503? Thanks.
Pete- Here is our config. See any problems?
configure
!*************************** GLOBAL ***************************
ip route 0.0.0.0 0.0.0.0 1.100.100.100 1
!************************* INTERFACE *************************
interface 1/2
bridge vlan 2
!************************** CIRCUIT **************************
circuit VLAN1
ip address 1.100.101.110 255.0.0.0
circuit VLAN2
ip address 10.100.249.1 255.255.255.0
!************************** SERVICE **************************
service ps01
ip address 10.100.249.5
active
service ps02
ip address 10.100.249.6
active
!*************************** OWNER ***************************
owner printserver
content L3_Basic
add service ps01
add service ps02
vip address 1.100.100.35 -
CSS 11503 - question on version
We're about to do an annual OS update to our CSS 11503, and I noticed that there are two current versions of WebNS, both released in the same month: 8.10.4.01 and 8.20.2.01. Could anyone outline for me the differences between the two (or point me to the right release notes)? I usually upgrade to the latest release, but having two at the same time is awfully confusing.
Thank you!They are essentially the same.
We always port all fix to both of them.
Release notes are here :
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/release/note/RN810_X.html
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/release/note/RN820_X.html
Gilles. -
I currently have a CSS 11503 LB that I am using to balance 443 and 80 traffic and I have it working but my question is if a users are coming from a proxy should I continue to use Layer 3 LB technique? Also is it possible to see the real IP address instead of the IP of the proxy server?
the problem with proxy is if you use some form of stickyness like sticky src ip.
Since the src ip is always the proxy, you end up with all your traffic going to a single server.
If you are doing sticky src ip, I would suggest to use arrowpoint-cookie instead.
To see the real-ip you need your proxy to insert in the http header a 'x-forwarded-for' line with the client ip.
Your servers can then extract this value to determine the client ip.
On the CSS you won't be able to see the client-ip.
Gilles. -
Global Cerificate on CSS 11503
Hi
I am planning to enable https for few web servers behind a CSS 11503. I have tested the functionality with the trial cert every thing works as desired.
Now I need to buy a certificate from Verisign to make it work in production.
At verisign they offer two different certs (Secure Site --40 bits encryption) and (Secure Site Pro -- 128 bit encryption).
1. Is this 128 bit cert a "global cert"? and I need to concatenate the "intermediate cert" and "server cert" to make it work?
2. If all my users are in USA then does it make sense to buy this 128 bit certificate?
3. Verisign website also asks for "server Platform" and cisco is not mentioned as an option (I can see other LB as F5 in the list). What should I select for the server Platform when I am requesting it for CSS 11503 (I have generated the CSR on CSS 11503).
Thanks in advance
Glenn1.The guy who picked the phone at verisign had no clue.Verisign website says the following
Secure Site Certificate (40bit minimum)- SSL Certificates without SGC
To install your SSL Certificate, go to the instructions below for your server software. If your server is not listed or you need additional information, refer to your server documentation or contact your server vendor
Secure Site Pro Certificate(128bit minimum) - SSL Certificates with SGC
If you are installing an SSL Certificate with SGC, you need to copy an Intermediate CA Certificate before proceeding to the installation instructions for your server software.
2.My understanding was that 40 bit is minimum encryption level and only old browsers (exported ones) will us 40/56 bit ciphers. Other wise even with 40 bit certificate the new browsers will establish a 128 bit session.
Verisign says about their 40 bit certificate
"40-Bit to 256-Bit SSL Encryption Non-SGC SSL Certificates provide a minimum of 40-bit and up to 256-bit SSL encryption. Site visitors using certain older browsers and many Windows 2000 users will only receive 40- or 56-bit encryption unless they’re connecting to an SGC-enabled SSL Certificate"
I found a document on net in favor of buying 40 bit certs.
http://www.whichssl.com/myths_about_sgc.html
Gilles I am a bit confused here.Need HELP :) -
Routing non-TCP/UDP traffic while using FWLB on CSS 11503s
Hello all,
I've been tasked to setup up FWLB with CSS 11503's as shown below. The issue is that intranet workstations use VPN client software when connecting to certain sites through the Internet and other times they use http or https (for connection to different sites). Because no flow is setup for ipsec and ECMP uses per packet routing for non TCP/UDP traffic, I'm concerned that load balancing through the firewalls will occur on a per packet basis. If that is true, stateful inspection in the firewalls will block asymmetrical traffic flows.
Is my understanding correct? And, if so, is there a way to configure the CSS units to deal with this?
Thanks in advance.
(sorry for the dots in the drawing but the spaces kept getting deleted)
.| Internet |
..........|
.| CSS-outside |
.............|
........|...............|
.| FW1 |.....| FW2 |
.......|................|
............|
.| CSS-inside |
............|
.| Intranet |for non-flowy traffic like IPSEC, we use a hash algorithm to decide where to send the traffic.
So, it's not per packet loadbalancing.
The same source/destination ip/port will always go to the same firewall.
Gilles. -
Installing an SSL certificate for a CSS 11503
I'm having the hardest time searching for clear instructions on how to request and install an SSL certificate for a CSS 11503 Content Switch. Can anyone help or point me in the right direction?
I'm also looking for instructions on how to replace an SSL certificate once it's been installed. Thanks!Allen,
The portion of the configuration guide related to SSL certificates and keys can be found here:
http://cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801eea82.html#1422544
To replace an SSL certificate, you'll need to remove the current certificate and re-import/create the new one.
~Zach -
To set enable password for CSS 11503
We need to set enable password on CSS 11503.
Can we do this.If yes how we can do this?there is no enable password on the CSS.
The user is a privilege user or not.
If you login as a privilege user, you get full access. No need to enable anything.
CSS11503-2> en
enable Authenticate for SuperUser mode
endbranch End a branching command
CSS11503-2> enable
Username:
As you can see above, if you type enable you have to re-login with a superuser account.
Gilles. -
CSS 11503 does not ask confirmation
Hi,
Our CSS 11503 does not ask confirmation when I want to delete or add a service, owner or group.
Here is the log of some deletion and addition a service:
11503_Master(config)# sh run ser mtsopa01-9700
service mtsopa01-9700
ip address A.B.C.D
protocol tcp
port 9700
keepalive type http
keepalive port 9700
active
11503_Master(config)# no service mtsopa01-9700
11503_Master(config)# (As you see there is no confirmation)
11503_Master(config)# service mtsopa01-9700
11503_Master(config-service[mtsopa01-9700])# (As you see there is no confirmation)
11503_Master(config-service[mtsopa01-9700])# ip address A.B.C.D
11503_Master(config-service[mtsopa01-9700])# protocol tcp
11503_Master(config-service[mtsopa01-9700])# port 9700
11503_Master(config-service[mtsopa01-9700])# keepalive type http
11503_Master(config-service[mtsopa01-9700])# keepalive port 9700
11503_Master(config-service[mtsopa01-9700])# active
Have you any idea?
PS:
Version: sg0750103 (07.50.1.03)
Product Name: CSS11503-AC J0do a 'show profile'
You are probably in expert mode.
CSS11503-2# sho prof
@no terminal more
@prompt CSS11503-2
@expert <=====
do 'no expert' to revert to normal mode and don't forget to do a save profile.
Gilles. -
CISCO CSS 11503: Adaptive Session Redundancy + Resets
Hi
we have release 7.10.206a configured with SourceGroup and ASR. I made a sniffer trace and experienced that the CSS sends a lot of RST. As well I saw that it use only 1984 source ports for the connections to the server. How can I increase the number of source Ports? .In the attachments you will find the sniffer trace with the incorrect behaviour and the configuration.
Any suggestion, idea ?the problem of the RST seems to be the frequent reuse of the same source port.
The destination of this connection seems to be confused and ACK the new SYN with the ack number of the previous connection. This ack number is out of range from the syn sequence number so the result if a RST.
ie:
Flow1 - Syn -> packet 1
Flow1 - Last ACK -> packet 33
Flow 2 - syn -> packet 34
Flow 2 - ack (instead of syn/ack) with acknumber same is packet 33.
This triggers a RESET -> packet 36
Flow 3 - syn -> packet 55
Flow 3 - same as flow 2 issue, ack with old ack number. This triggers a RST (packet 57).
Now the 2nd issue, the CSS (I believe tpkg0x.post.ch is the CSS) sends packet for flow 2 but the end station believes flow 2 was killed with the RESET of flow 3 and the host sends a RST to the CSS (packet 59) because its connection does not exist anymore.
So the all issue is the fact that ports are being reused to quickly.
You will need to involve more people to find a workaround to the 1984 ports available [and be aware they are available but not all usable].
Work with Marco K., your sale support.
Regards,
Gilles. -
Cisco CSS 11503 Arrowpoint/Load Balance question
I am troubleshooting an issue with my 11503. I am running version 07.40.0.04. I have it configured as follows:
content upcadtoa-rule
add service cadtoa-wls1-e0
add service cadtoa-wls1-e1
add service cadtoa-wls2-e0
add service cadtoa-wls2-e1
add service cadtoa-wls3-e0
add service cadtoa-wls3-e1
add service cadtoa-wls4-e0
add service cadtoa-wls4-e1
add service cadtoa-wls5-e0
add service cadtoa-wls5-e1
add service cadtoa-wls6-e0
add service cadtoa-wls6-e1
arrowpoint-cookie expiration 00:00:15:00
protocol tcp
port 8001
advanced-balance arrowpoint-cookie
redundant-index 2
vip address 172.30.194.195 range 2
arrowpoint-cookie name TOA
active
However, the load-balancing across the servers does not seem to be doing much balancing. One of those servers is getting hit with 5 times as much traffic as another and another server is lucky to get a connection at all. With the cookie expiration set, one would think that this would all balance out over time.
I just came across this information from Cisco and I am wondering if it is relevant:
If you configure a balance or advanced-balance method on a content rule that requires the TCP protocol for Layer 5 (L5) spoofing, you should configure a default URL string, such as url "/*". The addition of the URL string forces the content rule to become an L5 rule and ensures L5 load balancing or stickiness. If you do not configure a default URL string, unexpected results can occur.
In the following configuration example, if you configure a Layer 3 (L3) content rule with an L5 balance method, the CSS performs L5 load balancing, but will reject UDP packets.
content testing
vip address 192.168.128.131
add service s1
balance url
active
The balance url method is an L5 load-balancing method in which the CSS must spoof the connection and examine the HTTP GET content request to perform load balancing. The CSS rejects the UDP packet sent to this rule because a UDP connection cannot be L5. Though the CSS allows this rule configuration, its expected behavior would be more clear if you promote the rule to L5 by configuring the url "/*" command.
In the next example, if you configure an L3 content rule with an L5 advanced-balance method, L5 stickiness will not work as expected.
content testing
vip address 192.168.128.131
add service s1
advanced-balance arrowpoint-cookie
active
The advanced-balance arrowpoint-cookie method causes the CSS to spoof the connection, however, the CSS still marks it as an L3 rule. Thus, the CSS does not insert the generated cookie and the rule defaults to L3 stickiness (sticky-srcip). You must configure a URL like url "/*" to promote this rule to L5, ensuring that L5 stickiness works as expected.
Thanks in advance for any help you can give. The thing is not down, it is just balancing strangely causing application performance issues.
JamesHey James,
You will need to suspend the content rule in order to add the url statement. This will cause a quick downtime until the content rule is activated again. I have shown below the commands to add the statement. Perhaps you can create your commands in a Notepad file, then paste them all in so they execute quickly to minimize your downtime:
content MY-SITE
vip address 10.201.130.140
port 80
protocol tcp
add service MY-SERVER
active
CSS11503# config t
CSS11503(config)# owner TEST
CSS11503(config-owner[TEST])# content MY-SITE
CSS11503(config-owner-content[TEST-MY-SITE])# url "/*"
%% Attribute may not be modified on active rule
CSS11503(config-owner-content[TEST-MY-SITE])# suspend
CSS11503(config-owner-content[TEST-MY-SITE])# url "/*"
CSS11503(config-owner-content[TEST-MY-SITE])# active
CSS11503(config-owner-content[TEST-MY-SITE])# exit
CSS11503(config-owner[TEST])# exit
CSS11503(config)# exit
CSS11503# show run
content MY-SITE
vip address 10.201.130.140
add service MY-SERVER
port 80
protocol tcp
url "/*" <--------
active
Hope this helps,
Sean -
CSS 11503 Destination NAT - can only enable one service
I have three web servers configured as six services. Three are for MOSS (Microsoft Office Sharepoint Server) and three are for SSRS (SQL Server Reporting Services 2006 in integration mode).
THE PROBLEM:
When more than one MOSS service is active I can no longer connect to the SSRS services.
This is a trunked Configuration:
interface 1/1
trunk
redundancy-phy
vlan 1
default-vlan
vlan 100
vlan 101
vlan 103
interface 3/16
bridge vlan 4000
circuit VLAN100
redundancy
ip address 192.168.100.xx0 255.255.255.0
circuit VLAN103
redundancy
ip address 192.168.103.xx0 255.255.255.0
circuit VLAN4000
ip address 1.x.x.2 255.255.255.252
redundancy-protocol
circuit VLAN101
redundancy
ip address 192.168.101.xx0 255.255.255.0
service MOSSWeb01
ip address 192.168.103.xx1
keepalive port 80
keepalive type tcp
active
service MOSSWeb02
ip address 192.168.103.xx2
keepalive port 80
keepalive type tcp
active
service MOSSWeb03
ip address 192.168.103.xx3
keepalive port 80
keepalive type tcp
active
service SSRSWeb01
ip address 192.168.103.xx1
active
service SSRSWeb02
ip address 192.168.103.xx2
active
service SSRSWeb03
ip address 192.168.103.xx3
active
owner MOSS
content MOSS
vip address 192.168.100.xx1
vip-ping-response local-remote
add service MOSSWeb01
add service MOSSWeb02
add service MOSSWeb03
active
owner SSRS
content REPORTSERVER
vip address 192.168.100.xx2
add service SSRSWeb01
add service SSRSWeb02
add service SSRSWeb03
vip-ping-response local-remote
active
group MOSS2007-DSTNAT
vip address 192.168.100.xx1
add destination service MOSSWeb01
add destination service MOSSWeb02
add destination service MOSSWeb03
active
group SSRS2005-DSTNAT
vip address 192.168.100.xx2
add destination service SSRSWeb01
add destination service SSRSWeb02
add destination service SSRSWeb03
active
NOTES:
All (3) real servers have a default route to 192.168.103.xx0 which insures traffic passing through the CSS (so I don't understand why I still need a destination service group).
When MOSS accesses SSRS it does so via http://SSRS2005/reportserver. This is configured in DNS as 192.168.100.xx2. I would think that this would also insure traffic through the CSS but I still had to configure a destination service for these.
All clients connect to the MOSS services via one VIP (192.168.100.xx1) and the MOSS services connect to the SSRS services via a 2nd VIP (192.168.100.xx2). MOSS also connects to itself for indexing content and a variety of other services (I had originally tried separating the MOSS content rules using layer 5 matching on Host Headers. This seemed to cause issues with access to ports 139 and 445 for UNC access to document libraries so I simplified the MOSS content rule back to layer 3).
I have setup two distinct groups and have used destination NAT so that the servers can communicate to each other.
When using Wireshark on the servers to run packet traces and all services are up I do not even see any packets destined for the SSRS services leading me to believe that they are dropped by the CSS (however, I don't see them using show flows on the CSS either).
Can anyone here shed some light on the correct way to configure the CSS in such a scenario?
Thanks in advance.I have two MOSS services down because MOSS can't get to SSRS if more than one MOSSservice is active. That's the crux of the biscuit.
I had hoped to avoid the whole packet sniffing activity but it looks like I may need to capture more information. I don't really want to change the VLAN configuration since this CSS is managed by our network team and there are other services configured on the CSS that I have not indicated.
I appreciate your advice, so far. I will actually have some downtime this coming weekend where I can try some additional configuration options after prime time from home.
One thing that may not be apparent in this whole discussion is that all of the sites on both MOSS and SSRS use HOST Headers for HTTP. That's what keeps them separated. I had tried using layer 5 content rules but had the same issue plus other issues with non-HTTP traffic. I also did not care for the fact that the CSS actually spoofs the responses when using layer 5. There is a lot of NTLM Challenge/Response traffic for Windows Integrated Authentication and Negotiated Kerberos. The bottom line is that even without Layer 5 content rules the Host Headers do get passed to IIS and the sites are selected properly based on that header. The exception is that Host Headers are no longer required for SSRS since it is the default website on port 80 (besides - setting up host headers for SSRS in MOSS integration mode has it's own set of issues). Still, the host headers are sent to SSRS SOAP Endpoints and there are no issues connecting to any of the three SSRS services from any of the three MOSS servers interactively. The issue is when a client outside of these VLANs makes a request for a report.
client->MOSS->SSRS->MOSS->client
Be aware too that both MOSS and SSRS are making connections back through the CSS to their respective databases for each request.
Maybe you are looking for
-
[SOLVED] Can't get microphone to work
Hi everyone, I'm trying to get my microphone to work so I can use Skype (which installed very easily btw). Headphone and speaker sound works fine. I know it's not a hardware issue because the mic works fine in Ubuntu 10.04 and Debian. My sound hardwa
-
How can I use SSL in httpunit??
How can I use SSL in httpunit? I am using HTTPUNIT 1.5.4 and the j2sdk1.4.1_04? I want to activate a submit button that following an https-Url in the html action method... The SSL certificateis from Server, i want to connect, is comming from Thawte.
-
I am using PSE 9 and am running on a XP . When I open the editor , I get an error message " unable to continue because of a hardware or system error. sorry but this error is unrecoverable " Please heeeeeeeeeelp me ..!
-
Boot Camp - Read/Write Windows Partition from OSX?
I am assuming that if I format the Windows Partition with FAT32 I can read and write to the Windows Volume from OSX? But not NTFS?
-
Safari stalls during Time Machine backups
Ever since I upgraded to the combination of OS X 10.6.8 and Safari 5.1 (my workflow is not yet Lion-ready), I've been seeing Safari stall while Time Machine is running its automatic backup. I get the spinner on trying to interact with any tab's conte