CSS Load Balancing for MS Winsock Proxy Client

Has anyone load balanced Microsoft Winsock Proxy client? I am trying to load balance internal users using the Winsock client to two MS ISA Servers running Winsock proxy for application access to the internet.

Thanks for the post, I got this from Microsoft:
I wanted to update you on the information I investigated on the firewall client. I found the the actual port connection used to control the connection thru ISA is by default UDP. This UDP session is over 1745 to the ISA server. This intial connection then allows for a connection over an ephemeral port to the ISA server for the actual data transfer. The data transfer is done via a TCP connection. The connection control is UDP based by default. This can be changed in the Wspcfg.ini file. By adding the ControlChannel value to the WSP_client_app section of this file, you can use WSP.TCP to allow the connections to be based with TCP. In your situation, this may be the best scenario due to the connections being load balanced.
TCP is used by default when checking the Firewall configuration. This is why the traces showed the connection with TCP.
Information on this can be found in the ISA help files. In the search panel of the ISA help, type in "ControlChannel" without the quotes and it will show information on this feature.
I will re-test with TCP only setup, and see if this helps. I also have some sniffer traces I need to review to see if maybe NAT is killing me, not UDP traffic.
I'll post back my findings next week.

Similar Messages

  • CSS Load balancing for Exchange Server

    Hi,
    I have CSS configured in single arm and I have multiple servers configured for load balancing and it is working fine but when I am configuring Exchange server for load balancing I am facing problem and applications and printer/scanners are not able to send the email through the Virtual IP address configured for exchaneg server.
    But if we configured the real server IP in the printer/scanners they are able to send the email. While checking the logs on the exchange server, it is showing that request for the email so coming from the Exchange VIP configured in the CSS.
    I can telnet on port 25 on the VIP address (192.168.200.237). But unable to send the email through this VIP.
    Below is the configuration
    service ENOC_EXCHANGE-1
      ip address 192.168.200.235
      active
    service ENOC_EXCHANGE-2
      ip address 192.168.200.236
      active
    content EXCHANGE
        add service ENOC_EXCHANGE-2
        add service ENOC_EXCHANGE-1
        vip address 192.168.200.237
        active
    group EXCHANGE
      add destination service ENOC_EXCHANGE-1
      add destination service ENOC_EXCHANGE-2
      vip address 192.168.200.237
      active
    DC-CSS01# show rule GIT EXCHANGE
    Name:                EXCHANGE   Owner:                ENOC_GIT
    State:                 Active   Type:                     HTTP
    Balance:          Round Robin   Failover:                  N/A
    Persistence:          Enabled   Param-Bypass:         Disabled
    Session Redundancy:  Disabled
    IP Redundancy:    Not Redundant
    L3:         192.168.200.237
    L4:         Any/Any
    Url:       
    Redirect: ""
    TCP RST client if service unreachable: Disabled
    Rule Services & Weights:
    1: EXCHANGE-1-Alive, S-1
    2: EXCHANGE-2-Down, S-1
    =============================================================================
    Please let me know how to solve this problem. System team is saying with the physical IP address it is working fine problem with Load balancing. I have even tried with the
    Add service command in the group but didnt work for me. If i will remove the group command then I cant telnet on port 25.
    I think this is related to single arm modle or some wrong configuration for the NAT.
    Kindly assist me

    Hi
    Printers are on Vlan 80 ( gw is 192.168.80.1) and exange server is on vlan 200 (gw is 192.168.200.1) i have multiple vlan which will communcate with exchange.
    I hv other servers on 200 subnet which are working fine in load balancing.
    My CSS is single arm setup.
    Please assist
    Sent from Cisco Technical Support iPhone App

  • Problem with WLIOTimeoutSecs in weblogic and apche  CSS load balancer

    Hi,
    We are using Weblogic 11g, apache 2.2 and CSS load balancer for load balancing.
    we have huge reports which take minutes to generate and hence we need higher value for WLIOTimeoutSecs. This works fine when we use server url but WLIOTimeoutSecs is not working when we use CSS load balancer.
    We checked with our load balancing team they said CSS load balancer will not repost the request.
    Here is the plugin configuration
    <Location /*****>
    SetHandler weblogic-handler
    PathTrim /
    WebLogicHost 'serevrip'
    WebLogicPort 'port'
    WLIOTimeoutSecs 3600
    Idempotent OFF
    WLProxySSL ON
    DefaultFileName /***/***/index.jsp
    Debug On
    WLLogFile /***/***/***/***.log
    </Location>
    Could some please help me on this.
    Thanks in advance
    Regards,
    Venkat

    Hi Tarun,
    The problem occurs when the SSL is enabled on apache. If I access the same URL over HTTP, the parameter WLIOTimeOut works fine.
    Also I observed that, none of the parameters are getting applied to the plugin. I had switched on 'DebugConfigInfo'. With this the HTTP URL with ?__WebLogicBridgeConfig as query parameter returned the complete configuration. However when accessed with HTTPS the server did not return the configuration.
    Is there a specific configuration to be applied when apache is used with SSL?
    Thanks for your help,
    Shashi

  • Reverse Proxy and Load Balancer for SMP 2.3 and Agentry Application

    Hi Expert,
    I'm putting in place a mobile solution composed by SMP 2.3 SPS 4 and SAP ECC 6.0. In the SMP 2.3 I created the agentry server and I have deployed my agentry application.
    My SMP/Agentry infrastructure is composed by two servers therefore I need a load balancer for balance the load into the several servers. Furthermore I need to use a reverse proxy in my DMZ zone.
    Based on what indicated in the SAP note "1904213 - SAP Mobile Platform Server Release Information" the Apache Reverse Proxy is not supported for Agentry clients. Agentry uses nginx for Reverse Proxy.
    I also found the following document How-to-Guide for Reverse Proxy and Load Balancing in SAP Mobile Platform 3.x that explain how to set-up a reverse proxy and load balancer with nginx and apache.
    Both the SAP note and the HOW to document are refereed to SMP 3.0 and not to SMP 2.3.
    I would know if the NGINX must be used also for SMP 2.3.
    Any suggestion/information is appreciated.
    Thanks in advance
    g.

    Please see Agentry Network Landscapes

  • Network load balancer for Agentry applications

    Hi Expert,
    I'm going to implement a SAP Mobile Platform solution that will use an agentry application and I need some clarification about the HA configuration and the usage of the network load balancer and relay server. Just for information I'm going to use SMP 2.3 SP4.
    My understanding is that Relay server is a reverse proxy and load balancer for SMP but It can't be used for the agentry applications. Is this correct?
    Based on the standard configuration in order to balance the load of the client devices in the SMP cluster I have to use a Network load balancer, therefore the technical architecture of my solution should be the following:
    |Agentry Client device|   ---->  | Network Load Balancer |  ----> | SMP and Agentry Cluster| -----> |Back end systems|
    Is this correct? I didn't find specifications about the Network load balancer.. Is there a list of the Network load balancer products supported from SAP for agentry application. Is there any best practice on the network load balancer?
    Thank you in advance for you collaboration.
    BR
    g.
    Tags edited by: Michael Appleby

    Because we don't test any directly with our QA we don't have have a preferred products.  Talking to our consulting group they normally just use what the customer already has installed in their network.   Both Software or hardware load balancers has been used.
    The key part needed for the load balancer for Agentry 6.0.x and SMP 2.3 (not SMP 3) that it is set to TCP Pass through.
    Stephen

  • CSS load balance - Lock Outlook 2007 - RPC over http

    I have problema whit load balance for configuration of client Outlook 2007. (using protocol RPC over http). Through the CSS, after a period of utilization, the Outlook lock. And without the CSS doind load balance, no ocurred the problem.
    I appreciate any help.
    Thanks!

    Jason,
    CSS is not created in a source group of "exchange2007rcvir. Is that the problem is that?
    **** OWNER ****
    content exchange2007rcvir
    vip address 10.58.32.123
    add service scmt801cto
    add service scmt801cas
    redundant-index 205
    protocol tcp
    advanced-balance sticky-srcip
    sticky-inact-timeout 30
    active
    content exchangehtvir
    vip address 10.58.32.89
    add service scmt700cto
    add service scmt700cas
    redundant-index 201
    protocol tcp
    advanced-balance sticky-srcip
    sticky-inact-timeout 30
    active
    content exchangewavir
    vip address 10.58.32.33
    add service scmt800cto
    add service scmt800cas
    redundant-index 51
    protocol tcp
    advanced-balance sticky-srcip
    sticky-inact-timeout 30
    active
    ***** GROUP *****
    group exchangehtvir
    add destination service scmt700cto
    add destination service scmt700cas
    vip address 10.58.32.91
    active
    group grp_axiavir
    vip address 10.58.32.83
    add destination service scxt393cas
    add destination service scxt394cas
    add destination service scxt395cas
    add destination service scxt393cto
    add destination service scxt394cto
    add destination service scxt395cto
    active
    ** No have exchange2007rcvir

  • Installing 2 Application server and 1 DB server and load balancing for 11i

    Hi,
    I need info on how to install and configure load balancing for 11.5.8 on Win2000. The scenario: 1 db server DB, 2 apps/web/forms servers AP1 and AP2. Using rapid install you can only specify one db server A and one form server in multi node installations, right? How do I install the form server on AP2? Can I use the same config.txt? The computer name for AP2 is different.
    Thanks & Regards,
    Jagal

    I have the very same issue. We want to install 4 web/form servers on a hardware load-balancer and the issue is we can only specify one forms server.
    Does anyone know the secret bullet here?
    Thanks
    John

  • Setting up Load Balancing for 11i for Intranet & Internet Access

    Our current environment for 11i (11.5.5) is accessed only internally (via Intranet). We need to allow outside access (via Internet) also for self-service apps (ie. HR). Oracle Support/Metalink has stated that Load Balancing (note 148155.1) is the only supported method to have multiple (Apps Servers) systems access a single database. Could I get feedback from anyone who has implemented Load Balancing for 11i? Additionally if someone has implemented this for both intranet and internet access how has your company setup? Do the secondary server(s) from the Load Balancing note reside in the DMZ? And thus the primary app server and database reside inside the firewall? Thanks....

    Hi,
    We are using 6 middle tiers for internal access for intranet access and 2 middle tiers in External DMZ with only web server running for Extrenal Access over Internet for Self Service.
    You Implement one Load Balancer for first 6 internal Middle Tiers with site level profiles pointing to Internal .
    You implement second Load balancer for external 2 middle tiers with server level profile options for these two servers pointing to External Load balancer .
    To check how to implement load balancer vsiit
    http://becomeappsdba.blogspot.com/2006/09/configure-hardware-load-balancer-at.html
    Wait for my next post in above blog site with step by step procedure to implement above solution External & Internal one
    Atul Kumar
    Oracle Apps DBA
    http://teachmeoracle.com

  • CSS Load Balancing with Billing Server

    Hi Gilles
    Could I have a CSS load balancing two servers and also have it communicate with a billing server across the network. If yes then how can I do it?
    Regards,
    Sushil

    the CSS does not have the notion of billing server. A separate device - like the CSG - should be used if you need to collect billing info.
    Gilles.

  • Load Balancing for Microsoft Orchestrator application

    Hi Folks,
    We are trying to configure Load Balancing for Orchestrator Server.
    We have closely 200 users running a workflow.. so in that case, we need to configure the Runbook Server as a application load balancing cluster, so please do share me the configuration guides..
    Regards,
    Venu
    Best regards, Venu.

    I'm in the middle of doing this right now. There is a doc on metalink (233428.1) that details the process. I would highly recommend trying this in dev/test env first. Even though the instructions are very straight forward and not very complicated, I'm still having configuration issues.
    Clint

  • Does Traffic Manager provide database load balancing for MySQL?

    I need two VMs to implement MySQL Cluster in Windows Azure. VMs allow configure endpoint load balance set for Mysql, but I did not find tcp protocol in Traffic Manager. Does it provide this service for database
    load balancing?

    Hi,
    Traffic Manager works on the DNS level and routes traffic between public endpoints that sit behind a common DNS name. So you can't use this for your scenario.
    However, You can implement
    load balancing for VMs in another way.
    Edward

  • What is the alternative of F5 BIG-IP LTM Load Balancer for OEM 12c

    We want to implement service load balance, however oracle recommended
    F5 BIG-IP LTM Load Balancer for OEM 12c
    How much it is cost? and is there any free alternative we can use which supported by Oracle?
    Thanks

    Apart from F5, Cisco is another SLB vendor. I am not sure about any free alternative though.
    Note that regardless what SLB that you pick, it should meet the requirements documented in section 29.3.2.2 of the EM12c Release 3 Administrator's Guide:
    The SLB must provide support for multiple virtual server ports. Enterprise Manager typically requires that up to 4 ports are configured on the SLB (Secure Upload, Agent Registration, Secure Console, Unsecure Console)
    Support for persistence. HTTP and HTTPS traffic between the browser and the OMS requires persistence
    Support for application monitoring. The SLB must be capable of monitoring the health of the OMSs and detecting failures, so that requests will not be routed to OMSs that are not availa
    Regards,
    - Loc

  • Using ACE to load balance HTTP/S traffic between client & proxy server using tcp 8080

    Folks,
    I have a scenario where ACE is in load balancing connections to a bunch of Websense servers in a one-armed topology.  ACE presents a single VIP to web browser clients and each client's browser proxy configuration is populated with the VIP DNS name.  Traffic then gets load balanced between the Websense servers.  The problem arises due to Websense requiring the 'X-Forwarded-For' HTTP header in order to obtain the source IP of the client.  
    ACE inserts this header into the standard HTTP 'proxied' traffic but doing this for HTTPS traffic has required the configuration of the ACE SSL proxy client server.
    So the problem I have is this:
    How to configure ACE to load balance both HTTP & HTTPS applications using a single VIP and tcp port number ie tcp 8080
    The ACE hardware being used is ACE20-MOD-K9  -  MODULE
    I have attempted to use a L7 class map to match all ciphers and attach this to a L7 Policy-Map but the documentation highlights the fact the 'match cipher' configuration is only available on the ACE appliance.  
    I believe I am on the correct track.  The HTTPS traffic must be identified and used to match against PolicyA and HTTP traffic matched against PolicyB
    I'm looking for ideas!  I'm hopeful someone must have solved this problem previously!!
    Regards,
    Simon

    Hi Simon,
    The classification has to work on different ports. Whether client types http or https doesn't matter to client. His request will reach VIP which will classify the traffic based on port, protocol first and then it can look into further detail to send the traffic to appropriate serverfarm.
    You can class-map match-any xxxxx
    2 match virtual-address x.x.x.x tcp any
    and then you configure further classification on the basis of L7 like  url, header etc. 
    But again, you will still need SSL termination on ACE.
    Regards,
    Kanwal
    Note: Please mark answers if they are helpful.

  • Internal load balancer for ADFS, Web Application Proxy join problem

    Hello,
    we deployed 2 x ADFS (2012 R2) behind a internal Azure load balancer.
    In front are two WAP servers, which should be joined to the ADFS farm based on the internal load balancer IP.
    Unfortunately the WAPs fail to join and sometimes after 5 tries it works. The problem is (based on the event logs) that the ADFS Servers dont trust the WAP certificate.
    It seems, that during the join process the ADFS internal load balancer does not stick to one ADFS server. If we join the WAP directly (without the ILB) to one of the ADFS servers, everything works fine.
    As soon as we try to join via the ADFS internal load balancer IP, the abover occurs.
    Did anyone experience the same problems? How does the internal load balancer distribute the requests? Seems to be not sticky at all.
    Thanks for any Feedback,
    Thomas

    Thomas -
    This article talks (in detail) about a recently updated distribution mode - Source IP affinity.
    http://azure.microsoft.com/blog/2014/10/30/azure-load-balancer-new-distribution-mode/
    Hope this helps!
    /Arvind

  • CSS Load Balancing with Cookies

    We are trying to load balance 2 backend servers hosted on Websphere with advance balance cookies method.
    Restrictions
    ServerA is unable to accept cookies generated from ServerB.
    ServerA and ServerB are generating random cookies
    Unable to modify cookie string with a constant.
    How can we load balance based on cookies considering the above restrictions?
    We have attempted to do hash based load balancing with cookies but the problem we run into is the servers do not accept cookies generated from another server.
    The configuration we tried is written below:
    service ServerA
    ip address 192.168.10.2
    keepalive type tcp
    keepalive port 80
    active
    service ServerB
    ip address 192.168.20.2
    keepalive type tcp
    keepalive port 80
    active
    content ABC
    url "/*"
    add service ServerA
    string prefix "JSESSIONID="
    advanced-balance cookies
    port 80
    add service ServerB
    string skip-length 5
    string process-length 16
    string operation hash-xor
    protocol tcp
    vip address 172.16.32.1
    active
    Can we change the string prefix to JSESSION instead of JSESSIONID= ?
    The only place the app guys can add a constant string to match on is before the = sign.
    Is it possible for CSS to match on a constant string before = sign e.g below:
    service ServerA
    ip address 192.168.10.2
    keepalive type tcp
    keepalive port 80
    string id567=
    active
    service ServerB
    ip address 192.168.20.2
    keepalive type tcp
    keepalive port 80
    string id123=
    active
    content ABC
    url "/*"
    add service ServerA
    string prefix "JSESSION"
    advanced-balance cookies
    port 80
    add service ServerB
    string skip-length 0
    string process-length 6
    protocol tcp
    vip address 172.16.32.1
    active

    It should work.
    There is no reason for it not to work...
    This is the best method you can have on the CSS for stickyness.
    Get a sniffer trace on the client and server with arrowpoint cookie configured on the CSS and capture a failure so we can see what is going on.
    also send me the config so I can verify everything is ok.
    If you have a service request open with the TAC, you can also give the SR # so I can review what has been done.
    Gilles.

Maybe you are looking for

  • A Security Weakness When Signing without a Timestamp

    Hi Guys, I am exploring the need of timestamping PDF documents using Adobe Acrobat wrt security. I see a lot of signatures made without timestamps and I see an issue here mentioned below. If my assumption is valid then Ideally Adobe Acrobat should st

  • Updating window components WHILE dragging the mouse

    How do I update a whole window (JFrame), including it's components, during the following scenario: 1. mouse pressed - on any of the window's boundaries 2. mouse moved to a final position. Currently the components of the window do not change until i s

  • No option to burn to a CD-R

    Hi, I'm posting for a friend who has a problem with his MacBook, which is 2 GHz Intel Core 2 duo running OSX 10.4.10. When you put a bank CD-R into the computer, finder doesn't recognise the disk. When usually you would get an option to open finder,

  • Problem printing with laserjet 3055 AIO

    We have 3 or 4 3055 AIOs within our school district, and one is giving us a real headache.  It is constantly asking us to insert pages.  When I went to look at it (I'm a tech at the district), the LCD read READY MANUAL and it was only pulling from th

  • Hii...i can't sign into adobe creative cloud....

    hii....i can't sign into adobe creative cloud