Enable External Load Balancing error

Similar Messages

• UAG External Load Balancing and ISATAP

  Hi Experts,
  I am deploying a UAG Array to be used for Direct Access. The Array will consist of two servers and use an F5 External Load Balancer. In addition and in similarity
  to 90% of the other corporate intranets out there, the internal network is IPv4 with no IPv6 transition technologies deployed. The article
  http://blogs.technet.com/b/edgeaccessblog/archive/2010/05/17/configuring-an-external-load-balanced-uag-directaccess-array-for-an-ipv4-only-network.aspx
  isgreat but to my mind has no information to support ‘Manage Out’ and throws up a number of questions: (Note that I want to enable ‘Manage Out’ capability and as far as I am aware that is achieved by using ISATAP)
  The article describes that you have to generate and configure your own IPv6 address for the internal interface when using an external load balancer. Does anyone know why? Why not let UAG assign
  the addresses as per the default?
  UAG by default configures itself as an ISATAP router when there is no IPv6 infrastructure deployed on the internal network
  to facilitate ‘manage out’. This still applies when using Windows NLB. Why does this no longer apply when using an external load balancer? I.e. Why does UAG no longer configure itself as a ISATAP router?
  In relation to question 2; you therefore need to move your ISATAP router to a different device (http://technet.microsoft.com/en-us/library/ee690463.aspx),
  in doing so how do you configure the ISATAP environment to traverse the UAG servers without some sort of load balancing on the internal interfaces? I’m assuming that you can only tell the ISATAP router to use the one default gateway i.e. either one UAG server
  or the other. This means that you would have all your outbound internally initiated traffic going via one server only – not very good for performance or fault tolerance.
  In relation to question 3; I thought therefore that NLB could be used on the internal interface to solve the above problem, except that I have read that you can’t mix and match external load
  balancing and NLB even though they are on separate networks due to bidirectional affinity. What does this actually mean and why does this not occur when load balancing is mixed in this manor?
  Therefore when you wish to use external load balancers, do you:
  A) Except the fact that you can’t use UAG as a ISATAP router and you do indeed need two devices
  and deploy it as described here (http://technet.microsoft.com/en-us/library/ee690463.aspx)
  or
  B) Except the fact that that you can’t use UAG as a ISATAP router and any internal outbound
  traffic travels via the one UAG server only.
  Apologies for the long post, but I wanted to make sure that I get my thoughts down concisely so that it may help others who come up with the same questions
  J
  Thanks for your time everyone
  Gary

  I am also facing the same issue.  I have UAG1 and UAG2, which are in an array, and externally load balanced.  I've configured an external ISATAP router according to: 
  http://www.windowsnetworking.com/articles_tutorials/Configuring-ISATAP-Router-Windows-Server-2008-R2-Part2.html.  However, as mentioned by others, the ISATAP router has to have either UAG1 or UAG2 as the next hop for IP-HTTPS traffic.  As
  a result, communication between the DirectAccess client and management devices will only work if the client is tunneling through the same UAG server that the ISATAP router has as the next hop for the IP-HTTPS prefix.  From what I can tell, my configuration
  is supported, but I can't figure out how to have the ISATAP router determine which UAG server a client is tunneling through.  I thought about having two separate IP-HTTPS prefixes for each UAG server, but this would get overwritten when activating
  the DirectAccess configuration.  Maybe some type of internal load balancing?

• DirectAccess Load Balancing Error

  Hi 
  Just seeing if anyone has come across the following error when trying to enable Network Load Balancing in DA 2012.
  Error is The length of the prefix used to assign IPv6 addresses to DirectAccess clients connecting over IP-HTTPS should be 59 bits.
  Any help would be good
  Thanks

  Hi,
  By default, DirectAccess accept a /64 prefix for the IP-HTTPS range on a single server.
  This is the IPv6 range for your clients.
  When moving to NLB, you must use a /59 range because each DirectAccess server in the Cluster will receive a /64 range based on the range you defined in the console.
  Let's say you implement a 2001::1000:/59, server1 will use 2001::1000:/64 for the clients, server2 will use 2001::1001:/64, etc...
  Gerald
  Edit: Carriage Returns problem on the forum when posting from my smartphone, will correct that later :-)

• Portal Drive not working with external load balancer

  Hi,
  We have a portal cluster and we are using external Load balancer from
  Juniper for load balancing the portal cluster. When given the direct
  portal URL (Central instance URL or Dialog instance URL), Portal Drive
  is able to connect to portal and shows the KM documents properly. But
  when given the Load balancer URL, it gives error saying "Can
  not connect to host using WebDAV protocol". Load balancer URL works
  fine from the browser without any problems. Any help is highly appreciated.
  Helpful points will be rewarded.
  Regards,
  Chandra

  Hi Steve,
  For Portal Drive, Windows integrated authentication, client certificates,basic authentication and Kerberos is supported.
  (in the default delivery of com.sap.km.cm.docs iview the authentication Scheme is set to basicauthentication - switching that to form based authenticationis not being supportedbywebdav clients).
  ALso now Integrated Windows Authentication (NTLM) has been made available with latest patch.
  Also read through SAP NOTE 1084683 for further clarifications.
  Regards,
  Shailesh

• External Load Balancing OAM11g Servers

  With OAM 11g, DB 11.2.0.1, RHEL5.6, and WLS 10.3.5... we have clustered the managed servers and all that displays, starts, stops as expected -- hosts are H1 and H2. We also have an external load balancer (haproxy). By "external", I mean that the host (PRHost) where the protected resource (PR) resides is outside the LB and all of the OAM infrastructure is inside the LB. We actually have 2 layers of LB because we are also trying to create a disaster recovery site, but for now we'll concentrate on the just the webgate and the LB.
  We have installed WLS 10.3.5, OHS 11.1.1.2, and have deployed a PR on the PRHost. We then installed the 11g webgate on PRHost and instantiated the webgate within the OAM Server on H1 and moved the artifacts to the PRHost.
  The question is fairly simple -- at least from my perspective -- the webgate gets its connection information from the ObAccessClient.xml artifact created when the webgate was added to the OAM Server. The only connection the webgate understands is the listing of the primary/secondary OAM Servers within that artifact.
  QUESTION:+ When we access the protected resource, how will it know to go through the external LB if the only connection information it has is the OAM Server? We realize that there is LB information within the OAM Server setup, but this means that in order to determine where the LB is, we need to first access the OAM Server setup. We require the PR to first go through the LB to find an available OAM server, but there appears to be nothing on the PR webgate to inform it how to find the LB.

  Luis,
  you need the command 'portmap disable' available in 5.01 and 5.03
  gilles.

• How to enable Network load balancing for Enterprise portal

  Hello,
  We have installed EP 7.0 central instance(00) and dialog instance (01) and would like to enable network load balancing between these two EP servers.Have installed network balancer and the configuration has been done at network level.
  The below URLs are being used for accessing the portal
  Central instance :
  http://CIhostname:50000/irj/portal
  Dialog Instance:
  http://DIhostname:50100/irj/portal
  Both the port number has to be same for enabling load balancing.In order to acive this we have to map this port to http port by making some changes in Visual Administrator.
  Can you please let me know step by step  procedure or any link where i can find the same?
  Appreciate your response
  Thanks,
  Vadi

  Dear Jay,
  Thnaks for your reply.
  No...NLB will helpful in load balancing between different 2 different  application (Ep)servers.
  We are using microsoft network load balancer.Found the service http provider in VA for making those changes.
  Any way thanks.
  Regards,
  Vadi

• Load balancing error 88: Cannot connect to message server (rc=9)

  Hi,
  We are facing a problem in the system object.
  initially we created a system object with loadbalancing template ,and everything worked fine, but after couple of months we found a error "Load balancing error 88: Cannot connect to message server (rc=9)", so we have created a Dedicated application server object which resolved our issue.
  My question is why has this problem occured, and since my client side has lot number of users and we wish to keep the system back to load balancing object.
  How can i make my system object work back, what might be the causes?
  Thanks
  Srivastsa Kondapally

  Load balancing only works if the message server is available and the logon group specified exists as well.  If one of those changes, then it will break until you get the values set correctly.

• Load balancing error 88

  Dear all,
  We are suddenly  facing a problem in the PRD system. There user are getting the below error and if they restart there system than  it is solved
  Load balancing error 88: Cannot connect to message server (rc=9)  
  few days back  We have upgrade the system from ecc5 to ecc6 and its only
  Please suggest why the error is coming and how to solved it
  Regards,
  Kumar

  check the /etc/services file for a proper port setting for the R/3 message server "sapms<sid>" at 36xx. You can try connecting the SAPgw directly to the dispatcher at port 32xx where XX is the instance number. If that connection is good, then it appears to be a logon load balancing configuration problem which uses the message server.
  This is usually because it cannot connect to the message server. Please check the dev_ms for any errors. if it is intermittent it is likely to be a network problem ( see note 500235 Network Diagnosis with NIPING.
  Check following SApnotes :
  #n21559: Examination of SAPGUI problems  could be useful.
  Please also check the note 882741 for the more info about this problem.
  following links will help you :
  Logon Load Balancing
  http://help.sap.com/saphelp_nw70/helpdata/EN/c4/3a64c1505211d189550000e829fbbd/frameset.htm
  Message Server-Based Logon and Load Balancing (Redirection)
  http://help.sap.com/saphelp_nw70/helpdata/EN/43/a95d83e27417b9e10000000a1553f6/frameset.htm
  Best Regards
  Niraj

• Understanding DirectAccess and external load balancer

  Hi,
  I'm trying to understand the concept of DIPs with a external load balancer. We're trying to create a Directaccess cluster with to DA-servers in edge. I'm at the wizard for creating load balancer and choose external. Then it asked me to enter the DIPs. But
  why is that? Should it not be sufficient with the current IP-address, since they are configured in the external LB. Or do I need to add a secondary IP-address and enter that in the wizard and enter them has the VIPs inte the external LB. Same goes for the
  internal one.

  Does that mean that i could choose any IP-address in the private range, despite that i have an edge configuration with one public ip-address and one internal address? Or do i need to allocate another public IP-adress?
  Edit:
  http://blogs.technet.com/b/mspfe/archive/2013/01/24/how-to-configure-directaccess-in-windows-server-2012-to-work-with-an-external-hardware-load-balancer.aspx
  When following the guide, I use the current IP-address of the first nods external NIC. And get an warning I can't use that IP. Should I use the VIP that we have for the load balancer?

• Sun appserver 8 load balancer error

  Hi everybody. I'm having some trouble using the load balancer plugin for apache 2 over a linux box. I've followed the install guide, compiled apache2 using the libraries, and everything looks ok, but when starting apache2 with the load balancing module enabled, I get the following error:
  [Thu Jan 11 11:03:12 2007] [alert] --------------------Name Trans---------
  [Thu Jan 11 11:03:12 2007] [alert] apache process id = 10541 ; URI = /server-status
  [Thu Jan 11 11:03:12 2007] [alert] Within apachelbplugin_name_trans()
  [Thu Jan 11 11:03:12 2007] [alert] LB Configuration XML file absent or not readableI've read the topic on http://forum.java.sun.com/thread.jspa?threadID=5095982&messageID=9330119
  but I still get the problem.
  My server is linux RHEL 3, apache version is 2.0.59.
  Please any help would be appreciated. Thanks.

  You might have simply forgotten to create and/or copy loadbalancer.xml into your apache_webserver_instance/conf/ directory.
  You can try to recreate it using 'asadmin create-http-lb-config' command, see:
  http://docs.sun.com/source/819-0215/loadb.html#wp1048230

• BPEL End Point URL using External Load Balancer URL

  Hi All,
  We have Oracle SOA Suite installed in a clustered environment as per the Enterprise Deployment Guide 10g Release 310.1.3.3.0 E10294-02.
  I have deployed a BPEL process to the clustered environment and the end point refers to the internal url of the load balancer e.g. http://internallink:8001/orabpel/default/testService/1.0
  When we just paste this end point in a browser, enter the parameters and click on invoke, the BPEL Process gets invoked.
  However, if we try to use the external url(which is on https) of the load balancer as the enpoint url eg https://externallink/orabpel/default/testService/1.0 to invoke the same BPEL process, the page which is used to accept the parameters and the used to invoke the BPEL process is successfully displayed. However, when we try to invoke the service, the connection times out.
  Please note that internallink and externallink are the internal and external VIPs, respectively.
  Does someone have an idea of what may be wrong or what needs to be corrected to be able to invoke the BPEL process using the external VIP, please?
  Thanks in advance.

  Check if the port of ESB in your server is open.
  I think that the port is: 7777
  try from ESB server:
  wget WSDLURI
  if you got the file then the port is closed.

• Load Balancing Error

  Scenario breakdown :
  I have two app servers on hand version 6 (App1) and (App2) and a singular web server - IWS 4.1(Web1).
  Solution thus far :
  I have chosen to use App2 as the Sync Primary and App1 as the Backup. Created a new cluster "mohrelxcluster" in kregedit and created two entries at location Clusters\mohrelxcluster\SyncServers to include both servers at port 10818(kxs). I have futher setup round robin polling under CCS0\LoadDb. I set the following values under CCS0\LoadDb\ServerWeights:
  - ipaddressApp1:10818=50
  - ipaddressApp2:10818=50
  Finally, created the needed entry under CCS0\ClusterName:
  -mohrelxcluster=0
  Upon doing so, I started both servers according to order of precedence App2 first then App1.
  Log Findings :
  As anticipated, according to the kxs log files on both machines shows the broadcasting and processing of information between Sync Primary and Backup. (indicated by the sending to and receiving from <ipaddressinhex:10818>).
  In the iasdsync log file on App2(Sync Primary) - App2 has be recognized as Primary and App1 as backup.
  Problem :
  Upon starting up the ksvradmin interface, the following error is trigged : An error occured while reading in load balancing values server app1. Upon clicking on app1's icon and clicking on the cluster tab, the "mohrelxcluster" cannot be seen.
  Many thanks for reviewing. Here's hoping some one can help
  Regards
  Sathya

  HI
  Are you sharing single LDAP for these two application servers. If not, you have to create those cluster entries in two regitries (Kregedit). (both syncserver entries and clustername=0 entries)
  If you are sharing single LDAP, the entries under SyncServers can be created once but you need to create ,
  <clustername>=0 entry under CCSO\ClusterName in two registries.
  Hope this helps.
  -Srinivas

• WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

  Hi,
  I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http. 
  When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl. 
  What change should I make so that WSDL url will have https instead of http ? 
  This is service side configuration.
  <system.serviceModel>
      <services>
        <service name="Service.IService">
          <endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
        </service>
      </services>
      <bindings>
        <basicHttpBinding />
      </bindings>
      <client />
      <behaviors>
        <serviceBehaviors>
          <behavior>
            <serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
            <serviceMetadata httpGetEnabled="true" />
            <serviceDebug includeExceptionDetailInFaults="true" />
          </behavior>
        </serviceBehaviors>
      </behaviors>
      <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    </system.serviceModel>
  Thanks in advance !!

  Hi,
  For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
  <behaviors>
  <serviceBehaviors>
  <behavior
  name="MyServiceTypeBehaviors"
  >
  <serviceMetadata
  httpGetEnabled="true"
  />
       </behavior>
  </serviceBehaviors>
  </behaviors>
  For more information, you could refer to:
  http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
  http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
  Regards

• Load Balancing Error Message

  We have two ASA 5550's, ver. 8.0.4. We just recently set them up for Load Balancing. Every time the user logins to Cisco VPN client (5.0.03.0560), we got two email notifications for the below message. We got the error messages every time every user logins to the Cisco VPN client
  163>%ASA-3-713128: Connection attempt to VCPIP redirected to VCA peer 192.168.110.18 via load balancing
  163>%ASA-3-713902: Group = office, IP = XX.XXX.XXX.XXX, Removing peer from peer table failed, no match!
  The user was able to access the internal resources. The two ASA's have the exact configurations. Do you have any suggestions how to fix the problem?
  Thanks.
  Debra

  Error Message - %PIX|ASA-3-713128: Connection attempt to VCPIP redirected to VCA peer IP_address via load balancing
  Explanation - This message appears when a connection attempt has been made to the VCPIP and has been redirected to a less loaded peer using load balancing.
  Recommended Action - None required.
  Error Message - %PIX|ASA-3-713902 descriptive_event_string
  Explanation - This system log message could have several possible text strings describing an error. This may be the result of a configuration error either on the headend or remote access client.
  Recommended Action - It might be necessary to troubleshoot the configuration to determine the cause of the error. Check the ISAKMP and crypto map configuration on both peers.

• Logon Load Balancing error

  Hi
  I am trying to setup Logon Load Balancing for our ERP system, I have setup the logon groups in TX SMLG, the landscape consists of DB server app1 and app2, I have created a logon group for app1 and logon group for app2, I have then created a new system entry in the SAP Logon Pad under Group/Server Selection, here I have a problem in that when I enter the message server I get a message saying Error: hostname <message server> unknown, however when I enter the ip address for the message server I get the list of logon groups appear, however, I have entered the sapmsS02 3600/tcp setting within the services file, I have also added the ipaddress and the hostname of the message server into the hosts file, but I still cannot get the hostname to work within the message server.  When I test the logon I get the error message Logon Balancing Error 88: Cannot connect to message server (rc=9), I have searched the net and most people just suggest entering the details into the services file and host file, also a sap note which suggests issues within the registry for Microsft MSN which I have checked and still have the same issue.
  Does anyone have anymore ideas as to what this could be or what to try next?
  Thanks for your help
  Jay

  Dear Jay,
  It is not the service that can not be resolved, that is translated into an IP address, but the hostname. It depends on your system and the way in which it does hostname resolution, whether the hosts file will be used at all. So please check with the keyword 'hostname resolution' on how to set this up on your landscape.
  Best Regards,
  Tim