HTTP Redirect with Global Load Balancing

Similar Messages

• SSL setup with a load balancer

  We are running EP 7.0 SP14 and have set it up to run through a Cisco ACE loadbalancer.  We have also setup SSL with the certificate on the ACE load balancer.  Everythign work fine, except we keep getting a Security Alert popup message in IE that states "You are about to be redirected to a connection that is not secure."
  Are there some additional configurations that I need to do in EP to make this go away?
  Maximum points to the first correct answer.

  You can change logoff URL to any value:
  http://help.sap.com/saphelp_nw04s/helpdata/en/44/aada5230be5e77e10000000a155369/frameset.htm
  Regarding VC apps.
  It is strange you cannot see HTTP in the IEWatch. IE should not be able to alert about something it does not see. I suggest you to use something more substantial to trace network calls: http://www.wireshark.org
  This is the best tool I know for network tracing.
  Regards,
  Slava

• Cache refresh issue with PI Load Balanced HA setup.

  Dear Experts,
  Wei have installed a HA Load Balanced PI Production Server with the below specifications. Its a four node cluster. Two nodes for Application Cluster and another two nodes for Database Cluster.
  Node1
  Physical Hostname  : axsappci
  Virtual Hostname  : axsapp00
  Instances         : CI,SCS and ASCS.
  Node2
  Physical Hostname : axsappdi
  Virtual Hostname   : axsapp00
  Instances          : Dialog instance installed with physical hostname axsappdi
  Node3
  Physical Hostname : axsappd1
  Virtual Hostname   : axsappdb
  Instances  : DB Instance.
  Node4
  Physical Hostname : axsappd2
  Virtual Hostname   : axsappdb
  Instances  : Standby DB Instance (passive).
  Web Dispatcher Hostname : h2h
  Application Switchover : CI,SCS and ASCS to switchover to Node2 and dialog instance Node2 forcing to go down
  Database Switchover : DB Instance switchover to Node2 if Node1 fails.
  We have changed all the parameters according to note 951910 -> NW2004s High Availability Usage Type PI
  I am facing an issue with the cache Notifications in the Integration Repository and Directory. The cache notifications are not happening properly particularly with the ABAP Cache.
  I get the below error in my ID when i try to do the manual cache notification.
  Unable to notify integration runtime (ABAP) of data changes
  Unable to establish http connection "http://h2h:8002/sap/xi/cache?sap-
  client=001"
  Kindly assist.
  Thanks and Regards
  Raghu.

  Hi Srikanth,
  Thanks for the reply.
  I have configured my web disptacher to use default HTTP and HTTPS ports i.e 80 and 443. According to note 951910 i have changed parameters in exchange profile to use these ports.
  Regards
  Raghu.

• Testing Forms Services availability with Hardware Load Balancer

  I have posted a question about load balancing to a group of application services running Forms Services here on the Forms forum but have had no reply:
  Forms Services availability checking for BIGIP Load Balancer
  My basic questions are:
  a) What do people recommend for load balancing Forms ... least connection, round robin ... ?
  b) Do people use http://server:port/forms/frmservlet?ifcmd=status or have some of you used something else?
  My reason for the question is we had a Forms Services failure that was not detected by the ifcmd servlet as the HTTP side of things was still working. This meant that the BIGIP load balancer sent everything to the failed server as it had the least connections. So basically no-one could logon.
  I've raised an SR with Oracle but they recommend the standard URL above. Has anyone else had a problem like this and if so were you able to fix it?
  Regards,
  Philippe

  Well SR followed up and it looks like the only course of action is to use the standard HTTP check: http://server:port/forms/frmservlet?ifcmd=status ...
  ... unless that is you want to do some serious customisation. Oracle don't support any other form of checking.
  I'm guessing from the lack of responses to this thread that this hasn't been an issue for anybody else ... ???
  Any thoughts/suggestions really welcome as we go into production in 4 weeks.
  a) What do people recommend for load balancing Forms ... least connection, round robin ... ?
  b) Do people use http://server:port/forms/frmservlet?ifcmd=status or have some of you used something else?
  Thanks,
  Philippe

• Bug with Network Load Balancing Services and SkipAsSource always reverting to true

  Steps to reproduce:
  Add an IP address to the cluster (2 nodes running Windows Server 2012) using the Network Load Balancing Manager
  Using PowerShell set the SkipAsSource flag on the IP Address to true (Set-NetIpAddress -IpAddress 192.168.1.10 -SkipAsSource $true). The flag is correctly set.
  Try to reverse the setting (Set-NetIpAddress -IpAddress 192.168.1.10 -SkipAsSource $false). Flag stays as true.
  It appears as though Network Load Balancing Services is remembering the setting from someone.
  Things I've tried all without success (in no particular order):
  Removing the IP address from the cluster and adding it back in
  Using PowerShell to remove the IP address and add it back in manually (on each host).Flag stays set as true on the 1st node but takes a second before it reverts back to true on the 2nd node.
  Using netsh to remove the IP address and add it back in manually (on each host). Flag stays set as true on the 1st node but takes a second before it reverts back to true on the 2nd node.
  Deleting each host from the cluster (one at a time), removing the registry keys CurrentControlSet\Services\WLBS and
  Removing both hosts from the cluster
  Restarting the hosts
  Using processmon (sysinternals) to try and find a registry entry that might be set when SkipAsSource is set
  Does anyone know:
  How to resolve this issue? I'm guessing resetting the TCP/IP stack would work but that's a last resort as it requires an on sight visit to the datacentre.
  Where the SkipAsSource flag it stored?
  How to reset the master/global cluster config?
  Thank in advance,
  Antony

  Hi Antony,
  I am trying to involve someone familiar with this topic to further look at this issue.
  There might be some time delay. Appreciate your patience.
  Best Regards.
  Steven Lee
  TechNet Community Support

• 11gR2 SCAN config with F5 load balancer

  We are getting ready to set up our first RAC 2-node configuration. The hardware had already been purchased before deciding to go with 11gR2. Therefore, we have an F5 load balancer. The question is...can we use the IP address of the F5 in the /etc/hosts file as the SCAN IP address? Would this get us around the need to have a DNS configured SCAN host name?
  Has anyone done this before?
  Thanks,
  Mike

  Hi Mike,
  Welcome to the forum.
  I dont know works F5 Load Balancer.
  But i'll try...
  The question is...can we use the IP address of the F5 in the /etc/hosts file as the SCAN IP address?Oracle strongly recommends that you do not configure SCAN VIP addresses in the hosts file.
  But if you use the hosts file to resolve SCAN name, you can have only one SCAN IP address. You will not get full functionality of the SCAN.
  See this note on MOS:
  *11gR2 Grid Infrastructure Single Client Access Name (SCAN) Explained [ID 887522.1]*
  Would this get us around the need to have a DNS configured SCAN host name?If you want to use the SCAN feature, it is strongly recommended you use the DNS in your environment. This is my advice.
  Read the note above or link below to understand how SCAN works
  http://levipereira.wordpress.com/2010/12/18/single-client-access-name-scan-by-barb-lundhild/
  Regards,
  Levi Pereira
  <font size="1" color="black">Please close your thread when you get the solution to your problem.</font><br>
  <font size="1" color="black">Mark the replies answered "helpful" answer or "correct" answer that will help others with same problem.</font><br>
  <font size="1" color="black">Thanks for doing your part to make this community as valuable as possible for everyone!</font><br>

• FireWall ( with DMZ ) Load Balance

  Hi,
  I search CCO and find some Firewall load balance document ( http://www.cisco.com/warp/customer/117/fw_load_balancing.html ), but in this sample both firewall havn`t DMZ. Is there anyone can advise me how about the network diagram and hot to configure CSS if both firewall have DMZ?
  Best Regards,

  Hi,
  There are no issues with the firewalls having DMZ's. The firewall load balancing occours accross firewalls regardless of the firewall interface that the incomming packet is destined for.
  Regards Brett

• Having an issue with vpn load balancing certificate on the vip

                     Hi all,
  I am setting up vpn load balancing in a lab. I have two asa's running 8.6. I created a ucc cert from our internal CA  that has the vip as the CN in the cert and the two ASA's themselves as subject alternative names. I used open ssl to create the request. In each asa I am using encryption between the ASA's to encrypt the psk's. Since this is a lab and I do not have the DNS servers at my disposal I've added the hostnames and addresses of each ASA to the config in the ASA's. The problem I have is that when I connect to the vip I get a cert error saying the cert doesn't match the name on the site. See below:
  "The security certificate presented by this website was issued for a different website's address."
  I have a hostfile on my lab pc connected directly to the outside of the ASA that can resolve the name of the vip but when I browse to the vip I get the cert error. If I click proceed anyway the asa redirects me and the page opens without error on one of the two ASA's.
  Does any one know what the CN of the cert should be for vpn load balancing. I thought the CN would be the vip but sometinhg is not right.
  Any help is appreciated.
  Thanks.

  Issue resolved. Switched the order of the trustpoints on the outside and vpn load balance.

• Need help with ACE Load Balancing Base on URL pattern

  This is the first time for me trying to configure something like this on the ACE load balancer.  I need help configuring a load balancing policy base on URL pattern.  URL https://ineedhelp.com base on /willuhelpme and /imlost
  Key: ineedhelp_key
  cert:  ineedhelp_cert
  serverfarmA
  serverA 10.1.1.1 443
  serverfarmB
  serverB 10.1.1.2 443
  ineedhelp.com/willuhelpme-------serverfarmA
  ineedhelp.ocm/imlost---------------serverfarmB

  This is the first time for me trying to configure something like this on the ACE load balancer.  I need help configuring a load balancing policy base on URL pattern.  URL https://ineedhelp.com base on /willuhelpme and /imlost
  Key: ineedhelp_key
  cert:  ineedhelp_cert
  serverfarmA
  serverA 10.1.1.1 443
  serverfarmB
  serverB 10.1.1.2 443
  ineedhelp.com/willuhelpme-------serverfarmA
  ineedhelp.ocm/imlost---------------serverfarmB

• LACP with Weighted Load Balancing

  Hi,
  I am trying to figure out how to use weighted load balancing (WLB) with LACP in Nexus 5K. Please can you give any duidance on this because the documentation I found so far is not helpful.
  Basically I have a port channel cosisting of two physical 1G ethernet ports and one backup server connecting with two remote SAN hosts over this port channel. Unfortunately the two remote SAN hosts have similar even mac and ip addresses. Thus ordinary source ip/mac load balancing puts them on the same link in the port channel. I want to apply a weight to try to distribute this load.
  Many thanks
  Sankung
  PS: Ultimately, I am getting a 10G NIC for the backup server but in the meantime want to explore this WLB possibility.

  advice : get the apache trace dump to find out what stack it is in. I think you must open a TAR .
  The error possibly coming from mod_osso ?

• CSM HTTP Redirect with SSL

  Problem we are having:
  A client opens an HTTPS connection to a CSM with SSL offload to SSL module. The decrypted clear HTTP request hits the IIS server and is redirected (301).
  The client gets an HTTP redirect and not an HTTPS redirect.
  The reason for the 301 redirect is the IIS server does not have a physical resource but rather a virtual directory so it issues a 301 and adds a /. eg https://www.cisco.com/tech is redirected to https://www.cisco.com/tech/ in a working situation.

  look for the urlrewrite command in order to change HTTP into HTTPS.
  Regards,
  Gilles.

• Portal Drive not working with external load balancer

  Hi,
  We have a portal cluster and we are using external Load balancer from
  Juniper for load balancing the portal cluster. When given the direct
  portal URL (Central instance URL or Dialog instance URL), Portal Drive
  is able to connect to portal and shows the KM documents properly. But
  when given the Load balancer URL, it gives error saying "Can
  not connect to host using WebDAV protocol". Load balancer URL works
  fine from the browser without any problems. Any help is highly appreciated.
  Helpful points will be rewarded.
  Regards,
  Chandra

  Hi Steve,
  For Portal Drive, Windows integrated authentication, client certificates,basic authentication and Kerberos is supported.
  (in the default delivery of com.sap.km.cm.docs iview the authentication Scheme is set to basicauthentication - switching that to form based authenticationis not being supportedbywebdav clients).
  ALso now Integrated Windows Authentication (NTLM) has been made available with latest patch.
  Also read through SAP NOTE 1084683 for further clarifications.
  Regards,
  Shailesh

• Certificate based authentication with SSL load balancer

  I've been asked to implement certificate-based authentication (CBA)
  on a weblogic cluster serving up web services. I've read through
  Chapter 10 (security) and understand the "Identity Assertion" concept.
  Environment:
  Weblogic 8.1 cluster fronted by a load-balancer that handles SSL and
  uses sticky-sessions.
  Question:
  If the load balancer is used to handle SSL, do I still need to turn
  on SSL on the weblogic cluster in order to use CBA? Is there another
  way to request the client's certificate?
  If the above is yes, what is the minnimal level of SSL? Does it have
  to be two-way?
  If SSL has to be turned on is there any reason to use the load
  balancer's SSL? Is there still a performance benefit?

  I think the simplest and most secure way is to have the servers configured for
  2-way ssl, since this would ensure that the certificate they receive and use for
  authentication has been validated during the ssl handshake. In this case the load
  balancer itself does not need to and cannot do the handshaking, and would need
  to pass the entire SSL connection through to the WLS server (ie: act similar to
  a router)
  Pavel.
  "George Coller" <[email protected]> wrote:
  >
  I've been asked to implement certificate-based authentication (CBA)
  on a weblogic cluster serving up web services. I've read through
  Chapter 10 (security) and understand the "Identity Assertion" concept.
  Environment:
  Weblogic 8.1 cluster fronted by a load-balancer that handles SSL and
  uses sticky-sessions.
  Question:
  If the load balancer is used to handle SSL, do I still need to turn
  on SSL on the weblogic cluster in order to use CBA? Is there another
  way to request the client's certificate?
  If the above is yes, what is the minnimal level of SSL? Does it have
  to be two-way?
  If SSL has to be turned on is there any reason to use the load
  balancer's SSL? Is there still a performance benefit?

• SSO with Webcache Load Balancing ???

  Hi,
  My system (in Win2K servers)
  +Infrastructure sever 9.0.2.3
  +Midtier1 using OC4J_BI_Forms 9.0.2.3
  +Midtier2 using OC4J_BI_Forms 9.0.2.3
  I have followed the Note:207668.1 to setup Webcache as load balancer for 2 Midtiers. I also completed the steps in the Note:241891.1 to re-register the two Midtiers again SSO server.
  The system runs well if I start OHS only on the Midtier1 or Midtier2. If I startup both OHS in the two Midtiers, when I connect to our apps using SSO, the SSO login windows is open to aks SSO userid and pass. When I key-in SSO userid and pass, there is an error in the Apache:
  apache.exe - Application error: The instruction at "..." could not be read.
  Please advice,
  Pham

  advice : get the apache trace dump to find out what stack it is in. I think you must open a TAR .
  The error possibly coming from mod_osso ?

• HTTP redirection with Auth Plugin

  Hi Guys,
               I am relatively new to the FMS World, so bear with me if this is a silly question.
  I have an external service which tells me that a particular stream for a customer cannot be allowed and I need to redirect the URL to some http:// page.
  This happens in the E_PLAY Event on the auth plugin. My question is, can the auth plugin redirect the entire page to another HTTP page? I know that with the auth plugin you can rewrite the stream name so that another stream is played, but not sure if it is capable of redirecting the entire page.
  If the auth plugin by cannot redirect by itself, will the serverside actionscript be able to do so? I can pass the http:// URL to the server side action script via the notify event.
  Please suggest the best way to do this. I am using FMS 3.0
  Thanks,
  AK

  That is odd. It worked for me. Can you paste your entries that are dealing with weblogic? This includes your <IfModule> tag.
  So, when you try to hit the url, you get a 404 from Apache?
  Eric
  "Laurent PAILLARD" <[email protected]> wrote in message news:[email protected]..
  Same problem. Apache still handles the request and does not proxy it.
  "Eric Gross" <[email protected]> a écrit dans le message news: 3c61876c$[email protected]..
  I hope you mean the Apache plugin and not the isapi plugin.
  Try this:
  <Location /*/servlets>
  SetHandler weblogic-handler
  </Location>
  Regards,
  Eric
  "Laurent PAILLARD" <[email protected]> wrote in message news:[email protected]..
  System :
  Solaris 8
  Weblogic 6.1 SP2
  Apache 1.3.19 with weblogic ISAPI plugin
  For performance purposes, we want to separate static content from our web application. We deploy a pipo.ear with a pipo.war file inside for Weblogic and we unjar the war file in a '/pipo' directory in the HTTP server document Root.
  To redirect JSP files there are no problems. The problems occur with servlets. We decided to register all our servlets in web.xml with a 'servlets/' prefixe so that Apache should redirect requests with it.
  All our HTTP requests became :
  http://www.myweb.com/pipo/servlets/myServlet
  The problem is that ISAPI plug-in never proxy servlet requests to Weblogic. It only works when '/servlets' prefixe is placed just behind the domain name such as http://www.myweb.com/servlets/* and never with http://www.myWeb.com/*/servlets/*.
  I hope it's just a problem of configuration with Apache. I've already tried :
  <Location */servlets*>
  SetHandler weblogic-handler
  </Location>
  but nothing changed. We don't have such problem with NSAPI plugin for iPlanet but as we must use Apache ...
  [att1.html]