Load balancer + Fed auth cookies + Sharepoint

I have a login page which creates a fed auth cookie and establishes session in sharepoint
Now, Since the time site moved to load balancer environment, it started behaving differently
The fed auth cookie is being created. But still I am not logged in!! Which means I am again being redirected to login page for authentication
After another 2-3 attempts, things start working again. Can anyone help as to what is impacting cookies in load balancer? are they being rejected ?

Does the ext directory have the php_oci8.dll? In the original steps the PHP dir is renamed. In the given php.in the extension_dir looks like it has been updated correctly. Since PHP distributes php_oci8.dll by default I reckon there would be a very good chance that the problem was somewhere else. Since this is an old thread I don't think we'll get much value from speculation.
-- cj

Similar Messages

  • Load balancing and clustering in sharepoint

    Hi,
    Still i am confuse about load balancing with cluster in sharepoint level.please let me know how to install and troubleshoot,how it is work, Advantage, etc..
    Thanks,
    Inguru

    Hi Inguru,
    Per my knowledge, SharePoint only supports Load balancing and SQL support clustering.
    Here is a similar thread for you to take a look:
    http://social.technet.microsoft.com/Forums/en-US/2b20d1d5-de35-486e-9b0e-37222a307615/clustering-and-load-balancing?forum=sharepointgeneralprevious
    To configure load balancing for SharePoint, please follow the links below:
    http://blogs.technet.com/b/praveenh/archive/2010/12/17/setting-up-load-balancing-on-a-sharepoint-farm-running-on-windows-server-2008.aspx
    http://community.bamboosolutions.com/blogs/sharepoint-2013/archive/2014/01/07/network-load-balancing-for-sharepoint-2013-part-three-installing-network-load-balancing-on-wfe1-in-a-three-server-farm.aspx
    Best regards.
    Thanks
    Victoria Xia
    TechNet Community Support

  • Office Web Apps Load Balancing Configuration Issue for SharePoint 2013

    I have load balanced servers dedicated for Office Web Apps with name “md1xxxwfe1” and “md1xxxwfe2” 
    , both this servers are load balanced by CISCO Load balancer. And I have mapped Load Balancer Virutal IP with host name officeapps.jda.corp.local in the DNS records.
     Things are working fine if I add new farm by using New-OfficeWebAppsFarm
     with server name as internalurl in PowerShell console
     as like “  -internalurl http://
    md1xxxwfe1  but when I use –internalurl officeapps.jda.corp.local it is not working at all. I’m not getting what to do at this point.
    I have gone through following blogs but no luck.
    http://blogs.technet.com/b/meamcs/archive/2013/03/27/office-web-apps-2013-multi-servers-nlb-installation-and-deployment-for-sharepoint-2013-step-by-step-guide.aspx
    http://blogs.technet.com/b/office_resource_kit/archive/2012/09/11/introducing-office-web-apps-server.aspx
    http://davidlimsharepoint.blogspot.in/2013/02/installing-and-configuring-office-web.html 
    http://sps2013.blogspot.in/2013/09/office-web-apps-with-sharepoint-2013.html
    The output of the wfe1 server is attached with this. When I open http:// /hosting/discovery in wfe1 I’m getting following result (attached
    screenshot) but it should show hostname rather than server name.
    Please help me
    Thanks, Ram Ch

    Hi  Ram ,
    For  troubleshooting your issue, please take steps as below:
    Just about any load balancing solution will work, including a server that runs the Web Server (IIS) role running Application Request Routing (ARR):Install
    Application Request Routing
    Install the certificate on the load balancer as described under Securing Office Web Apps Server communications by using
    HTTPS.
    Make sure you have configured the cluster correctly for full internet name:
    Reference:
    http://technet.microsoft.com/en-us/library/jj219435.aspx#loadbalancer
    Thanks,
    Eric
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
    contact [email protected]
    Eric Tao
    TechNet Community Support

  • CSS - Load balancing to Microsoft 2008 Sharepoint Application

    We are tring to load balance using the CSS 11503 to two Servers running Microsoft Sharepoint 2008. Everything is working fine as far as load balancing is cocerned. But what we want is if the Microsoft Sharepoint 2008 Application is down one one server then we do not want any request for this application to be sent to this server. What sort of keepalive should we be using, because TCP port 80 is still up and responds when the Microsoft Sharepoint 2008 Application is down on this server.
    I do not know much about how Microsoft Sharepoint 2008 Application interfaces / interacts with IIS and port 80, etc.
    Any suggestions?

    Partial Config:
    ===============
    service FRED30
    ip address x.x.x..100
    protocol tcp
    port 80
    redundant-index 3
    keepalive port 80
    keepalive type http
    active
    service FRED31
    ip address x.x.x.101
    protocol tcp
    port 80
    redundant-index 4
    keepalive port 80
    keepalive type http
    active
    When we do the above where we have
    "keepalive type http"
    and then do a show keepalive we get the State as DOWN - why? But if we take out the keepalive type http command from the above services then we don't see the state as DOWN.
    But even when it says DOWN we can still connect to port 80 without problem.
    CSS# sh keepalive AUTO_FRED30
    Name: AUTO_FRED30 Index: 7 State: Down
    Description: Auto generated for service for FRED30
    Address: x.x.x.100 Port: 80
    Type: HTTP:HEAD:/
    Keepalive Error: General failure
    Frequency: 5
    Max Failures: 3
    Retry Frequency: 5
    Dependent Services:
    FRED30
    sh keepalive FRED31
    Name: AUTO_FRED31 Index: 9 State: Down
    Description: Auto generated for service FRED31
    Addresess: x.x.x.101 Port: 80
    Type: HTTP:HEAD:/
    Keepalive Error: General failure
    Frequency: 5
    Max Failures: 3
    Retry Frequency: 5
    Dependent Services:
    FRED31

  • ACE 4710 and load balancing with sticky cookie

    Configuring load balancing with SSL termination and stickiness for a couple of citrix xenapp servers.  I'm doing a source-NAT as the ACE resides in the DMZ and these particular servers reside on the inside arm of the firewall.  The ACE is in bridged mode to load balance web servers that reside in the DMZ.  Everything seems to work just fine, but the cookie stickiness does not seem to be working.

    Hi David,
    As you may know, using Wireshark to look at an HTTPS capture is only useful if you've installed the server SSL key.This is why I find it easier to use something like LiveHTTPHeaders or HTTPWatch.
    When using cookie-insert, the ACE will not create any dynamic cookie entries.  It will simply create one static entry for each rserver with a cookie value, such as R3911631338, and any client that gets load balanced to that rserver will receive a cookie with that value.  So what you see there is what is expected.
    You are correct in that when using location cookies that the server supplies, the ACE will create a dynamic entry when it sees the server response with the cookie.   The cookie is included in the server's response, and the ACE will look for the value as configured.  The cookie will also be sent to the client.  If the cookie is not in the server's first response, you will need enable persistence-rebalance so that it will look in subsequent server responses.  If the browser opens new connections with that cookie, then the ACE will stick to the same server.
    My suggestion would be to get sticky working with cookie-insert first.  Then if that meets your needs, go with that permanently.  If you need to use server cookies, then once cookie insert is working, migrate your sticky to cookie location.
    Sean

  • CSS Load Balancing with Cookies

    We are trying to load balance 2 backend servers hosted on Websphere with advance balance cookies method.
    Restrictions
    ServerA is unable to accept cookies generated from ServerB.
    ServerA and ServerB are generating random cookies
    Unable to modify cookie string with a constant.
    How can we load balance based on cookies considering the above restrictions?
    We have attempted to do hash based load balancing with cookies but the problem we run into is the servers do not accept cookies generated from another server.
    The configuration we tried is written below:
    service ServerA
    ip address 192.168.10.2
    keepalive type tcp
    keepalive port 80
    active
    service ServerB
    ip address 192.168.20.2
    keepalive type tcp
    keepalive port 80
    active
    content ABC
    url "/*"
    add service ServerA
    string prefix "JSESSIONID="
    advanced-balance cookies
    port 80
    add service ServerB
    string skip-length 5
    string process-length 16
    string operation hash-xor
    protocol tcp
    vip address 172.16.32.1
    active
    Can we change the string prefix to JSESSION instead of JSESSIONID= ?
    The only place the app guys can add a constant string to match on is before the = sign.
    Is it possible for CSS to match on a constant string before = sign e.g below:
    service ServerA
    ip address 192.168.10.2
    keepalive type tcp
    keepalive port 80
    string id567=
    active
    service ServerB
    ip address 192.168.20.2
    keepalive type tcp
    keepalive port 80
    string id123=
    active
    content ABC
    url "/*"
    add service ServerA
    string prefix "JSESSION"
    advanced-balance cookies
    port 80
    add service ServerB
    string skip-length 0
    string process-length 6
    protocol tcp
    vip address 172.16.32.1
    active

    It should work.
    There is no reason for it not to work...
    This is the best method you can have on the CSS for stickyness.
    Get a sniffer trace on the client and server with arrowpoint cookie configured on the CSS and capture a failure so we can see what is going on.
    also send me the config so I can verify everything is ok.
    If you have a service request open with the TAC, you can also give the SR # so I can review what has been done.
    Gilles.

  • CSS 11503 Load Balancing Verification

    Alright, so I have toiled long and hard to get this right.  I think I have the config down but I am unsure on how to verify how this load balancing is working.
    Here is the Content Config that I am speaking of:
    content cad-rule
        add service wls1-e0
        add service wls1-e1
        add service wls2-e0
        add service wls2-e1
        add service wls3-e0
        add service wls3-e1
        add service wls4-e0
        add service wls4-e1
        add service wls5-e0
        add service wls5-e1
        add service wls6-e0
        add service wls6-e1
        arrowpoint-cookie expiration 00:00:15:00
        advanced-balance arrowpoint-cookie
        redundant-index 2
        vip address 172.30.194.195 range 2
        arrowpoint-cookie name TOQ
        protocol tcp
        port 8001
        url "/*"
        active
    Each service in the rule above is configured as follows:
    service wls1-e1
      port 8001
      protocol tcp
      strin ags001-e1
      ip address 172.30.193.81
      keepalive type http
      keepalive uri "/cad/index.html"
      redundant-index 12
      keepalive frequency 20
      keepalive maxfailure 10
      keepalive retryperiod 2
      active
    I am using the advanced arrowpoint cookies because I need some stickiness here.  Straight round-robin would not have done what I needed it to do.
    Now, when I go to my show summary, this is what I see for this rule:
                     cad-rule    Master   wls1-e0 84274
                                                wls1-e1 13144
                                                wls2-e0 96884
                                                wls2-e1 26374
                                                wls3-e0 71145
                                                wls3-e1 16592
                                                wls4-e0 76403
                                                wls4-e1 8657
                                                wls5-e0 118623
                                                wls5-e1 22760
                                                wls6-e0 30836
                                                wls6-e1 20464
    The far right column indicates the services hits.  I originally had the E1's suspended and activated them later on. So if this was true round robin, all the E0's should have the same number of service hits and all the E1's should have the same number of service hits.  But as you can see, the wls5 server is getting hit the most while the wls6 server is sitting there twiddling its thumbs.
    Now understanding how the arrowpoint cookies do their load balancing (inserting a cooking into the flow and then timing out after 15 mins as configured above) I would not expect a 1:1 ratio of load balancing between servers.  But the distribution above seems rather extreme.
    Does anyone have any suggestions on how to both A) verify that this is the right config and B) suggest to my boss that this is working the way it should be working?
    Thanks!
    James

    Hi James,
    There are several reasons of the uneven load balancing that you are seeing (based on the show summary). First
    of all, the CSS is configured to do stickiness (advance-balance).
    With arrowpoint-cookies (for HTTP only) method for stickiness, only the requests coming with the same cookie
    are going to get stuck to the same server, since the cookie is
    lost when the browser is closed (or based on the expiration), then the stickiness is going to be session
    based and if the same client open a new session is going to be load balanced.
    Is important to understand that when using stickiness, no real even load balancing is
    going to happen since we are sticking new flows to the same server; even when layer 5 stickiness would
    permit more even balancing than layer 3 stickiness (source IP based).
    Also consider that the "show summary" is a command to see the hits (requests) being balanced to an specific
    server, this is a good command to see the load balancing, anyway since the CSS balance
    connections (flows), a persistent connection could have a lot of requests, so all those requests are
    always going to the same server (incrementing the amount of hits in the counter) while a non-persistent
    connection would be just one request (refer to HTTP persistence).
    Also keep in mind that if a service is take out for maintenance, or is added to the load balancing later
    than another, or if goes down for a period of time, then the CSS will be balancing among the remaining alive
    servers. When you add the server again, the another servers are going to have connections
    already established, so since the CSS is doing round robin, the server last added will
    never have the same amount of connections (nor hits) that the other ones, because while one could
    have 55 for example, the new one will have it first connection, and when the first one
    gets the 56, the another will get the second, and so on.
    Please let me know if this makes any sense.
    Diego M

  • Does ADFS work with SharePoint 2013 with WFEs SSL-offloaded to a F5 load balancer?

    Currently we are implementing a SharePoint 2013 Production environment with 2 WFEs load-balanced by F5.  SSL is offloaded to F5 and is currently working fine with Integrated Windows Authentication with NTLM.  We would like to implement ADFS 3.0
    later for Single Sign-on, and we are wondering if ADFS supports SSL offload.  
    Do we need to bind the certificate to the WFEs as well to use ADFS?  
    Thank you!

    Just got it confirmed that ADFS supports SSL offload.  There is no direct communication between SharePoint and ADFS server during the authentication process.  It is always the browser that's talking to ADFS server. We just need to do the following:
    Configure SharePoint URLs in ADFS as replying parties with https.
    Configure AAM in SharePoint to make sure internal URL is http and public URL is https.

  • Site not accessible from the Load balanced web front end server - sharepoint 2010

    I have a production environment with 2 WFE's(sp-wfe1 & sp-wfe2), 2 APP's and 2 SQL clustered VM's.
    2 WFE's are load balanced using hardware load balancer.
    An A-Record(PORTAL) is created in DNS for the virtual IP of the load balancer which points to the 2 WFE's.
    A web application is created on the WFE's on port 80.
    alternative access mapping is configured and the load balanced record "http://PORTAL" is used under the default zone.
    Under IIS I have edited the bindings for the sharepoint site at port 80 and added the HOSTNAME as PORTAL.
    Result: The site is accessible from outside the server and works fine.
    ISSUE: The site is not accessible within the WFE's(sp-wfe1 & sp-wfe2).
    When I browse the site from the WFE's server it ask for the credentials and when I enter the credentials and click OK it ask the credentials again and again and in the end displays a blank page.
    Kindly help me in this issue because I am clueless and couldn't find anything helpful on the internet. 
    Regards,
    Mudassar
    MADDY-DEV Forum answers from Microsoft Forum

    Loop back check.
    http://www.harbar.net/archive/2009/07/02/disableloopbackcheck-amp-sharepoint-what-every-admin-and-developer-should-know.aspx

  • Site not found using Sharepoint Designer 2013, Load balance URL and the Front end servers.

    Dears,
    My SharePoint farm is with the below configuration in our office :
    Batch processing server the with Central Administration
    Web Front End Sever 1 (http://wfe01)
    Web Front End Sever 2 (http://wfe02)
    I do have the load balance URL as http://finance.mycompany.com and as per the system administrator it seems configured properly.
    In AAM i have mapped the URLs as below for the web application in Central Administration portal:
    http://finance.mycompany.com - Default Zone
    http://wfe01 - Intranet Zone
    http://wfe02 - Internet Zone
    I was able to browse the site via the load balance URL : http://finance.mycompany.com, but couldn't open the site using the Share Point Designer 2013. It always says the site not found.
    please advise,
    thanks,
    Ammar

    What do the wfe01 and wfe02 aams do?
    Are you browsing to the SharePoint site and using SPD on the same computer, is it part of the farm or a seperate client computer?
    thanks Alex a lot for your response and appreciate the same.
    WFE01, WFE01 is connected to the one central admin on Batch Processing Server (central admin URL is http://SharepointCA:5555 and the SharePoint Web Application is hosted under port 80 on the same server). So the AAM configured on the batch processing server
    central admin.
    I can connect to the site using the SPD inside the Batch Processing server if i mention the site urs as http://localhost. But not from other client computers by putting the load balance URL - http://finance.mycompany.com.
    I can browse the sites directly putting http://wfe01, http://wfe02 and as well as the load balance URL (http://finance.mycompany.com). The custom webparts are getting crashed when i put the web application URL as http://finance.mycompany.com.
    thanks,
    Ammar

  • ACE load-balancing-Cookie problem

    In our other load-balancing environments the load-balancer-cookie contains the encrypted (real) servername or ip-address.
    We think it's the same on the cisco, for that reason it's in theory not possible, that there are two 'green'-cookies with different values in the same request.
    There are only two possibilities how this could happen:
    a) The healthmonitor (http_probe) fails, the loadbalancer 'thinks' that the realserver is down and redistributes the traffic.
    But in that case we would expect, that the old cookie will be overwritten by the new one and not simply added to the http-header.
    b) The predictor in the serverfarm chooses a new realserver within the same request.
    If that is really the cause of that problem this would be bug in the cisco ace.
    What we found out, is that the loadbalancer performs a 'Set-Cookie'-Operation an every request even if the client submits the cookie correctly.
    For example:
    GET /ips-opdata/scripts/jquery.js HTTP/1.1
    Host: www.xxxxx.com
    User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15
    Accept: */*
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Referer: http://www.xxxxx.com/
    Cookie: green=R339366665; JSESSIONID=28D91FC6FD62A3921354BB36826294C4
    HTTP/1.1 200 OK
    Set-Cookie: green=R339366665; path=/; expires=Tue, 29-Mar-2011 06:33:00 GMT
    Server: Apache-Coyote/1.1
    X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
    ETag: W/"72181-1298537508000"
    Last-Modified: Thu, 24 Feb 2011 08:51:48 GMT
    Content-Type: text/javascript
    Content-Length: 72181
    Date: Mon, 28 Mar 2011 06:15:19 GMT
    As you can see the cookies: green=R339366665 is transmitted from the client, but the loadbalancer does a Set-Cookie Operation of the same cookie once again. This is an unexpected behaviour.
    We hope that this helps you to figure out the reason of the problem.

    The cookie is sent by the ACE on each response to refresh the timeout value on the client. The value of the cookie doesn't change. This is the expected behaviour and shouldn't break anything in the application / browser.
    For browser-based applications, don't forget to add the "browser-expire" parameter to your cookie-based stickyness config.

  • Setting up SharePoint 2013 Apps in a load balanced environment

    All,
    Looking for some articles on how to configure SharePoint 2013 Apps in a load balanced farm (2 WFEs, 2 APP servers, 2 SQL DBs).
    Thank you!

    if the load balancing environment is already well configured, thes rest is very easy, there is no difference between a configuration of load balancing environment and a simple one, for you that is transparent, except the manual deployment and manual copying
    of files in the directory 15

  • Cookie based Load Balancing

    If 3 Real servers in a non-load balancing environmet are setting session cookies with diffrenet cookie names e.g.
    server1 response
    set-Cookie: SESSIDSAAAAAA=DMNNNELCECNCKDIIDCPOIMGG
    Server2 response
    set-Cookie: SESSIDSBBBBBB=DAAMMNELCECNCKPYTWPOIPOP
    Server3 response
    set-Cookie: SESSIDSCCCCCC=POHYTUOIPOPPLKJHTERIQOKJ
    then how can CSM be configured with cookie based stickiness.
    I tried cookie insert on CSM with NULL value Assigned to "COOKIE_INSERT_EXPIRATION_DATE".
    It resulted in two set cookie responses (one from server and one from CSM).
    I am wondering how csm will react ( cookie insert is used) if client request carries two cookie name-value pairs.
    clients are behind megaproxy so cookie based stickiness is needed.
    Thanks

    if you look into a http client request you will see that many times there are more than 1 cookies.
    The most important is to make sure the CSM insert a cookie with a different name.
    Create your own name.
    The client will receive both the csm cookie and the server cookie and will send both when opening a new connection.
    The CSM is able to locate its own cookie in the list and do the stickyness.
    Gilles.

  • SharePoint Central Administration: High Availability and Load Balancing

    Running Central Administration on more than one server in the farm is 100% supported and indeed a recommended best practice on SharePoint 2010.
    Is Load Balancing on Central Administration
    supported for SharePoint 2013?
    Is Implementing Kerberos Authentication for load balanced Central Administration 100% supported in SharePoint 2013?
    Is Implementing Central Administration on Port 80 or 443 100% supported on SharePoint 2013?
    I’ve read a article about from Spence
     Harbar. I would like to know of this is supported for SharePoint 2013?
    Source:
    http://www.harbar.net/articles/spca.aspx
    jtjscholten

    Thanks! Disappointed there is no description from Microsoft :(
    jtjscholten

  • SharePoint 2010 Kerberos on Load balance farm

    I have a SharePoint Load balance farm and my site address is https://sharepoint.com(SharePoint alias creates in ADDS which resolves to virtual IP address VIP), do I need to setup spns for https://sharepoint.com or to all the ip adresses of the webservers
    used or to VIP?
    Thanks,
    D

    Hi,
    you need to set up Kerberos for the URL your users are typing in the browser and for which you have IIS listening. In your case that is
    https://sharepoint.com. This address will be registered with IIS on all load-balanced Servers and the application pool should run under the same service account on all servers.
    Regards,
    Andrei

Maybe you are looking for