Lync Discover Internal Load Balance

Similar Messages

• Geting IP address for Internal Load Balancer

  I've recently been experimenting with internal load balancing for VMs. I'm able to create and delete an internal load balancer (ILB) using the .NET wrapper for the API (https://github.com/Azure/azure-sdk-for-net).  What I cannot do though is actually
  get the internal address for it. Nor does it seem you can get it from the REST API (which, as far as I know, is what .NET wrapper wraps).   The only method I can see that claims to get the address is Powershell.
  Can anyone confirm if there is any way using the REST API or its .NET wrapper to obtain the internal address for the ILB?

  I have not looked into the .NET wrapper that you mentioned here, but according to this powershell script:
  http://msdn.microsoft.com/en-us/library/azure/dn690125.aspx
  $svc="<Cloud Service Name>"
  $ilb="<Name of your ILB instance>"
  $subnet="<Name of the subnet within your virtual network-optional>"
  $IP="<The IPv4 address to use on the subnet-optional>"
  Add-AzureInternalLoadBalancer -ServiceName $svc -InternalLoadBalancerName $ilb –SubnetName $subnet –StaticVNetIPAddress $IP
  IP address is optional, so maybe the wrapper hasn't implemented this, which is kind of undesirable. But maybe it allows you to specify the IP?
  Frank

• Internal load balance ilb on ServiceConfiguration LoadBalancers

  Hi everybody, I try to setup an internal load balancer using this configuration:
  from cscfg:
  <NetworkConfiguration>
   <VirtualNetworkSite name="WE" />
   <AddressAssignments>
    <InstanceAddress roleName="Role1">
     <Subnets>
      <Subnet name="WE_WWW" />
     </Subnets>
    </InstanceAddress>
    <InstanceAddress roleName="Role">
     <Subnets>
      <Subnet name="WE_SERVICE" />
     </Subnets>
    </InstanceAddress>
   </AddressAssignments>
   <LoadBalancers>
    <LoadBalancer name="WEB_ILB">
     <FrontendIPConfiguration type="private" subnet="WE_WWW" staticVirtualNetworkIPAddress="192.168.1.5" />
    </LoadBalancer>
    <LoadBalancer name="API_ILB">
     <FrontendIPConfiguration type="private" subnet="WE_SERVICE" staticVirtualNetworkIPAddress="192.168.2.5" />
    </LoadBalancer>
   </LoadBalancers>
  </NetworkConfiguration>
  from csdef:
  <WebRole name="Role1" vmsize="Small">
   <Sites>
    <Site name="Web">
     <Bindings>
      <Binding name="httpIn" endpointName="httpIn" />
      <Binding name="httpsIn" endpointName="httpsIn" />
     </Bindings>
    </Site>
   </Sites>
   <Endpoints>
    <InputEndpoint name="httpIn" protocol="http" port="80" loadBalancer="WEBILB" />
    <InputEndpoint name="httpsIn" protocol="https" port="443" certificate="Valuta" />
   </Endpoints>
   <Imports>
    <Import moduleName="Diagnostics" />
    <Import moduleName="RemoteAccess" />
    <Import moduleName="RemoteForwarder" />
   </Imports>
   <Certificates>
    <Certificate name="Valuta" storeLocation="LocalMachine" storeName="CA" />
   </Certificates>
  </WebRole>
  <WebRole name="Role2" vmsize="Small">
   <Sites>
    <Site name="Web">
     <Bindings>
      <Binding name="httpIn" endpointName="httpIn" />
     </Bindings>
    </Site>
   </Sites>
   <Endpoints>
    <InputEndpoint name="httpIn" protocol="http" port="8080" loadBalancer="APIILB" />
   </Endpoints>
   <Imports>
    <Import moduleName="Diagnostics" />
    <Import moduleName="RemoteAccess" />
   </Imports>
  </WebRole>
  as you can see I have two webroles linked to a vnet:
  Role1 has two input endpoint: https and http (the one I want to "internal" load balance)
  Role2 has only an http input endpoint (again the one I want to "internal" load balance)
  and I try to configure an internal loadbalancer (see here:
  vs2013-update3)
  When I try to deploy the package I receive this error:
  Error: The specified configuration settings for Settings are invalid. Verify that the service configuration file is a valid XML file, and that role instance counts are specified as positive integers.  Http Status Code: BadRequest  OperationId:
  874024071e88327f8cb73c16f15f3ac2
  I'm sure it depends on the ilb configuration because when I remove it the deploy succeed...
  Does anybody try something like this?
  Thanks,
  Simone

  I've found a solution by myself with the help of a friend (Sandro Vecchiarelli): the "problem" is that I try to setup two load balancers in one cloud service. Trying with only one work correctly; the error probably is a schema validation and I
  really don't know if the error is on "client" schema that allow me to configure more than one ILB (note the node name
  LoadBalancers... its plural...) or online (the one on Azure).
  By the way...at the moment use just one ILB per cloud service.
  Hope this help.

• Internal load balancer for ADFS, Web Application Proxy join problem

  Hello,
  we deployed 2 x ADFS (2012 R2) behind a internal Azure load balancer.
  In front are two WAP servers, which should be joined to the ADFS farm based on the internal load balancer IP.
  Unfortunately the WAPs fail to join and sometimes after 5 tries it works. The problem is (based on the event logs) that the ADFS Servers dont trust the WAP certificate.
  It seems, that during the join process the ADFS internal load balancer does not stick to one ADFS server. If we join the WAP directly (without the ILB) to one of the ADFS servers, everything works fine.
  As soon as we try to join via the ADFS internal load balancer IP, the abover occurs.
  Did anyone experience the same problems? How does the internal load balancer distribute the requests? Seems to be not sticky at all.
  Thanks for any Feedback,
  Thomas

  Thomas -
  This article talks (in detail) about a recently updated distribution mode - Source IP affinity.
  http://azure.microsoft.com/blog/2014/10/30/azure-load-balancer-new-distribution-mode/
  Hope this helps!
  /Arvind

• Internal Load Balancer status - how to get it?

  Hello,
  is there any possibility to get the info, whats the status of the internal load balancer?
  We would need to know, if e.g. one endpoint for forwarding is recognized as down.
  Thanks,
  Thomas

  Hi Thomas,
  Based on my exprience, you can use
  Get-AzureInternalLoadBalancer cmdlet to get the internal load balancer configuration of a deployment. However, there is no other way to obatin the information of internal load balancer.
  I recommend you to submit your request in Azure feedback below:
  http://feedback.azure.com/forums/34192--general-feedback
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Internal Load Balancing

  I'm after a definitive answer as to whether you can do internal load balancing with Roles as its a highly desirable feature but also i've seen conflicting information on it. For instance the following Azure blog article suggests you can but I can't find
  any sign as to how you do it (assuming the assertion that you can is accurate).
  http://azure.microsoft.com/blog/2014/05/20/internal-load-balancing/
  So can it be done? If so how? If not then is it a forthcoming feature?

  Hi,
  As far as I know, we can use powershell to configure Internal Load Balancing at currently, please have a look at this article:
  http://msdn.microsoft.com/en-us/library/dn690125.aspx, if I misunderstand, please feel free to let me know.
  Regards

• Lync 2013 Enterprise load balancing on the front end and edge pool

  Hi,
  I am setting up a Lync 2013 Enterprise deployment consisting of a Front End pool (x2 FE servers) and an Edge pool (x2 Edge servers).  I'm seeing some conflicting advice regarding load balancing using hardware or DNS for the front end and the edge.
  On the front end I have 2 internal DNS records 'lyncfepool1.contoso.local' each of which map to one of the IPs of the FE servers.  I've used my details to populate the Detailed Design Planner excel spreadsheet and am told that I require a HLB to load
  balance my front end pool.  I'm aware of the need to load balance HTTPS traffic internally (which will be done by TMG) however other traffic to the front end (SIP, etc) can be balanced by DNS only, and not require a HLB?
  Can someone clarify the front end requirement?
  Also - looking now at the edge pool - this site again have two edge servers in a pool.  We are using a total of six private IP addresses, two per edge service (2 x av.contoso.com, 2 x sip.contoso.com and 2 x webcon.contoso.com).  These will be
  NAT'ed by the external firewall and directed to the respective external (DMZ) IP addresses on the Edge servers on port 443.  I know this isn't true roundrobin due to the intelligence of the Lync client when connecting (in that the Lync client will connect
  to one of the public IPs and if it can't connect, it will know to connect to the other service IP), however I want to clarify this set up, particularly the need to direct the external public IP traffic at the DMZ Edge IP specified in the topology builder.
  I've attached a basic diagram of the external/DMZ/Edge side which hopefully helps with this question
  Persevere, Persevere, Per..

  That is because you will always need HLB for a front-end server since it hosts the Lync webservices which use HTTP/HTTPS traffic.
  The description on the calculation tool also describes this correctly:
  Supports Standard and Enterprise pools (up to 12 nodes), with pure device-based load balancing or a combination of DNS load balancing and device-based load balancing (for
  Lync web services)
  You can use either Hardware or DNS loadbalancing for SIP traffic only, but you will always need a HLB for the webservices.  Both are applicable for the Front-End so you have either
  full HLB for both SIP and HTTP(S) traffic
  DNS LB for SIP traffic and HLB for HTTP(S) traffic
  Hope this is more clear :-)
  Lync Server MVP | MCITP Lync Server 2010 | If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.

• Lync Edge DNS Load Balancing call failure to PBX

  Hi, I have an issue with a Lync 2013 Implementation involving Edge Servers and PBX calls.
  We are trying to configure 2 Edge Servers using DNS Load Balancing. We configured both servers on the topology builder, assign the correct IPs, have 6 Public IPs, 3 for each Edge. Configure NATs behind an ASA firewall, then configured the name of the edge
  pool and added each Edge IP for that name on the internal DNS, also checked every port and route to make sure everything works.
  All the tests related directly to Lync works, IM, Presence, Audio and Video Conferencing, Desktop Sharing, etc. However, when testing out calls from the PBX System to an Lync External client through the Edge Servers, the call rings, but never connects.
  Inside the network, everything works fine, even when using only 1 Edge Server and removing the other one from the topology the call connects to the external user from the internal PBX phone. I even tried it out using one Edge first and then the other to
  make sure all ports were open and everything works fine using either one, but only one at the time, not both.
  The issue is only present via peer to peer call, if I first make a meet now and invite the external client, the call works.
  Am I missing something with the implementation of DNS Load Balancing. 
  The A Host records on the public DNS have 2 IPs for each record related to Lync Edge Services, example:
  access.domain.com 200.10.10.11
  200.10.10.12
  audiovideo.domain.com 200.10.10.13
  200.10.10.14
  webconf.domain.com 200.10.10.15
  200.10.10.16
  Each IP is NAT'd to their respective service in its respective Edge Server. When testing I check that the DNS records are correctly responding from outside.
  Any ideas on this particular issue?
  Thanks once again!
  Eduardo Rojas

  Hi Edurojma,
  The fact that the call rings, and then drops on answering indicates this is most likely an AV routing issue.
  You advised that if you create a conference first through meet now, and then invite the participant, that the call works. But this doesn't work peer to peer.
  Can I please ask that you check your static routes on your Edge server. The above sounds like the Edge has a route to your Front End server (which would be hosting the conference, hence the success), but doesn't have a route to the subnet that the client
  is residing on (hence the failure).
  Your Edge server needs to have routes to every subnet that is in use on your internal network.
  I might be going down the wrong track, but this is quite a common problem for implementations where specific routes have been defined rather than catch all routes for every possible private subnet.
  Check your edge can route to that phones subnet.
  Kind regards
  Ben
  Blog:www.gecko-studio.co.uk/ 
  Twitter:
    LinkedIn:
    Facebook:
  Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems
  or queries.

• Lync Discover Internal & External Web URL

  we have Lync 2013 standard deployment with one front end & Edge server role. we have use our firewall as a reverse proxy by natting live IP with Frontend server.
  now we have deployed same web URL for internal and external access that is lync.domain.com. Now we are not able to access lync discover from mobile client who is connecting from internal.
  Please find herewith the result of Lync Connectivity Analyser :
  Total server discovery time: 0.1 seconds
  Server discovery succeeded for unsecure (HTTP) internal channel against URL http://lyncdiscoverinternal.domain.com/
  Starting automatic discovery for secure (HTTPS) external channel
  An error occurred while sending the request.
  Unable to connect to the remote server
  A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond X.X.X.X(external IP):443
  For troubleshooting, try using a browser to open the server discovery URL https://lyncdiscover.domain.com/[email protected]
  Server discovery failed for secured external channel against https://lyncdiscover.domain.com/
  Starting automatic discovery for unsecure (HTTP) external channel
  An error occurred while sending the request.
  Unable to connect to the remote server
  A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond X.X.X.X(external IP):80
  For troubleshooting, try using a browser to open the server discovery URL http://lyncdiscover.domain.com/[email protected]
  Server discovery failed for unsecured external channel against http://lyncdiscover.domain.com/
  Automatic discovery meant for external network access failed. Please verify the server requirements at http://go.microsoft.com/fwlink/?LinkId=278998 .
  Automatic discovery meant for internal network access succeeded from an external network which could be a potential security concern.
  Kindly let me know , how we can use same web URL for external and internal access of lyncdiscover in 2013 version.

  You can refer below link to help you in your issue
  http://blogs.technet.com/b/nexthop/archive/2012/04/25/lync-server-2010-mobility-deep-dive-autodiscover-service.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blogs: Technical

• Internal Load Balancing problem?

  A end user opens a webpage to an internal web portal here. Then they click on a portion of the webpage that takes them to a timecard application
  (content L3_Rule5 in the content switch). And here is where the problem begins, you can have three people properly bring up the webpage without a problem but users number four and five will receive a "page cannot be displayed error", and then next thing you know no one can access the webpage. When this happens I request the IP address of the user having the problem, execute the command sh sticky-table l3-sticky ipaddress 136.180.33.150 255.255.255.255 for example and then execute sh service | grep 10 to find out what service/server the user is being direct to, and the problem is usually with one server. I have checked the Content Switch and it's not being overloaded memory wise and the 'loads' on the services are low also and I confirmed all service are "alive". What happens then is we either reload the server or the CSS (usually the server) and then the problem is fixed for the time being and then it creeps up back again within a week give or take a few days. Below is a copy of the config of the device, any advice, ideas, or info would be appreciated.
  Thanks,
  Jase

  It would seem that the config on the CSS is a bit confusing. It's confusing because some of the services that are in the content rule are using uri keepalives, icmp and even scripted keepalives. Now, even with that type of configuration, things should work fine from the CSS perspective. I want to also mention that some of the services have a "port" command configured. This is not a keepalive but actually a command to tell the CSS to PORT NAT. So if the client comes in on port 80 and happens to go to 69.149_HTTP via the content rule, the CSS will port nat the port 80 packet to port 8390.
  Can you take a closer look at this ? Maybe simplifying config config especially the services may help issolate the issue ?
  Regards
  Pete..

• Using Azure internal load balancer (ILB) for Sql Reporting Services

  I am attempting to implement a scale-out SSRS deployment using the Azure ILB feature. I have created 2 Sql Reporting servers using the azure images and have created a ILB endpoint on both servers.  I am then attempting to access the servers via the
  ILB from my .Net web application.  I can access the report server from my browser and am prompted for credentials using forms authentication.  there is no issue accessing the reports from a browser however my web application cannot access the reports
  and returns a 500 error.  I have a hunch this is due to an authentication issue due to invalid kerberos proxy authentication.
  Does anyone have any information regarding the possible authentication mechanisms that are supported using Azure ILB?  

  Thanks for the response Swallow0417, but as I stated I already had configured this to work in a browser.  I should have mentioned that I already had set the machine key and altered the rsreportserver.config file as mentioned in
  https://msdn.microsoft.com/en-us/library/cc281307.aspx.
  It turns out this was due to the extended data validation that was introduced in SQL 2014. 
  This page led me to alter rsreportserver.config so that:
  <RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
  <RSWindowsExtendedProtectionScenario>Any</RSWindowsExtendedProtectionScenario>
  After restarting the report server service my application now can make the requests for the reports successfully.  I'll provide the other steps I took to hopefully help someone else in the future:
  1. Create 2 or more SQL servers in an Azure availability group on the same service in a Reports server scale out deployment.  The SSRS Service account must be a domain account or it will not work
  2. Create an Azure ILB using powershell and add the endpoints on your http(s) ports on the server in step 1. I also set the endpoint IdleTimeoutInMinutes to 30 on both endpoints as it seemed like there was some possible timeout issues. the endpoint MUST
  also have DirectServerReturn Set to $true 
  3. disable the loopbackcheck see method 2 here
  http://support.microsoft.com/kb/896861
  create a DWORD registry key value 1,
  DisableLoopbackCheck,
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  4. Configure View state validation by setting an identical machine key on all servers behind the azure ILB
  5. Create a Host record in your AD DNS for the Azure ILB IP Address. 
  6. configure hostname
  and URLRoot in rsreportserver.config - see
  https://msdn.microsoft.com/en-us/library/cc281307.aspx
  Setting the hostname tag breaks the report manager url. It is only
  required to set the URLRoot tag. I do not think it is required in this configurtaion only for Windows
  NLB
  6. Configure the authentication method in rsreportserver.conig
    <RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
    <RSWindowsExtendedProtectionScenario>Any</RSWindowsExtendedProtectionScenario>

• Could not retrieve Enterprise Global Template - Load balancer issue

  Hi,
  We have 4 Project Server 2010 servers. The 4 web servers are load balanced by networking team with sticky session configured.
  When we try to connect to the Project Server using MPP 2007 SP2, it fails saying 'Could not retrieve Enterprise Global template'. It works perfect when we point to a specific server by specifying the IP address for server name in the 'hosts'
  file.
  Earlier we observed some errors in the event viewer related to the SharePoint's internal load balancer for which restarted the 'Project Server Application' on each web server and it got fixed.
  Now, the only entries that we see related to load balancer are as mentioned below as Information (not errors).
  SharePoint Web Services Round Robin Service Load Balancer Event: Initialization
  Process Name: w3wp
  Process ID: 15080
  AppDomain Name: /LM/W3SVC/539065287/ROOT-1-130462463500778047
  AppDomain ID: 2
  Service Application Uri: urn:schemas-microsoft-com:sharepoint:service:ae7c7ee5c09b4e8198bdbb1ecb8c1c1b#authority=urn:uuid:9f626d347784423eb14bde4a1f4d13fc&authority=https://lonms12546:32844/Topology/topology.svc
  Active Endpoints: 4
  Failed Endpoints:0
  Endpoint List:
  http://lonxxx2532:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  http://lonxxx2545:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  http://lonxxx2546:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  http://lonxxx2566:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  Could the issue be due to network load balancer?
  Could the issue be due to Sticky session configuration on the load balancer.?
  How can we get to the root cause of the issue?
  Which logging category should we set to 'Verbose' that can give us some hint.
  Update: We tried to capture the requests through fiddler and observed that when fiddler is running on the client computer then the connection works perfectly fine even through the load balancer. Probably fiddler is reformatting the SOAP
  envelop of the web service requests the way it should before sending the request to the server.
  If we do not run fiddler and run some other similar tool (like Charles) then it again gives the issue and the request stucks at /PWA/_vti_bin/psi/winproj.asmx
  We ran Wireshark on the servers and found the following for that web service call:
  [TCP Previous segment not captured] Continuation or non-HTTP traffic.
  Please let me know if someone could provide any hint what can be done next.
  Regards, Amit Gupta

  There are several ways to configure your load balancer.   I would suggest that you work with the network engineer, the load balancer vendor and your project administrator to resolve this issue. 
  Basically you need URL to be resolved correctly.  Also, I don't believe PS2007 did a good job handling load balancing, so you may need to bring someone in good with IIS and see they can tweek IIS to manage the cache better.
  As I go back and look at your analysis, I think you should probably look at upgrading to Project Server 2013.  They made some improvement in load balancing and the management of distributive cache.
  I assume you have 4 WFE because you have thousands of project users.  Roughly how many  you have?  Over 1000, over 5000
  Have you tried to see if using two load balancing work?  How about just one front end.  I often see companies scaling SharePoint and Project server to extremes. 
  Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
  Website http://www.WhartonComputer.com
  Blog http://MyProjectExpert.com contains my field notes and SQL queries

• CSS load balancing in both directions.

  Hi all,
  my questions are
  -if it is possible divide (virtualize) one physical CSS to separate ones?
  and than
  -if it is possible use one virtual CSS for loadbalancing in one direction and other CSS use for loadbalancing in opposite direction?
  BR
  gg

  It sounds like you need to implement a group rule using 'add service service_name'.
  ie.
  service web1
  ip address 192.168.1.1
  port 80
  active
  service web2
  ip address 192.168.1.2
  port 80
  active
  owner vip
  content web_servers
  vip address 192.168.1.100
  port 80
  protocol tcp
  add service web1
  add service web2
  active
  group web_servers
  vip address 192.168.1.100
  add service web1
  add service web2
  active
  What this should do is NAT any request *initiated* from web1 or web2 to the IP address specified in the group rule. In this case it is 192.168.1.100, the same as the content rule. This is fine, or you can use a different IP. I'm using RFC1918 addresses in this example, as 192.168.1.100 would be natted to some public IP on the firewall in front of the CSS.
  If you wanted to do internal load balancing, or load balance to a service *NOT* within your environment (ie. 3rd party data center), you would simply change 'add service' to 'add destination service' in the group rule.
  James

• UAG External Load Balancing and ISATAP

  Hi Experts,
  I am deploying a UAG Array to be used for Direct Access. The Array will consist of two servers and use an F5 External Load Balancer. In addition and in similarity
  to 90% of the other corporate intranets out there, the internal network is IPv4 with no IPv6 transition technologies deployed. The article
  http://blogs.technet.com/b/edgeaccessblog/archive/2010/05/17/configuring-an-external-load-balanced-uag-directaccess-array-for-an-ipv4-only-network.aspx
  isgreat but to my mind has no information to support ‘Manage Out’ and throws up a number of questions: (Note that I want to enable ‘Manage Out’ capability and as far as I am aware that is achieved by using ISATAP)
  The article describes that you have to generate and configure your own IPv6 address for the internal interface when using an external load balancer. Does anyone know why? Why not let UAG assign
  the addresses as per the default?
  UAG by default configures itself as an ISATAP router when there is no IPv6 infrastructure deployed on the internal network
  to facilitate ‘manage out’. This still applies when using Windows NLB. Why does this no longer apply when using an external load balancer? I.e. Why does UAG no longer configure itself as a ISATAP router?
  In relation to question 2; you therefore need to move your ISATAP router to a different device (http://technet.microsoft.com/en-us/library/ee690463.aspx),
  in doing so how do you configure the ISATAP environment to traverse the UAG servers without some sort of load balancing on the internal interfaces? I’m assuming that you can only tell the ISATAP router to use the one default gateway i.e. either one UAG server
  or the other. This means that you would have all your outbound internally initiated traffic going via one server only – not very good for performance or fault tolerance.
  In relation to question 3; I thought therefore that NLB could be used on the internal interface to solve the above problem, except that I have read that you can’t mix and match external load
  balancing and NLB even though they are on separate networks due to bidirectional affinity. What does this actually mean and why does this not occur when load balancing is mixed in this manor?
  Therefore when you wish to use external load balancers, do you:
  A) Except the fact that you can’t use UAG as a ISATAP router and you do indeed need two devices
  and deploy it as described here (http://technet.microsoft.com/en-us/library/ee690463.aspx)
  or
  B) Except the fact that that you can’t use UAG as a ISATAP router and any internal outbound
  traffic travels via the one UAG server only.
  Apologies for the long post, but I wanted to make sure that I get my thoughts down concisely so that it may help others who come up with the same questions
  J
  Thanks for your time everyone
  Gary

  I am also facing the same issue.  I have UAG1 and UAG2, which are in an array, and externally load balanced.  I've configured an external ISATAP router according to: 
  http://www.windowsnetworking.com/articles_tutorials/Configuring-ISATAP-Router-Windows-Server-2008-R2-Part2.html.  However, as mentioned by others, the ISATAP router has to have either UAG1 or UAG2 as the next hop for IP-HTTPS traffic.  As
  a result, communication between the DirectAccess client and management devices will only work if the client is tunneling through the same UAG server that the ISATAP router has as the next hop for the IP-HTTPS prefix.  From what I can tell, my configuration
  is supported, but I can't figure out how to have the ISATAP router determine which UAG server a client is tunneling through.  I thought about having two separate IP-HTTPS prefixes for each UAG server, but this would get overwritten when activating
  the DirectAccess configuration.  Maybe some type of internal load balancing?

• Load balancing imbalance in ACE

  We are facing slowness an http application which is due to connection imbalance. This setup has one set of Load balancer and a proxy in DMZ where the connections gets terminated from the users and a load balancer inside LAN which load balances between the end point servers. All user connections terminate on the DMZ load balancer / proxy and proxy connects back to the internal load balancer VIP. (By collating a number of connections to very few - default proxy behavior) . Internal load balancer VIP does load balancing based on the number of connections in a least loaded manner and this load balancer doesn’t see how many sessions are beneath each connections and it distributes each connection to server underneath. Thus if one connection has around 100 sessions, another may have only a few and each of this gets forwarded to the end server causing the imbalance.
  Is there a way that this imbalance can be tackled in this setup.
  Users --> Proxy ---> Load balancer (Cisco ACE) --> Server 1
                                                                                                  Server 2
                                                                                                  Server 3
  Least Connections predictor
  HTTP Cookie insert sticky

  Hi,
  Persistance rebalance should solve the issue for you.
  The persistent-rebalance function is required if you have proxy users and the proxy shares one TCP connection between multiple users.
  With this behavior, inside a single connection you will see different cookies. Therefore, for each cookie, ACE needs to first detect the new cookie and then loadbalance to the appropriate server.
  this is from the admin Guide :
  The following example specifies the parameter-map type http command to enable HTTP persistence after it has been disabled:
  host1/Admin(config)# parameter-map type http http_parameter_map
  Host1/Admin(config-parammap-http)# persistence-rebalance
  Please refer the following link for more info :
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_2_0/configuration/slb/guide/classlb.html#wp1062907
  hope that helps,
  Ajay Kumar