AshridgeTechServices
asked on
ISA VPN with NLB
We have a pair of load balanced ISA 2006 servers delivering a PPTP VPN service, the first server isa1 accepts VPN connections on it's real IP, and if the VIP happens to balance to it, that's fine too. Isa2 however, always fails at verifying username/password - and then fails with a cannot negotiate security. Disabling NLB fixes the problem - but then we loose the fault tolerance.
Any ideas whats likely to cause this? I thought perhaps it was an affinity problem and the connection was moving over to isa1 mid creation, but the problem also occurs using ISA2's real IP
Any ideas whats likely to cause this? I thought perhaps it was an affinity problem and the connection was moving over to isa1 mid creation, but the problem also occurs using ISA2's real IP
ASKER
Yes, the NLB is configured via ISA - and is correctly working on all 5 other networks, it's just VPN that is an issue
ASKER
Yes, the NLB is configured via ISA - and is correctly working on all 5 other networks, it's just VPN that is an issue
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ISA integrated-NLB does NOT use Windows mechanisms for NLB, but rather ISA itself. Also, after ISA integrated-NLB is used, you manage NLB on array-basis, not on server-basis. So probably you made a misteke there.
http://technet.microsoft.com/en-us/library/bb794741.aspx