<div>
Did you configure ISA integrated-NLB correctly?<br />
ISA integrated-NLB does NOT use Windows mechanisms for NLB, but rather ISA itself. Also, after ISA integrated-NLB is used, you manage NLB on array-basis, not on server-basis. So probably you made a misteke there.<br />
<a href="http://technet.microsoft.com/en-us/library/bb794741.aspx" rel="ugc">http://technet.microsoft.com/en-us/library/bb794741.aspx</a><br />

</div>


Did you configure ISA integrated-NLB correctly?
ISA integrated-NLB does NOT use Windows mechanisms for NLB, but rather ISA itself. Also, after ISA integrated-NLB is used, you manage NLB on array-basis, not on server-basis. So probably you made a misteke there.
http://technet.microsoft.com/en-us/library/bb794741.aspx [http://technet.microsoft.com/en-us/library/bb794741.aspx]


<div>
Yes, the NLB is configured via ISA - and is correctly working on all 5 other networks, it's just VPN that is an issue
</div>


Yes, the NLB is configured via ISA - and is correctly working on all 5 other networks, it's just VPN that is an issue

<div>
<div class="content wysiwyg-content">
We have a pair of load balanced ISA 2006 servers delivering a PPTP VPN service, the first server isa1 accepts VPN connections on it's real IP, and if the VIP happens to balance to it, that's fine too. Isa2 however, always fails at verifying username/password - and then fails with a cannot negotiate security. Disabling NLB fixes the problem - but then we loose the fault tolerance.<br />
Any ideas whats likely to cause this? I thought perhaps it was an affinity problem and the connection was moving over to isa1 mid creation, but the problem also occurs using ISA2's real IP<br />
<br />

</div>
</div>


We have a pair of load balanced ISA 2006 servers delivering a PPTP VPN service, the first server isa1 accepts VPN connections on it's real IP, and if the VIP happens to balance to it, that's fine too. Isa2 however, always fails at verifying username/password - and then fails with a cannot negotiate security. Disabling NLB fixes the problem - but then we loose the fault tolerance.
Any ideas whats likely to cause this? I thought perhaps it was an affinity problem and the connection was moving over to isa1 mid creation, but the problem also occurs using ISA2's real IP



ISA VPN with NLB

Microsoft Forefront, formerly known as Internet Security and Acceleration Server (ISA Server), is a network router, firewall, antivirus program, VPN server and web cache that runs on Windows servers. It includes identity management and protection systems, and discontinued systems for threat management and network protection, along with protection for Sharepoint and Exchange. The scope of discussions includes forward and reverse proxy, application and service publishing, virtual private networks (VPNs), outbound access rules, SSL certificates and network routing within either a single node or an highly-available array pairing.

Microsoft Forefront ISA Server

Microsoft applications include a variety of software programs, including development and digital authoring programs (Expression and Media Center), educational programs, Internet software, including Essentials, Skype and the Live family, anti-virus, productivity applications and suites like Office, Excel, Word, Outlook, Access and PowerPoint, video games and server applications such as Exchange, SharePoint, IIS and Virtual Server.