Microsoft NLB Terminal Server Cluster Access Throught ISA Server 2006

Hi

We have a microsoft NLB Terminal Server Cluster of 5 machines, we now want to introduce a firewall for these machines for protocol control. ISA will happily forward requests to one of the dedicated IP's of a member of the cluster fine but when you put the IP address of the cluster as the forward address it fails. Can anyone think of a solution ISA Server 2006.
cant-colAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rhandelsCommented:
Hey,

ISA has a build in solution of creating an NLB clustering. Also, are you using Unicast or Multicast NLB clustering? This is just my opinion, but i'd always go for two NIC's inteher and set up your NLB clustering unicast..

You can take a look at the following article, go to the last part of it, this explains how to publish sites using NLB..
http://www.isaserver.org/tutorials/Configuring_Network_Load_Balancing.html
0
cant-colAuthor Commented:
Hi Thanks for the comment the Terminal Servers are built in a unicast cluster, we now want to publish their cluster shared IP in ISA as a rule so that the port can be forwared but when we do this no RDP connection is possible, if we forward to a Designated IP address of one of the cluster machines it works fine, the cluster must be accessible as it is designed for load balancing a large number of users.
0
rhandelsCommented:
Hey,

If you look at the article you'll see that ISA has it's own way of publishing multiple servers through 1 ip address. You should create a publishing  rule that has 1 external ip address link to the 5 internal ones, thus bypassing your "own" Microsoft NLB setup. Normally i'd say you should be possible to send that request to your NLB cluster, but it might be that ISA has an ARP table to causes this error to pop up..
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

cant-colAuthor Commented:
Oh right thanks ..... will investigate in too it ......... this must shorly mean each machine requires two NIC's
0
rhandelsCommented:
Let me know how it turns out and if you need some extra help or info..
0
cant-colAuthor Commented:
You article is in relation to ISA 2000 and Windows 2000, i am running 2003 and ISA 2006 ? have you had any dealings with this ?
0
rhandelsCommented:
Yes i know it was a 2000 article, but the idea should be somehwat the same.. The only true difference between ISA 2006 and 200o is that they finally created a rule base :)

I'll check and see if i can find a 2006 article..
0
cant-colAuthor Commented:
I have just read through the article for the second time it disucsses publishing an ISA Server Cluster, i however want to publish a Terminal Server Cluster.
0
rhandelsCommented:
It looks like i was wrong with publishing Terminal Server NLB over ISA. I did found an article that publishes multiple websites using this technique. I thought that thsi was also possible with Publishing rules insetad off Webserver publishing rules..

Anyway.. Here is a link on how to publish that. It might be that 2006 also has some sort of option to do this to... Still, it want's you to add the single machines to it's rule, not only the NLB cluster address..

http://www.isaserver.org/tutorials/Explaining-ISA-Server-2006-Web-Server-load-balancing.html
0
cant-colAuthor Commented:
I installed the Service Pack one yesterday and it has magically started forwarding requests to the server how strange :) Thanks for help anyway
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rhandelsCommented:
LOL... Mental note to self.. Start answering every question with "Did you upgrade the latest SP's??"

Glad to hear it is solved though...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.