mbromb
asked on
Forefront TMG NLB array, The TMG firwall service needs a restart to be able to connect to the published Exchange 2007
I'm finding that after rebooting the 2 server TMG array servers with NLB integrated, I have to restart one or both firewall services for the Exchange services to work. Any advice on how to fix this?
ASKER
I usually increase the points if there isn't a quick answer and it gets more involved. Apparently, it's more involved. I've upped the points. thanks
ASKER
these events are occurring on the array servers:
ON THE ARRAY MANAGED NODE:
Log Name: Active Directory Web Services
Source: ADWS
Date: 8/30/2010 2:17:11 PM
Event ID: 1202
Task Category: ADWS Instance Events
Level: Error
Keywords: Classic
User: N/A
Computer: tmg2.domain.com
Description:
This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.
Directory instance: ADAM_ISASTGCTRL
Directory instance LDAP port: 2171
Directory instance SSL port: 2172
-------------------------- ---------- ---------- ----
Log Name: Active Directory Web Services
Source: ADWS
Date: 8/30/2010 2:15:48 PM
Event ID: 1400
Task Category: ADWS Certificate Events
Level: Warning
Keywords: Classic
User: N/A
Computer: tmg2.domain.com
Description:
Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.
Certificate name: tmg2.domain.com
-------------------------- ---------- ---------- ---------- ---------- ---
ON THE ARRAY MANAGER:
Log Name: Active Directory Web Services
Source: ADWS
Date: 8/30/2010 11:41:32 AM
Event ID: 1400
Task Category: ADWS Certificate Events
Level: Warning
Keywords: Classic
User: N/A
Computer: TMG1.domain.com
Description:
Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.
Certificate name: TMG1.domain.com
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---
ON THE ARRAY MANAGED NODE:
Log Name: Active Directory Web Services
Source: ADWS
Date: 8/30/2010 2:17:11 PM
Event ID: 1202
Task Category: ADWS Instance Events
Level: Error
Keywords: Classic
User: N/A
Computer: tmg2.domain.com
Description:
This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.
Directory instance: ADAM_ISASTGCTRL
Directory instance LDAP port: 2171
Directory instance SSL port: 2172
--------------------------
Log Name: Active Directory Web Services
Source: ADWS
Date: 8/30/2010 2:15:48 PM
Event ID: 1400
Task Category: ADWS Certificate Events
Level: Warning
Keywords: Classic
User: N/A
Computer: tmg2.domain.com
Description:
Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.
Certificate name: tmg2.domain.com
--------------------------
ON THE ARRAY MANAGER:
Log Name: Active Directory Web Services
Source: ADWS
Date: 8/30/2010 11:41:32 AM
Event ID: 1400
Task Category: ADWS Certificate Events
Level: Warning
Keywords: Classic
User: N/A
Computer: TMG1.domain.com
Description:
Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.
Certificate name: TMG1.domain.com
--------------------------
ASKER
It seems what is happening is that the 3 PCs I've been testing with are the ones that aren't working after a reboot. Other PCs tested after are fine. I've rebooted the test PCs, but it doesn't resolve it.
ASKER
Anyone have any idea? It seems like a particular computer using OWA has affinity to a particular server and won't use the other server for OWA. OWA then breaks and can't be used while the server is rebooted. It won't bounce to the other server in the array, and restarting the browser doesn't help. It may be that owa is only really working on the managed node and not at all on the manager node.
ASKER
I've done some additional testing. I tested using the direct IPs on the TMG listener rather than the cluster IP and it worked! OWA can connect to either array server when using the direct IP, but can't seem to use the manager node when the cluster IP is used. It seems that the NLB or the switch to cluster IP is not working correctly. I'm going to work with the network team to see what they say. Any other suggestions to test NLB?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think you need to increase the points for this one to 500 atleast for other experts to dig-in.
My $.02