Windows Load Balancing Firewall issues


I have an issue with 2008R2 NLB cluster.
I have installed two nodes, configured NLB on both nodes.
Configured the NLB cluster with the specific ports that I need and configured Windows Firewall with the with incoming rule for the specific Ports.

I've checked connections to the ports and found out that the NLB IP is not answering to the ports, but if I'm checking the ports on the dedicated IP the ports are answering.

What am I missing?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Matt VCommented:
Does the firewall allow outbound communication from the cluster IP?
cloudbaseAuthor Commented:
Hmmm...I'm not sure.
How can I verify it?
Matt VCommented:
Sorry, I misread that.  So you can connect to the services on the machine management IPs but not the cluster IP?

Have you checked the services to make sure they are configured to listen on the cluster IP?
SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

cloudbaseAuthor Commented:
Yes, the services are configured to listen on the cluster IP.
I can connect to the services on the management IP but not the cluster IP.
Matt VCommented:
Does the firewall log show the traffic being blocked?
Matt VCommented:
Does the firewall log show the traffic being blocked?
cloudbaseAuthor Commented:
No, actually the firewall log doesn't show anything that related to the cluster IP.
Is this a custom service that you have created or is it something like IIS that comes with the OS?

IIS has the option to listen on all IPs or specific IP Addresses.

Do this to check if your service is listening on the cluster IP:

1. Launch task manager from Services/Processes find the PID of your service
2. Launch an admin command prompt and perform "netstat -ano"
3. In the output check if the PID of your application is listed or not
4. Make sure that the port that you are seeing in the above output is the same that you have created the rule for
5. Then perform a telnet to the cluster IP and the port your application locally
6. If this works but telnet from another machine fails, then disable the Windows Firewall and check the result
7. If disabling the Windows Firewall does not help, try creating an NLB rule that allows all traffic

Let me know how it goes
cloudbaseAuthor Commented:
Exchange 2010 services: ports 80,443 answering on the dedicated IP but not on the NLB.
Telnet from the local server to the cluster IP ports works.
I've disabled the FW, tried telnet and it fails.
I've configured the NLB to all ports, instead of specific ones.
Telnet still not answering.
cloudbaseAuthor Commented:
Fixed after changing it to multicast and enable MAC spoofing on Hyper-V

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cloudbaseAuthor Commented:
Hyper-V setting solved it
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.