cloudbase
asked on
Windows Load Balancing Firewall issues
Hi,
I have an issue with 2008R2 NLB cluster.
I have installed two nodes, configured NLB on both nodes.
Configured the NLB cluster with the specific ports that I need and configured Windows Firewall with the with incoming rule for the specific Ports.
I've checked connections to the ports and found out that the NLB IP is not answering to the ports, but if I'm checking the ports on the dedicated IP the ports are answering.
What am I missing?
I have an issue with 2008R2 NLB cluster.
I have installed two nodes, configured NLB on both nodes.
Configured the NLB cluster with the specific ports that I need and configured Windows Firewall with the with incoming rule for the specific Ports.
I've checked connections to the ports and found out that the NLB IP is not answering to the ports, but if I'm checking the ports on the dedicated IP the ports are answering.
What am I missing?
Matt V
Does the firewall allow outbound communication from the cluster IP?
ASKER
Hmmm...I'm not sure.
How can I verify it?
How can I verify it?
Sorry, I misread that. So you can connect to the services on the machine management IPs but not the cluster IP?
Have you checked the services to make sure they are configured to listen on the cluster IP?
Have you checked the services to make sure they are configured to listen on the cluster IP?
ASKER
Yes, the services are configured to listen on the cluster IP.
I can connect to the services on the management IP but not the cluster IP.
I can connect to the services on the management IP but not the cluster IP.
Does the firewall log show the traffic being blocked?
Does the firewall log show the traffic being blocked?
ASKER
No, actually the firewall log doesn't show anything that related to the cluster IP.
Is this a custom service that you have created or is it something like IIS that comes with the OS?
IIS has the option to listen on all IPs or specific IP Addresses.
Do this to check if your service is listening on the cluster IP:
1. Launch task manager from Services/Processes find the PID of your service
2. Launch an admin command prompt and perform "netstat -ano"
3. In the output check if the PID of your application is listed or not
4. Make sure that the port that you are seeing in the above output is the same that you have created the rule for
5. Then perform a telnet to the cluster IP and the port your application locally
6. If this works but telnet from another machine fails, then disable the Windows Firewall and check the result
7. If disabling the Windows Firewall does not help, try creating an NLB rule that allows all traffic
Let me know how it goes
IIS has the option to listen on all IPs or specific IP Addresses.
Do this to check if your service is listening on the cluster IP:
1. Launch task manager from Services/Processes find the PID of your service
2. Launch an admin command prompt and perform "netstat -ano"
3. In the output check if the PID of your application is listed or not
4. Make sure that the port that you are seeing in the above output is the same that you have created the rule for
5. Then perform a telnet to the cluster IP and the port your application locally
6. If this works but telnet from another machine fails, then disable the Windows Firewall and check the result
7. If disabling the Windows Firewall does not help, try creating an NLB rule that allows all traffic
Let me know how it goes
ASKER
Exchange 2010 services: ports 80,443 answering on the dedicated IP but not on the NLB.
Telnet from the local server to the cluster IP ports works.
I've disabled the FW, tried telnet and it fails.
I've configured the NLB to all ports, instead of specific ones.
Telnet still not answering.
Telnet from the local server to the cluster IP ports works.
I've disabled the FW, tried telnet and it fails.
I've configured the NLB to all ports, instead of specific ones.
Telnet still not answering.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hyper-V setting solved it