Netscaler 10 Load Balance IIS 7 Web Services

I want to make sure I am doing everything correctly.

I have been asked to load balance to IIS 7 stand alone web servers. I have already setup the DNS A record, Netscaler services etc...

But when I when to the access the new IIS site via the URL I got the default page.

I noticed the following on the web servers which I do not manage.
1) They do not have a bind on the site to include the new VIP name
2) They do not use the main default site but a nest directory for exampl

Item number one would need to be correct before I go any further correct?
LVL 21
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
I'll assume that you have a setup something like this:

External (Internet available) IP:
- resolves to

Internal IPs:

In IIS, the website should exist on both servers and the sites should be bound to the IPs that are to be used.  Do not use "All Unassigned."  I've found it better to have a decicated IP per website when running a load balancer in front of your web farm.  You could implement LB with web servers that use 1 IP and Host Headers, but that may make the configuration of the virtual server on the Netscaler a bit more complicated.

How to verify functionality:
1. test internal access to each websites by hitting the IP addresses directly from inside your network, using the required URL.
2. test access to the public internet URL

If #1 doesn't function, #2 won't either.

compdigit44Author Commented:
Thanks for the replay.. It sound like I am on the right track then that both IIS server would need to have the new VIP DNS named bound to both site correct???
Dan McFaddenSystems EngineerCommented:
Not quiet sure what you mean.  The VIP sits on the LB.  You update your public DNS Server(s) to point your website's host name to point to that IP address.

On the IIS servers, you just need to make sure that the website is directly assigned an IP address in its binding configuration.  These will be private (inside) IPs, they will not be directly accessible by users that access the website from the Internet.

There should only be a firewall rule that allows http/https traffic to the public (routable) IP of the LB for the server group associated with the 2 IIS servers (the server farm).  If you use SSL, the SSL certificate needs to be installed on the LB and the server group needs to be configured to allow https.

So, on LB:
1. VIP =
2. Public DNS points to
3. Server group directs traffic for to the inside IP addresses of the 2 IIS servers

In this scenario, the LB looks like the website to the Internet users, and the LB looks like the client to the IIS servers.

compdigit44Author Commented:
I guess what I am trying to say is that the web servers only have there default binding and respond when a user types in the host name of the server and not the intended name. This is why I thought I needed a binding
Dan McFaddenSystems EngineerCommented:
OK, maybe I'm missing something about your question.  So let me recap...

the web servers only have there default binding

Does this mean you cannot reconfigure (or have it reconfigured) to bind to the not default configuration?  Leaving the website bound to the "All Unassigned" default binding will potentially cause an issue.  I recommend you work with someone to reconfigure the website as I mentioned above.

respond when a user types in the host name of the server and not the intended name

I'm not sure what "intended name" means.  If a user types, that is what they intended to do.  When using a Netscaler for load balancing, you are putting a device in front of the actual web servers that will be known to the Internet as the website host name (i.e.:  This device will accept connections to the name and then, behind the scenes, send the request to one of the servers configured in the server group for that VIP.

So an Internet user will request,, the LB will send a request to, http://<OneOfYourServersInternalServers>/home/site.asp

This is why I thought I needed a binding

A binding for what?  A DNS entry for the Netscaler VIP?

compdigit44Author Commented:
Thanks I understand how the NEtscaler redirects users to a server in the backed but the both it both servers running this site are stand alone and DO NOT Respond to the same same. SO the only way i can get this to work in it current config it to have the redirect point to one of the servers directly which defeats the purposes of the load balances...

I hope this makes sense what I am trying to say and sorry for the poor explanation.
Dan McFaddenSystems EngineerCommented:
I'm not sure you understand what it is you need to do to the web servers.

You need to have the website you want to load balance, installed and configured on BOTH IIS Servers!  They do not have to respond to the same website host name.  The LB will respond to the website's host name, the IIS servers need to respond to a request, from the LB, for the website... so the site must be running on both servers.

The http request sequence will look like this (simplified version, not exactly technical):

1. user enters the website's URL into their browser. They type =
2. their computer resolves to the VIP on the Netscaler
3. the browser sends a request to Netscaler VIP for
4. Netscaler checks the availability of web servers configured in server group
5. based on the load balancing configuration, sends an http request to either one of the IIS Servers in group
5a. http request sent to IIS Server:  http://<serverIpAddress>/home/site.asp
6. IIS Server responds to the Netscaler with the request page content
7. Netscaler sends the page content it got from the IIS Server that responded, to the user that made the request
8. user browser displays page in browser

So you see, if you have 2 IIS Servers in a load balancing group on the Netscaler, both of those IIS Servers need to have the webpages (code) for the website, installed and functioning on it.

I hope this helps you understand what it is that you need to do.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
compdigit44Author Commented:
The problem is I did not setup the web server nor do I manage it. I am trying to advise the person in our company own over sees this server on what needs to be done.

Right now both web servers run the applications web service BUT respond to two different names for example: http://server1 and http://server2. Also the web application does not use the default site but a site created by the application so when users access the page they go to:


on the netscaler I already creat the VIP and DNS name they want both servers to respond to problem is when users type in the VIP name it bring them to the default IIS 7 page. "I" figured this was because either site on both servers does not know to respond to the VIP name???
Dan McFaddenSystems EngineerCommented:
OK, so if I understand correctly:

- There are 2 web servers:
1. server1
2. server2

- Each web server has the site setup, configured and confirmed to be working.
- The default site is not used. (this is a good thing!)
- The Default site is active. (this is a bad thing!)

The fact that the servers have different names, is expected and can be no other way.  If they both have the website running properly on them and all functionality is running as expected.  Then the issue existing in how the server group (load balancing group) is configured or how the site having their bindings setup.

Q1:  My questions are (as asked in posts above) are the sites on the 2 web servers bound to the "All Unassigned" address or using a statically assigned IP address?

I believe I have described what needs to be done to the site configurations on both servers, in my first post.

I have deployed, into Test and Production environments, Netscalers supporting more than 70 servers and 40 web farms (servers groups) using the described configuration and processes.

compdigit44Author Commented:
Dan, thank you for your reply. As you can see I am not the best at IIS and Citrix but am trying and appreciate your patience.

I will do my best to answer your questions(s)

- On both webservers under bindings only the default bindings are present and all are bound to "All unassigned". There are no bindings present that would make the site respond to the name They would only respond to a Http request using their server name

This is the part that is messing me up. The Netscaler is setup or I tried to setup to have a VIP name of which list the http service for both servers. I only thought a binding would be needed since the Netscaler in RoundRobin passes the request to either server in the backend so both servers would need to be able to respond to the http request name some how.
Dan McFaddenSystems EngineerCommented:
In IIS you have to chose an IP address for a binding.  That IP address does not need to be the IP of the website on the Netscaler, just choose an IP address other than "All Unassigned."

Your binding should look something like this:

Example of binding an IP address to a website in IIS
Add/Edit a Binding in IIS
Each IIS Server will have a unique IP address binding, as in the example in my first post.  These 2 unique IP addresses will be the internal IP addresses that you use when configuring the load balancing group (server group) on the Netscaler.  On the Netscaler, the VIP, it the IP address that people can see on the Internet.  This is the IP address that has a DNS entry made available for the URL Host Name that the website operates under... i.e.:

Again, this is stated in the first post on your question.

compdigit44Author Commented:
I thought about this some more and think I understand why this is a problem for me.

The users need to be redirected to a page like

SO when they type in the VIP name is redirects them to the main page and not the sub site which is why they are getting the IIS 7 page... SO under redirect I added the full path users should be redirected to using the VIP name and still got the same IIS 7 page.. so maybe my redirect is not setup properly..
Dan McFaddenSystems EngineerCommented:
If you are getting the default website when using the load balancer, you are going to the wrong destination.  Adding a redirect is probably necessary, but first you need to be hitting the proper website.

Here is a test:
1. on each server, create a test.html page (in the root of the website, not the actual application location) that has the server name in the content of the page.
2. access the website thru the load balancer.
3. if you load balancer is setup for correctly, you should be able to see the content of the page switch between server name 1 and server name 2.  You may have to clear you browser cache to see the results.

If this works, your server group is configured correctly.

The next test is to enter the URL that leads into the web application:  If that works, then setting up a redirect is the next step.

compdigit44Author Commented:
Here are my results

1- was able to access the test html file on the default site

2- was able to access the test html file on the default site going through the netscaler

When I try to type in a redirect using the VIP name is where things break. I does work though if I do not use the VIP name in the redirect but the name of one of the servers
compdigit44Author Commented:
I have been reading that some people have used responder or rewrite policy to redirect users to URL on 2 different backend servers...

Basically there seems to be multiple ways to get this done... Since I am not strong on the Netscaler is why I was going to added a new binding to both back end server so they both can respond to then in the redirect space type in

Do this sound that crazy?
Dan McFaddenSystems EngineerCommented:
The URL redirect can be done on the IIS Server.

If the websites are responding to the test.html, on both servers, then there is no issue with bindings and the Netscape load balancing group appears to function. The issue now sits with automatically redirecting people from the URL to

This is nothing more than a redirect on each web server.

Dan McFaddenSystems EngineerCommented:
Can you access the URL:, or whatever it is, thru the load balancer?

compdigit44Author Commented:
Thank you for sticking with me on this. I have been doing alot of read on this and decided to start from the begin again and change my approach.

1) The Netscaler is smart enought to hand redirecting clients without have to add a binding to the web servers. WIth this in mind I am not try to create a redirect policy to point users from to

WHen I try to create a new redirect action and copy and paste my new URL I get a expression syntax error..

Thank you for making me stop and think about this more
compdigit44Author Commented:
I figured it out and was able to get this to work with a Rewrite policy thank you for everything I learned a lot
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.