Solved

NLB, ADFS, DNS issues?

Posted on 2014-12-21
1
221 Views
Last Modified: 2015-01-05
Hello Experts,

I have a client that after site migration, users unable to be replicated to O365, password synchronization failed . IT team unable to ping VIP of Windows network load balancer.

As workaround, a DNS record pointing to a single ADFS server instead of VIP of WLB was created in the DNS zone . After creating a DNS record, email and dirsync was reestablished.  If we revert changes to original state [ADFS servers in a nlb using VIP address] email, users and password synchronization stops

Company runs ADFS server  [2008 R2 servers] and Exchange Hybrid, Windows 2008 Forest/domain fuctional level

Any ideas on why we are unable to ping VIP of Windows network load balancer? ADFS servers are in a DMZ network, before migration of site everything was ok, they did not change any IPs or any settings on the network load balancer, and the WIndows NLB is setup for multicast on the 2 nodes of the NLB

if the NLB cluster of ADFS was deployed is down, email, and users/password sync will stop, but if anything changed, why it stopped?

How can we fix this issue? do you believe is a DNS, ADFS, or office 365 issue or Windows network load balancer issue?

Should we upgrade ADFS servers to 2012 R2 to fix the Windows network load balancer issue[ if determined is NLB root cause]
Please, provide instructions step-by-step to fix this issue
0
Comment
Question by:Jerry Seinfield
1 Comment
 
LVL 28

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 40512589
Before any upgrading, my first instinct is to verify if there is a firewall blocking access to the VIP.  No ping, no sync, no access reeks of a security device not configured for a new service point.

Dan
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question