NIC connectivity after being added to Network Load Balance

rutaliet
rutaliet used Ask the Experts™
on
Hello everyone, I am hoping someone might be able to help with an odd NLB issue we seem to be experiencing on our ADFS farm setup. This environment has been setup for at least a year and this issue could have been going on for a while without being noticed. Both servers are Hyper-V guests with two network cards attached and MAC Spoofing enabled on the second NIC (Cluster Operation Mode Unicast). The issue that we are having is that we are able to add ADFS-1 to the cluster with no issues, however when we add AFDS-2 into the cluster the Network Location Awareness (NLA) changes from Domain Network to Public Network (Images below). No errors are displayed as it joins the cluster, but the NLB NIC is no longer reachable on the network.

ADFS-1
Host NIC: x.x.x.33
NLB NIC: x.x.x.151
NLB VIP: x.x.x.150

ADFS-2
Host NIC: x.x.x.10
NLB NIC: x.x.x.152 (Unreachable after Joining to cluster)
NLB VIP: x.x.x.150

Before NLB Join
After NLB Join
I have already verified the IP configurations before and after the addition to the cluster and restarted NLA, and nothing has changed. When you drop the NIC from the cluster it returns to its normal state of Domain Network. I have also deleted the cluster completely and rejoin the servers in a different order but the same server/same NIC does the exact same thing. Anybody Expert ideas on where to go next?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
SteveArchitect/Designer

Commented:
It's likely to be down to the incorrect assignment of the cluster network to public, as I'm betting that is activating and/or restricting the Windows Firewall on server 2. Check your firewall settings to confirm if it is blocking traffic when on a 'public' network.

As for why it is deemed a public network in the first place, there can be a number of reasons. may not be worth worrying about it, just amend it :-)

try this:
http://www.1337admin.org/windows-server/windows-server-2012-r2/change-network-location-using-powershell-in-windows/

Author

Commented:
Thank you for your comment Steve! Unfortunately this does not resolve the issue at hand and I had previously attempted the same procedure. The interface is still not accepting traffic after becoming part of the NLB Cluster. The only additional thing that could be of note would be the IPv4Connectivity in the Get-NetConnectionProfile (Seen Below)

Get-NetConnectionProfile
SteveArchitect/Designer

Commented:
can you send traffic out? have you checked if the firewall is on and can you turn it off to confirm if it is relevant or not?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
I disabled the host NIC and the windows firewall service, I am unable to send traffic in or out of the NLB NIC while it is part of the cluster. While the host NIC was disable I also pulled the routing table to see if anything seemed to be amiss as well.

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask               Gateway       Interface  Metric
0.0.0.0                                 0.0.0.0                    x.x.x.1          x.x.x.152    261
x.x.x.0                                 255.255.0.0            On-link        x.x.x.152    261
x.x.x.150                            255.255.255.255    On-link        x.x.x.152    261
x.x.x.152                            255.255.255.255    On-link        x.x.x.152    261
x.x.255.255                       255.255.255.255    On-link        x.x.x.152    261
127.0.0.0                           255.0.0.0                 On-link        127.0.0.1    306
127.0.0.1                           255.255.255.255    On-link        127.0.0.1    306
127.255.255.255              255.255.255.255    On-link        127.0.0.1    306
224.0.0.0                           240.0.0.0                 On-link         127.0.0.1    306
224.0.0.0                           240.0.0.0                 On-link         x.x.x.152    261
255.255.255.255             255.255.255.255     On-link        127.0.0.1    306
255.255.255.255             255.255.255.255     On-link        x.x.x.152    261
===========================================================================
Persistent Routes:
Network Address          Netmask  Gateway Address  Metric
0.0.0.0          0.0.0.0        x.x.x.1  Default
0.0.0.0          0.0.0.0        x.x.x.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
1    306 ::1/128                  On-link
15    261 fe80::/64                On-link
15    261 fe80::59c9:cee:5a9a:d4af/128
                                    On-link
1    306 ff00::/8                 On-link
15    261 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None


ADFS-2 is our primary ADFS server and cannot be offline for extended periods so I created a brand new VM from scratch on a completely different host with the same hardware configuration. The same issue is happening on the new VM as well.

Thank you again for taking the time!

Author

Commented:
I think that I may have found my own solution and will followup with the results for anyone else in the future after testing.
SteveArchitect/Designer

Commented:
cool. what did you find?
Commented:
Sorry for the delay on getting the information posted. The cause of the issue was the MAC spoofing not working even through it was configured in hyper-v. The resolution to the issues was remove the node from NLB and shutdown the host. Then disable the MAC Spoofing and statically set the address in Hyper-V. I then had to boot the machine (without spoofing disabled) and shut it down again so Server 2012 would get the correct MAC. Once that was done I re-enabled MAC spoofing, boot and re-add the node back into the NLB cluster and it was recognized properly to the correct network.

while I did verify the IP configuration on all adapters, I didn't even think to suspect the MAC address causing the Network Location Awareness issues.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial