Welcome to ISAserver.org

ISA 2004 Enterprise and NLB with VLAN tagged interfaces

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> ISA 2004 Enterprise and NLB with VLAN tagged interfaces

Page: [1]

Message

<< Older Topic Newer Topic >>

ISA 2004 Enterprise and NLB with VLAN tagged interfaces - 23.Aug.2005 8:15:00 AM

zork

Posts: 6
Joined: 23.Aug.2005
Status: offline

Hello,

I am running into a problem at a customer.

We have two ISA servers Enterprise edt.
so far so good no problem at all.

the server have 4 NICS.
1.Office Network
2.Permiter Network
3. External Network.

All these interfaces are configured in NLB (from ISA).

Now i need to access 2 other networks and i thought i can do that with vlan tagging, so i configured the vlans on that interface and on the switch. That works i can reach the networks.

But now the problem, directly after configuring the vlans the NLB setup is stopped with the following message in the isa alerts:
-------------------------------------------------
Description: The Firewall service failed to apply the Network Load Balancing configuration on the local computer.
The failure is due to error: 0x80070490
-------------------------------------------------
And in the event viewer:
-------------------------------------------------
Event Type: Error
Event Source: Microsoft Firewall
Event Category: None
Event ID: 21107
Date: 23-8-2005
Time: 14:09:14
User: N/A
Computer: XXXXXX09
Description:
The Firewall service failed to apply the Network Load Balancing configuration on the local computer.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 90 04 07 80 �..€
--------------------------------------------------
When i remove the vlan interface the NLB setup is working again.

What is going wrong here ?

[ August 23, 2005, 08:28 AM: Message edited by: zork ]

Post #: 1

Featured Links*

RE: ISA 2004 Enterprise and NLB with VLAN tagged interf... - 9.Sep.2005 11:26:00 AM

AgentX

Posts: 1
Joined: 9.Sep.2005
Status: offline

Hi zork,

I too am having the same error occur and I cannot find any documentation or clues explaining why ISA cannot apply the configuration.

I have two servers with two NICS.

Each server has multiple VLANS assigned.
Internal VLAN
Perimeter 1 VLAN
Perimeter 2 VLAN
Intra-Array VLAN

Routing and communication between hosts works between theses networks if NLB is not enabled.
If I 'Enable Load Balancing Intagration' all I get is that error.
Essentially ISA does nothing. MS Firewall just throws that one error.

My situation is slightly different in that you are adding VLANS. I am tyring to get it going from the start with VLANS in place.

Did you have any luck or hopefully someone out there can help us.

Cheers.

AgentX

(in reply to zork)

Post #: 2

RE: ISA 2004 Enterprise and NLB with VLAN tagged interf... - 9.Sep.2005 12:43:00 PM

gatorz

Posts: 17
Joined: 28.Feb.2004
Status: offline

We ran into the same situation when we were evaluating EE. This is one of the main reasons we went with rainwall instead of NLB for HA/LB.
We have been running rainwall in production for a while now and have not had any trouble concerning VLANS.

(in reply to zork)

Post #: 3

RE: ISA 2004 Enterprise and NLB with VLAN tagged interf... - 15.Sep.2005 1:31:00 PM

alfalfa6945

Posts: 12
Joined: 20.Dec.2003
Status: offline

quote:
Originally posted by zork:
the server have 4 NICS.
What is going wrong here ?

Not sure if this is the solution, but is 802.1P and vlan support enabled for the nic's in question? If not, enable it on the nic's and see what happens...

(in reply to zork)

Post #: 4

RE: ISA 2004 Enterprise and NLB with VLAN tagged interf... - 24.Oct.2005 7:49:00 AM

zork

Posts: 6
Joined: 23.Aug.2005
Status: offline

Still no luck with it.
We have ordered new servers with enough pci slots and a lot of network cards [Smile]

, this is working now in production.

I think the problem is the hardware address is the problem, on all interfaces it was the same MAC from what i remember.

And (alfalfa6945)yes all interfaces where vlan enabled.

(in reply to zork)

Post #: 5