All, Has anyone been able to setup a site-to-site (S2S) along with network load balancing integration on TMG 2010 EE? The S2S works fine on its own when NLB integration is disabled; and NLB itself works fine. However, as soon as I enable NLB integration the S2S continually stays in a disabled state in RRAS. Manually enabling it simply results in it being disabled within 15 seconds. If I setup NLB manually (not through TMG) the S2S stays enabled. It’s only when done through TMG. This problem occurs even if I only have 1 server in the array. Any ideas? Thanks, S
Thanks Tom. Anxious to hear your results. If it helps, our setup for each site includes 2 TMG virtuals servers running on Windows Server 2008 R2 x64. The virtuals are running on Hyper-V boxes are is also 2008 R2 x64.
Multicast. however, we can reproduce the problem with out actually setting up any NLB interfaces. If we simply Enable NLB Integration, the S2S gets and stays disabled. Also, we have tried setting up NLB first, then doing the S2S, and vice versa. Any order of ops we do we seem to run into the same problem.
Just an update on more testing we have tried. Enabling the MAC spoofing on the HyperV guest settings makes no difference on the S2S. We can however get NLB to work, without redunancy for the S2S by enabling/configuring NLB then disabling integration but leaving the settings.
Unfortunately we've had to start looking into other firewall solutions since we have this problem and also issues with TMG/ISA blocking the RPC traffic through a S2S to/from Exchange 2010 boxes.
Posts: 75
Joined: 21.Sep.2004
From: Denver, CO
Status: offline
I'm also wondering if anyone has figured this out. I've found that VPN features with NLB seem broken in TMG. I can't get demand-dial connections to work and get the exact same issue with S2S connections (network interface always disabled in TMG RRAS).
Posts: 75
Joined: 21.Sep.2004
From: Denver, CO
Status: offline
I've found that disabling the NLB on the internal side allows my demand-dial VPN connections to work but haven't tested the S2S. It appears, based on logging, that the way TMG handles inbound VPN across the array is by trying the connection across all members. then the one with the IP assigned to the inbound connection can fulfill it.
That doesn't appear to be true NLB. And NLB appears to break a lot of VPN funcitonality.
Disabling the NLB on the internal side (not external) seemed to resolve my issues.
FYI...and I'm sure there will be some clarification by someone more knowledgable.
Posts: 10
Joined: 16.Nov.2004
From: Austria
Status: offline
After nearly 2 months I just got info from MS: it seems to be some kind of timing issue. they are currently working on a private fix, the final fix should be available in some weeks...
After nearly 2 months I just got info from MS: it seems to be some kind of timing issue. they are currently working on a private fix, the final fix should be available in some weeks...
When they say private fix does that mean we will have to burn a support case to get the fix or will it be released as a normal windows update?
After nearly 2 months I just got info from MS: it seems to be some kind of timing issue. they are currently working on a private fix, the final fix should be available in some weeks...
Update for all - Appears to be some sort of WMI subscription issue apparently - Hotfix is due out in a couple of weeks. I'll be notified when it's available (we have a support case logged) and will update here.
Posts: 69
Joined: 1.Jul.2005
From: Stockholm / Sweden
Status: offline
Nice, since I have the same issue as well. I have seen the same problem for other users as well in other forums so my guess this patch will be higly apriciated.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> S2S with NLB Integration on TMG EE 
S2S with NLB Integration on TMG EE - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread