• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

NLB and Autoconfig scripts

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> NLB and Autoconfig scripts Page: [1]
Login
Message << Older Topic   Newer Topic >>
NLB and Autoconfig scripts - 24.Jan.2011 8:33:54 AM   
big_dazza

 

Posts: 506
Joined: 24.Apr.2003
Status: offline
We have a 2 server standalone array. Now, I want (and I am) using TMG NLB. Great. But I also want to use the autoconfig script for WP clients so I can avoid the bane of GPO configuration.

What I have noticed is that, when one of the TMG servers go down the WP clients then suffer 30 sec delays in browser when opening fresh IE windows. This I believe is because the script contains....

"DirectNames=new MakeNames();
cDirectNames=57;
HttpPort="8080";
cNodes=2;
function MakeProxies(){
this[0]=new Node("170.198.74.69",2124777546,1.000000);
this[1]=new Node("170.198.74.70",3504697409,1.000000);
}"

...this means that the IE client briefly wants to connect to these two non VIP addresses. This is subject to standard Windows timeout when one of them is down.

So, this partially negates the whole objective of the NLB in the first place. Why does this script hand out the non VIP addresses? Surely it should only dish out the VIP so that any single TMG server outage is completely transparent to the user with no delays?

Surely this quite a major flaw in the design?

Your comments appreciated.

< Message edited by big_dazza -- 24.Jan.2011 8:35:56 AM >
Post #: 1
RE: NLB and Autoconfig scripts - 25.Jan.2011 9:06:03 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi BD,

NLB doesn't work for Web Proxy clients. Only for SecureNAT clients.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to big_dazza)
Post #: 2
RE: NLB and Autoconfig scripts - 26.Jan.2011 3:19:37 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Yep, not ideal at all!

This really long old dicsussion on this subject, but it is still relevant:

http://www.freelists.org/post/isapros/Web-Proxy-with-NLB-Back-to-basics,25

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 3
RE: NLB and Autoconfig scripts - 26.Jan.2011 7:58:54 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jason,

Thanks! good to see that email threads still survive on the web :)

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> NLB and Autoconfig scripts Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts