Discussion:
NLB Web Application Server: Access Issues
(too old to reply)
Tyler McLaughlin
2007-08-29 20:18:02 UTC
Permalink
I'm having an issue with my NLB hosted web application. The application
works correcly on both web servers, whether accessing it locally from the IIS
servers themselves, or via a client computer. It worked sporadically (a few
times) when trying to access it from the NLB hostname. It no longer works.
Now when attempting to access the NLB URL, I get one of the two following
errors:

HTTP 400 Bad Request
This error (HTTP 400 Bad Request) means that Internet Explorer was able to
connect to the web server, but the webpage could not be found because of a
problem with the address.

OR

Internet Explorer cannot display the webpage
This problem can be caused by a variety of issues, including:

Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's
domain.
If this is an HTTPS (secure) address, click Tools, click Internet Options,
click Advanced, and check to be sure the SSL and TLS protocols are enabled
under the security section.


Configuration: (this is not accessed externally. Intranet domain
application access only)

----------------------------------------------------------
\\NODE1.INTERNAL.EXTERNAL.COM
ETH0 = PUBLIC 192.168.1.1
NLB = VIRTUAL 192.168.1.3
ETH1 = PRIVATE 1.1.1.1
---------------------------------------------------------
\\NODE2.INTERNAL.EXTERNAL.COM
ETH0 = PUBLIC 192.168.1.2
NLB = VIRTUAL 192.168.1.3
ETH1 = PRIVATE 1.1.1.2
---------------------------------------------------------
\\NLB.INTERNAL.EXTERNAL.COM (Static (A) Record exists @ 192.168.1.3)
---------------------------------------------------------
NLB SETUP
OPERATION MODE = MULTICAST (ARP entry exists on router)
PORT RULES = PORT 80, FILTERING = MULTIPLE HOST, SINLGE AFFINITY, EQUAL
(application is session based)
---------------------------------------------------------

I’ve read the following KB Article http://support.microsoft.com/kb/929650
and followed the applicable scenario rule:

Scenario 3: Access an IIS application in a clustered or load-balanced
environment

When you run IIS in a clustered environment or in a load-balanced
environment, you access applications by using the cluster name instead of by
using a node name. This scenario includes network load balancing. In cluster
technology, a node refers to one computer that is a member of the cluster. To
use Kerberos as the authentication protocol in this scenario, the application
pool identity on each IIS node must be configured to use the same domain user
account. To configure each IIS node to use the same domain user account, use
the following command:

Setspn –A HTTP/CLUSTER_NAME domain\username
---------------------------------------------------------------------------

What is wrong?
Rodney R. Fournier [MVP]
2007-08-30 14:47:39 UTC
Permalink
I didn't answer your question when I replied earlier :)

Cheers,

Rodney R. Fournier

MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Post by Tyler McLaughlin
I'm having an issue with my NLB hosted web application. The application
works correcly on both web servers, whether accessing it locally from the IIS
servers themselves, or via a client computer. It worked sporadically (a few
times) when trying to access it from the NLB hostname. It no longer works.
Now when attempting to access the NLB URL, I get one of the two following
HTTP 400 Bad Request
This error (HTTP 400 Bad Request) means that Internet Explorer was able to
connect to the web server, but the webpage could not be found because of a
problem with the address.
OR
Internet Explorer cannot display the webpage
Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's
domain.
If this is an HTTPS (secure) address, click Tools, click Internet Options,
click Advanced, and check to be sure the SSL and TLS protocols are enabled
under the security section.
Configuration: (this is not accessed externally. Intranet domain
application access only)
----------------------------------------------------------
\\NODE1.INTERNAL.EXTERNAL.COM
ETH0 = PUBLIC 192.168.1.1
NLB = VIRTUAL 192.168.1.3
ETH1 = PRIVATE 1.1.1.1
---------------------------------------------------------
\\NODE2.INTERNAL.EXTERNAL.COM
ETH0 = PUBLIC 192.168.1.2
NLB = VIRTUAL 192.168.1.3
ETH1 = PRIVATE 1.1.1.2
---------------------------------------------------------
---------------------------------------------------------
NLB SETUP
OPERATION MODE = MULTICAST (ARP entry exists on router)
PORT RULES = PORT 80, FILTERING = MULTIPLE HOST, SINLGE AFFINITY, EQUAL
(application is session based)
---------------------------------------------------------
I've read the following KB Article http://support.microsoft.com/kb/929650
Scenario 3: Access an IIS application in a clustered or load-balanced
environment
When you run IIS in a clustered environment or in a load-balanced
environment, you access applications by using the cluster name instead of by
using a node name. This scenario includes network load balancing. In cluster
technology, a node refers to one computer that is a member of the cluster. To
use Kerberos as the authentication protocol in this scenario, the application
pool identity on each IIS node must be configured to use the same domain user
account. To configure each IIS node to use the same domain user account, use
Setspn -A HTTP/CLUSTER_NAME domain\username
---------------------------------------------------------------------------
What is wrong?
Tyler McLaughlin
2007-09-05 20:18:02 UTC
Permalink
Do you have an answer to the question...?

thx -

- Tyler
Post by Rodney R. Fournier [MVP]
I didn't answer your question when I replied earlier :)
Cheers,
Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Post by Tyler McLaughlin
I'm having an issue with my NLB hosted web application. The application
works correcly on both web servers, whether accessing it locally from the IIS
servers themselves, or via a client computer. It worked sporadically (a few
times) when trying to access it from the NLB hostname. It no longer works.
Now when attempting to access the NLB URL, I get one of the two following
HTTP 400 Bad Request
This error (HTTP 400 Bad Request) means that Internet Explorer was able to
connect to the web server, but the webpage could not be found because of a
problem with the address.
OR
Internet Explorer cannot display the webpage
Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's
domain.
If this is an HTTPS (secure) address, click Tools, click Internet Options,
click Advanced, and check to be sure the SSL and TLS protocols are enabled
under the security section.
Configuration: (this is not accessed externally. Intranet domain
application access only)
----------------------------------------------------------
\\NODE1.INTERNAL.EXTERNAL.COM
ETH0 = PUBLIC 192.168.1.1
NLB = VIRTUAL 192.168.1.3
ETH1 = PRIVATE 1.1.1.1
---------------------------------------------------------
\\NODE2.INTERNAL.EXTERNAL.COM
ETH0 = PUBLIC 192.168.1.2
NLB = VIRTUAL 192.168.1.3
ETH1 = PRIVATE 1.1.1.2
---------------------------------------------------------
---------------------------------------------------------
NLB SETUP
OPERATION MODE = MULTICAST (ARP entry exists on router)
PORT RULES = PORT 80, FILTERING = MULTIPLE HOST, SINLGE AFFINITY, EQUAL
(application is session based)
---------------------------------------------------------
I've read the following KB Article http://support.microsoft.com/kb/929650
Scenario 3: Access an IIS application in a clustered or load-balanced
environment
When you run IIS in a clustered environment or in a load-balanced
environment, you access applications by using the cluster name instead of by
using a node name. This scenario includes network load balancing. In cluster
technology, a node refers to one computer that is a member of the cluster. To
use Kerberos as the authentication protocol in this scenario, the application
pool identity on each IIS node must be configured to use the same domain user
account. To configure each IIS node to use the same domain user account, use
Setspn -A HTTP/CLUSTER_NAME domain\username
---------------------------------------------------------------------------
What is wrong?
Rodney R. Fournier
2007-09-06 12:43:16 UTC
Permalink
Sadly, no.

Cheers,

Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Post by Tyler McLaughlin
Do you have an answer to the question...?
thx -
- Tyler
Post by Rodney R. Fournier [MVP]
I didn't answer your question when I replied earlier :)
Cheers,
Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Post by Tyler McLaughlin
I'm having an issue with my NLB hosted web application. The application
works correcly on both web servers, whether accessing it locally from
the
IIS
servers themselves, or via a client computer. It worked sporadically
(a
few
times) when trying to access it from the NLB hostname. It no longer works.
Now when attempting to access the NLB URL, I get one of the two following
HTTP 400 Bad Request
This error (HTTP 400 Bad Request) means that Internet Explorer was able to
connect to the web server, but the webpage could not be found because of a
problem with the address.
OR
Internet Explorer cannot display the webpage
Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's
domain.
If this is an HTTPS (secure) address, click Tools, click Internet Options,
click Advanced, and check to be sure the SSL and TLS protocols are enabled
under the security section.
Configuration: (this is not accessed externally. Intranet domain
application access only)
----------------------------------------------------------
\\NODE1.INTERNAL.EXTERNAL.COM
ETH0 = PUBLIC 192.168.1.1
NLB = VIRTUAL 192.168.1.3
ETH1 = PRIVATE 1.1.1.1
---------------------------------------------------------
\\NODE2.INTERNAL.EXTERNAL.COM
ETH0 = PUBLIC 192.168.1.2
NLB = VIRTUAL 192.168.1.3
ETH1 = PRIVATE 1.1.1.2
---------------------------------------------------------
---------------------------------------------------------
NLB SETUP
OPERATION MODE = MULTICAST (ARP entry exists on router)
PORT RULES = PORT 80, FILTERING = MULTIPLE HOST, SINLGE AFFINITY, EQUAL
(application is session based)
---------------------------------------------------------
I've read the following KB Article
http://support.microsoft.com/kb/929650
Scenario 3: Access an IIS application in a clustered or load-balanced
environment
When you run IIS in a clustered environment or in a load-balanced
environment, you access applications by using the cluster name instead
of
by
using a node name. This scenario includes network load balancing. In cluster
technology, a node refers to one computer that is a member of the
cluster.
To
use Kerberos as the authentication protocol in this scenario, the application
pool identity on each IIS node must be configured to use the same
domain
user
account. To configure each IIS node to use the same domain user
account,
use
Setspn -A HTTP/CLUSTER_NAME domain\username
---------------------------------------------------------------------------
What is wrong?
Mathieu CHATEAU
2007-09-06 14:35:02 UTC
Permalink
Hello,

dumb question: is the IIS using host header ? if so, does it contains the
FQDN or shortname or both ?
Do you enforce ssl connection ?
Can you create an html test page to be sure it's not the application that is
rejecting the connection ?

telnet NLB.INTERNAL.EXTERNAL.COM 80 works ? if so:
GET / HTTP/1.0
[two return carriage]
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
Post by Tyler McLaughlin
Do you have an answer to the question...?
thx -
- Tyler
Post by Rodney R. Fournier [MVP]
I didn't answer your question when I replied earlier :)
Cheers,
Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
Post by Tyler McLaughlin
I'm having an issue with my NLB hosted web application. The application
works correcly on both web servers, whether accessing it locally from
the
IIS
servers themselves, or via a client computer. It worked sporadically
(a
few
times) when trying to access it from the NLB hostname. It no longer works.
Now when attempting to access the NLB URL, I get one of the two following
HTTP 400 Bad Request
This error (HTTP 400 Bad Request) means that Internet Explorer was able to
connect to the web server, but the webpage could not be found because of a
problem with the address.
OR
Internet Explorer cannot display the webpage
Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's
domain.
If this is an HTTPS (secure) address, click Tools, click Internet Options,
click Advanced, and check to be sure the SSL and TLS protocols are enabled
under the security section.
Configuration: (this is not accessed externally. Intranet domain
application access only)
----------------------------------------------------------
\\NODE1.INTERNAL.EXTERNAL.COM
ETH0 = PUBLIC 192.168.1.1
NLB = VIRTUAL 192.168.1.3
ETH1 = PRIVATE 1.1.1.1
---------------------------------------------------------
\\NODE2.INTERNAL.EXTERNAL.COM
ETH0 = PUBLIC 192.168.1.2
NLB = VIRTUAL 192.168.1.3
ETH1 = PRIVATE 1.1.1.2
---------------------------------------------------------
---------------------------------------------------------
NLB SETUP
OPERATION MODE = MULTICAST (ARP entry exists on router)
PORT RULES = PORT 80, FILTERING = MULTIPLE HOST, SINLGE AFFINITY, EQUAL
(application is session based)
---------------------------------------------------------
I've read the following KB Article
http://support.microsoft.com/kb/929650
Scenario 3: Access an IIS application in a clustered or load-balanced
environment
When you run IIS in a clustered environment or in a load-balanced
environment, you access applications by using the cluster name instead
of
by
using a node name. This scenario includes network load balancing. In cluster
technology, a node refers to one computer that is a member of the
cluster.
To
use Kerberos as the authentication protocol in this scenario, the application
pool identity on each IIS node must be configured to use the same
domain
user
account. To configure each IIS node to use the same domain user
account,
use
Setspn -A HTTP/CLUSTER_NAME domain\username
---------------------------------------------------------------------------
What is wrong?
perrdiddy
2010-05-27 06:10:03 UTC
Permalink
Tyler McLaughlin wrote on 08/29/2007 16:18 ET
Post by Tyler McLaughlin
I'm having an issue with my NLB hosted web application. The applicatio
works correcly on both web servers, whether accessing it locally from the II
servers themselves, or via a client computer. It worked sporadically (a fe
times) when trying to access it from the NLB hostname. It no longer works
Now when attempting to access the NLB URL, I get one of the two followin
errors
HTTP 400 Bad Reques
This error (HTTP 400 Bad Request) means that Internet Explorer was able t
connect to the web server, but the webpage could not be found because of
problem with the address
O
Internet Explorer cannot display the webpag
This problem can be caused by a variety of issues, including
Internet connectivity has been lost
The website is temporarily unavailable
The Domain Name Server (DNS) is not reachable
The Domain Name Server (DNS) does not have a listing for the website'
domain
If this is an HTTPS (secure) address, click Tools, click Internet Options
click Advanced, and check to be sure the SSL and TLS protocols are enable
under the security section
Configuration: (this is not accessed externally. Intranet domai
application access only
NODE1.INTERNAL.EXTERNAL.CO
ETH0 = PUBLIC 192.168.1.
NLB = VIRTUAL 192.168.1.
ETH1 = PRIVATE 1.1.1.
NODE2.INTERNAL.EXTERNAL.CO
ETH0 = PUBLIC 192.168.1.
NLB = VIRTUAL 192.168.1.
ETH1 = PRIVATE 1.1.1.
NLB SETU
OPERATION MODE = MULTICAST (ARP entry exists on router
PORT RULES = PORT 80, FILTERING = MULTIPLE HOST, SINLGE AFFINITY, EQUA
(application is session based
I’ve read the following KB Articl
http://support.microsoft.com/kb/92965
Post by Tyler McLaughlin
and followed the applicable scenario rule
Scenario 3: Access an IIS application in a clustered or load-balance
environmen
When you run IIS in a clustered environment or in a load-balance
environment, you access applications by using the cluster name instead of b
using a node name. This scenario includes network load balancing. In cluste
technology, a node refers to one computer that is a member of the cluster. T
use Kerberos as the authentication protocol in this scenario, the applicatio
pool identity on each IIS node must be configured to use the same domain use
account. To configure each IIS node to use the same domain user account, us
the following command
Setspn –A HTTP/CLUSTER_NAME domainusernam
What is wrong
It's been years but I'm replying in case anyone else has had this problem.
had to reconfigure the bindings on one of my servers to a wildcard. Thi
setting in IIS7 is if you right-click "Default Web Site" and choos
"edit bindings" make sure that they are set to a "*" fo
th
IP address and not hard coded to the server IP

In my case, one of the three NLB servers had a hard coded IP address in th
binding which caused it to fail 1/3 of the time. This is why it sometime
worked when switching IP addresses. This is also why all cluster nodes wor
when hitting it directly

With a hard coded IP binding, it would not respond properly when users try t
hit it using the cluster IP

Hope this helps someone.
i***@gmail.com
2015-01-14 21:45:26 UTC
Permalink
This post might be inappropriate. Click to display it.
Loading...