[isalist] Re: ISA Intra Array Authentification
- From: "Gerald G. Young" <g.young@xxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sun, 11 Feb 2007 10:04:38 -0500
Well, technically, not exactly, although it is a best practice.
There are two ways to work around this. These are:
1. Run NLB in Multicast mode – not something I consider a good idea
because you will most likely end up having to hard code a bunch of network
devices’ ARP tables.
2. Use the UnicastInterHostCommSupport Registry key (assuming Windows
2003 SP1).
The link for 2., above is http://support.microsoft.com/kb/898867.
Cordially yours,
Jerry G. Young II
Application Engineer, Platform Engineering and Architecture
NTT America, an NTT Communications Company
22451 Shaw Rd.
Sterling, VA 20166
Office: 571-434-1319
Fax: 703-333-6749
Email: g.young@xxxxxxxx
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Sunday, February 11, 2007 6:50 AM
To: ISA Mailing List
Subject: [isalist] Re: ISA Intra Array Authentification
Intra-Array Communication
When you use ISA Server integrated NLB, each computer running ISA Server
services requires an additional network adapter, for intra-array communication.
We recommend that these network adapters be physically connected to each other
(for example, through a single switch), and not to other network segments, to
ensure that they receive only intra-array communication. You should then
configure intra-array communication to use the IP address of the new adapter on
each server. The configuration procedures are described in the topic
Configuring and Securing Intra-Array Communication in this document.
Therefore it needs at least 2 nics
S
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Bogdan Florin
Sent: Sunday, February 11, 2007 3:00 AM
To: ISA Mailing List
Subject: [isalist] Re: ISA Intra Array Authentification
I did this and I found interesting documentation.
http://www.microsoft.com/technet/isa/2004/plan/network_load_balancing_ee.mspx
please be kind and confirm if my understanding was right:
- to have ISA with one Ethernet card only working in ARRAY there is also
required to configure Network Load Balancing.
Or … TWO Ethernet will be a MUST ?
Thank you.
PS: on Isa 2000 it was simple creating the array, joust add second server, same
settings and work but in 2004 it seems they change something more.
Yours sincerely,
Bogdan Florin
CEO
InterNetCon - Satellite Internet Services
www.internetcon.ro www.powersat.ro
Phone: +40-264-452383
Cell: +40-740-074031
Cell: +40-788-074031
Fax: +40-264-452207
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Saturday, February 10, 2007 10:21 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA Intra Array Authentification
Search the help for “intra-array account”.
Make sure that it’s set the same for al servers in the array.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Bogdan Florin
Sent: Monday, February 05, 2007 11:30 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] ISA Intra Array Authentification
Dear Colleagues,
I come to you with a simple question and I trough that you can help me faster
than any other documentation.
We have an ISA Server 2004 connected to our main domain, with only one
interface and used purely for caching. The settings are all ok, everything
works all right. In this enviroments we add another server with intentions to
have 2 servers in array. We would like to make a fail over at DNS level with
same record and two IP.
After this array created successfully, there is one error on each ISA machine:
Description: ISA Server cannot connect to xxx.xxx.xxx.xxx proxy server because
the server requires authentication, either when chaining or for intra-array
communication. However authentication failed because the specified credentials
were incorrect. Check authentication credentials and try again.
While XXX.XXX.XXX.XXX is the address of OTHER server. In this spirit I reach
the conclusion that there is a problem in INTRA ARRAY communication.
The second server it have CARP Load factor to 1 and the old server have CARP
Load factor to 100. In this enviroments …. When an end user connects to the
second server it got the following error:
? Error Code: 502 Proxy Error. Logon failure: unknown user name or bad
password. (1326)
? IP Address: server isa old
? Date: 2/6/2007 7:18:37 AM
? Server: server isa new
? Source: proxy
I can only conclude that Intra-Array authentification is the problem.
If you can provide me a fast advice I would appreciate very much.
Yours sincerely,
Bogdan Florin
CEO
InterNetCon - Satellite Internet Services
www.internetcon.ro <http://www.internetcon.ro> www.powersat.ro
<http://www.powersat.ro>
Phone: +40-264-452383
Cell: +40-740-074031
Cell: +40-788-074031
Fax: +40-264-452207
All mail to and from this domain is GFI-scanned.
All mail to and from this domain is GFI-scanned.
Other related posts:
