Quantcast
Channel: Troubleshooting - KEMP Technologies Community Forums
Viewing all 69 articles
Browse latest View live

Adding new Real Servers - Already existing

January 20, 2013, 9:57 am
$
0
0
We have added a 4th exchange server to our environment. I have gone it the Virtual Service click Modify>Expand Real Servers> Add New..>Enter IP Address >Add this Real Server  and it tells me the Real Server not on available network. The new Exchange server is on the same network and is in the same subnet as the other 3 servers.

I used telnet to verify the ports and no matter which service I pick the same error occurs.  I have a ticket cut with Kemp and I should hear from them tomorrow, was curious if anyone has seen this before.  

Thanks!
Search

Load balancer, External IP in IIS logs and in .net code

September 13, 2012, 6:16 am
$
0
0

Hello,


I have 2 KEMP VLM1000's which run in HA mode. I'm load balancing some IIS 7.5 web servers, but I have 2 major issues.


1) The EXTERNAL client IP address is NOT getting logged in the IIS logfiles. It's the IP of the KEMP VS that's getting logged.


2) In code (asp.net), we need (realtime) to get the EXTERNAL client IP address, because we do some security stuff. It's the IP of the KEMP VS which we get via Request.ServerVariables("REMOTE_HOST")


Could you please give some detailed instructions on how we can fix these 2 issues? Perhaps you could include in detail how to "tweak" IIS and maybe also exactly what to do in Request.ServerVariables?


/Regards
a very frustrated KEMP customer!

Outlook requires to quit and restart when disabling RS

January 24, 2013, 12:54 am
$
0
0
Hello,

greetings to everyone, I am new here...

I am in the pilot phase of setting up a KEMP VLM  running 6.0-42 to Exchange 2010. I have set up a MAPI VS using the KEMP Exchange template.

Now, when I am testing switchover and disable a RS, I notice that sometimes (not always) some (but not all) of the Outlook clients receive the message that the Exchange administrator has made a change that requires Outlook to quit and restart. As far as I can tell, Outlook is still working properly without closing.

Persistence Options: Mode: Source IP address, Timeout 1 Hour. Idle Connection Timeout 86400.

Does anyone have an idea how to avoid that? I have heard of that message coming up on clients which are connecting directly to the Exchange servers.

Thanks, Georg.

increase Real Server Check time out (VLM)

January 29, 2013, 3:11 am
$
0
0
Is there a way to increase the time the load balancer waits for an answer on it's real server check?

We're
currently having performance issues on our Exchange servers and while
these are happening, the load balancer puts the real server offline for
half a minute and then re-enables it. So I'm getting a note in the log
"Removing RS ... time out waiting for data" and shortly after that it
adds it back to the list. This is giving us issues and we were wondering
if it's possible to increase the time the load balancer is waiting for
the server to respond before it declares it as offline. I couldn't find
any setting that sounds like it's related to that.

We're using VLMs with firmware 6.0-38

Connection reset on basic syslog connection

February 5, 2013, 2:55 am
$
0
0

We are running Kemp LoadMaster 5.1 to load balance an application used for audit logging. The client is opening a TCP connection, sends a TCP PSH package with XML data with syslog header prepended, receives an ACK, then starts to disconnect by sending a FIN package. It then receives a RST (TCP reset) from the LoadMaster. No information is forwarded to the load balanced syslog server (RS).


We then tried to set the option "server initiating protocols" to "other server initating", which made the connections somewhat more successful. However about half of the connections are failing ending up in loadmaster sending RST. This happens if and only if the loadmaster receives the PSH package with data before it has successfully opened the TCP connection to the load balanced syslog server. In the tcpdump we see


loadmaster -> server: TCP SYN
client -> loadmaster: PSH
loadmaster -> client ACK
client -> loadmaster FIN
server -> loadmaster SYN+ACK
loadmaster -> server ACK
loadmaster -> client RST
loadmaster -> server FIN, etc.


What can we do to work around this problem? Is there a configuration for loadmaster to cache the data received before the connection to the RS is completel up, or making it not to ACK the data received from the client before it can forward the data?

Error connecting to the remote host 99

February 4, 2013, 9:55 am
$
0
0
Hello Support,

in the Logfile from our Kemp 3600 Cluster i can see a lot of these messages:

[...]
unit1 kernel: net_ratelimit: 13215 callbacks suppressed
unit1 kernel: L7: ffff88011bc96bb8: Error connecting to the remote host 99
unit1 kernel: L7: ffff88012a4bd538: Error connecting to the remote host 99
unit1 kernel: L7: ffff88010803b3d8: Error connecting to the remote host 99
unit1 kernel: L7: ffff880103064278: Error connecting to the remote host 99
unit1 kernel: L7: ffff88010890c458: Error connecting to the remote host 99
unit1 kernel: L7: ffff88011e568dd8: Error connecting to the remote host 99
unit1 kernel: net_ratelimit: 1178 callbacks suppressed
unit1 kernel: L7: ffff8801070febf8: Error connecting to the remote host 99
unit1 kernel: L7: ffff880111e1b6d8: Error connecting to the remote host 99
unit1 kernel: L7: ffff880119607718: Error connecting to the remote host 99
unit1 kernel: L7: ffff8801088b8058: Error connecting to the remote host 99
unit1 kernel: L7: ffff880110c35398: Error connecting to the remote host 99
unit1 kernel: net_ratelimit: 12104 callbacks suppressed
[...]

Is there a problem with port exhaustion? How can i check this?

Best regards,
bstn

Exchange 2010 DNS Question

February 26, 2013, 7:42 am
$
0
0
I have two Exchange 2010 CAS/HUB/MB servers configured with the load balancer. Everything has been working fine up unil recently. Currently the servers are having issues updating their DNS info to our MS 2003 Domain Controllers for some reason. As part of my troubleshooting steps I wanted to know if it is possible that the Loadmaster could or couldn't be causing this issue.

HA-cluster inconsistent

February 12, 2013, 11:55 pm
$
0
0
We are having trouble with a pair of LoadMaster running in a HA-cluster. The usual pattern is that at some random point in time the cluster desynchronizes, with the primary node showing status green-grey and the secondary showing status blue-green. It seems that at this point in time the load balancers start fighting over the shared IP address, bringing all services virtually down.

The only (known) cure is to restart the secondary node. Usually everything is ok afterwards. 

We noticed also a kind of strange behavior after such an incident. After lb2 was already up and running and the cluster had consistent green-green status, the services stopped for a few seconds. The log from lb1 (which was the master) shows:



Feb 12 15:37:52 lb1 ucarp[1473]: [CRITICAL] Link eth3 is **DOWN**
Feb 12 15:37:52 lb1 ucarp[1473]: [WARNING] Switching to state: BACKUP
Feb 12 15:37:52 lb1 ucarp[1473]: [WARNING] Interface eth0 taken down
Feb 12 15:37:52 lb1 ucarp[1473]: [WARNING] Spawning [/etc/ha.d/down down]
Feb 12 15:37:53 lb1 ucarp[1473]: [WARNING] Switching to state: BACKUP
Feb 12 15:37:53 lb1 ucarp[1473]: [WARNING] Interface bnd1 taken down
Feb 12 15:37:53 lb1 ucarp[1473]: [WARNING] Switching to state: BACKUP
Feb 12 15:37:53 lb1 ucarp[1473]: [WARNING] Interface eth3 taken down
Feb 12 15:37:55 lb1 ucarp[1473]: [WARNING] Link eth3 is up
Feb 12 15:37:57 lb1 ucarp[1473]: [WARNING] Interface eth0 taken up
Feb 12 15:37:57 lb1 ucarp[1473]: [WARNING] Interface bnd1 taken up
Feb 12 15:37:57 lb1 ucarp[1473]: [WARNING] Interface eth3 taken up
Feb 12 15:37:57 lb1 ucarp[1473]: [WARNING] Switching to state: MASTER
Feb 12 15:37:57 lb1 ucarp[1473]: [WARNING] Spawning [/etc/ha.d/up up]



eth3 is a direct connection between the two machines, used for HA checking (there is also HA checking on other interfaces). I'm wondering why lb1 has decided to go to BACKUP state and taking down its external interface eth0 when it discovered the HA link does not work?

Regards,
Jarek
Search

SNMP counters don't show any activity

March 9, 2013, 10:59 am
$
0
0
We have a pair of LoadMaster running in a HA-cluster, one-armed configuration. Eth0 is used for inbound/outbound traffic, Eth3 is a direct connection between the two machines. Eth1 and Eth2 are not used. SNMP is enabled. Software version 5.x. When we query SNMP for information it shows "out of service" state for all virtual services and all real servers. Statistics data such as InPackets, OutPackets, Connections are all 0. However, web interface shows correct data (virtual services and real servers are UP, counters are reliable). The same information is seen when connecting to common address as well as individual address of each unit.

troubleshooting intermediate certs

March 20, 2013, 9:24 am
$
0
0
I am using a VLM in front of Exchange 2010. iPhones running iOS 4 require an intermediate cert for ActiveSync to not prompt about the cert not being trusted.

I added the intermediate cert to the VLM and disabled/enabled the virtual server for Exchange HTTPS. However, the iPhones are still saying the cert is not trusted.

How can I troubleshoot this problem further?

Load balancing between multiple sites for disastery recovery

March 21, 2013, 7:25 am
$
0
0

We are looking at setting up a system for disaster recovery of our exchange.

 

Office 1:

CAS Server

Mailbox Server

 

Office 2:

CAS Server

Mailbox Server

 

Office 3:

Witness Server

Load Balancer

 

The offices are connected via 50mb Metro Ethernet.  The main office is Office 1 and houses the internet connection.  Office 2 will be housing a backup communication line for emergency use for exchange to receive email.  The way I see the most reliability is to have a cas array with Office 1 and 2 and use Office 3 to load balance and run the array.  Office 3 will also run a witness server to maintain quorum.  These are all different subnets and I need to make sure the load balancer can be in another office to do this.  All of the offices can talk to each other so my subnets communicate just fine.  We have a server in each office running Active Directory and DNS.

I need to make sure the 2200 load balancer can do this.

Thanks,

Harold Filliez

IS Administrator

Edison National Bank

 

 

 

DNS issue

March 25, 2013, 8:35 am
$
0
0

I am trying to resolve server names in the diagnostics and whenever I ping a host it says unknown host xxx.

I can ping my dns servers fine and we have no firewall rules in place between the load balancers and the servers.

I tried with the dns search domains added and also with them removed.

packet loss to VLM ipaddresses and servers with default gateway to VLM

March 26, 2013, 2:30 am
$
0
0

we are in process of moving to new network equipment. on our old 6500 we had the vlans terminated and made a trunk between the old and new 6500 switch.

This weekend we removed all vlans from the old switch and reconfigured the with same configuration on the new switch. 

We have the VLM configured as 2-armed with one arm in the routing network and 1 arm in the server network. servers that is used for loadbalancing have default gateway to VLM IP.

This worked as a charm before the move. After the network move we now experience up to 20% packet loss when accessing from any remote office when pinging ip addresses assigned to virtual services or servers with gateway to VLM.

after some tests and reboot of the VLMs we tried to change the default gateway of the VLM to one of the VPN routers in the routing network and then the packet loss was gone. very strange. changing it back to the 6500 gateway, the packet loss is back.

I cannot pinpoint this to the VLM, more likely to the 6500 switch but does any one had any similar issue?

Martin Abildgaard

Repeated "Removing RS" followed by "Adding RS"

April 1, 2013, 10:55 am
$
0
0
We are using a pair of LM2000 balancers with Balancer Version 4.3-48. We have a few virtual services that currently contain one real server and use the ICMP Ping Real Server Check Protocol. The log is repeatedly reporting that the real server has been removed. This results in the virtual service being taken out of service. A few seconds later, the real server is added back to the virtual service followed by the virtual service reporting to be back in service. This only taking place with Virtual Services with a single Real Server. We have a number of Virtual Services with multiple Real Servers that are not reporting this issue.

An example of the System Message log follows:
Apr  1 13:34:42 LM1 l4d: Removing RS [x.x.x.x:80] from VS [x.x.x.x:80]
Apr  1 13:34:42 LM1 l4d: VS x.x.x.x:80 Taken out of service due to failed Real Servers
Apr  1 13:34:49 LM1 l4d: Adding RS [x.x.x.x:80] to VS [x.x.x.x:80]
Apr  1 13:34:49 LM1 l4d: VS x.x.x.x:80 Back in service

Conf Backup Restore losing Access white list

April 2, 2013, 2:11 am
$
0
0

I'm moving VLMs to LM-3600s and when restoring my config from backup, it doesn't include the access control white list for the SMTP relay service.


So I'm using VLMs with version 6.0-38. I create a backup of the configuration and import that in the LM-3600s which are running on 6.0-44. Everything imports fine except for the access control white list for the SMTP relay, which is just empty.
Is that supposed to happen? Do I have any other options to move them and have them on backup?
I have about 418 IPs in there and would rather not move them manually one by one. Also we really need them to be included in the scheduled backups.


Thanks,
Felix

Search

MAPI Problem with Exchange 2010

April 3, 2013, 8:48 am
$
0
0

I have 2 Exchange servers with all roles.

And HA LB 2200 works with HTTPS.

When i try to setup a MAPI then i can't set the incoming trafik to the VIP of the LB2200.

But when i try to set the incoming trafik to one of the servers and the CAS DNS it go to the LS2200 then it works.

Did i must set the defalt gateway from the server to the LB.

The HTTPS trafic go to the LB directly and then roundrobin to the Servers.

Unable to setup Gmail to send via Exchange 2010 behind Loadmaster

April 4, 2013, 5:49 am
$
0
0
We recently installed the LM-2600 for our Exchange 2010 environment. We are able to successfully connect a multitude of e-mail clients (Outlook for PC/Mac, Thunderbird, Apple Mail) via SMTP using port 587. However, we cannot get Gmail to send mail using these settings. In Gmail accounts, you have the ability to setup an alias and send mail with another SMTP server. When I put in the same settings as the e-mail clients, I receive the following message from Gmail:

Your other email provider is responding too slowly. Please try again later, or contact the administrator of your other domain for further information.

image

LM 2600 nor realy Balancing

April 15, 2013, 1:19 am
$
0
0
like the title says the lm 2600 isn´t realy Balancing our Exchange 2010 CAS servers:
 first server  163 Connection   (active)
second  server 2824 Connections (active)



Scheduling Method: Round and Robin

Exchange 2010 monitoring issues through Loadmaster VIP

April 11, 2013, 11:58 pm
$
0
0
Hi,

Running 2-armed LM-2200 HA setup. External Network 10.14.28.0 and Internal Server side 10.13.32.0. 

Running 2 Multirole Exchange 2010 servers. Exchange servers has the Loadmaster as its gateway.

CAS array "outlook.company.org" is pointing to the VIP[10.14.28.10] on the Loadmaster.
EWS/OWA/Autodiscover "InternalURL" is pointing to mail.company.org to VIP [10.14.28.10] on the Loadmaster.

When Exchange 2010 is using its built-in monitoring PS commands like Test-OwaConnectivity -TestType:Internal, Test-OutlookWebServices or Test-EcpConnectivity -TestType:Internal it fails.

I have noticed this issue after we changed internalURL from server1.company.org to mail.company.org.

After some more digging I have noticed that all traffic that goes from an Exchange server behind a Loadbalancer to the VIP [10.14.28.10] fails.

Im pretty sure that if i setup a new Exchange server on a different subnet thats not using the Loadmaster as its gateway the PS commands will probably work fine from that server.

Is this a known limitation when using a loadbalancer or is there any way i can get the traffic back to the orginating Exchange server?

Best Regards

Themac

Kemp Loadmaster behind TMG and Exchange

April 18, 2013, 2:05 am
$
0
0



Hello all!



 We have a specific configuration with specific
problems:



Internet => TMG (DMZ) => Router => KEMP
(single Armed) VIP => CAS Array + MB Servers.



Because of company’s policies all mail related
services (https, mapi, pop, imap, smtp) must be reachable using a single
name: mail.fqdn => single VIP for all Services.



Kemp is configured as Default Gateway for CAS, L7
Transparency is activated. Internally all connections are working, sessions are
load balanced (Source IP).



TMG is configured to submit packets appearing from TMG
DMZs Interface, because of routing.



So external sessions are not load balanced. Because of
this one CAS Server reaches more than 500 RPC ActiveSync connections,
which results in dropping new connections.



We tried to use SSL offloading with other balancing
modes, SuperHTTP but the connection could not be established.



I think we have to switch to Multi Arm configuration, put
the loadmaster into the DMZ net, configure the TMG to submit the real address
and set the TMG as the Default Gateway for this Interface...but the company is
afraid about this...



 Any other suggestions?



 TIA



Oliver

 

Viewing all 69 articles
Browse latest View live
Search