I would like to install a wildcard certificate on the loadmasters for *.domain.com. What format do I have to use for the certificate request to send the request off to Entrust?
↧
Wildcard SSL Certificate Request
↧
Status of VIPs
How do people get the status of their VS/Real Servers into their monitoring systems?
We were trying to have a look at the RestfulAPI to see if we can get the status of a VS and RS but other than them being enabled or not we could see see how. Is there a way to get this information?
Thanks,
Bara
↧
↧
VLM HA Issue
Hi Guys,
I've encountered a few similar issues everytime I setup a VLM HA cluster.
Below is the description:
- Upon setup the 2nd node of the VLM, after retrieving configuration from the HA partner, I perform a reboot.
- After the reboot, the 2nd VLM will attempt to become the MASTER while the 1st node remain as MASTER.
- When both VLM becomes MASTER, they will not be able to ping each other even though they r on the same network.
- Need to perform numerous reboot or go to the extend to reset to default for the 2nd node and reconfig the HA
- Both VLM are configured with static mac address
- On one occasion, my HA is setup properly and working fine, then I attempt to shutdown one of the VLM. The standby VLM will turn MASTER (Working normally). But when I power on the previous shutdown VLM, it attempt to turn itself into MASTER (Now 2 nodes becomes MASTER)
I've tested before for the HA functionalities so I'm puzzled why this issue still occurs.
*Encounter on both HyperV environment and VMware environment.
Would like to know what can be the possible caused? Will there be additional configuration to be perform on VMware Vswitches or physical network?
I understand that in HyperV environment you will require to turn on MAC spoofing but there is no similar settings in VMware except enabling Promiscuous mode
Thanks
↧
HA Issue
Hi Support,
I've encounter on few occasion that my VLM nodes will attempt to turn themselves to MASTER in HA mode.
Both of them are connected to the same network and able to setup properly with shared IP.
But at times they will turn themselves to MASTER and ignore each other presence.
I've configured both VLM with static mac but is there any other settings that needs to be enable on the vswitch? e.g. Promiscuous mode etc?
Understand that the HyperV VLM have mac spoofing but VMware doesn't have it.
Please help
↧
What does "kernel: L7: Decode time failed " mean?
This message (kernel: L7: Decode time failed) shows up intermittently in our logs. Any idea what it means?
↧
↧
FTP how to?
Hi Guys,
I'm trying to install FTP services with VLM vers 7.0.8.
here is a description :
2 real servers :
ftp1.domain.com (IP1: 192.168.1.X ) and ftp2.domain.com( IP2:192.168.1.Y)
Both are running on debian7 with Proftpd server ( listen port 21 and passiv mode enabled)
FTP virtual service created as follows :
Service NAME :FTP
Alternate Address :non
Service Type: Generic
Activate Service :yes
Force L7:yes
Transparency :yes
No extra ports
Server Initiating protocols : Normal Protocols
Persitence options :nono
Sceduling Method : Fixed weighting (1000 for ftp1 and 500 for ftp2)
idle connection :none
Use address for server NAT : no
Quality of service : Normal service
Real servers : ftp1 and ftp2
VIP: 192.168.2.X
The status is green and up.
FTP is working when connected directly to the real servers. But not working on VIP .
Do I miss something ?
I really appreciate your help,
Thks guys,
I'm trying to install FTP services with VLM vers 7.0.8.
here is a description :
2 real servers :
ftp1.domain.com (IP1: 192.168.1.X ) and ftp2.domain.com( IP2:192.168.1.Y)
Both are running on debian7 with Proftpd server ( listen port 21 and passiv mode enabled)
FTP virtual service created as follows :
Service NAME :FTP
Alternate Address :non
Service Type: Generic
Activate Service :yes
Force L7:yes
Transparency :yes
No extra ports
Server Initiating protocols : Normal Protocols
Persitence options :nono
Sceduling Method : Fixed weighting (1000 for ftp1 and 500 for ftp2)
idle connection :none
Use address for server NAT : no
Quality of service : Normal service
Real servers : ftp1 and ftp2
VIP: 192.168.2.X
The status is green and up.
FTP is working when connected directly to the real servers. But not working on VIP .
Do I miss something ?
I really appreciate your help,
Thks guys,
↧
SSL connection taking longer time
Hi All,
and then we found out that if we used HTTP Host Header as persistence
option, the web is doing fine, there is no captcha again to connect to
this website
Then we put the load-balancer into live-production environment (assuming everything is working good)
But, there goes another problem, the users feels it takes time to connect to their website now,
and when we try to put the KEMP aside (users connect to the server
without any load balancer between them), everything goes back to normal
We have a problem about SSL connection on KEMP...
We used LM-2200 (HA-mode)
actually, i'm gonna try to tell you all my problem in KEMP configuration,
At the first, we found a problem that the web shows a captcha every time
users try to connect, we try every aspect on KEMP configuration to solve
this,
users try to connect, we try every aspect on KEMP configuration to solve
this,
and then we found out that if we used HTTP Host Header as persistence
option, the web is doing fine, there is no captcha again to connect to
this website
Then we put the load-balancer into live-production environment (assuming everything is working good)
But, there goes another problem, the users feels it takes time to connect to their website now,
and when we try to put the KEMP aside (users connect to the server
without any load balancer between them), everything goes back to normal
Real servers use HTTP and on KEMP we used HTTPS connection (there is ssl certificate on KEMP)
Can anyone tell me what is going on with my configuration ?
↧
Load balancing application pools IIS 7.5
Hi,
I have 3 instances on 2 real servers, LIVE, TEST and TRAIN. They all use .NET 4 and are in different app pools respectively named.
I have managed to setup load balancing on LIVE app pool by having the health check page set to check mydomain.com/LIVE/login.aspx so that if an app pool on LIVE were to fail, then it would get a .NET error and direct all traffic to the server that doesn't have the failed app pool.
Now my problem is I now need to do this for TEST and TRAIN, because the health check in the VS only checks the live one, then even if I stop the TEST app pool, it will still give some of the users a .NET error and not direct traffic to the working server. I thought I had the answer with sub virtual service so I could create multiple virtual services that connect to the same 2 real servers. This let me setup 3 health checks. But I am having trouble figuring out how to direct the TEST and TRAIN traffic to those sub virtual services (or more specifically use those values for health checking)
I have had a look at the content rules and had a go but I must not be understanding this part of the load master config very well. Any help is appreciated.
Carl
↧
HA Configuration
Hi All
I have a question about the HA configuration on a pair of LM 2200's. We have a straight through piece of CAT5e between eth1 on both devices dedicated to the HA heartbeat traffic, however we have not specifically configured an IP address on that NIC. So I suppose the question is does it need an IP assigning to it? The failover seems to work perfectly fine without one? So I am curious as to how it does this if one isn't assigned. Does it use some form of APIPA like in Windows?
Any help or clue greatly appreciated as these are new devices to me and I've still alot to fathom on how they exactly hang together.
Many thanks
Steve
↧
↧
warning log e-mail
Hello,
I have received 2 warning e-mail from my kemp load balancer:
Oct 19 07:29:04 KEMP1 kernel: net_ratelimit: 10 callbacks suppressed
Oct 21 14:00:01 KEMP1 checkproc: checkproc: xread error: No such process
What is the meaning of these messages?
I have received 2 warning e-mail from my kemp load balancer:
Oct 19 07:29:04 KEMP1 kernel: net_ratelimit: 10 callbacks suppressed
Oct 21 14:00:01 KEMP1 checkproc: checkproc: xread error: No such process
What is the meaning of these messages?
↧
VLM1000 Max Ethernet Interfaces
Hi,
A fifth ethernet interface that I added to the virtual machine is not showing up in the GUI. How many interfaces does the VLM1000 support?
Thanks
Marcel
↧
ESP and OWA, session timeouts
Exchange 2010 loadbalanced with two LM2600, version 7.0-8a.
When user logs on through ESP they can work in OWA but, after 5-10 minutes it seems to timeout.
It doesnt logoff like manually it shows the following box when opening a mail for an example:
"Your network connection is unavailable . Please reconnect and try again."
Some users need to restart their computers to be able to reconnect.
Public and Private Computer settings on the Exchange servers are set to 60 min.
↧
Does Load Master supports connection mirroring in HA configuration
Hello everyone,
I would like to know if the KEMP Load master supports connection mirroring in comparison to F5, where if the active box fails the and the users access teh virtual servers through the standby box they do not have to re-enter authenticate for services such as MS Exchange and Sharepoint.
This is one of the deciding factors for one of my clients to choose KEMP. Any help will be appreciated. Thanks in advance.
Regards,
Mansab
↧
↧
CAS Proxying
Hi,
We have 4 Client Access Servers, split 2 per site (let's say site A and site B). 2 of these CA servers are on the same site as the LM (site A), which has a virtual service configured for HTTPS with SSL Offloading and ESP (for all services OWA, ECP, Autodiscovery etc).
For clients who access OWA, who's mailbox is on the remote site (site B.. i.e. the site that doesn't have the CA servers configured as real servers in the LM), will CAS proxying still work from the CA servers in site A to site B?
Also - will I need to configure the virtual directories on the client access servers at site B with no SSL required (as per site A)?
Thanks
Tony
↧
Exchange 2010, Kemp and OS X
Hi,
I have had a strange problem using KEMP LM's, Exchange 2010 and OS X 10.8. Every client configuration I have tried works, OWA, Outlook 2010/2003 and Outlook 2011 for Mac. The only one that refused to work is Mac Mail and the builtin Contacts and Calendar in OS X.
I found the following solution which appears to work from the Apple Support forums: http://tinyurl.com/ce2282d
It involves changing the service type to Generic and the Other server initiating protocols rather than HTTP/S and Normal protocols. It doesn't seem to affect any other service (OWA, ActiveSync etc.) that uses the same VIP on the KEMP. Anyone else had this issue and could it cause problems with the recommended settings for the KEMP LM's and Exchange 2010?
The issue I can see is that I can no longer configure the persistence options to Super HTTP and Source IP and I am sure this would cause issues from NAT'ed clients??
↧
Default Gateway
Hi,
is it possible to have one different "default Gateway" for each eth on LM, or do i have to set additional routes?
Kind Regards
mwerner
↧
SSL Certificates Randomly Stop working
Good Morning, for the last year or so we have had
"bizarre" SSL cert issues with the loadmaster. First on the LM 2200 then the virtual LM and
now on our 2600 and we just performed a firmware upgrade to the latest
Vers:7.0-8a and we still have an issue.
Here is what I see. Today, for
example, we cloned an SSL VIP and made a new SSL VIP with the same cert and
when you go to that URL it just hangs. I
replace that valid real cert with the loadmaster Self signed on and then VIP
works again. Now SOMETIMES, you can just
replace the valid one right back and the SSL VIP works, and sometimes it does
not. And randomly some SSL VIPs stop working
and we cannot figure out why. We have
had to RE-IMPORT the cert with a new name at times to get it working. This is very frustrating. Any ideas? Seems to be only with Wildcard certs thought. Anyone else have this issue?
-Wes
↧
↧
Kemp ESP/OWA public vs private
Hi All
This is currently configured and working quite well.
![image]()
![image]()
We are currently using ISA 2006 to provide OWA and Activesync and are looking to replace this with ESP.
This is currently configured and working quite well.
On the login page for OWA through Kemp, there is no option to specify whether you are using a Public or Private computer. This should change the cookie timeout value. Is this something which is not supported?
↧
Enable Detect Malicious Requests REST API
Checking the last API (v 2.1) I didn't found any method to enable the functionality of Detect Malicious Requests and choose an intrusion handling for a virtual service, so do you have support to work with this options ?
Thanks in advance!
↧
Kemp ESP + Exchange 2013 + Windows XP + Outlook Anywhere = Password Prompts?
Hey all,
We're in the stages of rolling out Exchange 2013 for a customer and are running into an issue with a particular scenario.
If we have a Windows XP machine -> Kemp ESP (Outlook Anywhere with Pre Auth) -> Exchange 2013 then the user is hit with repeated logon credentials. If we use a hosts file on the machine to point straight to the Exchange 2013 Server (Windows XP (Outlook Anywhere) -> Exchange 2013) then everything works fine. Additionally, using a Windows 7 or Windows 8 client works fine (Windows 7/8 -> Kemp ESP -> Exchange 2013 OR Windows 7/8 -> Exchange 2013).
So, it's just that one scenario that is failing. Has anyone set this up and has it working? Would like to know what I am missing...
Thanks,
Brandon
↧