NLB Can't see 2nd Server

  • Thread starter Thread starter Willem
  • Start date Start date
W

Willem

Hello

I Try to "See" the 2nd Web-Server in my NLB Environment
again after changing IP-Addresse.

I had a NLB Setup, changed (using edit in the Advanced
TCP/IP Settings) IP Addresses and now I can't ping the 2nd
server anymore (I'm almost sure it was possible before
changes).
NLB works fine, but my Backup running on server 1 can't
see server 2 any more.

If a try to ping from server 1 to server 2
(xxx.xxx.131.59), Server 1 starts a ARP request but server
2 never answers this request (Details below).

What went wrong?

Is it normal that in the ARP request, in the Ethernet II
Frame the Dedicated Mac and in the ARP-Protocol the
Primary mac address is?


Pinging the NLB IP's from a workstation in the same
network works fine as well as pinging the workstation form
the servers.


What do I have:
2 Windows Advanced Server 2000,
Single networkcard, Multicast Enabled

Server1:
Prim IP: xxx.xxx.131.57
Subnetmask: 255.255.255.240
Multicast support enabled
ID: 1
Initial Cluster state Active
dedicated IP: xxx.xxx.131.58
Subnetmask: 255.255.255.240

Server2:
Prim IP: xxx.xxx.131.57
Subnetmask: 255.255.255.240
Multicast support enabled
ID: 2
Initial Cluster state Active
dedicated IP: xxx.xxx.131.59
Subnetmask: 255.255.255.240

Portrules on both:
Start end Protocol Load Affinity
80 80 TCP/UDP 50 Single
443 443 TCP/UDP 50 Single


The ARP Broadcast:
Ethernet II Frame:
Src: 00:02:55:7b:9c:dc (dedicated mac address)
Dst: ff:ff:ff:ff:ff:ff
ARP request:
Sender MAC address: 03:bf:d5:90:83:39 (Primary mac address)
Sender IP Address: xxx.xxx.131.57 (Primary IP Address)

Thanks
Willem
 
Hi Willem,
When you changed the IP in Advanced TCP/IP did you also make sure to change
the settings in the NLB portion the same way?
--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Hi Curtis,
Yes every thing seem to be ok, Load Balancing seem to work
as well.
Load-balancing-Properties are ok as well but..???
Thanks
Willem
 
OK, now we are clear on that. So let me ask a clarification question, what
do you mean by "see" the second server?

It is normal for the Dedicated IP to be using the hardware MAC and the NLB
IP to be using a software assigned MAC when multicast is enabled. However,
some network card drives do have a problem with this and do not properly
suppress the MAC as they should for some types of network frames.

Another good question is what is the load balancing being used for? It may
be that we need to adress some architectural issues here.
--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Hi Curtis,

With can't "see" the other Server I meen:

- can't Ping server1 from server2,
- can't Connect \\ipserver2\c$
- can't Backup Server 2 (Veritas Netbackup was setup on
server1 prior IP-Change, and Backed-up server2 for over
months)
- can't see Server in "My network Places"
- can't map \\server2\c$
(and the same in the other direction)

What I still have but can't access is:
@Server1 in "my network places" there is a entry "d$ on
server2". At selecting I get the message
***start
\\server2\d$ is not accessable.
The network path was not found
[OK]
end***

@server1 in "computers near me" there is no entry

@server2 in "my network places" theres no entry about
server1

@server2 in "computers near me" there are 2 entries
1. server1 when I try to open this Server I get the message
***start
\\server1 is not accessable.
The network path was not found
[OK]
end***

2. Server2 (its own, can be opened)


So, for me this means that there was a connection in the
past.


What I can from workstation in same network:
Ping Server1 from workstation
ping server2 from workstation
ping NLB from workstation
ping workstation from server1
ping workstation from server2


I hope I could answer your question.
I also hope you can help me.

Thanks
Willem

I wish you Merry Christmas.

PS. I will not be in the office till after X-mas, but will
read mail/newsgroup occasionaly
 
Hi Willem,
It is not uncommon for NLB nodes not to be able to ping one another:
816910 Cannot Ping IP Addresses After You Enable Network Load Balancing on
http://support.microsoft.com/?id=816910

However, in this case it might be possible as you are using multicast. If
you have not already it is a good idea to reboot both nodes after making an
IP change when you have NLB enabled.

It is also possible that it worked before as the name and connection
information was cached on your machine somewhere and as it has changed its
not refreshed. Again a reboot could really help here.

The other thing that is still unanswered is what is this NLB cluster used
for? Knowing this would help in evaluating the architecture so that we can
make possible changes for better preformance. In many cases using 2 NIC
cards is a better option than using a single NIC with multicast.
--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Hi Curtis

I did reboot the systems more than once.
The Balanced Ports are 80 and 443, so it balances a web
service. I use IIS

Since the IP-Change I have on each Server two System-
events each two hours!

Server1:
Source: BROWSER
EventID: 8021
Computer: Server1
Type: Warning
Text: "The browser was unable to retreive a list of
servers from the browser master \\SERVER2 on the network.
\Device\NetBT_Tcpip_{5F19228A-95E8-44C3-8601-
601E74889847}. The Data is the error code."
Data: "0000: 35 00 00 00"

Server1:
Source: BROWSER
EventID: 8032
Computer: Server1
Type: Error
text: "The browser has failed to retreive the backup list
too many times on transport \device\NetBT_Tcpip_{5F19228A-
95E8-44C3-8601-601E74889847}. The backup browser is
stopping."
Data: "0000: 35 00 00 00"


Server2:
Source: BROWSER
EventID: 8021
Computer: Server2
Type: Warning
Text: "The browser was unable to retreive a list of
servers from the browser master \\SERVER1 on the network.
\Device\NetBT_Tcpip_{045AB1BD-8E41-480B-9859-
6AE440DE0072}. The Data is the error code."
Data: "0000: 35 00 00 00"

Server1:
Source: BROWSER
EventID: 8032
Computer: Server1
Type: Error
text: "The browser has failed to retreive the backup list
too many times on transport \device\NetBT_Tcpip_{045AB1BD-
8E41-480B-9859-6AE440DE0072}. The backup browser is
stopping."
Data: "0000: 35 00 00 00"

Notice: on Server1 the Event-message says "from ...
\\SERVER2", so, it knows by name from Server2 (the same in
the other direction).

The System has a 2nd, configured in a other network but
disabled network card installed.

any idee left?

Willem.


-----Original Message-----
Hi Willem,
It is not uncommon for NLB nodes not to be able to ping one another:
816910 Cannot Ping IP Addresses After You Enable Network Load Balancing on
http://support.microsoft.com/?id=816910

However, in this case it might be possible as you are using multicast. If
you have not already it is a good idea to reboot both nodes after making an
IP change when you have NLB enabled.

It is also possible that it worked before as the name and connection
information was cached on your machine somewhere and as it has changed its
not refreshed. Again a reboot could really help here.

The other thing that is still unanswered is what is this NLB cluster used
for? Knowing this would help in evaluating the architecture so that we can
make possible changes for better preformance. In many cases using 2 NIC
cards is a better option than using a single NIC with multicast.
--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
From: "Willem" <[email protected]>
Subject: RE: NLB Can't see 2nd Server
Date: Thu, 18 Dec 2003 02:28:43 -0800

Hi Curtis,

With can't "see" the other Server I meen:

- can't Ping server1 from server2,
- can't Connect \\ipserver2\c$
- can't Backup Server 2 (Veritas Netbackup was setup on
server1 prior IP-Change, and Backed-up server2 for over
months)
- can't see Server in "My network Places"
- can't map \\server2\c$
(and the same in the other direction)

What I still have but can't access is:
@Server1 in "my network places" there is a entry "d$ on
server2". At selecting I get the message
***start
\\server2\d$ is not accessable.
The network path was not found
[OK]
end***

@server1 in "computers near me" there is no entry

@server2 in "my network places" theres no entry about
server1

@server2 in "computers near me" there are 2 entries
1. server1 when I try to open this Server I get the message
***start
\\server1 is not accessable.
The network path was not found
[OK]
end***

2. Server2 (its own, can be opened)


So, for me this means that there was a connection in the
past.


What I can from workstation in same network:
Ping Server1 from workstation
ping server2 from workstation
ping NLB from workstation
ping workstation from server1
ping workstation from server2


I hope I could answer your question.
I also hope you can help me.

Thanks
Willem

I wish you Merry Christmas.

PS. I will not be in the office till after X-mas, but will
read mail/newsgroup occasionaly
Click to expand...

.
Click to expand...
 
Hi Willem,
These errors are considered normal for machines that have more than one
network card. These browsing errors occur as the computer has difficulty
determining the browse master (as their can be only one of them) when 2 NIC
cards are in use; or when a single NIC card has 2 IP addresses on the same
network (as only one address can be registered). You should be able to ping
the machines by IP number from other machines, but you may not be able to
ping them from one another. As such these errors can be safely ignored, but
you will not be able to browse the network as this is a known condition. It
may have worked in the past as the browse list was cached in some way
before NLB was installed, but it is considered normal that the "My Network
Places" or browse list is now not populated or usable.

However, since you are using multicast and only one NIC card you should be
able to access the machines via the \\<IP_Number>, where <IP_Number> is the
dedicated IP.
--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Curtis said:
However, since you are using multicast and only one NIC card you should be
able to access the machines via the \\<IP_Number>, where
Click to expand...
dedicated IP.
Click to expand...

That what I expected as well but
start/run \\<dedicated_IP_other_server>\c$
where both servers are in the same workgroup, have the
same accounts (administrator) and passwords.
still brings the message
"The network path was not found"

start/run \\<dedicated_IP_this_server>\c$ or
start/run \\<Primary_IP>\c$
Opens Explorer

ping dedicated_IP_other_server fails (Request timed out as
discribed in priv. message)
ping dedicated_IP_this_server OK
ping Primary_IP OK



Do you have a good working NLB with multicast enabled?
can you ping the other server and sniff, to see what mac-
addresses are in the ARP-requests?


Thank you

Willem
 
Hi Willem,
I currently don't have a test system for this so this could take a few days
for me to verify. So please be patient while I do some verification.
--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Hi William,
I have tested this with a local test system here now and confirmed that it
behaves as it should and as I have stated before. I suspect this is a
problem with the NIC card drivers or the NIC card that is being used in
your particular configuration.
--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Hi Curtis,

Thank You,
Still one Question. Can you Sniff the network?
how does a ping from one to the other machine work (my
answers will be in brakets).

1. there should be a ARP request (YES)
1a What is the source-mac-address in the Ethernet II
Header and (Mac-Server1)
1b Specialy the Sender-mac/IP-address in the ARP-request
body (Mac-NLB/IP-NLB [I Expected the Mac/IP from Server 1])
1c The Target IP-address (IP-Server2)

2. is the request answered? (NO)

I'm not sure but I Suppose that this is since I changed
the IP-Addresses, before it seemed to work.

In the meantime i changed to SP4, fully-patched, but
didn't help me.

Thanks
Willem.
-----Original Message-----
Hi William,
I have tested this with a local test system here now and confirmed that it
behaves as it should and as I have stated before. I suspect this is a
problem with the NIC card drivers or the NIC card that is being used in
your particular configuration.
--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
From: (e-mail address removed) (Curtis Koenig [MSFT])
Date: Mon, 05 Jan 2004 21:53:35 GMT
Subject: RE: NLB Can't see 2nd Server

Hi Willem,
I currently don't have a test system for this so this
Click to expand...
could take a few
days
for me to verify. So please be patient while I do some verification.
--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!
Click to expand...

.
Click to expand...
 
Hi Willem,
I no longer have this test setup available so I can not preform a sniff on
it. At this point if you still want to pursue troubleshooting this issue I
think it best that you contact our technical support via telephone. Given
the complexity of this issue and the resources neccessary to reach
resolution the direct support provided over the phone will be more
productive.

As I stated before I think this could be a problem with the driver for the
NIC card being used as I have seen that cause issues of this type in the
past. You may want to test by putting in a different manufacturers NIC card
or removing the device and fully re-installing it to see if refreshing the
driver has any effect.

--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Back
Top