Archive for tag: Windows

Network load balancing IIS 7.5 on less than stellar networking equipment

I recently came across a few issues configuring Network Load Balancing (NLB) on two Windows 2008 R2 Hyper-V VMs running IIS and MySql as a hosting solution for 100+ medium traffic WordPress sites to be migrated over after testing.

Installation and configuration of NLB went fine, and the cluster was initially configured as multicast.  This worked fine, until I went to go test connectivity from the outside world - no respone.  Turns out, the gateway on this network was (correctly) set to not relay multicast packets.  Unfortunately, creating static routes on this gateway was not an option, so it was going to have to be unicast.  Not a problem - I shut the machines down, added another virtual ethernet adapter, and reconfigured NLB to use the dedicated second adapter.  Windows 2008 R2 and 2012 Hyper-V hosts are now set to block VM MAC address spoofing by default, so that needed to be enabled for that second adapter.

All's well and good - WordPress sets up, everything works... until I log into WordPress and find that it can't retrieve any external info (themes, plugins, WordPress news, etc.)  Because of the way NLB works in unicast mode, each site was trying to use the adapter it was bound to (the dedicated NLB adapter), which because of the spoofed identical MAC addresses, couldn't guarantee that the response would come back to the machine that generated it.

The following commands, courtsey of The Cable Guy, cleared this issue up:

netsh interface ipv4 set interface {NLB adapter} weakhostsend=enabled
netsh interface ipv4 set interface {NLB adapter} weakhostreceive=enabled
netsh interface ipv4 set interface {NLB adapter}ignoredefaultroutes=enabled addition to going into Advanced Settings from the Network Connections list and setting the Management adapter as a higher priority than the NLB adapter.

The first two commands reenable weak binding, while the third command allows outgoing traffic to go out over the non-load balanced adapter, based upon the order of the connections (and guaranteeing it would come back to that specific machine).

Upon further testing, this solution did not work for the given scenario.   NLB is an outdated solution with flaws, but for a while it was the only game in town (on the cheap end).  As stated in the setup docs, NLB creates a massive amount of multicast data in this mode.  The network configuration is unfortunately large and flat, and this configuration generated multicast storms of each and every request.  On an isolated VLAN, this could work, but at that point, you might as well have gone in another direction.  Also, upload speeds are hobbled because of how much traffic is created with incoming packets.

Dedicated load balancers and proxy servers are much better for keeping large amounts of web data highly available.   Physical devices are expensive but well-designed.  Even a lightweight software solution like Squid on quality hardware would fit the bill, plus you get the added benefit of offloading caching and compression to the proxy server, but you lose the ease of a single-point SSL configuration that the better featured physical devices include and instead have to pass encrypted traffic straight-through.  Luckily, IIS >= 8 has that covered.


Removing Windows 7 SP1 Install Files in Audit Mode

Normally when preparing a Windows 7 base image, I'll install it normally, update everything, remove temporary files, and then enter audit mode to take care of a few final steps.  For this particular image, I decided to do everything from audit mode.

Normally after installing Service Pack 1, I remove the temporary files by running

dism /online /Cleanup-Image /spsuperseded

However, DISM quit out with

Error: 1084
This service cannot be started in Safe Mode

After checking the logs, DISM is failing while trying to create a system restore point, which does not run in audit mode.

The solution?  Go into Windows System Settings -> System Protection -> Protection Settings -> Configure, and turn off System Restore.  Once that's done, re-run the DISM command and it should complete normally.  After that, re-enable System Restore and continue on.


Windows SBS 2003 to 2011 Migration

I have the privilege of assisting a client in migrating from a long-running installation of Windows Small Business Server 2003 running the usual slew of SBS services & a couple of LOB apps, all on out-of-warranty hardware that's started to show the signs of old age.

Microsoft has an incredibly detailed guide covering best practices and needed steps to get the migration going. After configuring the newly purchased Dell T6600 (very few local non-profits that I've dealt with have actual hardware racks) as a Hyper-V host, I installed SBS 2011 using the answer file created on the old server. Instead of swapping disks, I just added a second optical drives to the VM, using the second one to mount an ISO of the answer file created using ImgBurn.

I was wondering why the installation was taking so long without the progress bar budging, so I opened the command prompt (using shift+F10) and ran netstat -a to see if the server was connecting to anything, which showed connections to Microsoft's update servers. After reading this post about updates failing, I figured I'd give it another 30 minutes before rudely interrupting, but by then it had finished the updates.

Next up: migrating Exchange…


.Net 3.5 in a Virtuozzo Windows 2003 container

I found a very useful guide for installing .Net 3.5 into a Vituozzo container.  I am still not impressed by Virtuozzo, but for the purposes of the site being hosted on it, it works.  Luckily, .Net frameworks can be installed on a per-container basis, so moving to 3.5 (LINQ!) was pretty easy.  There was 3 minutes of downtime scattered throughout the installation-not too shabby, although for those 3 minutes that the web site wasn't serving up pages, a fair number of fingernails were bitten.

As .Net has matured, did Microsoft ever tell us what's been up with the numbering?  We went from 1.0 to 1.1 to 2.0.50727 to 3.0 to 3.5 to 4.0.  Why was version 2.0's revision code included everywhere it's used?  Were they planning on releasing a 2.0.50728 at some point?  I like the cleanliness that 4.0 will bring back to web.config.  Visual Studio 2010β2 crashed today while saving web.config to a website, which knocked it down for a few minutes…  It seems to have escaped notice, but that's what happens when you get lazy and decide that not every site needs a staging server.


Start menu search is underappreciated

I'm running Windows 2008 on my Fujitsu S7220, using it to test various blog and CMS solutions, and it's a great OS.  As much as I love XP, I'm really impressed with a lot of the UI improvements that went into Vista (which flowed into 2008 and is improved even more in Windows 7).  I don't hear a ton of talk about it, and I get the feeling that a lot of people who grumble about Vista (Becky!) just haven't taken the time to learn their new surroundings.  One thing I didn't realize I use all the time was the searchable start menu.  No more sorting your start menu to make things easier to find-it's a built-in quick launch that doesn't suck.  Luckily, for people running XP, there's hope.  LifeHacker featured a download called ViStart (clever…), which gives XP users the useful bits without needing to upgrade.  I'm going to slipstream this onto my next XP image-that's still 90% of all the installations I do at work.  Most of the Vista-on-XP programs out there are kinda hokey and just for show, but this one brings some really useful functionality back to the most widely used desktop OS.