When an Enterprise Edition pool is behind a load balancer that is in SNAT mode, and when the Communicator 2005 server is in the Enterprise Edition pool, static routes for TCP on the Enterprise Edition pool do not work correctly (899571)
The information in this article applies to:
- Microsoft Office Communicator 2005
SYMPTOMS When you configure static routes for TCP on an Enterprise Edition pool, a client computer can successfully make calls. However, events about the call are never received by the client. The client does not have control over the call that the client successfully initiated. This behavior occurs when the following conditions are true: - Static routes for Transmission Control Protocol (TCP) are configured on the Enterprise Edition pool.
- The Enterprise Edition pool is behind a load balancer that is in Secure Network Address Translation (SNAT) mode.
- The Microsoft Office Communicator 2005 server is in the Enterprise Edition pool.
CAUSEStatic routes that use TCP are authenticated by the IP address that is configured as a trusted host. The Enterprise Edition pool members examine the source IP address of incoming packets to see if the packets are trusted before they pass the packets on to the client.
However, the load balancer that is in SNAT mode replaces the source IP address of all incoming packets with the load balancer's own IP address. The IP address that the load balancer uses is the Virtual Internet Protocol (VIP) of the pool. The VIP of the pool is not recognized as a trusted host.
Note The VIP of the load balancer should not be configured as a trusted host because all traffic to the pool is then automatically authenticated. When all traffic to the pool is automatically authenticated, anyone can log on to any account that is homed on the pool without specifying a password.WORKAROUNDTo work around this problem, set the next hop as a Transport Layer Security (TLS) connection to a Standard Edition server or director instead of setting the next hop to the Remote Cluster Controller (RCC) gateway. The subsequent hop must then be configured to have a static route to the RCC gateway by using TCP. This configuration works correctly because the Standard Edition server is not behind a load balancer that is in SNAT mode.
| Modification Type: | Major | Last Reviewed: | 5/27/2005 |
|---|
| Keywords: | kbnetwork_TechConfigIssue kbtshoot kbprb KB899571 kbAudITPRO |
|---|
|