Cannot Perform Load Balancing with Network Load Balancing and Server Publishing Enabled (288574)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2000
This article was previously published under Q288574

SUMMARY

When you install Microsoft Internet Security and Acceleration (ISA) Server in a Network Load Balancing cluster, you may not successfully publish a server.

MORE INFORMATION

This issue occurs because you cannot use ISA Server and Server Publishing on a Network Load Balancing cluster. The ISA Server must act as the default gateway to the published server.

Note: This does not mean that the ISA Server must be the default gateway, but that you must use it to route packets to the external address, either directly (default gateway) or through other routers.

Network Load Balancing examines the destination IP address of packets that arrive on the Network Load Balancing interface. If the IP address is the dedicated IP address of a specific server, Network Load Balancing passes the packet to the TCP/IP stack so that the client communicates with a specific computer. Otherwise, Network Load Balancing load balances the packet, where it is passed to the TCP/IP stack on a non-specific computer.

If a client connects to an ISA server that is configured in a Network Load Balancing cluster, that ISA Server computer sends a connection request, which contains the source IP address of the client, to the published server. The reply packet that is sent to the client IP address is routed through the Virtual IP (VIP) in the Network Load Balancing cluster in this case. Because the destination IP address is not the dedicated IP address of the ISA Server, the packet is "load-balanced" where it is passed to the TCP/IP stack on a non-specific ISA server in the Network Load Balancing cluster, and not necessarily the server from which the request originated.

Therefore, you must configure the ISA Server computer to act as the default gateway for the published server because the server must function as a SecureNAT client of ISA Server . ISA Server is transparent to the published server. The published server thinks that it communicates directly with the client's IP address from the external network. Therefore, the published server must have a route through the ISA Server where it can send packets back to the client.

For additional information about Network Load Balancing, visit the following Microsoft Web sites:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/nlbovw.mspx

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsnetserver/support/netlbfaq.asp

For additional information about how to deploy ISA Server , visit the following Microsoft Web site:

http://www.microsoft.com/technet/prodtechnol/isa/2000/deploy/isaswp.mspx

For more information about a related topic, view the following article:

How to Enable Translating Client Source Address in Server Publishing 311777
Modification Type:MajorLast Reviewed:3/9/2006
Keywords:kbinfo KB288574
©2004 Microsoft Corporation. All rights reserved.