Re: OWA 2003 (NLB/Round Robin)
- From: "Simon Walsh" <simon.walsh@xxxxxxxxx>
- Date: Mon, 21 Aug 2006 21:00:13 +0200
NLB has built in session affinity which you do not get with round robin.
Round robin merely distributes the requests to the number of servers that
are defined in the DNS zone.
Session affinity will maintain contact with the same server for the duration
of the session.
/Simon
"Steve" <Steve@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5B8B25DE-14B4-49DD-AE46-CF9556518FB2@xxxxxxxxxxxxxxxx
I used DNS Round Robin as a method to balance between (2) 2003 OWA FE
Servers. Users almost immediately complained about being kicked out of
OWA.
Errors: unable to authenticate / session has expired
One posting I read was forms-based authentication (that I use) could/is at
the center of the problem
_________________________________________________________
Forms-Based Authentication
In forms-based authentication, users are directed to a Hypertext Markup
Language (HTML) form. After the user provides credentials in the form, the
system issues a cookie containing a ticket. On subsequent requests, the
system first checks the cookie to verify if the user was already
authenticated, so that the user does not have to supply credentials again.
Advantages of forms-based authentication include the following:
Credential information is not cached on the client computer. This is
particularly important in a scenario where users are connecting to your
Outlook Web Access server from public computers. Users are required to
reauthenticate if they close the browser, log off from a session, or
navigate
to another Web site.
. You can configure a maximum idle session time-out, so that if a user is
idle for a prolonged period of time, the session expires, and
reauthentication is required.
. Users cannot use the Remember my password option in Internet Explorer.
. Outlook Web Access includes optional functionality that allows a user to
change the password. If a user changes the password during an Outlook Web
Access session, the cookie provided after the user initially logged on
will
no longer be valid. When forms-based authentication is configured on ISA
Server, the user who changes the password during an Outlook Web Access
session will receive the logon page the next time a request is made.
In an ISA Server 2004 Enterprise Edition scenario involving multi-server
ISA
Server arrays, you must ensure that client requests for a particular
session
are handled by the same array member, so that the client's cookie is
recognized. If the request is received by a different member, the cookie
will
not be recognized and the request will be dropped by that ISA Server
member.
An effective way to ensure that the requests are handled by the same
server
member is to enable integrated Network Load Balancing (NLB) on the ISA
Server
array. For more information, see Appendix A: Configuring NLB on the ISA
Server Array
___________________________________________________________
If formed based authentication is the cause, if I switch to nlb will I
still
experience issues because I don't use ISA.
DNS round robin has been removed and owa is acting as 1 fe server and
users
aren't having the problems.
Please comment on using dns round robin and nlb (without isa), trying to
balance the owa between (2) fe servers.
Thanks.
.
- Prev by Date: Re: OWA & Exchange Server
- Next by Date: Re: OWA & Exchange Server
- Previous by thread: Re: Exchange Backend servers firewalled from internal users
- Next by thread: Re: IO Bottleneck
- Index(es):
Relevant Pages
|
