Re: Stop users from directly accessing a server and force NLB

Tech-Archive recommends: Fix windows errors by optimizing your registry

add another NIC to each server for comunications between them use a
different sub-net (i.e. 10.0.0.0)

Change from multicast to unicast.



"VirtualTMAC" <timothymcfadden@xxxxxxxxx> wrote in message
news:1156280774.236209.264800@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The users are hitting the DNS names directly. I have thought about
changing the DNS names as you suggested but i thought it might create
problems with the computer(s) AD accounts.

Also we are working on getting Big IP F5's but I talked to our network
team and they said even with the Big IP's they cannot restrict they by
ip, unless they put the servers behind a firewall.

-TMAC

Maxim Oustiougov [MSFT] wrote:
It depends on whether users hit servers directly using IP addresses or
DNS
names.

If IP addresses - there is nothing you can do, because Session
Directory/NLB
solution requires direct IP access from TS Client to TS Server for
Session
Redirection to work. The only way to restrict access this way is to use
hardware LB solutions such as F5's BigIP or Cisco's CSM.

If DNS names - you can modify DNS records for TS servers so they point to
virtual IP of NLB cluster first. This way smart users will hit NLB,
instead
of Terminal Servers directly.

You might also want to look at WHY users are hitting servers directly -
is
it because their RDP files (or whoever TS Client gets launched) do not
use
virtual IP, or because they think that they HAVE to get to a specific
server.

--
Maxim Oustiougov,
Terminal Services Program Manager

This posting is provided "AS IS" with no warranties, and confers no
rights.

"VirtualTMAC" <timothymcfadden@xxxxxxxxx> wrote in message
news:1156193703.750652.149190@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have 3 servers running Enterprise Edition Terminal Services. Right
not I am using NLB to load balance these servers. The problem is that
alot of the users are directly logging into the servers instead of
hitting the nlb interface. This causes my problems because I get an
very uneven # of users on the servers. So for instance one server will
have 60 users and another one will have only 30. How can I restrict
users from only going to the nlb interface and removing access directly
loggin into the boxes?




.

Relevant Pages

  • Re: Stop users from directly accessing a server and force NLB
    ... The users are hitting the DNS names directly. ... If IP addresses - there is nothing you can do, because Session Directory/NLB ... If DNS names - you can modify DNS records for TS servers so they point to ... This way smart users will hit NLB, ...
    (microsoft.public.windows.terminal_services)
  • Re: Need help on NLB for streaming
    ... NLB exposes a single IP address with load from end-users shared across the ... This is called a LAN-based solution (local area network), ... They are quite expensive and operate by sharing a DNS ... > Hi all, I have two WinServer 2003 servers, one in the US and one in the ...
    (microsoft.public.windows.server.clustering)
  • Re: Stop users from directly accessing a server and force NLB
    ... It depends on whether users hit servers directly using IP addresses or DNS ... If IP addresses - there is nothing you can do, because Session Directory/NLB ... This way smart users will hit NLB, ...
    (microsoft.public.windows.terminal_services)
  • Re: Help SMPT Errors
    ... FAIL Reverse DNS entries for MX records ERROR: The IP of one or more of your ... it may mean that your DNS servers did not respond fast enough). ... INFO NS records at parent servers Your NS records at the parent servers ... PASS Parent nameservers have your nameservers listed OK. ...
    (microsoft.public.exchange.admin)
  • Re: Windows 2000 logon process
    ... Paul Williams ... when clients are accessing the GPO stored in SYSVOL during logon. ... PW>> Sound's like - that's a combination of DNS and Dfs client pointing ... Global Catalogue servers? ...
    (microsoft.public.win2000.active_directory)