Application Delivery (ADX)

Reply
New Contributor
Posts: 4
Registered: ‎11-08-2010

VIP causing port to go down on RDS server

3 servers running Windows Server 2008r2, as terminal servers (now called RDS).  Clients can connect to each server directly through RDS, using the normal port 3389.  No issues with users connecting.

We're evaluating two ADX 1008 units, which have been set up by an SE (translation - I don't know what I'm doing with them yet!)  We've set up a VIP to balance between the three, but are running into a problem.  It appears that the port 3389 health check done by the ADX is causing the port to go down - users going through the ADX or even directly to an RDS server are usually unable to connect.  Sitting and doing a port query over and over shows that the port stops responding, only showing "up" briefly once every 15 seconds or so.

We're able to stop this behavior, and "fix" the issue by turing off the port health check, but of course this isn't a solution.  We'd like to make sure that port is up if the ADX is going to send traffic there.

I would be grateful for any help or suggestions offered.  I'm pasting a config below.  I've removed the other VIP items, which are for our Exchange load balancing, which appears to be working fine - this leaves in just the RDS stuff that's causing me to lose sleep.

sho run
!Building configuration...
!Current configuration : 4624 bytes
!
ver      12.2.00aT403
!
global-protocol-vlan
!

!
config-sync sender ethernet 1 mac 001b.ed05.78c0 vlan-id 9
!
!
server no-fast-bringup
server ping-interval 10
server predictor round-robin

server port 3389
tcp
tcp keepalive 30 3
server source-nat
!
context default
!
!
server real ioprds02 10.1.10.192
port 3389
port 3389 no-health-check
port 3389 keepalive
!
server real ioprds03 10.1.10.193
port 3389
port 3389 no-health-check
port 3389 keepalive
!
server real ioprds01 10.1.10.191
port 3389
port 3389 no-health-check
port 3389 keepalive
!
server virtual ioprds-vip 10.1.10.190
sticky-age 60
port 3389 sticky
bind 3389 ioprds02 3389 ioprds03 3389 ioprds01 3389
!

vlan 999 name DEFAULT-VLAN by port
!
vlan 9 name Servers by port
untagged ethe 1 to 8
router-interface ve 9
!
aaa authentication web-server default local
aaa authentication login default local
default-vlan-id 999
enable telnet authentication
no enable aaa console
hostname ADX01
ip route 0.0.0.0 0.0.0.0 10.1.0.5
!
telnet server
username admin password .....
username brocade password .....
router vrrp-extended
no-asm-block-till-bootup
!
interface ve 9
ip address 10.1.0.20 255.255.0.0
ip vrrp-extended vrid 9
  backup
  ip-address 10.1.0.19
  enable
!
!
end

New Contributor
Posts: 4
Registered: ‎11-08-2010

Re: VIP causing port to go down on RDS server

I should also note - we're not getting any sort of security errors on the servers.  Our first guess was that it was detecting a DOS attack, but that wasn't it.  Nothing in the event logs to indicate that the server saw anything.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.