Last week I was helping out a friend in our team during a support call where the scenario was really unusual. The topology was similar to the one below:
Figure 1 – Network topology for this sample scenario.
Customer was using two ISA Servers 2006 Standard Edition Single NIC to publish the OWA 2007. He was using a L5 based switch to balance the traffic among the servers. When I say that the scenario is unusual is because on this case customer was using two ISA Servers 2006 Standard Edition to publish this resource. This means that he have to create rules on both ISA Servers, in other words: to guarantee that everything was correctly configured he needs to carefully configure the same rules on both, manually. High cost administrative task right there!
2. Problem 1 – The Cookie
The first problem that customer was dealing with was because he was using the following option on ISA Server:
Figure 2 – Cookie based load balance.
The problem with this option was caused by the switch that was not keeping the cookie and therefore the communication was getting lost, we changed to Source-ip based and started to work. Later on, customer fixed the switch issue using the recommendations from the vendor.
3. Problem 2 – The Verifier
The other problem was the intermittence while accessing the OWA page, sometimes it was working, sometimes was not. After closely analyze the netmon trace we identify that the traffic was always going to one particular CAS when it was working and when it was not working it was going to the other CAS. We narrow it down the problem to be on the connectivity verify farm in one of the ISA Servers.
Figure 3 – Connectivity Verify.
Since customer has to do the publishing in each ISA Server separately, we have a mistake on the connectivity verifier for the ISA Server 2. After fix that everything started to work just fine. But some lessons were learned here.
After six hours call the lessons learned (mainly for the customer) were:
· To align high availability and low administrative cost in a solution with ISA Server make sure to use ISA Server 2006 Enterprise.
· Look out of the box; do not think that the issue is only on ISA Server. In this case, the first problem was caused by the switch.
Kind of short scenario, but I thought will be good to share to make sure that if you are going to implement something similar, that you know what some of the catches are.