Showing posts with label NLB. Show all posts
Showing posts with label NLB. Show all posts

Wednesday 30 April 2014

OWA intermittently not returning office documents in Office Web Apps 2013

Problem: Intermittent requests are not returning the pdf/word documents. Most requests are working and occasionally 1 request doesn't work. Every 4th request tries to get the pdf to display on Office Web Apps for a few minutes without any error message and then stops trying and displays the message "Sorry, Word Web App can't open this ... document because the service is busy."

I have 4 OWA/WCA servers on a stretched farm being used by SP2013 etc.

Initial Hypothesis: Originally I thought it was only happening to pdfs but it is happening to word and pdf documents (I don't have excel docs in my system). My monitoring software SolarWinds is badly configured on my OWA servers as the monitor is showing green, drilling down into the servers monitoring; the 2 application monitors are both failing. The server should go amber if either of the 2 applications monitoring fails and in turn red after 5 minutes. At this point I notice that I can't log onto my 4 OWA/WCA server. Web request are not being returned. I look at my KEMP load balancer and it says all 4 WCA servers are working, I notice the configuration is not on web requests but on ping (not right) and the NLB/KEMP is merely redirecting every 4th request to the broken server.

Resolution:
  1. Reboot the broken server, once it comes up I can make http requests directly to url http://wca.demo.dev/hosting/discovery on the rebooted server.
  2. SolarWinds monitoring is lousy - need to fixed the monitoring.
  3. Kemp hardware load balancing needs to be changed from checking the machine is "ON" to rather checking each machine using a web request.
SolarWinds Monitoring is not configured correctly

 

Friday 11 October 2013

Testing my SharePoint 2013 Network Load Balancer

Overview:  This is how I tested my Kemp load balancer.  Kemp terminates the SSL and has a load balancer that checks the http service is running.  I still like to use session persistence for load balancing.

Fiddler is useful from the client, you can check that SSL is getting correctly written by the Load Balanacer. 
Microsoft Network Manager 3.4 is useful to watch the traffic between the WFE and the load balancer.  WireShark is also good option.  This role would probably best be performed by using Fiddler as a reverse proxy to capture the traffic (I never done this).


SharePoint 2013 has the Request Management Service that acts like a load balancer for traffic.  I don't understand the point and I would need a rather strange scenario to use Request Management if I have a decent load balancer in place (KEMP or F5).


Updated 17 Aug 2015: All the Load balancer solutions (F5, Cisco, Kemp etc.) have traffic distribution, it is a good idea to use a more advanced algorithm.  For instance using an F5, setting to use the "Dynamic Ratio" algorithm redirects traffic based on continuous monitoring of the servers resources.  F5 has many options I prefer using the "Dynamic Ratio" but it depends on the circumstances.

Monday 5 August 2013

Load balancing in SharePoint

Background: SharePoint 2010 required sticky sessions.  In effect when the 1st request from a user comes into SharePoint 2010 to the load balancer, the request will be directed to a particular SharPoint WFE server that will then serve the subsequent requests (the user now has session affinity/sticky session).

SharePoint 2013 has distributed cache so you no longer need to use sticky sessions, the load balancer merely needs to direct the user to any server (preferably the quietiest).

Possible options for Load Balancers in SharePoint:
F5/BIG-IP (Level 2, 3, 4 &7)
KEMP (Level 4 & 7)
Barracuda (Level 4)
Cisco - I don't think Cisco build dedicate load balancers and more however "Cisco IOS-based router product has load balancing capabilities".
Not familiar with:
http://www.coyotepoint.com/products/compare
http://www.radware.com/Products/ApplicationDelivery/AppDirector/load_balancing.aspx
http://www.a10networks.com/resources/files/DG_MS-SharePoint2013.pdf - NLB and SSL termination.

Key features needed off a Load Balancer:
Distributed Denial of Service (DDoS) attack protection
Http compression
SSL acceleration/ and termination
Persistance/Sticky sessions
HA via distribution of requests and verifying that SP is running.
 

Friday 17 September 2010

Image dump - Ribbon actions are disabled

Problem: Adding a new domain account user to the "Farm administrators" group. The new account mydomain\mstest1 cannot use the "New", "Extend" or "Delete" buttons on the ribbon within "Web Application Management".
Rolling over the buttons on the ribbon display the following information: "This control is currently disabled." "You might not have the right permission level to use this, you might need ...".
Additionaly you will also notice the "Manage Service Applications" will not allow you to create or delete new Service Applications.
New user in the Farm administrators group
Hypothesis: The new farm administrator does not have the appropriate permissions on the configuration database.

Resolution: Give the new administrator db_owner rights and the ribbon action options are available.

Further Info:
By making a content database read-only as shown below all Site Collections become read-only, ribbon actions are disabled.  Not coentent can be added to the Site Collection.
Make the content db read-only

Resulting Site Collection (Can't use most ribon options)



NLB
NLB 2

Tuesday 7 September 2010

SP2010 AutoSPInstaller NLB farm install issue - Trial period for this product has expired

Problem: I created a farm using the AutoSPInstaller project. All works perfectly. I then joined a 2nd SharePoint 2010 server using the script however the script was change to not create the services again. All works and I have a 3 server farm including the database server. I then added Windows 2008 R2 network load balancing on the 2 SharePoint 2010 servers. If try access the default Team Site created when I built the 1st server on the new server I get the error "The trial period for this product has expired." Event log doesn't show an error and the ULS shows the following error "Exception thrown while adding control 'Microsoft.SharePoint.Portal.WebControls.SearchBox' : Thread was being aborted ...".


Hypothesis: The install adds the IIS web site created on my initial farm build on the 2nd SharePoint server. Routing is working and the error occurs when the request is routed to the 2nd SP2010 server. The response is coming from the IIS web server and we know the issue is within the specific web app.  In MOSS there were 2 causes for the error message and this is clearly not the SP2 bug so it looks more like the app pool account bug.

Resolution: Create a new Web Application and create a new root Site Collection. The error goes away. OR
Using Powershell change the Managed account then using IIS Manager on each web server go to the approoriate app pool and change the account to the new account. 
OR
Use Central Admin to change the service account.  CA > Security > Configure service account.  You will need to reset IIS on each web server.
Demo on changing app pool managed accounts

Thursday 1 July 2010

Installing Sharepoint 2010 options & Basic SP2010 manual installation tips

You have 4 options for installing SharePoint farms:
  1. Manually sun the setup and follow the installation wizard (this is discussed below);
  2. Deploy SharePoint 2010 via a slipstream install, this was my prefered method for MOSS.  I ran the install from a batch file that got it's configuration from an xml file;
  3. PSConfig installation (sic); or
  4. Use PowerShell to Install SharePoint. and technet scripted deployment
 Summary: For environments such as live the PowerShell/Slipstreamed options are best as they allow for recreation and input is always identical.  Manual install is fine for development servers however their is no advantage except for a lower learning curve for the IT admin.
Post below is a Manual Installation:
SP2010 install video
Install the pre-requisites
  • Prerequisits will install roles and software you need internet access on the server to fetch the prerequisits software (this can be put on the server to stop the machine going to the Internet).
  • Preferably have seperate instance of SQL 2008 R2 but for dev/demo machines. If 1 machine rather setup SQL devleoper or a instance (I dislike using SQL express).
Setup / SP 2010 install tips
  • Install "Server farm" option not standalone
  • "Complete" installs all component prefered option
  • Connect to a new farm
  • Database server name us name rather than IP (incase it changes)
  • DB account (must already exist in AD)
  • Passphrase used to connect new servers to this server farm (remeber/keep it)
  • Kerbros - if your network supports it but use NTLM if you aren't sure.
  • Wizard - follow screens, services can be heavy so add them when you need them, however for demo I select all services and create a new site collection - a good options is to use the Team Site Template.
  • Need 3 accounts for min Best practices: 1) Managed Service account (domain user account) that SQL Server runs in, 2) Managed Service Account (domain user account) all services will be installed on this account (MS suggests using a seperate managed account for each service) on small farm s/dev I use 1 account,  and 3) Farm install account (domain account) this needs to be a local admin on each SP2010 server and have creator & dbsecurity accouts on SQL.
  • 5 Accounts is a better option excluding the SQL services account namely:
  1. SP-Install - domain account with admin local rights on each WFE also need SQL dbcreator and securityadmin roles (used to login and install binaries, use this account for add new servers to the farm),
  2. SP-Farm - domain account no permissions, will be the account to run timer job and other key roles,
  3. SP-Web-App-Pool - Content Web app account - Domain account only,
  4. SP-Services - Install all services to use the same domain account, this can be seperate for each services but for easy of setup and mainentance use 1 account.  Exception is the User Profiles service, setup seperately using Spence Harbors post as the user domain account needs unique security, and
  5. SP-Crawl - Used to crawl SP content.
Additional Info on accounts:
  1. SQL Server needs to run as a windows service, you need an account, I would use a managed account in AD with no permissions called SP2010-SQLService.
  2. Farm Installation account, you need to create a domain user account in AD, give the account local admin access to each SP2010 machine.  Call it SP2010-Admin.
  3. SP2010 Service account/s, you need to create a managed service account with zero permissions in AD.  You can use 1 account or create a seperate account for each service (MS Best Practice).  I call my 1 account SP2010-Services. 
Use slipstreaming for SharePoint it's faster and consistant.
Use:
  1. Windows 2008 R2 x64
  2. SQL 2008 x64
  3. On HyperV/VMWare except the db which should be a seperate physical machine/SAN
Update 08 November 2010:  Notes on deploying a 3 server farm consisting of 2 WFE's that are NLB using Windows NLB.  Installation done using AutoSPInstaller. 
Installation Notes for a 3 server NLB SharePoint 2010 farm

Update 10 November 2010: SharePoint install account - Todd Klindt.
Update 11 May 2011: SharePoint 2010 database management article