Tag Archives: NLB

How to: configure K2 NLB port rules with PowerShell

Long time ago I did a video and blog post on configuring Windows NLB K2 cluster. I know that those materials are not perfect, but thanks to blogging you not only can be subject of mockeries for mistakes and naivety in your old posts, but also you can review and improve on them over time šŸ™‚

Anyhow my old blog post on creating K2 NLB cluster contained this neat picture of required port rules:

As I tread my test K2 environments as “wipe and load”-ready and subject them to all sort of experiments leading to wipe and load and rebuilds I grow tired of creating this rules via GUI. Thanks to PowerShell and Microsoft Community it is not a problem to find a sample script to create Windows NLB cluster. I actually wanted to rewrite it with minor improvements and K2 specifics to spin off K2 NLB cluster quicker but due to endless lack of time this idea moved on the back-burner. What I did instead though is prepared PS script to create port rules:

$InterfaceName = "Ethernet"
$ClusterPrimaryIP = ""

#Removing default port rule for the NLB Cluster
Write-Host "Removing default port rule..." -ForegroundColor yellow
Get-NlbClusterPortRule -HostName . -ErrorAction SilentlyContinue | `
Remove-NlbClusterPortRule -Force -ErrorAction SilentlyContinue
#Adding SmartForms/Workspace rule for port 80 HTTP
Write-Host "Adding port rule for HTTP (TCP 80)" -ForegroundColor yellow
Add-NlbClusterPortRule -Protocol Tcp -Mode Multiple -Affinity Single -StartPort 80 `
-EndPort 80 -Timeout 1 -InterfaceName $InterfaceName -IP $ClusterPrimaryIP| Out-Null
#Adding SmartForms/Workspace rule for port 443
Write-Host "Adding port rule for HTTPS (TCP 443)" -ForegroundColor yellow
Add-NlbClusterPortRule -Protocol Tcp -Mode Multiple -Affinity Single -StartPort 443 `
-EndPort 443 -Timeout 1 -InterfaceName $InterfaceName -IP $ClusterPrimaryIP| Out-Null
#Adding blackpearl rule for port 5252 - K2 workflow client connections
Write-Host "Adding blackpearl port rule for port 5252" -ForegroundColor yellow
Add-NlbClusterPortRule -Protocol Tcp -Mode Multiple -Affinity None -StartPort 5252 `
-EndPort 5252 -InterfaceName $InterfaceName -IP $ClusterPrimaryIP| Out-Null
#Adding blackpearl rule for port 5555 - K2 Host Server connections from client assemblies
Write-Host "Adding blackpearl port rule for port 5555" -ForegroundColor yellow
Add-NlbClusterPortRule -Protocol Tcp -Mode Multiple -Affinity None -StartPort 5555 `
-EndPort 5555 -InterfaceName $InterfaceName -IP $ClusterPrimaryIP| Out-Null
Write-Host "Rules configuration compoleted" -ForegroundColor green

That’s help a bit when I rebuilding my test environment. You can grab this script from GitHub too.

Configuring K2 NLB cluster – Part 1

I’ve just recorded YouTube video on how to configure Windows NLB for K2 NLB cluster:

Please bear with uninspiring introduction where I’m clumsily trying to explain what is DNS round robin and excuse my overuse of interjection “so” which I noticed only after review of my recording – I will try to improve my presentation skills in the future šŸ™‚ For now it is all down to “live demo” pressure šŸ™‚

The one thing I didn’t touch on in this video is anĀ Extended Affinity. Actually as soon as you configure timeout value available for Single or Network affinity in Multiple host filtering mode you start using Extended Affinity feature which was introduced in Windows Server 2008 R2.

Windows NLB Extended Affinity

Unfortunately I’m not aware about official K2 recommendations for K2 in terms of Extended Affinity (K2 documentation features screenshots from some old Windows Server version it seems) but it seems it is something you may want to leverage for K2 Workspace/SF/SP.

Also in video I was a bit imprecise in selecting Both protocols in Port rules as based on official documentation you only need TCP and your ports setup should look like this:

K2 NLB Port Rules

Configuration of port rules on the screenshot above assumes that both K2 blackpearl (K2 host server service) and K2 workspace are hosted on the same cluster.

Also I should note that, unfortunately I was not able to make Unicast mode work in VMware Workstation based environments as it is not as simple as just adding extra NIC but for testing purposes it may be sufficient to use Multicast. For production deployments you either use Multicast or if your network equipment allows IGMP Multicast for small/medium size environments. For large environments MSFT itself recommends to use more advancingĀ load balancers (one of the most popular today are those from F5, and there are a lot of K2 deployments where F5 ADCs are being used).

Just for clarity I will also quote an old note from windowsitpro.comĀ (from 2006 šŸ™‚ ) which clarifies this two NICs requirement for Unicast NLB quite neatly:

Unlike Microsoft Cluster service clusters, in which you should have separate NIC’s to separate regular traffic from the cluster heartbeat traffic, NLB members don’t need multiple NIC’s. However, many people still recommend two NICs in NLB servers, given the low cost of quality NIC’s. Additionally, multiple network cards are desirable in the following situations:

  • For inter-host communication between NLB cluster members when operating in uni-cast mode. With only one NIC NLB members are unable to communicate directly with each other.

  • If the NLB members connect to back end services, for example a Microsoft SQL Server database, it might be desirable to use separate NICs to separate the front and back end traffic.

You may also see the following error whenever you try to run NLB console directly from one of your NLB hosts:

NLB Error When Console Run from NLB host

This is known issue and you can safely ignore it. Just run NLB management console from your management workstation and you will not receive any errors then.

Links to related official K2 documentation:

(1)Ā K2 blackpearl Installation and Configuration Guide > Prerequisites > Set up NLB

Takeaways from this document:

“For a K2 Host Server cluster, use a Unicast operation mode and set the affinity to None. Since the K2 Host Server is a stateless machine, no affinity is necessary per session.”

“For a K2 Workspace Server cluster, use a Unicast operation modeĀ and set the affinity to Single. You will want to ensure that the web pages retain an affinity to the web server during the session.”

“For a K2 for SharePoint Server cluster, use a Unicast operation mode and set the affinity to Single. You will want to ensure that the web pages retain an affinity to the web server during the session.

The same is true for all server clusters that host web based components (such as Process Portals, web services, web parts).”

“As mentioned in the Network Load Balancing Setup and Configuration topic, at least two network adaptors are required when theĀ Unicast operation mode is selected.

Set up the NLBĀ configurationĀ to allow traffic through on the K2 Workflow (default of 5252) and K2 Hostserver (default of 5555) ports.”

(2)Ā K2 blackpearl Installation and Configuration Guide > Planning Guide > Additional Planning Considerations > Network Load Balancing Setup and Configuration

Main takeaway here is the following:

“Traffic to and from a SharePoint site or the K2 Workspace involves a considerable amount of communication from the Web servers to the back-end servers running SQL Server; good connectivity between them is required. It is therefore recommended that Web servers be dual-homed:

  • One network adapter handling the incoming Web requests by using NLB

  • One network adapter acting as a normal server adapter to communicate to the server running SQL Server along with the other servers within the infrastructure, such as domain controllers for authentication purposes”

(3) K2 SmartForms – Setting up NLB

(4)Ā K2 and Firewalls

(5)Ā Seemingly random 401 errors in load balanced SharePoint, Workspace, SSRS and K2 server environments

(6)Ā F5 DevCentral – Load Balancing K2 Blackpearl