Ace 4710 and 2003 Sharepoint

Unanswered Question
Jan 18th, 2010

Bit of background, before my wonderful problem.  Have installed a pair of Ace 4710 LB's.  Their purpose is to control traffic coming in from a remote company, while local users do not use the LB's (this is temporary....but the LB's fit a requirement).

Sharepoint is working as planned and the access from the remote company is working as it should.  One requirement is still probablematic, health checks were supposed to be enabled on the 4710 to check the Web (2), 1 App and 1 DB server to confirm utilization for CPU and memory is under 80% and from that point forward disable the VIP to a sorry server.  The company we contracted to do the work has been has not brought issues up in advance....and it is just now coming to light that the app and DB servers will not be monitored unless custom scripts are written (not part of SOW).

The purpose of the LB's are to enable the remote company access and cut them off if the servers are being adversly affected by the remote traffic, without impacting local users.  This is not the typical LB solution and it is being put in place due to time constraints, which is why local users are not on LB.  I need heath checks to be performed on all servers and the the remote users cutoff when needed.

HTTP checks have been brought up as a possibility testing a URL with possible timeouts (Sharepoint slows when utilization becomes an issue). 

Any suggestions anyone has on this board would be helpful.   If scripts are easy to implement, then we can try that (I'll write them myself if needed).

Thanx all in advance......Doug

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Peter Koltl Mon, 01/18/2010 - 13:20

What about SNMP probes that checks CPU and memory? All you need is enabling SNMP on the rservers. As for HTTP probes, you can set the timeout in seconds if that's the right magnitude for you.

dbruce100 Mon, 01/18/2010 - 13:30

We were unable to change anything on the Sharepoint design, so the front end Web servers talk directly to the backend App and DB servers without the LB being involved.  From what I've read and been told, no way to poll the backend servers without them being in the Serverfarm rotation (hoping this is wrong). The LB's are configured in a routed design and located in a separate network using NAT to force the remote company traffic through them.

One other new issue (loving how late I'm being informed of these)....2003 server does not come automatically with SNMP CPU and Memory.  Perfmon MIB or other additions need to be enabled on the server to be able to poll for the info needed.  Any info or experience related to this would also be helpful.

At this point, we are looking at polling the front end servers for CPU and Memory and using the HTTP checks for visibility into the app as a whole.  The timeout you recommended would be part of that for the HTTP requests.  If there is a way to poll the backend without them being in the serverfarm rotation....I'm all ears.

Peter Koltl Mon, 01/18/2010 - 14:10

You can surely run a probe to anything as long as you have IP connectivity (which shall not be asymmetric...check ACE address in the DB server's routing table)

rserver app1

  ip address

  probe app1probe

  probe db1probe


probe snmp db1probe

  ip address


However, I'd rather run an HTTP probe to the FE webserver with regexp content check which is successful only if the DB1 and App1 server provides the right content. 3 in 1.

dbruce100 Mon, 01/18/2010 - 14:22


Thank you for finally clearing this up.  I've been spending an inordinate amount of time researching stuff that I had outsourced and funally decided to put the question on this board.

Given this is a public board, I will leave off my specific comments related to my contract issues.

Anyone that can help with the SNMP aspects of Server 2003, it will add to my happyness at the moment.

Thanx again.

Peter Koltl Mon, 01/18/2010 - 14:47

Closer to your setup:

serverfarm SF1

  rserver FE1

    probe FEprobe

    probe app1probe


  rserver FE2

    probe FEprobe

    probe app1probe


probe snmp app1probe

  ip address


dbruce100 Mon, 01/18/2010 - 14:56

Our setup is even stranger.  We are using the Sharepoint cluster address (so the LB's really are not  Load Balancing).  So:

serverfarm Sharepoint

  rserver Cluster1

    probe FE1probe

    probe FE2probe

    probe app1probe

    probe DB1probe


probe snmp app1probe

  ip address


The Cluster was defined as the company wanted it and our project is only for servicing the remote company without affecting local users.  Long term, the entire company will move to using the LB. If needed to have the probed servers in the rotation, we would have bypassed the cluster.

I wouldn't call it best practices, but in the time and requirements handed to us, the solution fit the bill.

Thanx again.

FYI:  The Regexp info would actually be preferred, assuming I can get the info needed to perform them on the back end servers.

dbruce100 Tue, 01/19/2010 - 06:56

Anyone that can help with exactly what is required to enable CPU and Memory pulls via SNMP on a Windows 2003 Server......I'll be your personal slave (not really).  I'm receiving contradictory info on needing additional MIB info to you name it as well as MIB walks needed for the OID.  I'd just like a confirmed list from someone who has done this to get rid of the confusion.

Thanx in advance.

dbruce100 Sun, 01/31/2010 - 21:31

CPU and Memory pulls have been eliminated as possibilities due to Microsoft deciding to strip out basic OID's in 03 on.  Did some pretty extensive searching and have been unable to get them to work on the servers involved.

HTTP checks seemed like a good alternative to get visibility into the application as a whole.  Using standard checks and the credential command has come up with a 401 return code, authentication failed.  To receive anything via HTTP on the Sharepoint install, a user must authenticate.  If anyone knows of a way to get this to work (standard AD authentication dialogue), it would solve a big issues.

Currently we are running TCP checks on HTTP (enabled on all servers) and RDP (picked as something that could be effected quickly if there are server issues.  Any recommendations on alternative health checks that can be implemented quickly without changing the servers, that would cover much of what I need.  Timeout recommendation for the TCP checks would be helpful also.

Thanx all in advance.

Peter Koltl Mon, 02/01/2010 - 00:37

As far as I know HTTP probe supports only basic HTTP authentication but not IWA. I'm also interested about when and if Cisco  plans to implement IWA in probes.


This Discussion