In ACE load balance we are facing kerberos authentication issue. When we are accessing a server directly (10.1.8.62) its working fine, But when we are accessing with LB vip address (10.1.4.33) its asking authentication.
How we can resolve this issue.
The configuration as below:
access-list everyone line 8 extended permit ip any any access-list everyone line 16 extended permit icmp any any
probe http HTTP_PROBE port 80 interval 10 faildetect 5 expect status 200 200
rserver host iis1 ip address 10.1.8.61 inservice rserver host iis1a ip address 10.1.8.62 inservice
serverfarm host web rserver iis1 inservice rserver iis1a inservice
parameter-map type http Kerberos server-conn reuse case-insensitive persistence-rebalance set header-maxparse-length 65535 length-exceed continue
sticky ip-netmask 255.255.255.255 address both stickyRule serverfarm web
class-map type management match-any IIS-mgmt 201 match protocol snmp any 202 match protocol http any 203 match protocol https any 204 match protocol icmp any 205 match protocol ssh any 206 match protocol kalap-udp any 207 match protocol telnet any 208 match protocol xml-https any
class-map match-all slb-vip 2 match virtual-address 10.1.4.33 any
policy-map type management first-match IIS-mgmt class IIS-mgmt permit
policy-map type management first-match remote-access class class-default permit
policy-map type loadbalance http first-match slb class class-default sticky-serverfarm stickyRule
I looked at your configuration again and realized that ACE is not learning or doing anything at the HTTP level and hence no statistics. You have sticky based on the L3.
You have mentioned it works directly but through ACE it doesn't. The only difference i see is that client is getting natted here. If you test with only one server in serverfarm, does it work fine? Can you do capture on ACE itself so that we can see the communication between client and ace and server to see what is going on here?
Do you see anything when you do "show conn"? You can filter it with source/vip address. Is there any specific requirement from these servers which needs to be configured on ACE?
The unmanaged mode is also known as Network only switching, which is introduced in Brazos release. It adds the flexibility for customer to use only network automation for service appliance.
If a device is configured a...
Usually, we can access ESXi Shell by pressing Alt+F1 from ESXi DCUI (Direct Console User Interface).
But on HyperFlex system, it just shows black window.
This is expected behavior because HyperFlex redirects ESXi Shell output to SoL...
Configuring an Export Policy Using the GUI
This procedure explains how to configure an Export policy using the APIC GUI. Follow these steps to trigger a backup of your data:
On the menu bar, choose Admi...