Quantcast
Channel: Application Request Routing (ARR)
Viewing all 739 articles
Browse latest View live

ARR Server Farms Error and Ready For Load Balance Fail

October 23, 2018, 2:07 am
$
0
0

Hi : 

I Create the ARR Server Farms Group

Sometimes the Server Farms  exception failed 

And Load Balance Fail

When I manual make server available. 

The ARR Load Balance can normal.

But perform for a while  the Load Balance become unavailable.

The message is : 

The object identifier does not represent a valid object. (Exception from HRESULT: 0x800710D8)

ARR Control : Windows 2008 R2 

Primary IIS Server : Windows 2012 R2 IIS 8.5

Secondary IIS Server : Windows 2012 IIS 8.5 

Please provide some suggestions 

Thanks a lot. 

https://1drv.ms/u/s!AokO7fjNVHKNgoUxlH2EOU8IJ1uMmQ

Search

ARR Reverse Proxy with Different Load Balancing (based on URL)

October 24, 2018, 4:57 pm
$
0
0

Is it possible to have different load balancing servers based on the URL? 

For example:

domain.com/app1 ->>> Sends to the servers in Farm1

domain.com/app2 ->>> Sends to the servers in Farm2 

Also, I am trying to utilize ARR with URL Rewriting to replace a basic installation of TMG.  With the URL Authorization rules be applied first before the load balancing?   

My overall scenario is to have client certificate, perform authentication and then redirect to appropriate server with load balancing based on the URL.  

Thanks! Mark

Server Variables (Logon_user and remote_user)

October 25, 2018, 3:28 pm
$
0
0

I have set up ARR and URL Rewrite to redirect based on a certain pattern.  However, I am not able to properly set a server variable with the logged on user name.  I redirect to an aspx page and it knows the logged in user.  However, I want to set a new server variable with the same value.  

I have added the server variable name and set it in the inbound rule.   Is the user name not populated at the time of the rule?  

Any ideas on where I should look? 

Thanks

Mark

Kerberos Constrained Delegation

November 5, 2018, 8:32 pm
$
0
0

So I am wondering if this is possible as I am trying to replace TMG 2010 with ARR.

In TMG, I have the server set up to request a client certificate and authenticate the user.  TMG then redirects to the backend server which is IIS and has Windows Auth turned on.  The user is logged in based on Kerberos Constrained Delegation. 

TMG box is authorized to delegate to the backend iis server with AD.  TMG is also told to use the spn of http/backendserver

So, I try the same thing in ARR and it is failing.  I saw some posts that ARR cannot delegate, so I am wondering if it is possible or what I am missing. 

ARR is set to allow delegation to the backend server.  The backend server is the same as above with Windows Auth turned on. ARR has windows Auth turned on as well. 

Is this possible?  Or am I just missing setting an SPN on the ARR box, so it knows how to set the KCD ticket?  What SPN should I use to mimic the TMG UI setting? 

Thanks

Mark 

IIS Reverse Proxy with IWA portal

November 18, 2018, 6:30 pm
$
0
0

Hello,

I have searched the internet without much luck. Hoping /r/IIS can put me on the right track. Here is what I am trying to accomplish;

I am using IIS as a reverse proxy on a server exposed to the internet. The reverse proxy allows access to 3 websites that are on the internal network.

Those websites use IWA for authentication

I was wondering if it is possible to setup a portal on the reverse proxy where users could authenticate first

Once authenticated, users could click on a link pointing to any of the 3 internal websites, and the reverse proxy would pass the credentials to those websites without the need to re-authenticate (assuming kerberos would be required)

Is a setup like that possible? If so, any pointer how this can be accomplished would be appreciated

cut part of the hostname

November 22, 2018, 10:12 am
$
0
0

We to have a lot of urls with the same pattern.
e.g. test01.cononso.com and test01pw.contonso.com, demo01.contonso.com and demo01pw.contonso.com

Now I have to create two rewrite riles

  1. Rewrite test01.contonso.com to test01.contonso.com
  2. Rewirte test01pw.contonso.com to test01.contonso.com and add a server variable

In total. i do have test01 up to test70

The first rule is pretty simple :

<rule name="redirekt https to backend" enabled="false" stopProcessing="true"><match url="(.*)" /><conditions logicalGrouping="MatchAll" trackAllCaptures="false"><add input="{HTTPS}" pattern="^ON$" /><add input="{URL}" pattern="(.*)" /></conditions><action type="Rewrite" url="https://{HTTP_HOST}/{R:1}" /></rule>

Rule 2 i do not get running:

<rule name="RPIN_Remove_PW_TEST" enabled="false" stopProcessing="false"><match url="(.*)" /><conditions logicalGrouping="MatchAll" trackAllCaptures="false"><add input="{HTTP_HOST}" pattern="test([0-9]+)pw\.contonso\.com" /><add input="{HTTPS}" pattern="^ON$" /><add input="{URL}" pattern="(.*)" /></conditions><serverVariables><set name="HTTP_X_Force_Internet" value="1" /></serverVariables><action type="Rewrite" url="https://test{C:1}.contonso.com/{R:1}" appendQueryString="true" /></rule>

what did I do wrong?

Round Robin with Sticky Session. Is it possible?

December 3, 2018, 8:44 pm
$
0
0

Hi all,

There is a .NET web application which must be load balanced. Most of the functions are stateless but there are a few which are stateful. The developers have implemented a Request Header which only exists in the request if the session is stateful, therefore it must use a sticky session based on this header's value. The rest of the requests could be distributed with Round Robin.

I have two webservers which host the application and an ARR which is the load balancer. I'm looking for a way to tell the ARR that if the Sticky Header exist then use the Server Variable Hash algorithm (and set the HTTP_STICKY_HEADER variable to it) otherwise go ahead with Round Robin. It is working fine until the Sticky Header is provided in the request. But if the request doesn't contain this header than the ARR cannot use the Server Variable Hash algorithm and always goes to the same host. So my question is: Is it possible to configure ARR to use sticky session if a request header exists and use round robin if not?

Thank you.

Regards,

Dvijne

Redirect URL to another web server with the same site name

December 6, 2018, 8:01 pm
$
0
0

Hello,

Here's the setup: 2 x web servers in the DMZ, WebServer1 is IIS 7. WebServer2 is IIS10.

We have separate public IP addresses associated with WebServer1 and WebServer2. How would we redirect users to a specific web server based on the URL?

If we try a URL rewrite, does that create a tunnel between WebServer1 and WebServer2? Because we want the client to connect directly to WebServer2, not through a proxy. Thanks!

Ex: User connects to https://www.mycontoso123.com/IT would access an application on WebServer1.

If a user connects to https://www.mycontoso123.com/HR would access an application on WebServer2.

Search

"Reverse rewrite host in response headers" per-site?

December 7, 2018, 3:04 am
$
0
0

Is it possible to change the value of the "Reverse rewrite host in response headers" setting on a site-by-site basis, rather than having one value set for the whole server?

Assessing Message Timing Using Failed Request Tracing (FREB) with ARR

December 20, 2018, 1:30 pm
$
0
0

I am looking to diagnose a performance issues and wanting to make sure I have the correct understanding of the performance timing indicators.   Let me start by restating the obvious:

Time-Taken :  Found in both IIS Log and on the Request Summary header of a FREB report is simply the total time taken to deliver the response to the client.   Starting when HTTP.sys on the ARR receives the first byte of the request and continuing until the client to acknowledge the lastpacket of the response from the ARR.   References can be found in plenty of articles, including the following: https://support.microsoft.com/en-us/help/944884/description-of-the-time-taken-field-in-iis-6-0-and-iis-7-0-http-loggin 

Where things get more interesting and I am a little less certain of what is involved in the exact timing is in regards to the ARR_SERVER_ROUTED section, the ResponseTime field.  My best understanding is that this value is a runtime statistic on the responsiveness in milliseconds of this server; 

What I would love to know is if the ResponseTime field has any direct correlation to the message being processed?

IIS ARR Issue

January 29, 2019, 11:22 pm
$
0
0

Hi,

I have two webfarms. One is for our Exchange and one for our PowerBI.

Our exchange is working fine and I can access it on the internet using ARR. However, I keep getting 502 error after entering my username and password for PowerBI. PowerBI site is working internally but not external.

I have a wildcard certificate which is being used both by our Exchange and PowerBI.

Any help is greatly appreciated.

Thanks,

Lyndon

IIS with ARR and UrlRewrite has intermittent 502.3 responses with Concurrent Requests

January 31, 2019, 4:42 pm
$
0
0

Here is my setup in IIS.

DefaultWebSite: 80, 443

- UrlRewrite: ^api/(.*) -> http://{{SERVER_NAME}}:3001/api/{R:1}

ApiWebsite: 3001

- Website App

I want to prevent outside access to the Website App except through the reverse proxy on Default Web Site.

**This works through the browser on box and off box. It also works when I send 2-3 concurrent requests.**

As soon as I hit 10-15 concurrent requests, either all of the responses time out with Bad Gateway or every 3-4 responses get a Bad Gateway and then 1 will succeed.

Things i've tried:
- Failed Request Tracing - Nothing useful other than the timeout is in Application Request Routing in ExecuteHandler.

Any tips, help, anything else to try is helpful, i've been pulling my hair out over this for the last 2 days.

How to setup SSL offloading

February 1, 2019, 7:06 pm
$
0
0

I'm Running ARR on Windows Server 2012 R2.
I have a web server running in another VM behind the ARR server.
I created a Server Farm that has the address of my internal server name.
I created a blank rule under "URL Rewrite" to match the pattern www.domain.com and route it to the server farm.
This works and redirects the traffic to the internal server.

Now I want to setup SSL Offloading so I don't have to install the certificate onto the web server, and only install it on the ARR server.

So, I installed the SSL certificate onto IIS under Server Certificates for www.domain.com

I then clicked on the Default Web Site and added an https binding to use the installed certificate.

However, the web server is behaving like it's passing the SSL to the remote website instead of remaining on ARR.

Config:
I have a binding to port 443 to the installed certificate.
Under the Server Farm/Routing Rules, "Enable SSL offloading" is checked but grayed out. I do not have the "Use URL Rewrite..." checked.

Here is my URL Rewrite rule for changing http to https, using server farm "domain.com":

<rule name="Redirect to HTTPS" enabled="false" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="On" />
<add input="{HTTP_HOST}" pattern="www.domain.com" />
</conditions>
<action type="Rewrite" url="https://domain.com/{R:0}" />
</rule>

Can someone please help? I can't find anything on youtube or here about properly configuring ssl offloading.

Memory Leak on ARR edge/gateway Servers

April 17, 2018, 10:08 pm
$
0
0

Windows Server 2012

IIS 8

ARR 3.0

8 GB of RAM on servers

We have two ARR edge/gateway servers that sit behind a physical load balancer that evenly distributes traffic to the two of them.  The only thing running on these servers is ARR, no custom code, sites or processes.  The IIS worker process is leaking memory.  We will go from approximately 35% utilized following a reboot to 95% within a few days.  Recycle of the app pool being used by the ARR sites reclaims about 50-60% of what is utilized that is how we know this is the process that is leaking.  We have disabled disk caching on both servers as we thought that may be the culprit.  We do have Signlar in play here, don't know that it matters but I found a few links that talked about potential issues with Signalr and ARR.  We are doing a URL redirect with url rewrite for SSL http:->https: so URL rewrite rules are in play as well.  We recently upgraded from ARR 2.5 to ARR 3.0 in hopes that would resolve the problem but unfortunately it did not, we saw same behavior in 2.5 and 3.0.

We have run out of things to consider or investigate at this point.  We have another ARR server in a different location that receives very little traffic (cold failover server) and can confirm that it does not exhibit any indication of a memory leak with the light usage that it gets.

Hoping someone can help us figure out how to pinpoint the root cause of this issue so that we can get it resolved.  It is definitely a consistent and persistent problem that we would really like to eliminate as soon as possible.

Thanks!

New Version

February 4, 2019, 9:27 pm
$
0
0

Does anyone know if there will be a new version in 2019?

Search

Adding custom header to routed request

February 5, 2019, 8:59 pm
$
0
0

Hello,

We are using IIS as reverse proxy. As per our requirement, we need to add some custom header to the request before it is routed to the backend service. The value of this custom header will be determined on fly by making a service call.

what will be good approach to achieve this ?

Thanks

ARR + WebSocket: error when server behind reverse proxy closes websocket

February 7, 2019, 2:19 pm
$
0
0

Hello,

I've setup ARR via URL rewrite to forward requests to different backend servers based on the application path. The applications on one of those servers use websockets. Everything works okay as long as the server does not close the web socket. Connecting, sending and receiving data and even a client side socket close will be handled correctly.

I've created a Failed Request Trace which indicates some read operations after the websocket has been closed.

74.GENERAL_FLUSH_RESPONSE_ENDBytesSent="348", ErrorCode="The operation completed successfully. (0x0)"
75.WEBSOCKET_SEND_CLOSE_STARTStatus="1000", Reason="session expired"
76.GENERAL_FLUSH_RESPONSE_START
77.GENERAL_RESPONSE_ENTITY_BUFFERBuffer="%88%11%03%E8"
78.GENERAL_RESPONSE_ENTITY_BUFFERBuffer="session expired"
79.GENERAL_FLUSH_RESPONSE_ENDBytesSent="19", ErrorCode="The operation completed successfully.
80.GENERAL_READ_ENTITY_ENDBytesReceived="0", ErrorCode="The I/O operation has been aborted because of either a thread exit or an application request. (0x800703e3)"
81.WEBSOCKET_READ_FRAGMENT_END_NOT_SUCCESSErrorCode="The I/O operation has been aborted because of either a thread exit or an application request. (0x800703e3)"
82.GENERAL_REQUEST_ENDBytesSent="1030", BytesReceived="677", HttpStatus="101", HttpSubStatus="0"

Line 74 is the last sent message via server -> proxy -> client which succeeded.

Line 75 is the server side close of the websocket because the HTTP session timed out.

Line 80 performs some final read operations(?) on the already closed socket.

The currently installed used versions (DLL versions reported by resource monitor of the running w3wp.exe):

 - rewrite.dll: 7.1.1993.2351

 - requestRouter: 7.1.1988.0

 - websocket.dll: 10.0.14393.0

 - iiscore.dll: 10.0.14393.1532

Running on IIS10 (10.0.14393.0) on Windows Server 2016 (1607 14393.2724)

Do you have any ideas what is going on? Looks like a bug to me.

Below you can find a trace, when the client closed the connection.

37.GENERAL_READ_ENTITY_ENDBytesReceived="8", ErrorCode="The operation completed successfully. (0x0)"
38.GENERAL_REQUEST_ENTITYBuffer="%88%82oA*%A2l%A8"
39.WEBSOCKET_RECEIVED_CLOSEStatus="1001", Reason=""
40.WEBSOCKET_READ_FRAGMENT_END_SUCCESSBytesReceived="0"
41.WEBSOCKET_SEND_CLOSE_STARTStatus="1001", Reason=""
42.GENERAL_FLUSH_RESPONSE_START
43.GENERAL_RESPONSE_ENTITY_BUFFERBuffer="%88%02%03%E9"
44.GENERAL_FLUSH_RESPONSE_ENDBytesSent="4", ErrorCode="The operation completed successfully. (0x0)"
45.GENERAL_FLUSH_RESPONSE_START
46.GENERAL_FLUSH_RESPONSE_ENDBytesSent="0", ErrorCode="The operation completed successfully. (0x0)"
47.GENERAL_REQUEST_ENDBytesSent="284", BytesReceived="685", HttpStatus="101", HttpSubStatus="0"

Thanks in advance.

Reverse proxy issue for 2+ GB file upload

February 16, 2019, 12:42 pm
$
0
0

Hi guys,

Does anyone know how to enable uploading files more than 2gb via IIS reverse proxy?

Currently the upload process gets stuck at 2gb of uploaded data and returns HTTP 500

Setting "maxAllowedContentLength" to 4gb does not resolve the issue.

We use IIS 10 with ARR3 running on Windows Server 2016 x64.

Thanks in advance

Can not connect to Azure Db when web server behind Proxy Server

March 13, 2019, 11:33 am
$
0
0

Unable to connect/forward database connection request to Azure SQL server when the web server is behind a proxy server. Web server is successful in connecting to the Queue storage on Azure at port 443 through the Proxy server but the SQL Server connection at port 1433 does not get routed to the Proxy server. Any Suggestions would be helpful?

ARR HA

March 25, 2019, 6:55 pm
$
0
0

Good afternoon everyone. What would you use to give high availability to an ARR farm?
My infrastructure receives hundreds of millions of daily invocations and I require high availability at the ARR farm.

Thank you so much,

regards

Viewing all 739 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>