How to change Microsoft ISA Server 2006 NLB from Unicast to Multicast
Before we start changing the ISA Server 2006 configuration to Multicast NLB, I will give you a quick overview about what NLB is and what the difference is between Unicast and Multicast NLB.
What is NLB (Network Load Balancing)
Very briefly; NLB is a kind of cluster technology which is not exclusive to Microsoft Windows. NLB is part of the Windows Server 200x operating system family and is used to distribute network traffic for up to 32 hosts in the network. NLB uses a distributed algorithm that load-balances incoming traffic to all nodes in a Windows NLB cluster. So, NLB can be used to provide failover and Load balancing capabilities.
Unicast or Multicast NLB
Network Load Balancing (NLB) can operate in two modes:
The default operation mode is the Unicast mode. In Unicast mode, NLB changes the MAC address from the network adapter for which NLB is activated. All nodes in the cluster get the same MAC address. Incoming network traffic arrives at all cluster nodes and will be forwarded to the NLB filter driver.
In Multicast mode, NLB assigns every NLB activated network adapter a Layer-2-Multicast address. The Original MAC address from every node will stay unchanged.
Both methods have pros and cons. The advantage of the Unicast modus is that it works in most network environments with almost all Routers and Switches. One of the disadvantages is that all hosts in the NLB cluster have the same IP address and MAC address.
One advantage of the Multicast modus is that all nodes in the cluster keep its original MAC address. One of the disadvantages is that Multicast NLB requires additional configuration at the connected switches, so, you have to create a static ARP entry on the switch which binds the Cluster IP address (VIP = Virtual IP address) to the shared Cluster MAC address.
The ability to support Multicast on the switch depends on the switch vendor. There is also some additional information about Multicast that you should read before enabling Multicast NLB in your network.
ISA Server and NLB
ISA server relies on the Windows Server 2003 NLB configuration and extends the NLB features for ISA Server 2006 when used with the ISA Server 2006 Enterprise edition NLB feature in integrated mode.
Enabling Multicast NLB
ISA Server 2006 with a hotfix (KB942639) is the first ISA Server version which NLB can be changed from Unicast to Multicast NLB.
In order to enable the multicast feature on an ISA Server 2006 Enterprise array, all ISA Servers need to be running the hotfix KB942639, or have ISA Server 2006 Service Pack 1 installed. Until this update, ISA Server 2006 NLB was only supported in Unicast mode, which is not always an ideal mode for some network environments.
Before we start changing the NLB mode, you should create a complete ISA Server 2006 backup for emergency purposes.
Firstly, you should note all necessary NLB settings because the update process terminates the NLB configuration.
Figure 1: Write down all necessary NLB parameters
In a large ISA NLB environment there are a number of networks and IP addresses, my recommendation is to write down all these network names, IP addresses, Subnet Masks and more into a Microsoft Excel sheet.
Next, you should disable NLB in the ISA Server MMC. You can do this by opening the task pane in the network node of the ISA console.
Figure 2: Disabling NLB in ISA doesn’t disable all NLB settings in Windows
You have to save the changes and restart the services before you can continue.
Figure 3: Save the changes and restart the services on all cluster nodes
It is now time to download and execute the NLBCLEAR utility on all ISA Server 2006 array nodes. The NLBCLEAR utility clears all NLB settings from the local computer. You can download NLBCLEAR from the Microsoft website. I provided a download link in the link section of this article. Execute the RemoveAllNLBSettings.cmd tool from the command line without parameters.
Figure 4: Using NLBCLEAR
It could take some time until all changes are effective. My recommandation is to reboot all ISA array nodes after NLBCLEAR is executed.
You should also clear the ARP cache (Address Resolution Protocol) on all relevant client computers and routers. To do this, type the following command at a command prompt on each device:
Arp –d *
FSMO Schema Master
ISA Server 2006 saves its configuration into an ADAM database. ADAM is the Active Directory Application Mode database from Microsoft. A central Configuration Storage Server (CSS) held the ISA configuration and all array members use this CSS. If you have multiple CSS, the first Server is the CSS. The ISA Server Multicast Update changes the ADAM schema, so the Schema master must be contacted for an schema update. If you have multiple Configuration Storage Servers in your Enterprise, it is necessary to determine which CSS is holding the Schema Master FSMO role.
There are some methods on how to determine which ISA Server holds the Schema Master role. One method is to use the script FINDCSSFSMO.VBS from Jim Harrison, a Microsoft ISA/Forefront SE. Jim operates a website called www.isatools.org. The tool to determine the Schema Master is downloadable on the website http://isatools.org/tools/findcssfsmo.zip.
Execute the script
cscript findcssfsmo.vbs [/server:NameOfCss]
One other way to determine the ADAM schema master is to use ADAM ADSIEDIT which is installed on every Configuration Storage Server.
First, establish a connection to the CSS on Port 2171, then, navigate to the NTDS Settings object of every ISA Server node.
Figure 5: use ADSIEDIT to determine the Schema Master
To have a look at the ADAM schema and to determine the ADAM Schema Master you have another method to use the Schema MMC SnapIn. Open a command prompt, navigate to the ADAM directory and enter the following command:
Figure 6: Register the Schema Management DLL
After that, open an empty MMC and add the ADAM Schema Snapin and connect to the ADAM server with Port 2171.
Figure 7: Schema MMC SnapIn
After the connection has been established, right click the ADAM Schema object and you can see the current schema Master.
Figure 8: Determine the Schema Master with the Schema Master MMC SnapIn
Change to Multicast
After finding the ADAM Schema Master server, we can execute the script KB938550.WSF with the following syntax to change the NLB from Unicast to Multicast:
CSCRIPT KB938550.WSF /array:ISA-array-name /NLB:Muticast /Net1:name-of-the-ISA-network
Figure 9: Change the NLB Modus from Unicast to Multicast for all networks that should use NLB
Multicast with IGMP
It is possible to update ISA Server NLB to Multicast with IGMP. IGMP (Internet Group Management Protocol). IGMP is based on the IP protocol and makes it possible to use IPv4 Multicasting with the help of Multicast groups. IGMP is used to help to better integrate the Multicast protocol in different networking environments.
The syntax for enabling ISA Server Multicast NLB with IGMP is nearly the same as enabling ISA Server Multicast NLB.
CSCRIPT KB938550.WSF /array:ISA-array-name /NLB:IGMP /Net1:name-of-the-ISA-network
Figure 10: Change the NLB Modus from Unicast to Multicast with IGMP for all networks that should use NLB
After enabling Multicast NLB, you must re-activate ISA Server NLB in integrated mode with the help of the ISA MMC. After NLB has been reactivated, I recommend booting all array nodes and after the array reboot has finished, monitor the NLB status with the help of the ISA MMC.
In this article, I tried to show you how to change the ISA Server 2006 NLB mode from Unicast to Multicast. Before you decide to change the NLB mode, you should be sure that the Multicast mode is compatible with your network infrastructure. Both Unicast and Multicast configurations have several pros and cons.
- Configuring ISA Server 2004 Enterprise Edition – Part 4 – Implementing CARP and NLB
- Download NLBCLEAR.EXE
- An update enables multicast operations for ISA Server integrated NLB
- NLB Troubleshooting Overview for Windows Server 2003
- Using NLB with ISA Server Part 2: Layer 2 Fun with Unicast and Multicast Modes
- NLB FAQ
- How to determine AD/AM Schema Master