Ben Ari's UAG and IAG Blog

Plenty of useful and fun info on UAG, Microsoft's remote access and reverse-proxy product.

Signs of life

Signs of life

  • Comments 2
  • Likes

When placing UAG servers behind an external load balancer, it’s important to configure the balancer to check if the UAGs are alive. This comes in handy in case one of the servers goes offline, so that the load balancer can detect this and stop direct traffic to that server until it’s back online.

This seems simple, but configuring this incorrectly may place unnecessary strain on UAG, wasting valuable resources. A common mistake is configuring the balancer with the UAG Trunk’s root URL, or some other random URL. In this situation, UAG will think the request is coming from a user, and reply with a redirect to the login page (a 302 redirect). Most load balancers will try to follow this directive, but will fail to send a valid HTTP Version header. In this case, UAG will see that as an error, and report this in its event log. If you configured the load balancer to do this check every second, your UAG servers will end up logging up to 86,400 errors per day, and these logs will consume disk space, as well as other server resources. These errors would appear like this in the Web Monitor:

Warning [Date] [Time] 18 Invalid Request Version Security portal [TrunkName] The request failed. An invalid version of the HTTP protocol was used. The version used is HTTP/0.9.

The correct approach to doing this testing is by setting the load balancer to send a request that will not be met with a redirect, and UAG’s admin website (/InternalSite) is suitable for that. In addition, it would be best to have UAG send back a file that’s as small as possible, to conserve resources further. While you can create a single-byte file, and have the balancer look for the “200 OK” message, a more reliable approach would be to have UAG send back a file with a known content, and have the load balancer check if it matches what it expects as a sign of life. Here are the steps:

1. Create a text file named test.vbs.sig

2. Put some unique string in the file, which would not exist in another UAG page (the name of your favorite character from Star Trek, perhaps?)

3. Place the file in <UAG Path>\von\internalsite\CustomUpdate\

4. Configure your load balancer to make a request for https://<Your portal>/internalsite/customupdate/test.vbs.sig to perform its monitoring.

5. Set the load balancer to see the result as “positive” or “alive”, if the content of the request matches the string you have used in step 2.

I should also note that the reason for using a file with this extension (.vbs.sig) is that UAG’s default URL Set will allow access to that file, without requiring you to manually edit the URL Set. Just saving you an additional configuration step!

  • This is superb working by the balancer, I didn't know about that working...but no doubt about that its superb afford.

  • very useful, thanks Ben !

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment