Hello,

My name is Brandon. We have started upgrading our servers to Windows Server 2012 R2. We have some powerful servers for running ESXI 5.5 as the OS with the Guest Operating Systems as Windows Server 2012 R2. As far of our migrations/upgrades we have configured ADFS 2012 R2 into a Server Farm with Windows Network Load Balancing to add redundancy in the event a server goes down.

 

I have been having issues with a Node with the Cluster getting stuck in the Status of Converging. The only way I have been able to get it back up is to restart the virtual server completely and it is temporary. When I first configure the Cluster the two virtual servers get added to the Node with no problems and fully converge. However, after some time a node will end up in Converging and this takes Authentication for ADFS down as the nodes can not be contacted over Port 443.

Error: Host: server.domain.com Unable to connect to "server name"

System

- Provider [ Name] Microsoft-Windows-NLB [ Guid] {F22AF71F-C4C3-425D-9653-B2F47B85DD30}

EventID 21

 

I have tried using 1 & 2 Virtual NICs on the machines and still end up with communication issues. Could someone assist me with why I am having this issue? This is not an issue with a firewall. If it was a firewall it would never communicate the first time. Has anyone had experience with a similar configuration and how were you able to make it work?
Below is my configuration.

Static ARP Entry for Cluster IP Address has been added to our Layer 3 switch.

 

Physical Server 1:

ESXI 5.5 HOST
1 NIC CONNECTED (shared with virtual guest)
IP ADDRESS: 192.168.0.5
SUBNET: 255.255.255.0
DGW: 192.168.0.1
Virtual Server 1 (Guest OS)

Physical Server 2:
ESXI 5.5 HOST
1 NIC CONNECTED (shared with virtual guest)
IP ADDRESS: 192.168.0.6
SUBNET: 255.255.255.0
DGW: 192.168.0.1
Virtual Server 2 (Guest OS)

Virtual Servers

Virtual Server 1
MS SERVER 2012 R2 (VIRTUAL)
NLB NODE 2 
VIRTUAL NETWORK ADAPTERS
 VNIC1 IP ADDRESS 192.168.0.10
SUBNET: 255.255.255.0
DGW: 192.168.0.1
 VNIC 2 (NLB)
IP ADDRESS: 192.168.0.11
SUBNET: 255.255.255.0

Virtual Server 2
MS SERVER 2012 R2 (VIRTUAL)
NLB NODE 2
VIRTUAL NETWORK ADAPTERS
 VNIC1
IP ADDRESS 192.168.0.20
SUBNET: 255.255.255.0
DGW: 192.168.0.1
 VNIC 2 (NLB)
IP ADDRESS: 192.168.0.21
SUBNET: 255.255.255.0

Cluster Configuration/Properties
CLUSTER PROPERTIES CLUSTER IP: 192.168.0.30
CLUSTER SUBNET: 255.255.255.0
FULL INTERNET NAME: FS.DOMAIN.COM
CLUSTER OPERATION MODE: MULTICAST

PORT RULES:

CLUSTER IP ADDRESS	START	END	PROTOCAL	MODE	PRIORITY	LOAD	AFFINITY
ALL	80	80	BOTH	MULTIPLE	..	EQUAL	NONE
ALL	443	443	BOTH	MULTIPLE	..	EQUAL	NONE

CLUSTER NODES:
1.) SERVER1.DOMAIN.COM
a. IP: 192.168.0.11

2.) SERVER2.DOMAIN.COM
a. IP: 192.168.0.21

 

 

• Edited by Brandon Chamberlain Friday, March 20, 2015 1:41 PM

Hi,

According to your description, my understanding is that2 ESXI 5.5 physical devices (192.168.0.5 and 192.168.0.6), each of them has a virtual WS 2012 R2(192.168.0.10 and 192.168.0.20). Cluster the 2 virtual servers successfully, but they corrupt with event ID 21, and a restart of virtual device will resolve this problem temporarily.

Event ID 21 means that NLB failed to converge due to inconsistencies in the port rules between this host and cluster host. This will occur if the number of port rules or the type of port rules are different between hosts.

Ensure that all NLB hosts have identical port rules. Detailed steps you may reference:
Event ID 21 NLB Port Rules Configuration
https://technet.microsoft.com/en-us/library/dd364034%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

Best Regards,
Ev

The Port Rules were not the issue. I do not know what was causing the issue, but removing DNS from the NLB Node Ethernet Adapters and entering the entries for the cluster and nodes into the Host File resolved the problem.