Forum Discussion
Jeff_Wise
Nimbostratus
NimbostratusLoad balancing ADFS proxy servers with keepalive
I am currently load balancing two ADFS proxy servers with just a basic https monitor in one partition, in the another partition I load balancing two ADFS Internal servers with just a basic https monitor. Had a problem the other day where one proxy server was having issues and users could not authenticate. F5 indicated no issues with the servers in pool with the basic monitor configured.
I need a server keepalive on the F5 that will monitor server health deeper into the ADFS process, any suggestions?
What_Lies_Bene1Cirrostratus
Just stumbled across this Jeff. This shouldn't be an too hard, what type of authentication is used?
Jeff_WiseWas not satisfied with the configuration I ended up using, but it was the best I could get working. I am running 11.3.0 build 3117.0 Hotfix HF5. I could not get keepalive working to ADFS servers using a valid AD account. The keepalive configuration required user name and password, but found out it could be anything and the password could be anything, but you had to supply something, I suspect a bug in the F5 code due to this behavior. Keepalive Send string: GET /adfs/fs/federationserverservice.asmx HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n Keepalive Receive string: HTTP/1.1\s200\sOK
Would like to know why I can't get keepalive to pass a valid AD account and get a validated response.
For ADFS proxy server I ended up using the following keepalive. Send string: GET /\r\n
- What_Lies_Bene1
Supported authentication methods are HTTP Basic and NTLM/NTLM2. Is that what's being used? I'd suggest you do a packet capture to see what's happening.
- What_Lies_Bene1
OK, but you need to authenticate right, so what methods does your web server support?