Jump to content
Welcome to our new Citrix community!

Load Balancing Exchange - get thousands RST packets


Recommended Posts

Hello,

 

we bought two sdx 8920. On the vpx running on the sdx i configured a simple load balancer for exchange 2016. Only SSL load balancing.

My mobileiron software, which connects to the netscaler load balancer to connect my iphones to active sync is reporting thousands of messages like "Got exception during server-to-device processing, Sentry reporting error to client:Connection reset by peer"

 

also, i see that if i move mailboxes between my old exchange server to my new exchange cluster (running over the netscaler) its very very slow.

 

Because of this i run a trace on the vpx and voila - thousands of RST or RST,ACK packets between the VIP and the client.

 

I think it could nothing to be with the persistence rule, because i set of of the new exchange 2016 server out of service. Te same behavior.

 

Most of the time, the window size is 0 or 9300.

 

If i reconfigure my dns and let the exchange load balancing dns name pointing directly to the exchange, mobileiron is fine and also the mailbox move is very fast.

 

I run netscaler the newst build vpx image 12.1 build 49.23.

 

Any ideas?

Edited by swendri179
windows size added
Link to comment
Share on other sites

19 hours ago, Vamsi Krishna Kanduri said:

Can you disable DenySSLRenegotiation on SSL profile and see if that works.

 

9300 refers cleaning up zombie/idle sessions.

 

Thanks,

Vamsi

 

thanks. the default ssl profile is bound to the lb. "ns_default_ssl_profile_frontend"

 

There is Deny SSL renegotiation set to ALL, but the problem is not solved

Edited by swendri179
problem not solved
  • Like 1
Link to comment
Share on other sites

Hi swendri179,

Can you check on the netscaler GUI dashboard for the nsconmsg messages. Do you have any warning / critical regarding mac move or service / vserver flapping ?

If you configure another vserver (for testing purpose), a http lb vserver for example, do you see the same behavior on the nstcpdump ?

Do you see also rst between snip > exchange server ?

 

Youenn.

  • Like 1
Link to comment
Share on other sites

On 6.11.2018 at 11:19 AM, Youenn ALLAIN said:

Hi swendri179,

Can you check on the netscaler GUI dashboard for the nsconmsg messages. Do you have any warning / critical regarding mac move or service / vserver flapping ?

If you configure another vserver (for testing purpose), a http lb vserver for example, do you see the same behavior on the nstcpdump ?

Do you see also rst between snip > exchange server ?

 

Youenn.

 

i changed the lb vserver from SSL to tcp and the resets are gone. I am working with citrix support on this case at the moment.

 

  • Like 1
Link to comment
Share on other sites

  • 1 year later...
On 11/7/2018 at 11:41 AM, Stefan Wendrich1709160263 said:

 

i changed the lb vserver from SSL to tcp and the resets are gone. I am working with citrix support on this case at the moment.

 

 

is there any stable fix now or do i have to set the lb vserver to tcp, too nowadays? Thanks!

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...