Jump to content
Welcome to our new Citrix community!
  • 0

Load balancing ZDC XML service


Jordan Kostov

Question

Hey everyone,

 

I am trying to implement a LB server for DDC XML service but alas something fails and after 2 days of troubleshooting I am out of ideas.

NODES:

Storefront - sf01.test.int      - 10.10.10.30

Broker        - ddc01.test.int   - 10.10.10.35  -  IIS 443 is bound to wildcard certificate *.test.int

Broker        - ddc02.test.int  - 10.10.10.36  -  IIS 443 is bound to wildcard certificate *.test.int
NS VIP        -xml.test.int       - 10.10.11.10 - with bound wildcard certificate *.test.int

NS SNIP    -10.10.12.10

 

Design A:

Authentication in Storefront Manage authentication methods -> User name and password -> Configure password validation -> Configure set to both brokers - ddc01.test.intddc02.test.int  over HTTPs


Traffic flow for the XML is as follow:

Storefront -- 443 --> Broker servers


This works.

 

Design B:

Authentication i Storefront Manage authentication methods -> User name and password -> Configure password validation -> Configure set to xml.test.int over HTTPs

Storefront -- 443- -> VIP --> SNIP -- 443 --> Broker servers


There is no stopped traffic within the chain. Storefront can reach NetScaler VIP (telnet 443).

Wireshark shows that brokers are reached by NetScaler through the SNIP as well.


This setup does not work.
The errors I get are as follows:

- Storefront GUI when logging in:

 image.png.78407f78019122c522842b9af0c0262f.png

 

Storefront Event viewer logs:

image.thumb.png.67e980e0301b866c29dfa3f3574f313c.png

image.thumb.png.922ed433df953a6d12ff058fcb9458fa.png

 

Any advice is appreciated.

Link to comment

7 answers to this question

Recommended Posts

  • 0

Thank you Sjoerd,


Traffic is enabled and queries reach the Broker without an issue.
I tried the following:

- replaced the wildcard certificate on the ADC VIP and both ZDC with one for the specific FQDN - xml.test.int

- set Storefront communication with delivery controllers (not the XML one) to http because the certificate was not responding to their local FQDNs anymore.

 

Still the same outcome.

 

Link to comment
  • 0

Sorry for delayed reply.

Isnt this configuration for public network access that uses NetScaler as landing page?

This is not included into the design. I just want to load balance the XML service of the 2 Brokers for the internal storefront portal.

 

There is no VPN Virtual STA config nor Storefront STA config for external gateway.

Configuration of Storefront servers is pushed and replicated between the 2 nodes after each change.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...