VMware Networking Community
dimarcusa12
Contributor
Contributor

NSX 6.0.2 LB - Setting up to monitor ports on both Windows Security servers

We have two Windows 2012 Web\security server sitting behind the NSX firewall. Last month one quit responding to users when a windows update was installed. Yet the LB never saw the issue on the server that the ports were not responding. We have the monitoring of TCP on to the server pool with the server showing port 8443.

What other ports need to be monitored to show the server is down and to stop allowing users to access if an issue arises?

Can services be monitored by the LB?

What else needs to be monitored by NSX LB for isolating the server when an issue arises?

Tags (1)
Reply
0 Kudos
1 Reply
lhoffer
VMware Employee
VMware Employee

If you're using a TCP monitor it's just testing to see whether it can open a socket on the pool member so doesn't verify whether the underlying process/service is working and responding to users (really just useful for verifying that the VM is on and that its network stack is operational).

I don't know for sure if this was in place as far back as 6.0.2, which has been end of support for a while, but in all of the supported releases, if you're using TCP 8443 for an HTTPS service, you may be able to change the load balancer to utilize an HTTPS health check which will actually generate GET requests and verify that it's receiving 200 OK responses from the server.

Reply
0 Kudos