How to configure App-V with Microsoft Network Load Balancing (NLB)

image1Update: This has now been posted as a Knowledge Base article here.

=====

Hi everyone, Alvin Morales here again.  I recently came across several cases here in support where folks were looking for the steps needed to configure Microsoft Application Virtualization (App-V) with a Microsoft Network Load Balancer (NLB) setup so I thought I should probably get something published here in case anyone else was wanting to do the same thing.

Microsoft NLB can be used with App-V to perform RTSP Server refresh and streaming, deploying several servers behind a virtual name.   Keep in mind that this only applies to client refresh and stream using RTSP. The App-V admin console cannot be opened using the virtual name because the virtual name is not an actual object in AD and delegation cannot occur, thus causing the connection to fail. For the Admin console to work you will need to continue to point to any of the individual server names.

1) Install each App-V server and configure the App-V management service to run under a domain account. Register the SoftGrid Service Principal name for each server to the domain account using the setspn tool:

FQDN:

setspn -A SoftGrid/server1.domain.x domain\service-account

setspn -A SoftGrid/server2.domain.x domain\service-account

NETBIOS:

setspn -A SoftGrid/server1 domain\service-account

setspn -A SoftGrid/server2 domain\service-account

When the App-V server was installed it should register the SPN to the computer account in Active directory, thus causing duplicate SPNs on the network. To avoid this, run the setspn command to delete the SoftGrid SPN registered to each server account in AD. A sample is provided below:

These commands will list the existing SPN registered to the server account, verify the existence of the SoftGrid SPN, SoftGrid/server1.domain.x

setspn -L server1

setspn -L server2

If the SoftGrid SPN exists delete it by running the setspn -d command against the computer account. Example:

FQDN:

setspn -D SoftGrid/server1.domain.x server1

setspn -D SoftGrid/server2.domain.x server2

NETBIOS:

setspn -D SoftGrid/server1 server1

setspn -D SoftGrid/server2 server2

2) For redundancy, the content share must reside on a DFS share or NAS. You must configure each App-V server to use the UNC path of the virtual name of the DFS share or NAS in the system options in the Admin console as well as in the content registry path (HKLM\Software\Microsoft\SoftGrid\4.5\Server\SOFTGRID_CONTENT_DIR). The content share could reside on one of the servers but this will not provide the redundancy in case one of the servers should fail.

Note If HTTP streaming is used you must configure NLB to use port 80 as well as creating the content virtual directory on each IIS server.

3) Install and configure the NLB service on each server and create the virtual name for the NLB cluster. You must create a DNS record for this virtual name. For this process follow the below link:

https://technet.microsoft.com/en-us/library/cc770689(WS.10).aspx

In my lab I usually just leave all of ports open to the NLB cluster but you can restrict the ports in the NLB to only answer to specific ports if you prefer. Follow the SoftGrid ports guide below to know what ports to allow.  If using HTTP streaming, keep in mind that port 80 must also be allowed in the NLB.

https://support.microsoft.com/kb/932017

Once NLB is up and running and the virtual name registered in DNS, you must register the SoftGrid SPN for the virtual name to the service account that is configured in the App-V server service. To accomplish this use the example below:

FQDN:

Setspn -A SoftGrid/virtualname.domain.x domain\service-account

NETBIOS:

Setspn -A SoftGrid/virtualname domain\service-account

This process will allow the App-V client to query AD for the SPN and will return the correct name.  This process leverages the use of Kerberos and does not have to fallback to NTLM like some hardware load balancers may do.

Hope this helps,

Alvin Morales | Senior Support Escalation Engineer

App-V Team blog: https://blogs.technet.com/appv/
AVIcode Team blog: https://blogs.technet.com/b/avicode
ConfigMgr Support Team blog: https://blogs.technet.com/configurationmgr/
DPM Team blog: https://blogs.technet.com/dpm/
MED-V Team blog: https://blogs.technet.com/medv/
OOB Support Team blog: https://blogs.technet.com/oob/
Opalis Team blog: https://blogs.technet.com/opalis
Orchestrator Support Team blog: https://blogs.technet.com/b/orchestrator/
OpsMgr Support Team blog: https://blogs.technet.com/operationsmgr/
SCMDM Support Team blog: https://blogs.technet.com/mdm/
SCVMM Team blog: https://blogs.technet.com/scvmm
Server App-V Team blog: https://blogs.technet.com/b/serverappv
Service Manager Team blog: https://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: https://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: https://blogs.technet.com/sus/

clip_image001 clip_image002

Comments

  • Anonymous
    September 09, 2011
    Could you also provide information on the drawbacks and considerations when choosing for NLB versus a hardware based solution?