Event ID 95 — NLB Port Rules Configuration

Applies To: Windows Server 2008

In a Network Load Balancing (NLB) cluster, port rules are configured to control how each port's cluster network traffic is handled. The NLB cluster may fail to converge unless each port rule has a unique host priority (a number between 1 and 32), the port rules are consistent on all cluster hosts, you are using the proper number of port rules, and the virtual IP address is specified in a valid IPv4 or IPv6 address format.

 

Event Details

Product: Windows Operating System
ID: 95
Source: Microsoft-Windows-NLB
Version: 6.0
Symbolic Name: MSG_WARN_INCORRECT_VPN_PORT_RULE_SETTINGS
Message: NLB cluster [%2]: The NLB driver has detected one or more %3 sessions corresponding to a port rule that is improperly configured. To handle VPN traffic properly, the port rule must be configured with single or network affinity and the port range must include TCP port 1723 for PPTP/GRE and UDP ports 500/4500 for IPSec/L2TP.

Resolve

Ensure that all NLB hosts have identical port rules

When a Network Load Balancing (NLB) host in the cluster either contains a different number of port rules from another host, or its configured port rules conflict with the port rules of another host, the cluster will not converge until the problem is corrected. You should first ensure that all NLB hosts have identical port rules, and then, if there are port rules that are not identical and if there are not the same number of port rules on each NLB host, you should reconfigure the port rules to make them identical.

When you are using NLB Manager, you must be a member of the Administrators group on the host that you are configuring, or you must have been delegated the appropriate authority. If you are configuring a cluster or host by running NLB Manager from a computer that is not part of the cluster, you do not have to be a member of the Administrators group on that computer.

Ensure that all NLB hosts have identical port rules

To ensure that all NLB hosts have identical port rules:

  1. On each NLB host, click Start, click Administrative Tools, and then click Network Load Balancing Manager. You can also open NLB Manager by typing Nlbmgr at a command prompt.
  2. If NLB Manager does not already list the cluster, connect to the cluster.
  3. Right-click the cluster, and then click ClusterProperties.
  4. Click the Port Rules tab, and review the port rules to verify that they are identical with the rules on the other NLB hosts.

If there are port rules that are not identical and if there are not the same number of port rules on each NLB host, you should reconfigure the port rules to make them identical.

Configure port rules

To configure port rules:

  1. Click Start, click Administrative Tools, and then click Network Load Balancing Manager. You can also open NLB Manager by typing Nlbmgr at a command prompt.

  2. If NLB Manager does not already list the cluster, connect to the cluster.

  3. Right-click the cluster, and then click ClusterProperties.

  4. Click the Port Rules tab.

  5. In the Defined port rules list, click a rule, and then click Edit. If you need to add a new port rule, click Add. As required, modify the cluster IP address that you want this rule to apply to, the port range, protocols and filtering mode parameters as required, and then click OK.

Verify

You can verify that the port rules configuration is correct by first checking that a specific port is operating properly, and then checking that all Network Load Balancing (NLB) hosts are in a converged state.

When you are using nlb.exe, you must be a member of the Administrators group on the host that you are configuring, or you must have been delegated the appropriate authority. If you are configuring a cluster or host by running nlb.exe from a computer that is not part of the cluster, you do not have to be a member of the Administrators group on that computer.

Verify that a specific port rule is operating properly

To verify that a specific port rule is operating properly:

  1. Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. Type nlb.exe queryportport. Specify the port rule by using a port number that is within the range of the port rule that you want to query.

Verify that all NLB hosts are in the converged state

To verify that all NLB hosts are in the converged state:

  1. Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. Type nlb.exe query, which displays the current cluster state and the list of host priorities for the current hosts of the cluster.
  3. Confirm that all hosts display converged as their current state.

 

NLB Port Rules Configuration

NLB Cluster