Forum Discussion

Daniel_55334's avatar
Daniel_55334
Icon for Altostratus rankAltostratus
Nov 01, 2012

Unable to use cookie persistence with ISA and CAS

Customer has a pair of ISA to terminate HTTPS connections for the 3 backend CAS servers. LTM is located between ISA and CAS. So below setup.

 

client -------> ISA --------> LTM ----------> CAS

 

HTTPS HTTP HTTP

 

The VS for the HTTP connection is configured with cookie persistence, and source address persistence as fallback. We find that the VS is using source address persistence but not cookie persistence. As all connections are from the two ISA servers so sometimes nearly all connections are load balanced to the same CAS server.

 

How can I troubleshoot why it is not using cookie persistence? Or I should use other persistence methods?

 

microsoft
partner

5 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 01, 2012
    What load balancing method is configured? Why do you believe source address persistence is being used instead of cookie?

     

     

    As it's HTTP you should easily be able to do a tcpdump on the LTM and inspect the traffic and payload closely. Are you familiar with tcpdump?
  • Daniel_55334's avatar
    Daniel_55334
    Icon for Altostratus rankAltostratus
    Nov 01, 2012

    I see in the statistics of persistence records and all are using source ip address.

     

    I am fine with tcpdump. But what information I should exactly look into?

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 01, 2012
    Funnily enough I answered another post today about this and had to do some research. Anyway the upshot is that yes, the fallback persistence profile creates records, but doesn't use them unless the primary method fails. They both operate at the same time but LTM won't use the fallback unless it needs to.

     

     

    For the tcpdump, you just want to make sure you can see the persistence cookie being passed back and forth. If you do, all is well.
  • Daniel_55334's avatar
    Daniel_55334
    Icon for Altostratus rankAltostratus
    Nov 01, 2012
    Yes it just comes to my mind that there should be no cookie persistence records in the statistics. I will try to see if there is cookie received on the client. THanks for your reply.