CSS One Arm Configuration - Authentication Issue with AD

AdnanShahid · ‎06-28-2011

Dear All,

We have 2 web server in our organization. Web1 - 172.16.2.10 and Web2 - 172.16.2.11. When I logging in to one of the server it automatically take my domain credentials and I can log in easily.

Due to load increase we bring it under one of our load balancer 11501 as One arm position. Here load balancer VIP IP is 172.16.11.11and is in seperate vlan with 172.16.11.x IP Block. Both the servers and load balancer are on seperate segment or rather I should say different site. The service port is 80 which we have confiured as service in lb and these web servers are running windows IIS.

Now

Problem no 1: When I try to access using IP as URL such as http://172.16.11.11 then I have to give my username/password once and I can use the application. But previously I do not even have to give my username/password.

Problem No 2: We have given DNS entry for 172.16.11.11 as TESTWEB. When I try to login by URL http://TESTWEB then it promts for username/password. and won't allow us to login after giving the username/password.

I am not sure how to diagnos this issue. Can any body suggest what might causing this problem. Also if we bring the server directly under the ld will it solve the case. Please help me.

BR//

Adnan

Daniel Arrondo Ostiz · ‎06-29-2011

Hi Adnan,

To troubleshoot this issue, I would recommend you to make two sets of traffic captures:

On the client, when the CSS is being bypassed
On both sides of the CSS simultaneously when the traffic is going through the CSS

Once you have these captures, you can look into the application itself and compare the behavior to the one seen when the CSS is bypassed. This should give you some hints on what exactly is failing.

If you need help analysing these captures, you can always open a TAC service request.

Regards

Daniel