Hi Andrew,
Thanks for the reply. But I am afraid that is not an optimal solution. I
don't have any other problem with the sessioning, as I employ SQL
sessioning. Therefore, the application does not "require" server affinity.
It is just some limitation/problem with authentication and load balancing
that is causing this issue. So switching on affinity just for this problem
doesn't seem right to me. It also may introduce performance issues since the
load wouldn't be "balanced" per se.
Thanks again for the input. Who knows, I might end up doing just this if
I can't find a more comprehensive solution.
Regards,
Karun.
[quoted text, click to view] "Andrew Pasco [MSFT]" <apasc@online.microsoft.com> wrote in message
news:85jp3yKkEHA.3956@cpmsftngxa10.phx.gbl...
> --------------------
> | From: "Karun Karunakaran" <kskarun@hotmail.com>
> | Subject: Permission problems with integrated authentication
> | Date: Fri, 27 Aug 2004 10:40:44 -0700
> | Lines: 29
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.3790.181
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181
> | Message-ID: <eZtR8zFjEHA.2908@TK2MSFTNGP10.phx.gbl>
> | Newsgroups:
> microsoft.public.inetserver.iis.security,microsoft.public.msmq.programming
> | NNTP-Posting-Host: gold.herbalife.com 63.192.82.30
> | Path:
>
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10
> phx.gbl
> | Xref: cpmsftngxa10.phx.gbl microsoft.public.msmq.programming:15957
> microsoft.public.inetserver.iis.security:14172
> | X-Tomcat-NG: microsoft.public.inetserver.iis.security
> |
> | Hi,
> |
> | I have a website running under IIS 6.0 on Windows 2003 server boxes. The
> | site hosts ASPX web pages (ASP.NET v1.1). The website is load balanced
> | between two servers (the user hits a virtual address, and is then routed
> to
> | either of the web servers). The site uses SQL sessioning. Integrated
> | authentication is enabled throughout the site (this is an intranet
> | application), and anonymous access is turned off.
> |
> | One of the web pages accesses a remote public queue using
System.Messaging
> | namespace. Whenever I hit this page directly on either of the web
> servers, I
> | am able to send messages to the queue properly. But when I go through
the
> | load balancer, *occasionally* it fails, giving me a "Queue is not
> registered
> | in the DS" error message. Obviously, the queue exists and the
permissions
> | are proper, as otherwise it would fail everytime. I also have trusted
> | delegation turned on on both the web servers so that they can access the
> | remote queues.
> |
> | The IIS log tells me that each time the page is hit, the first request
is
> | made with anonymous access, which is rejected by the server, and then
the
> | web page is requested again with proper authentication. I gather that
this
> | is the default behavior for HTTP. The same thing happens even when I get
> the
> | queue not registered error message. Does this have anything to do with
the
> | errors? Can someone please throw any light on what is happening?
> |
> | Thanks,
> | Karun.
> |
> |
> |
> Hello Karun,
> this sounds like it may be related to the load balancing configuration.
>
> If this application requires the same client to continue to hit the same
> servers then you may need to enable affinity so that the same clients
> always hit the same servers.
>
> HTH,
> Andrew Pasco
>
> This posting is provided "AS IS" with no warranties, and confers no rights
>
