If you are using a hardware load balancer, it will do periodic health checks for Lync to make sure it is distributing the load to servers that are functioning. Because of the checks, you may end up with a large number of protocol errors in your FE logs showing a connection error with the VIP IP from the load balancer or one of its SNAT addresses. Here is an example error:
Source: LS Protocol Stack
Event ID: 14502
A significant number of connection failures have occurred with remote server IP 10.255.106.202. There have been 120 failures in the last 180 minutes. There have been a total of 291 failures.
The specific failure types and their counts are identified below.
Instance count – Failure Type
This can be due to credential issues, DNS, firewalls or proxies. The specific failure types above should identify the problem.
Notice in the error, the IP of my VIP is listed(10.255.106.202).
Although these are expected, if you haven’t specified an HLB monitoring port, they certainly cause an awful lot of unwanted noise in the logs.
To combat the issue, enable an HLB port on your FE servers (or any other pool you are using HLB on) and configure the health checks for the load balancer to use that port instead of the port used for TLS traffic.
Start by configuring the pool in Topology Builder, right click the pool, and choose Edit Properties>General. Place a check in the “Enable Hardware Load Balancer monitoring port” and specify a port.
If you have the mediation server role on the pool and have specified a TCP port of 5060, you will need to use a different port.
Once this is configured, you can log into your load balancer and specify the health checks. Use this port instead of 5061 (for your SIP traffic). Here is how I configured it on my Kemp VLM in my lab (please consult your product literature for the correct configuration based on your devices manufacturers’ suggestion).
Once everything was configured, I went ahead and stopped the Front End services on one of the servers in the pool, and just as expected, the load balancer showed it as down and directed the traffic elsewhere.
Can you publish your Lync configuration in KEMP?
My Kemp config is just using a standard HTTPS load balancing config for the web services, I don’t use it for any of the SIP traffic, I use DNS LB for that. The settings shown in this article were just to display how you would configure it to stop the error, but I actually ran into this in a customer environment and couldn’t post their info so I recreated this setting in my lab.
Hi. How configuring “health check” port on Citrix NetScaler VPX ? Thanks
Did this fix your issue? Did you stop getting the connection issues?
yep, this fixed the message shown in this post.