WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong

In the TechNet newsgroups pops up a question about Wsus an network load balancing ( NLB ) sure this can be done and works just like all other NLB websites. but needs a little tweak.

So this install guide is not the easy one but there are several steps that can go wrong

So I have two windows 2008 R2 servers Wsus01 and Wsus02 and I will use a remote Database based on windows 2008 R2 and SQL 2008 of course. and my domain is also 2008 R2 that is also is used for my DFS

This config runs on my Hyper-V box.

The config will be in powershell and in gui mode to see the changes and what & how things running.

Setting up WSUS is easy start the WSUS30-KB972455-x64.exe and next next finish. this is not the method I will use this time it works on a single server but not on a multi host server.

WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong this is my wsus DFS share it is now empty

WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong The wsus options WSUS30-KB972455-x64.exe /?

On Wsus01 we start the Setup by CMD WSUS30-KB972455-x64.exe sqlinstance_name=SQL server or by GUI

WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong  WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong

What You need is IIS and the com+ items else you get the “no IIS found “error

WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong

now that the install screen pop’s up the “storage folder “ and you want to put the files on a DFS so fill in the DFS share.

WRONG this will not work fill in a local location and the change to the DFS will be done later.

 

 

Now that WSUS is installed we do the NLB thing and I do this with powershell If you want to see the config with the NLB gui check my other post.

WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong 

So I go to powershell and run the commands. well it is not that easy.  first I need to import the NLB module

Import-Module NetworkLoadBalancingClusters

module not found ?? yes this is correct module not found because I did not add the features for networkloadbalancing

WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong WSUS 3.0 SP2 With NLB on windows 2008 R2 what can go wrong Do this on all your NLB servers, this was not needed on windows 2003 but as you know in windows 2008 R2 you NEED to add the things you want and are not installed by default.!!

PS C:\Users\administrator.MVP> Get-Module

PS C:\Users\administrator.MVP> Import-Module NetworkLoadBalancingClusters

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong

As you can see the powershell module is now imported and ready for use

The Second problem is when you first use powershell and want to run things you get access denied. Tell PS that you are the boss.

 Set-ExecutionPolicy -scope LocalMachine RemoteSigned –force

The – Force is no question yes/no just do it.

First command to install the NLB in powershell

New-NlbCluster -InterfaceName NLBNIC01 -ClusterName WSUSNLB -ClusterPrimaryIP 10.255.255.3 -SubnetMask 255.255.255.0 –force

NLBNIC01 is the network interface name

WSUSNLB is the NLB cluster name with the IP and subnet

When I run this I had a error DHCP is on , yes I did not configure a IP on the local NLB nic it is not needed because the server will only use the NLB name/IP

*****************************************

Bug in powershell of is it by design ?

****************************************

  WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrongWSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong

First I did a netsh to rename the “local area connection” name

Netsh interface set interface name="local area connection 2" newname="NLBNIC01"

Netsh interface ip set address name="NLBNIC01" static 10.255.255.2 255.255.255.0
Netsh firewall set opmode mode=disable

Give IP and disable the firewall

Now that this is set I can run the PS command

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong

New-NlbCluster -InterfaceName NLBNIC01 -ClusterName WSUSNLB -ClusterPrimaryIP 10.255.255.3 -SubnetMask 255.255.255.0

The new NLB cluster is created. In the old NLB gui it shows one server with the default rule and as you can see the configured IP on NLBNIC01 is still there.

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong

-force = no yes needed

Because the NLB is running a webserver and uses only 443 and 80 I delete the global rule

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong

Get-NlbClusterPortRule | Remove-NlbClusterPortRule

The port Rule is gone and we create a new rule on port 80,443

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong

Get-NlbClusterPortRule | Remove-NlbClusterPortRule

Get-NlbCluster | Add-NlbClusterPortRule -StartPort 80 -EndPort 80 -Affinity None

Get-NlbCluster | Add-NlbClusterPortRule -StartPort 443 -EndPort 443 -Affinity None

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong

Well this worked but what about the IP on the NIC yes I will remove it. It can be done on the nic or in the NLB but with a PS command it is easy.

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrongWSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong

Remove-NlbClusterNodeDIP 10.255.255.2

The NLB cluster is ready on ONE node ! you need to add the second one. this can be done remote or on the server. First I check if I can connect to the second server.

I forget to disable the Firewall , do this by hand or NETSH.

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong  netsh firewall set opmode mode=disable

Get-NlbCluster | Add-NlbClusterNode -NewNodeName MVPWSUS02 -NewNodeInterface NLBNIC02

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong

Now that the second node is added I need also remove the local IP

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrongRemove-NlbClusterNodeDIP 10.255.255.2

After this Configuration the WSUS NLB is almost ready You need to configure the website to bind to the NLB address just go to the website and right mouse bindings and change here the IP

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong

The Binding has to be done on both nodes. WSUS01 & WSUS02

On the WSUS02 the wsus installation is a bit different than on WSUS01 you do not need to create a DB anymore just install the WSUS and skip the DB

Wussetup.exe /q sqlinstance_name=mvpsql2008-2 create_database=0

clip_image002[12]

C:\wsusinst>Wussetup.exe /q sqlinstance_name=mvpsql2008-2 create_database=0

clip_image002[14]

C:\Program Files\Update Services\Tools>wsusutil.exe movecontent \\mvp.local\wsus\data c:\wsus.log

Content location is being moved. Please do not stop this program.

Content move has successfully finished.

clip_image004[8] clip_image006[8] clip_image008[8]

As you can see the content folder is changed and IIS is also changed you need also do this on the wsus02 server

clip_image010[6]  As you can see the content is been downloaded to the DFS link.

But remember you need to give access on the DFS share ( put the NLB machines in the full access rights – in my case  wsus01$ and the 02

********* Bug found in the TechNet documentation

In the TechNet documentation is a line that you must change the content path by hand Well the “movecontent “option changed this.

So no changes are needed !

*********************************************************** this step is not needed

WSUS 3.0 SP2 With Powershell NLB on windows 2008 R2 what can go wrong

Posted January 22, 2010 by Robert Smit in Windows Server 2008 R2 NLB

  • Tag