I
Ilios78
Hello all,
I am facing a very strange problem and I would like your thoughts on how to further investigate it:
I have two VMs running Windows Server 2016: one running ADFS and the other AD LDS.
ADFS receives an authentication request, passes the username/password to AD LDS where it get validated. Between the ADFS and AD LDS there is an A10 Load Balancer but for the moment there is only 1 ADFS server and 1 AD LDS server.
Everything is working correctly, but occasionally an authentication request will take 19sec. to complete. This is very consistent, the request will either complete in under 1 second (good scenario) or it will complete in 19 seconds (bad scenario). There is no deviation from this, bad scenario is always between: 19.1seconds and 19.8 seconds. Again always the requests terminates correctly, with ADFS issuing the related authentication cookies.
As both servers are on the same VLAN, I have set in each server's host file the IP address of the other server, effectively bypassing the A10 Load Balancer, and the problem goes away. All requests terminate successfully in under 1 sec.
However, this is not a viable solution as I will need the Load Balancer in the future…
Upon further investigation from out network team we were told that : “A10 is waiting for the server to send ACK and the remaining data.” According to them the issue is on server side, yet I have no idea how to further investigate this issue…
The server configurations are identical. There are no special entries in the routing tables and a single interface.
Any ideas or comments would be helpful.
Continue reading...
I am facing a very strange problem and I would like your thoughts on how to further investigate it:
I have two VMs running Windows Server 2016: one running ADFS and the other AD LDS.
ADFS receives an authentication request, passes the username/password to AD LDS where it get validated. Between the ADFS and AD LDS there is an A10 Load Balancer but for the moment there is only 1 ADFS server and 1 AD LDS server.
Everything is working correctly, but occasionally an authentication request will take 19sec. to complete. This is very consistent, the request will either complete in under 1 second (good scenario) or it will complete in 19 seconds (bad scenario). There is no deviation from this, bad scenario is always between: 19.1seconds and 19.8 seconds. Again always the requests terminates correctly, with ADFS issuing the related authentication cookies.
As both servers are on the same VLAN, I have set in each server's host file the IP address of the other server, effectively bypassing the A10 Load Balancer, and the problem goes away. All requests terminate successfully in under 1 sec.
However, this is not a viable solution as I will need the Load Balancer in the future…
Upon further investigation from out network team we were told that : “A10 is waiting for the server to send ACK and the remaining data.” According to them the issue is on server side, yet I have no idea how to further investigate this issue…
The server configurations are identical. There are no special entries in the routing tables and a single interface.
Any ideas or comments would be helpful.
Continue reading...