Friday, April 24, 2009

Microsoft ISA Server 2006 NLB Multicast

I read this article several times: How to change Microsoft ISA Server 2006 NLB from Unicast to Multicast and it seemed really scary at first, but then I realized that it was a lot simpler than it looks.

Basically, if you are setting up a new Microsoft Internet Security and Acceleration Server with service pack 1, also known as Microsoft Forefront Threat Management Gateway, TMG. All you need to do is run this command on the first configuration storage server:

CSCRIPT KB938550.WSF /array:ISA-array-name /NLB:Muticast /Net1:name-of-the-ISA-network

KB938550.WSF is not directly available for download, but is available from Microsoft, follow the directions from KB938550

After running the script, simply setup ISA Network Load Balancing normally and it will be configured for multicast automatically.

One concern I had before I did this was how to change ISA server back to unicast from multicast. A quick look at the script explained it all as it has several examples, including:

To define NLB Unicast for a single network:
cscript kb938550.wsf /array:arrayname /nlb:unicast /net1:netname

To display the current NLB state in ISA storage:
cscript kb938550.wsf /array:arrayname /show

This week I was deploying an ISA Server 2006 with integrated NLB for a customer whose network configuration simply required the NLB to be configured for multicast. Fortunately, Microsoft continues to improve ISA server, and I was able to put this new feature to use.


sachinraj said...

Hi Deepak

I have gone through your blog this morning and found you are good in ISA .I am having one doubt on ISA 2006 Ent edition .I have already posted it as a comment in your blog .Can you please answer this question

My network is having more than one VLAN so I am using ISA as my Proxy server with only one Network card. I wish to have a load balancing and failover setup for this by using NLB concept.

Keeping these issues in mind, I know that

ISA will not work with more than 1 Gateway

ISA will not support Routing

ISA will not understand VLANs

I am having ISA 2006 Ent license and wish to configure ISA as a proxy with NLB, so that if one ISA is down users can browse internet using the other .

I hope we need to keep ISA with 1 LAN card to configure it as a Proxy because to listen different VLANS, ISA should have gateway in the network configuration .If I am using more than 1 LAN card, ISA will work as a gateway, and its internal LAN card will not have any Gateway, so only the home VLAN can contact this ISA

Joseph Martin Durnal said...

I don’t completely understand what you are trying to do. It would really help to see a basic diagram of what you are trying to do, but it sounds like you are trying to have the ISA server on two vlans with a single network card. I’ve never done it that way myself. Are you trying to use it as an application proxy where connections coming from the internet are proxies to an internal web service? That would describe my typical experience with ISA. This can easily be done with a single network card, but I prefer two, especially when using NLB.

Giulio Longo said...

I have a question:
When I switched from "unicast" to "multicast" I've followed the instructions that I've found in

Now I need to change from "multicast" to "igmp".
Should I repeat all the above steps, or is it enough to run
"CSCRIPT KB938550.WSF /array:ISA-array-name /NLB:IGMP /Net1:name-of-the-ISA-network" ???

I need to know how long will be my ISA "unavailable".

Best regards

Monika Gupta said...

Nice post...I look forward to reading more, and getting a more active part in the talks here, whilst picking up some knowledge as well..