Windows Server 2012 NLB logging – Valuable Tech Notes

Can somebody clarify to me what are the best practices when it comes to configuring logging and monitoring for Windows Server 2012 NLB. I believe there are 2 types of logging from management service and network driver. One of them (not sure which) can be enabled in NLB Manager. I'm interested to know what is tried or recommended logging configuration here.
As it quite often happens my interest triggered by case when one of the nodes physically went down (some underlying hyper visor failure) and there were no network connectivity to this node (no pings) and according to unconfirmed statements NLB continued to try to serve clients from failed node. I want to investigate/verify this from NLB POV why it not handled node failure properly. Though my current understanding is that NLB logging is disabled by default and there is not much I can gather from other logs.

How can I investigate such case?

Best Answer

This looks useful for debugging, but can be rotated follow regular Event Tracing for Windows standards (some info): Network Load Balancing in [Windows 2008] R2: Using ETW Tracing

For continued availability, I've saved the unsupported man file to a gist. You can install it as follows:

wevtutil im networkloadbalancing-core-diagnostic.events.man

As for a log rotation idea, the post states:

To view events as a text file first stop the provider and then use:

wevtutil sl Microsoft-Windows-NLB/Diagnostic /e:false /q
wevtutil qe Microsoft-Windows-NLB/Diagnostic /f:text > events.txt

Build in some other logic to check size and only retain for a few days, and you should be set with one method for rotation of log files.

Best Answer

Related Solutions

Linux equivalent of Windows NLB

Windows Server 2008 NLB doesn’t respond to ARP request

Related Topic