This Rule generates alerts when A Virtual IP and a Dedicated IP do not have the same subnet mask or are in different subnets
The Firewall service generates this alert when ISA Server NLB integration mode is enabled and network load balancing is misconfigured.
When NLB is specified on the network, the Firewall service looks for an appropriate adapter to bind to NLB. The adapter should have the same subnet mask for its virtual IP address for its dedicated IP address. Similarly, the virtual IP address and the dedicated IP address must belong to the same subnet. Otherwise, this alert will be issued and NLB will not be functional.
The NLB configuration fails if the virtual IP address specified for the network does not belong to the same subnet as the dedicated IP address of the adapter chosen for NLB, or if the virtual IP address and the dedicated IP address have different subnet masks.
Reconfigure the load-balanced network and/or specify an alternate virtual IP address and/or virtual IP address subnet mask.
Change the adapter address and/or subnet mask to match the subnet and subnet mask of the virtual IP address.
Target | Microsoft.ISAServer.2006.NLB.ServerRole |
Category | EventCollection |
Enabled | True |
Alert Generate | False |
Remotable | True |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.ISAServer.2006.Rule.AlertGenerate.DS | Default |
WA | WriteAction | Microsoft.ISAServer.2006.Rule.AlertGenerate.WA | Default |
<Rule ID="Microsoft.ISAServer.2006.A_Virtual_IP_and_a_Dedicated_IP_do_not_have_the_same_subnet_mask_or_are_in_different_subnets.Rule" Enabled="onEssentialMonitoring" Target="Microsoft.ISAServer.2006.NLB.ServerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.ISAServer.2006.Rule.AlertGenerate.DS">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<EventsPattern>^(21242)$</EventsPattern>
<EventType>1</EventType>
<SourcePattern>Microsoft Firewall</SourcePattern>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WA" TypeID="Microsoft.ISAServer.2006.Rule.AlertGenerate.WA">
<AlertMessageId>$MPElement[Name="Microsoft.ISAServer.2006.A_Virtual_IP_and_a_Dedicated_IP_do_not_have_the_same_subnet_mask_or_are_in_different_subnets.AlertMessage"]$</AlertMessageId>
<DomainName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/DomainDnsName$</DomainName>
<Priority>1</Priority>
<Severity>2</Severity>
</WriteAction>
</WriteActions>
</Rule>