|
Home > Archive > Application Center Administration > November 2004 > Problems with SSL and Reqeust Forwarding
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Problems with SSL and Reqeust Forwarding
|
|
| D Nilsson 2004-10-26, 7:46 am |
| Hi
We have developed a web cluster with Application Center for one of our
customers. Since we are in need of keeping session state we have chosen to
use the Request Forwarding feature.
When surfing our sites with http everything works fine, session state is
upheld, but when switching over to https things go wrong. After a few clicks
on the site it seems like the cluster is losing control over the session and
nothing happens, you won't get a response on your request to the server.
Click the link again and you will get a response. Why is that? Is there an
issue using Request Forwarding and ssl in a Application Center-cluster with
custom affinity?
We have not installed the certificates on every member in the cluster
manually, instead we have used application centers functionallity to export
the certificate from the cluster-controller to the other members in the
cluster.
Some technical data regarding our solution:
* 4 W2K webservers
* Application Center 2000 sp2
* an asp application
* request forwarding
* custom affinity
Since there is a very short time (5 days) until this site is going live we
would very much appreciate your help!
| |
| Smit-Dog 2004-11-29, 7:46 am |
| D Nilsson....
Did you ever resolve this issue? I have a customer who is about to install
digital certificates in their 2-member cluster, and they are wondering if
they have to install it on each member, or just the cluster controller, and
use synchronization (not exactly sure how) to propogate the digital
certificate across the cluster.
Thanks for any further insight you can offer on this issue.
- Bill
"D Nilsson" wrote:
> Hi
>
> We have developed a web cluster with Application Center for one of our
> customers. Since we are in need of keeping session state we have chosen to
> use the Request Forwarding feature.
>
> When surfing our sites with http everything works fine, session state is
> upheld, but when switching over to https things go wrong. After a few clicks
> on the site it seems like the cluster is losing control over the session and
> nothing happens, you won't get a response on your request to the server.
> Click the link again and you will get a response. Why is that? Is there an
> issue using Request Forwarding and ssl in a Application Center-cluster with
> custom affinity?
>
> We have not installed the certificates on every member in the cluster
> manually, instead we have used application centers functionallity to export
> the certificate from the cluster-controller to the other members in the
> cluster.
>
> Some technical data regarding our solution:
>
> * 4 W2K webservers
> * Application Center 2000 sp2
> * an asp application
> * request forwarding
> * custom affinity
>
> Since there is a very short time (5 days) until this site is going live we
> would very much appreciate your help!
>
>
>
| |
| George Cheng [MSFT] 2004-11-29, 5:51 pm |
| If you install the certificate on the controller it will automatically
replicate over to the member when you bind the certificate to a site.
Thank You
George Cheng
Microsoft Application Center & Index Server Support
Note: This article has no warranties implicit or explicit.
All the content is given on the "as is" basis and the user
takes full responsibility for its use and assumption.
Microsoft Corporation Copyright 2004
All Rights Reserved
--------------------
| Thread-Topic: Problems with SSL and Reqeust Forwarding
| thread-index: AcTWGsBMMXI5iUALSrGRrZhEiUhFUg==
| X-WBNR-Posting-Host: 68.61.30.192
| From: "=?Utf-8?B?U21pdC1Eb2c=?=" <SmitDog@discussions.microsoft.com>
| References: <8815ADEC-B8F3-4505-A2FB-B2EDC40D68F4@microsoft.com>
| Subject: RE: Problems with SSL and Reqeust Forwarding
| Date: Mon, 29 Nov 2004 05:53:05 -0800
| Lines: 46
| Message-ID: <61BC7B00-B51D-4D1C-83EC-AFF8E6DF641C@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.applicationcenter.admin
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
| Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.applicationcenter.admin:5800
| X-Tomcat-NG: microsoft.public.applicationcenter.admin
|
| D Nilsson....
|
| Did you ever resolve this issue? I have a customer who is about to
install
| digital certificates in their 2-member cluster, and they are wondering if
| they have to install it on each member, or just the cluster controller,
and
| use synchronization (not exactly sure how) to propogate the digital
| certificate across the cluster.
|
| Thanks for any further insight you can offer on this issue.
|
| - Bill
|
| "D Nilsson" wrote:
|
| > Hi
| >
| > We have developed a web cluster with Application Center for one of our
| > customers. Since we are in need of keeping session state we have chosen
to
| > use the Request Forwarding feature.
| >
| > When surfing our sites with http everything works fine, session state
is
| > upheld, but when switching over to https things go wrong. After a few
clicks
| > on the site it seems like the cluster is losing control over the
session and
| > nothing happens, you won't get a response on your request to the
server.
| > Click the link again and you will get a response. Why is that? Is there
an
| > issue using Request Forwarding and ssl in a Application Center-cluster
with
| > custom affinity?
| >
| > We have not installed the certificates on every member in the cluster
| > manually, instead we have used application centers functionallity to
export
| > the certificate from the cluster-controller to the other members in the
| > cluster.
| >
| > Some technical data regarding our solution:
| >
| > * 4 W2K webservers
| > * Application Center 2000 sp2
| > * an asp application
| > * request forwarding
| > * custom affinity
| >
| > Since there is a very short time (5 days) until this site is going live
we
| > would very much appreciate your help!
| >
| >
| >
|
| |
| Smit-Dog 2004-11-29, 5:51 pm |
| George,
Your response seems to contradict what I've read in the AppCenter help file.
In the help file, it states that SSL certificates are not automatically
replicated (either change-based or interval-based) due to the fact that IIS
needs to be restarted. The help file says to use the "New Deployment Wizard"
to do an explicit deployment synchronization.
Please refer to these topics in the help file:
1) "Advanced Synchronization and Deployment"
2) "Deploy an Application"
Can you please clairify the steps/process involved in installing
certificates in an AppCenter environment?
Thanks!
- Bill
""George Cheng [MSFT]"" wrote:
> If you install the certificate on the controller it will automatically
> replicate over to the member when you bind the certificate to a site.
>
> Thank You
>
> George Cheng
>
> Microsoft Application Center & Index Server Support
>
> Note: This article has no warranties implicit or explicit.
> All the content is given on the "as is" basis and the user
> takes full responsibility for its use and assumption.
> Microsoft Corporation Copyright 2004
> All Rights Reserved
>
> --------------------
> | Thread-Topic: Problems with SSL and Reqeust Forwarding
> | thread-index: AcTWGsBMMXI5iUALSrGRrZhEiUhFUg==
> | X-WBNR-Posting-Host: 68.61.30.192
> | From: "=?Utf-8?B?U21pdC1Eb2c=?=" <SmitDog@discussions.microsoft.com>
> | References: <8815ADEC-B8F3-4505-A2FB-B2EDC40D68F4@microsoft.com>
> | Subject: RE: Problems with SSL and Reqeust Forwarding
> | Date: Mon, 29 Nov 2004 05:53:05 -0800
> | Lines: 46
> | Message-ID: <61BC7B00-B51D-4D1C-83EC-AFF8E6DF641C@microsoft.com>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.applicationcenter.admin
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
> | Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: cpmsftngxa10.phx.gbl microsoft.public.applicationcenter.admin:5800
> | X-Tomcat-NG: microsoft.public.applicationcenter.admin
> |
> | D Nilsson....
> |
> | Did you ever resolve this issue? I have a customer who is about to
> install
> | digital certificates in their 2-member cluster, and they are wondering if
> | they have to install it on each member, or just the cluster controller,
> and
> | use synchronization (not exactly sure how) to propogate the digital
> | certificate across the cluster.
> |
> | Thanks for any further insight you can offer on this issue.
> |
> | - Bill
> |
> | "D Nilsson" wrote:
> |
> | > Hi
> | >
> | > We have developed a web cluster with Application Center for one of our
> | > customers. Since we are in need of keeping session state we have chosen
> to
> | > use the Request Forwarding feature.
> | >
> | > When surfing our sites with http everything works fine, session state
> is
> | > upheld, but when switching over to https things go wrong. After a few
> clicks
> | > on the site it seems like the cluster is losing control over the
> session and
> | > nothing happens, you won't get a response on your request to the
> server.
> | > Click the link again and you will get a response. Why is that? Is there
> an
> | > issue using Request Forwarding and ssl in a Application Center-cluster
> with
> | > custom affinity?
> | >
> | > We have not installed the certificates on every member in the cluster
> | > manually, instead we have used application centers functionallity to
> export
> | > the certificate from the cluster-controller to the other members in the
> | > cluster.
> | >
> | > Some technical data regarding our solution:
> | >
> | > * 4 W2K webservers
> | > * Application Center 2000 sp2
> | > * an asp application
> | > * request forwarding
> | > * custom affinity
> | >
> | > Since there is a very short time (5 days) until this site is going live
> we
> | > would very much appreciate your help!
> | >
> | >
> | >
> |
>
>
| |
| George Cheng [MSFT] 2004-11-29, 5:51 pm |
| I've never had to restart IIS to replicate a certificate. A synchronization
after the certificate is binded to a site should do the trick.
Thank You
George Cheng
Microsoft Application Center & Index Server Support
Note: This article has no warranties implicit or explicit.
All the content is given on the "as is" basis and the user
takes full responsibility for its use and assumption.
Microsoft Corporation Copyright 2004
All Rights Reserved
--------------------
| Thread-Topic: Problems with SSL and Reqeust Forwarding
| thread-index: AcTWQ46/4GFYl3okQii9yRFK8OhNKg==
| X-WBNR-Posting-Host: 208.254.174.136
| From: "=?Utf-8?B?U21pdC1Eb2c=?=" <SmitDog@discussions.microsoft.com>
| References: <8815ADEC-B8F3-4505-A2FB-B2EDC40D68F4@microsoft.com>
<61BC7B00-B51D-4D1C-83EC-AFF8E6DF641C@microsoft.com>
<$Y6VKWj1EHA.3512@cpmsftngxa10.phx.gbl>
| Subject: RE: Problems with SSL and Reqeust Forwarding
| Date: Mon, 29 Nov 2004 10:45:11 -0800
| Lines: 123
| Message-ID: <3E5E1217-FB83-44BA-8247-028F4CAAC773@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.applicationcenter.admin
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
| Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.applicationcenter.admin:5803
| X-Tomcat-NG: microsoft.public.applicationcenter.admin
|
| George,
|
| Your response seems to contradict what I've read in the AppCenter help
file.
| In the help file, it states that SSL certificates are not automatically
| replicated (either change-based or interval-based) due to the fact that
IIS
| needs to be restarted. The help file says to use the "New Deployment
Wizard"
| to do an explicit deployment synchronization.
|
| Please refer to these topics in the help file:
|
| 1) "Advanced Synchronization and Deployment"
|
| 2) "Deploy an Application"
|
| Can you please clairify the steps/process involved in installing
| certificates in an AppCenter environment?
|
| Thanks!
|
| - Bill
|
| ""George Cheng [MSFT]"" wrote:
|
| > If you install the certificate on the controller it will automatically
| > replicate over to the member when you bind the certificate to a site.
| >
| > Thank You
| >
| > George Cheng
| >
| > Microsoft Application Center & Index Server Support
| >
| > Note: This article has no warranties implicit or explicit.
| > All the content is given on the "as is" basis and the user
| > takes full responsibility for its use and assumption.
| > Microsoft Corporation Copyright 2004
| > All Rights Reserved
| >
| > --------------------
| > | Thread-Topic: Problems with SSL and Reqeust Forwarding
| > | thread-index: AcTWGsBMMXI5iUALSrGRrZhEiUhFUg==
| > | X-WBNR-Posting-Host: 68.61.30.192
| > | From: "=?Utf-8?B?U21pdC1Eb2c=?=" <SmitDog@discussions.microsoft.com>
| > | References: <8815ADEC-B8F3-4505-A2FB-B2EDC40D68F4@microsoft.com>
| > | Subject: RE: Problems with SSL and Reqeust Forwarding
| > | Date: Mon, 29 Nov 2004 05:53:05 -0800
| > | Lines: 46
| > | Message-ID: <61BC7B00-B51D-4D1C-83EC-AFF8E6DF641C@microsoft.com>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.applicationcenter.admin
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
| > | Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: cpmsftngxa10.phx.gbl
microsoft.public.applicationcenter.admin:5800
| > | X-Tomcat-NG: microsoft.public.applicationcenter.admin
| > |
| > | D Nilsson....
| > |
| > | Did you ever resolve this issue? I have a customer who is about to
| > install
| > | digital certificates in their 2-member cluster, and they are
wondering if
| > | they have to install it on each member, or just the cluster
controller,
| > and
| > | use synchronization (not exactly sure how) to propogate the digital
| > | certificate across the cluster.
| > |
| > | Thanks for any further insight you can offer on this issue.
| > |
| > | - Bill
| > |
| > | "D Nilsson" wrote:
| > |
| > | > Hi
| > | >
| > | > We have developed a web cluster with Application Center for one of
our
| > | > customers. Since we are in need of keeping session state we have
chosen
| > to
| > | > use the Request Forwarding feature.
| > | >
| > | > When surfing our sites with http everything works fine, session
state
| > is
| > | > upheld, but when switching over to https things go wrong. After a
few
| > clicks
| > | > on the site it seems like the cluster is losing control over the
| > session and
| > | > nothing happens, you won't get a response on your request to the
| > server.
| > | > Click the link again and you will get a response. Why is that? Is
there
| > an
| > | > issue using Request Forwarding and ssl in a Application
Center-cluster
| > with
| > | > custom affinity?
| > | >
| > | > We have not installed the certificates on every member in the
cluster
| > | > manually, instead we have used application centers functionallity
to
| > export
| > | > the certificate from the cluster-controller to the other members in
the
| > | > cluster.
| > | >
| > | > Some technical data regarding our solution:
| > | >
| > | > * 4 W2K webservers
| > | > * Application Center 2000 sp2
| > | > * an asp application
| > | > * request forwarding
| > | > * custom affinity
| > | >
| > | > Since there is a very short time (5 days) until this site is going
live
| > we
| > | > would very much appreciate your help!
| > | >
| > | >
| > | >
| > |
| >
| >
|
|
|
|
|
|