How to delete saved passwords for network drives in Windows

If you saved a password for a network drive in windows and want to remove it, press the keys [Windows] + [R] to open the windows command line. Then enter

control keymgr.dll

and click on “OK” to open the windows credential manager which allows you to manage and delete passwords saved in Windows.


This procedure works for Windows XP, Vista and Windows 7.

Be Sociable, Share! ..

Finding the source to something that keeps locking a domain user – MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Clone a VMware’s VM without vCenter in ESXi 5.x by commands (The official way)

I will show the procedure by cloning a snapshot of a vm since this is a little more tricky than cloning just a single vm.

First let’s make a snapshot of my Xp3 vm. Right click the vm and make a snapshot, let’s call it “mySnapshot”. Of course you don’t need to do this if you just want to clone a single vm. After that, shutdown the vm otherwise the files will be locked.

vm snapshot

Now enable the ssh service on your ESXi by going to the configuration tab and the security policy option. Just start it for the moment, you don’t need to set it to start automatically. Use a ssh client like putty and connect to the hypervisor. Browse the folder under /vmfs/volumes path. It should look like this


so type

cd /vmfs/volumes
ls -la

in my case I have two datastores and my Xp3 vm is in datastore2, so let’s get into it.

Xp3 vm and snapshot

cd datastore2
ls -la

As you can see now, there are more than one vmdk disk files, the flat vmdk, the delta vmdk and the vmdk descriptor file (the Xp3-000001.vmdk file in our example), along with the memory snapshot and various control and log files. What we should use here as a source file is the descriptor file that points to our snapshot. If you didn’t have a snapshot, the source file would be the vmdk descriptor file of your vm, Xp3.vmdk.

Now, what I need to do is clone my Xp3 snapshot to a new Xp4 vm. First create the destination folder in datastore2 folder and type in the following commands

mkdir Xp4

and clone the disk file

vmkfstools -i /vmfs/volumes/datastore2/Xp3/Xp3-000001.vmdk /vmfs/volumes/datastore2/Xp4/Xp4.vmdk -d thin

if it was a single vm without a snapshot, you should run

vmkfstools -i /vmfs/volumes/datastore2/Xp3/Xp3.vmdk /vmfs/volumes/datastore2/Xp4/Xp4.vmdk -d thin

if you list the files in the destination folder you will see the new flat file and the descriptor file.

cloned disk files

The actual syntax of vmkfstools command is

vmkfstools -i source_path destination_path -d disk_format -a adapter_type

type man vmkfstools for more on this command

Finally create a new vm and force the use of an existing disk file.

create new vm

use existing virtual disk

select the cloned vmdk

You are ready to power it on.

power on

if you list the folder of the cloned vm you will see something like that

cloned vm files

Don’t forget to use sysprep command in windows to generalize your new virtual machine.

Reference: VMWare’s website article

Cloning virtual machines in vCenter Server


This article provides basic instructions for cloning virtual machines in your VMware vSphere or VMware Infrastructure environment.


To clone a virtual machine currently stored in the infrastructure:

Note: To be able clone a virtual machine, you must be connected to vCenter Server. You cannot clone virtual machines if you connect directly to an ESXi host.

  1. Open and log into the VMware vSphere or Infrastructure Client.
  2. Locate the virtual machine you wish to clone in the inventory.
  3. Establish if you will be cloning the virtual machine while it is powered on (live) or off.For VMware VirtualCenter 2.5 Update 2 and later, a live clone option is available. You may proceed with the virtual machine either powered on or off. Power it down to reduce snapshot storage requirements and ensure all disk transactions are committed to the clone. Live clones can be expected to result in a slightly out-of-date destination virtual machine, where data recorded (to snapshot delta disks, during the clone operation) is not committed to the destination copy.

    For prior versions of VMware VirtualCenter however, you must power down the virtual machine in order to clone it.

  4. Right-click the virtual machine and select Clone from the context menu.
  5. Follow the on-screen wizard and either clone the entire virtual machine to a single location, or relocate specific virtual machine disks to other locations.
  6. Complete the wizard to begin the clone operation.

Warning: Before you power on the virtual machine clone, understand the following:

  • Virtual machines clones are issued a new Universally Unique IDentifier (UUID). This affects user scripts and API calls to the UUID of the virtual machine.
  • Virtual machines clones are issued new MAC addresses for attached virtual network adapters. This may have an effect on software or licensing that is sensitive to MAC address changes.
  • Guest operating systems for virtual machine clones may share computer names and static IP addresses with their original counterparts. Be sure to account for this prior to power-on.

Windows 7 Network Drive not Connecting …

I cannot map to the network drive! It said the password is not valid!

1. Goto Run –> gpedit.msc
2. Open the Local Security Policy
3. Select the Security Option under Local Policies
4. Choose “Send LM & NTLM responses“in Network security: LAN manager authentication level

LAN Issue

Complete Force Removal of a Domain Controller from Active Directory

Manually remove a DC from AD follow these steps
Know Your FSMO Locations

Make sure that the DC you are removing is not holding any of the FSMO Roles

i) On any health domain controller, click Start, click Run, type “Ntdsutil” in the Open box, and then click OK
ii) Type “roles”, and then press ENTER
iii) Type “connections”, and then press ENTER
iv) Type “connect to server <servername>”, where <servername> is the name of the server you want to use, and then press ENTER
v) Type “quit”, and then press ENTER
vi) Type “select operation target”, and then press ENTER
vii) Type “list roles for connected server”, and then press ENTER
viii) Review the listed roles and their host, if the DC that wish to remove is not listed proceed to step 4

Seizing FSMO Roles (The Last Resort)

If for what ever reason you can not do a clean transfer you will need to seize it

i) On any health domain controller, click Start, click Run, type “Ntdsutil” in the Open box, and then click OK
ii) Type “roles”, and then press ENTER
iii) Type “connections”, and then press ENTER
iv) Type “connect to server <servername>”, where <servername> is the name of the server you want to use, and then press ENTER
v) Type “quit”, and then press ENTER
vii) Type seize <role>, where <role> is the role you want to seize
viii) You will receive a warning window asking if you want to perform the seize. Click on Yes

Do not put the Infrastructure Master (IM) role on the same domain controller as the Global Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest.
Transferring the any hosted FSMO Roles

i) For the RID, PDC, and Infrastructure Master
1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click the icon next to Active Directory Users and Computers, and then click Connect to Domain Controller.NOTE: If you are not on the domain controller where you want to transfer the role ,you need to take this step. It is not necessary if you are connected to the domain controller whose role you want to transfer.
3. Click the domain controller which will be the new role holder, and then click OK.
4. Right-click Active Directory Users and Computers icon, and then click Operation Masters.
5. In the Change Operations Master dialog box, click the appropriate tab (RID, PDC, or Infrastructure) for the role you want to transfer.
6. Click Change in the Change Operations Master dialog box.
7. Click OK to confirm that you want to transfer the role.
8. Click OK.
9. Click Cancel to close the dialog box.

For the Domain Naming Master role
1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Domains and Trusts.
2. Right-click the Active Directory Domains and Trusts icon, and then click Connect to Domain Controller.NOTE: If you are not on the domain controller where you want to transfer the role ,you need to take this step. It is not necessary if you are connected to the domain controller whose role you want to transfer.
3. click the domain controller that will be the new role holder, and then click OK.
4. Right-click Active Directory Domains and Trusts, and then click Operation Masters.
5. In the Change Operations Master dialog box, click Change.
6. Click OK to confirm that you want to transfer the role.
7. Click OK.
8. Click Cancel to close the dialog box.

For the Schema Master Role
1. Click Start, click run, type mmc, and then click OK.
2. On the Console, menu click Add/Remove Snap-in.
3. Click Add.
4. Click Active Directory Schema.
5. Click Add.
6. Click Close to close the Add Standalone Snap-in dialog box.
7. Click OK to add the snap-in to the console.
8. Right-click the Active Directory Schema icon, and then click Change Domain Controller.NOTE: If you are not on the domain controller where you want to transfer the role ,you need to take this step. It is not necessary if you are connected to the domain controller whose role you want to transfer.
9. Click Specify Domain Controller, type the name of the domain controller that will be the new role holder, and then click OK.
10. Right-click Active Directory Schema, and then click Operation Masters.
11. In the Change Schema Master dialog box, click Change.
12. Click OK.
13. Click OK .
14. Click Cancel to close the dialog box.
Attempt a Force Removal

i) As a Domain Admin and in a command prompt type dcpromo /forceremoval
ii) If the force removal did not work pull the plug ( or shut down properly) and never every turn it back on while connected to the network
Clear the Metadata from AD

i) On any health domain controller, click Start, click Run, type “Ntdsutil” in the Open box, and then click OK
ii) Type “metadata cleanup”, and then press ENTER
iii) Type “connections”, and then press ENTER
iv) Type “connect to server <servername>”, where <servername> is the name of the server you want to use, and then press ENTER
v) Type “quit”, and then press ENTER
vi) Type “select operation target”, and then press ENTER
vii) Type “list domains”, and then press ENTER
viii) Type “select domain [n]”, [n] representing the domain, and then press ENTER
ix) Type “list sites”, and then press ENTER
x) Type “select site [n]”, [n] representing the site, and then press ENTERR
xi) Type “list servers in site”, and then press ENTER
xii) Type “select server [n]”, [n] representing the DC to be removed, and then press ENTERR
xiii) Type “quit”, and then press ENTER
xiv) Type “remove selected server”, and then press ENTER
Cleanup DNS by Removing all References to the Removed server

i) In the DNS snap-in, right click domain.whatever and Properties
1. Click on Nameservers tab: remove server
ii) Repeat the above instructions for Reverse lookup and all zones
iii) Open up _msdcs and check all folders within for server name or ip reference
iv) Repeat the above step for _sites, and all others
v) Repeat the above steps for the Reverse Lookup Zones
In Active Directory Sites and Services – delete server

Adding first Windows Server 2012 Domain Controller within Windows 2003/2008/2008R2 network


To be able to configure Windows Server 2012 Domain Controller within Windows 2003/2008/2008R2 network we need to check if Forest Functional Level is set up at least in Windows 2003 mode. This is the lowest required Forest Functional Level allowing Windows Server 2012 Domain Controller installation. That means, Windows 2000 DCs are not supported anymore. Microsoft does not support them with cooperation with 2012 Domain Controllers. It’s time to forget about these old DCs.

Windows Server 2012 DC Forest Functional Level requirements

We can check this in domain, where we want to install first 2012 DC. To verify that, we need to use “Active Directory Users and Computers” or “Active Directory Domains and Trusts” console.

Using “Active Directory Users and Computers” console, select your domain and click right mouse button (RMB) on it. Choose “Raise Domain Functional Level” and check that.

If you see screen like this (Windows 2003 mode), it means that you do not need to raise your Domain Functional Level. In other case you have to remove all Windows 2000 Domain Controllers or if you have no any, raise DFL to Windows 2003 mode or higher

But remember, raising Domain Functional Level is one time action and cannot be reverted. Before you raise it to 2003 mode, please ensure that all of your Domain Controllers are running at least on Windows Server 2003. In this case all of them are running at least 2003 DCs as DFL is set up to 2003 mode, which would not be possible when any of 2000 DCs are still available.

Windows 2003 mode do not support DCs based on earlier Microsoft Windows systems like NT4 and Windows 2000

Another way for that is using Active Directory Domains and Trusts console. Run this console, select domain for which you want to check Domain Functional Level and choose “Raise Domain Functional Level”

Follow the same steps as in previous console.

More about Raising Domain Functional Level you can find in another article on my blog.

In this place, you can also raise your Forest Functional Level if all of your Domain Controllers in entire forest are running on Windows Server 2003. If not, please skip below steps and go to Single Master Operation Roles section.

To raise Forest Functional Level, select “Active Directory Domains and Trusts” node, click on it RMB and choose “Raise Forest Functional Level”. On the list accept “Windows Server 2003” mode by clicking on “Raise” button.

In this case FFL is set up on Windows Server 2003 mode and there is no need to raise it.

For more information about Raising Forest Functional Level please check another article on my blog.

You can also try to determine DFL and FFL levels following artilce on my blog titled: Determine DFL and FFL using PowerShell

Now, it’s time to determine which Domain Controller(s) hold(s) Single Master Operation Roles. The most important for preparing environment for 2012 DC are

  • Schema Master
  • Infrastructure Master

We need to be sure that connection to this/these DC(s) are available during set up process. In previous versions we need to prepare environment using adprep command to extend schema and configure Infrastructure Master. From Windows Server 2012 we don’t have to run adprep first. Of course, if you wish, you can still do that but it is not mandatory step. From, now, Windows Server 2012 will do that for you if it will detect that adprep was not used before for Schema and Infrastructure preparation. That’s the newest feature in Windows Server 2012 which simplifies promotion process as much as it can. You need to only check if connection to DC(s) with mentioned operators master roles is available (it is based on similar solution applied in Exchange 2010 where you do not have to use to extend Schema yourself).

To verify necessary Operation Masters, we can use netdom command installed from Support Tools on Windows Server 2003 (in 2008/2008R2 it is available by default). Open command-line and go to default installation directory:

C:Program FilesSupport Tools and type:

netdom query fsmo

and identify DC(s) from an output

We collected almost all necessary information to start AD preparation for the first Windows Server 2008 R2 Domain Controller. The last and the most important part before we start preparation, is checking Forest/Domain condition by running:

  • Dcdiag (from Support Tools)
  • Repadmin (also from Support Tools)

Run in command-line on a DC where you have installed Support Tools

dcdiag /e /c /v

and check if there are no errors. If so, please correct them (in case that your forest/domain has a lot of Domain Controllers, please skip /e switch)

now run in command-line:

repadmin /showrepl /all /verbose

to check if your DCs are replicating data without errors.

For more about Active Directory Troubleshooting Tools check one of my articles on this blog

After those checks, you can start with Active Directory preparation.

Adding first Windows 2012 Domain Controller

Before we start preparing AD for new Windows Server 2012 DC, we need to be sure that we are members of:

  • Enterprise Admins group

when we are sure for that, we can start installation.

Install your new box with Windows Server 2012 and configure its IP address correspondingly to your network settings and change default server name to yours.

Remember that it’s very important to properly configure Network Card settings to be able to promote your new box as domain controller!

The most important part of configuring NIC is setting up DNS server(s). Point your new box to one of the existing Domain Controllers where you have installed and configured DNS.

After you verified IP settings, you can start server promotion to Domain Controller. However, you cannot use old good known dcpromo command as it is not valid anymore :)

Microsoft removed it and now everything is done over new Server Manager console. You need to install Active Directory: Directory Servicesrole and after that in post-installation steps, you can promote it to Domain Controller. Let’s start

Open Server Manager console (if it was not already opened) and click on “Add roles and features” on Dashboard screen

Using default settings in a wizard go up to “Server roles” step (in this article those steps are not described. You may expect their description in another article) and select Active Directory Directory Services role. Accept also default features which are required during installation

Verify if check box is in proper place and go to the next step

On “Features” screen also go to the next step as we do not need more at this step to be installed. All required features will be installed as you accepted them a little bit earlier

Read information about role you are installing and go to confirmation screen to install it

Wait some time until selected role is being installed before you will be able to promote server to Domain Controller

Now, when role is installed, you can see in notification area an exclamation mark. It tells you that post-installation steps might be required

Click on it to see what can be done. You will see that now, you can promote your server to Domain Controller and information that features were installed successfully

OK, let’s start server promotion to Domain Controller! Click on “Promote this server to a domain controller” and you will see a wizard.

As we are adding Domain Controller into existing domain, we need to select proper option. It is selected by default, however, please ensure if you can see that “Add a domain controller to an existing domain” is selected

When you verified that, place in field with red star DNS domain name to which you are promoting DC. Provide Enterprise Administrator credentials and go to the next step

Define if server should be DNS server and Global Catalog. I would strongly recommend installing both roles on each Domain Controller in your environment. Select a Site to which this DC should belongs to and define Directory Services Restoration Mode (DSRM) password for this DC

Do not worry about DNS delegation as this server is not DNS already. Go to the next step

In”Additional options” you can define if you want to install this Domain Controller from Install From Media (IFM) (if you have it) and point from which DC replication should be done. When you do not specify, server will choose the best location for AD database replication. If you have no special requirements for that, just leave “Any domain controller”

Specify location for AD database and SYSVOL (if you need different that suggested) and go to the next step

Now, wizard informs you that Schema and Domain preparation need to be done. As you did not run adprep before, it will be executed in a background for you

You will see a summary screen where you can check all selected options for server promotion. As in Windows Server 2012 everything done over Server Manager is translated into PowerShell code and it is executed in a background, you can check code by clicking on “View script” button. You will see what exactly will be run. This is transparent process and you cannot see PowerShell window in front of you

PowerShell code for adding Domain Controller

 # Windows PowerShell script for AD DS Deployment
Import-Module ADDSDeployment
 Install-ADDSDomainController `
 -NoGlobalCatalog:$false `
 -CreateDnsDelegation:$false `
 -Credential (Get-Credential) `
 -CriticalReplicationOnly:$false `
 -DatabasePath "C:WindowsNTDS" `
 -DomainName "testenv.local" `
 -InstallDns:$true `
 -LogPath "C:WindowsNTDS" `
 -NoRebootOnCompletion:$false `
 -SiteName "Default-First-Site-Name" `
 -SysvolPath "C:WindowsNTDS" `

If all prerequisites will pass and you are sure that all setting you have set up properly, you can start installation

You can observe that Forest and Domain are being prepared by adprep running in backgroun. Wait until wizard will do its job and after server restart you will have new Windows Server 2012 Domain Controller.

Give DC some time to replicate Directory Services data and you can enjoy with new DC.

Post-Installation steps

Now, you need to do small changes within your environment configuration.

On each server/workstation NIC properties configure alternative DNS server IP address pointing to the new Domain Controller.

Open DHCP management console and under server/scope options (it depends on your DHCP configuration) modify option no. 006

Add there IP address of your new Domain Controller as DNS server.

That’s all!

Congratulations! You have promoted your first Windows Server 2012 in existing domain

Install and Configure NLB (WLBS) on Windows Server 2008

In this article I will load balance 2 servers and take you through the process step-by-step. Load Balancing takes 2 or more servers and lets them share one IP address so both servers can serve client requests. At the end of this article you should be able to configure NLB.

Gathering Information

Log onto both of the servers and run IPCONFIG /ALL from the command prompt. We need the name, domain and IP address of each server that will be in the NLB Cluster. We will also need to make up an additional name for the cluster in this example we will use SERVER-LB for the virtual cluster name.

The 2 servers we will be Load Balancing are PL2008-01 and PL2008-02. The virtual cluster name will be PL2008-V. So if this was a web server users would go to http://PL2008-V, depending how we configure NLB either PL2008-01, PL2008-02 or both servers will service the web request.

SERVER NAME IP ADDRESS TYPE Server 1 Server 2 Virtual cluster name and IP address of Servers 1/2

In this example both servers only have one network card. If you have multiple network cards you will still be able to load balance the 2 servers. You need to configure one NIC per server for NLB, both NIC’s should be on the same VLAN and be they should able to contact each other.



Installation of NLB feature on all NLB nodes

This should be done on ALL NODES in the NLB Cluster. In this case we are performing this installation on PL2008-01 and PL2008-02.

Open Server Manager, you can open this several different ways in Windows Server 2008. Probably the quickest way to open Server Manager is to right click “My Computer” and choose “Manage”, another way is open “Control Panel” go to “Program and Features” and select “Turn Windows features on or off”. A third way to open it is “Server Manager” option under Administrative Tools.

  • Select “Features” from the Server Manager menu on the left
  • Press “Add Features”

  • Select the checkbox next to “Network Load Balancing”
  • Press “Next”

  • Press “Install”

Installation will proceed to install the necessary components

Installation has successes. It is highly recommended that you repeat this process on all nodes in the NLB cluster at this point before continuing with configuration

  • Press “Close”

NOTE: Network Load Balancing may also be installed from a command prompt with elevated privileges (right click on the command prompt in the Start menu and select Run as administrator) by running the servermanagercmd -install nlb command.

For example:

C:\Windows\system32>servermanagercmd -install nlb
Start Installation...
[Installation] Succeeded: [Network Load Balancing].
Success: Installation succeeded.

Configuring NLB on NODE 1 (PL2008-01)

Network Load Balanced clusters are built using the Network Load Balancing Manager which you can start from Start -> All Programs -> Administrative Tools menu or from a command prompt by executing nlbmgr.

  • Under the Cluster Menu option select “New”

  • Enter the first node in the cluster which is PL2008-01
  • Press “Connect”

You will have the option to choose which network adapter you want to use, the NIC should be on the same subnet as the other servers in the NLB cluster

  • Press “Next”

  • Enter the Priority ID as, 1 (each node in the NLB cluster should have a UNIQUE ID)
  • Make sure the correct adapter was selected under “Dedicated IP Address”
  • Select “Started” for the “Initial host state” (this tells NLB whether you want this node to participate in the cluster at startup)
  • Press “Next”

  • Press “Add”
  • Enter the Cluster IP and Subnet mask
  • Press “OK”

You can add multiple IP Addresses for the cluster, enter as many as you want.

  • Make sure the “Cluster IP addresses” are correct
  • Press “Next”

  • Select the IP Address for this cluster
  • Enter the NLB address “”
  • Enter “Unicast” as the “Cluster operation mode”
  • Press “Next”

Unicast vs Multicast

Unicast/Multicast is the way the MAC address for the Virtual IP is presented to the routers. In my experience I have almost always used Multicast, which if you use you should enter a persistent ARP entry on all upstream switches or you will not be able to ping the servers remotely.

In the unicast method:

  • The cluster adapters for all cluster hosts are assigned the same unicast MAC address.
  • The outgoing MAC address for each packet is modified, based on the cluster host’s priority setting, to prevent upstream switches from discovering that all cluster hosts have the same MAC address.

In the multicast method:

  • The cluster adapter for each cluster host retains the original hardware unicast MAC address (as specified by the hardware manufacture of the network adapter).
  • The cluster adapters for all cluster hosts are assigned a multicast MAC address.
  • The multicast MAC is derived from the cluster’s IP address.
  • Communication between cluster hosts is not affected, because each cluster host retains a unique MAC address.

Selecting the Unicast or Multicast Method of Distributing Incoming Requests


I am leaving all the default for the port rules; by default its set to all ports with Single affinity, which is sticky. For more information on Port Rules, see my Note below.

  • Press “Finish”

NOTE: Add/Edit Port Rule Settings

For most scenarios I would keep the default settings. The most important setting is probably the filtering mode. “Single” works well for most web application, it maintains a users session on one server so if the user server requests go to PL2008-01, PL2008-02 will continue to serve that request for the duration of the session.


  • You want to ensure even load balancing among cluster hosts
  • Client traffic is stateless (for example, HTTP traffic).


  • You want to ensure that requests from a specific client (IP address) are sent to the same cluster host.
  • Client state is maintained across TCP connections (for example, HTTPS traffic).

Class C

  • Client requests from a Class C IP address range (instead of a single IP address) are sent to the same cluster host.
  • Clients use multiple proxy servers to access the cluster, and they appear to have multiple IP addresses within the same Class C IP address range.
  • Client state is maintained across TCP connections (for example, HTTPS traffic).

For more information on this please see this TechNet article:

Specifying the Affinity and Load-Balancing Behavior of the Custom Port Rule

You should see a couple of things in the NLB Manager, this will let us know that this node successfully converged on our new NLB Cluster

  • Make sure the node’s status changes to “Converged”
  • Make sure you see a “succeeded” message in the log window

Configuring NLB for NODE 2 (PL2008-02)

We will configure PL2008-02 from PL2008-01. If we wanted to configure this from PL2008-02 then we would need to connect to the PL2008-V cluster first then add the host to the cluster.

  • Right click the cluster name “” and select “Add Host to Cluster”

  • Enter PL2008-02 and press “Connect”

A list of Network adapters will show up

  • Select the network adapter you want to use for Load Balancing
  • Press “Next”

This step is very important; each node in the NLB cluster should have a unique identifier. This identifier is used to identify the node in the cluster.

  • Enter the Priority ID as, 2 (each node in the NLB cluster should have a UNIQUE ID)
  • Make sure the correct adapter was selected under “Dedicated IP Address”
  • Select “Started” for the “Initial host state” (this tells NLB whether you want this node to participate in the cluster at startup)
  • Press “Next”

  • Press “Finish”

You should see a couple of things in the NLB Manager, this will let us know that both nodes successfully converged on our new NLB Cluster

  • Make sure that both node’s status changes to “Converged”
  • Make sure each node has a unique “host priority” ID
  • Make sure each node is “started” under “initial host state”
  • Make sure you see a “succeeded” message in the log window for the second node

A closer look at the configuration information for this NLB cluster


  • Go to the command prompt and type “wlbs query”, as you can see HOST 1 and HOST 2 converged successfully on the cluster. This means things are working well.
  • Ping each server locally and remotely
  • Ping the virtual IP locally and remotely – you should do this three times from each location. If you cannot ping remotely you may need to add a static ARP entry in your switches and/or routers where the host machines reside
    • 1 – Both nodes up
    • 2 – Node 1 down
    • 3 – Node 2 down

NLB Documentation (from Windows Help)

Availability, scalability, and clustering technologies

Windows Server 2008 provides two clustering technologies: failover clusters and Network Load Balancing (NLB). Failover clusters primarily provide high availability; Network Load Balancing provides scalability and at the same time helps increase availability of Web-based services.

Your choice of cluster technologies (failover clusters or Network Load Balancing) depends primarily on whether the applications you run have long-running in-memory state:

Failover clusters are designed for applications that have long-running in-memory state, or that have large, frequently updated data states. These are called stateful applications, and they include database applications and messaging applications. Typical uses for failover clusters include file servers, print servers, database servers, and messaging servers.

Network Load Balancing is intended for applications that do not have long-running in-memory state. These are called stateless applications. A stateless application treats each client request as an independent operation, and therefore it can load-balance each request independently. Stateless applications often have read-only data or data that changes infrequently. Front-end Web servers, virtual private networks (VPNs), File Transfer Protocol (FTP) servers, and firewall and proxy servers typically use Network Load Balancing. Network Load Balancing clusters can also support other TCP- or UDP-based services and applications.

Network Load Balancing overview

The Network Load Balancing (NLB) service enhances the availability and scalability of Internet server applications such as those used on Web, FTP, firewall, proxy, virtual private network (VPN), and other mission-critical servers.

What are NLB clusters?

A single computer running Windows can provide a limited level of server reliability and scalable performance. However, by combining the resources of two or more computers running one of the products in Windows Server 2008 into a single virtual cluster, NLB can deliver the reliability and performance that Web servers and other mission-critical servers need.

Each host runs a separate copy of the desired server applications (such as applications for Web, FTP, and Telnet servers). NLB distributes incoming client requests across the hosts in the cluster. The load weight to be handled by each host can be configured as necessary. You can also add hosts dynamically to the cluster to handle increased load. In addition, NLB can direct all traffic to a designated single host, which is called the default host.

NLB allows all of the computers in the cluster to be addressed by the same set of cluster IP addresses, and it maintains a set of unique, dedicated IP addresses for each host. For load-balanced applications, when a host fails or goes offline, the load is automatically redistributed among the computers that are still operating. When a computer fails or goes offline unexpectedly, active connections to the failed or offline server are lost. However, if you bring a host down intentionally, you can use the drainstop command to service all active connections prior to bringing the computer offline. In any case, when it is ready, the offline computer can transparently rejoin the cluster and regain its share of the workload, which allows the other computers in the cluster to handle less traffic.

Hardware and software considerations for NLB clusters

  • NLB is installed as a standard Windows networking driver component.
  • NLB requires no hardware changes to enable and run.
  • NLB Manager enables you to create new NLB clusters and to configure and manage clusters and all of the cluster’s hosts from a single remote or local computer.
  • NLB lets clients access the cluster by using a single, logical Internet name and virtual IP address—known as the cluster IP address (it retains individual names for each computer). NLB allows multiple virtual IP addresses for multihomed servers.


In the case of virtual clusters, the servers do not need to be multihomed to have multiple virtual IP addresses.

NLB can be bound to multiple network adapters, which allows you to configure multiple independent clusters on each host. Support for multiple network adapters is different from virtual clusters in that virtual clusters allow you to configure multiple clusters on a single network adapter.

Installing the NLB feature

To use Network Load Balancing (NLB), a computer must have only TCP/IP on the adapter on which NLB is installed. Do not add any other protocols (for example, IPX) to this adapter. NLB can load balance any application or service that uses TCP/IP as its network protocol and is associated with a specific Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port.

To install and configure NLB, you must use an account that is listed in the Administrators group on each host. If you are not using an account in the Administrators group as you install and configure each host, you will be prompted to provide the logon credentials for such an account. To set up an account that NLB Manager will use by default: in NLB Manager, expand the Options menu, and then click Credentials. We recommend that this account not be used for any other purpose.

You can use Initial Configuration Tasks or Server Manager to install NLB. To install NLB, in the list of tasks, click Add features and in the list of features in the wizard, click Network Load Balancing.

Managing NLB

Server roles and features are managed by using Microsoft Management Console (MMC) snap-ins. To open the Network Load Balancing Manager snap-in, click Start, click Administrative Tools, and then click Network Load Balancing Manager. You can also open Network Load Balancing Manager by typing Nlbmgr at a command prompt.

Additional references for NLB

To learn more about NLB, you can view the Help on your server. To do this, open Network Load Balancing Manager as described in the previous section and press F1.

For deployment information for NLB, see

For instructions on how to configure NLB with Terminal Services, see

For operations information for NLB, see

For troubleshooting information for NLB, see

How to deploy high availability and load balancing in Amazon AWS

This article will be about the high availability and load balancing options in Amazon AWS.

Let’s suppose that you have a website that you are hosting on a physical server.

Time goes by and you have more and more visitors, each of them using little from the server resources (memory, CPU). Due to this, the website will be slower and the content will not be provided.

What do you do? You either replace that server with one more powerful or buy another one and use it in parallel with the older one.

In case you go with the first option, you will have single point of failure. The service will stop if the server will fail.

In case you go with the second option, you will not have the single point of failure. If you lose one server, you will see a degradation of the service, but it will still work.

To go with the second option, you need to configure the two servers in such a way that both could serve the users and in the eventuality of a failure, one could take all the load.

This implies that you need to configure some sort of load balancing on the servers. Perhaps add another server that will act as a proxy for the two servers.

This means you need to have the technical skills to configure this. And more important is to have the skills to troubleshoot this solution.

The scope of the article is not to show you how you can deploy such configuration on Linux or Windows servers, but to show you how you can achieve something like this on Amazon AWS.

The assumption is that you have a server with Linux on it. It can be any kind of server, physical or a virtual one.

For the purpose of this article, I will assume that you just finished practicing what you’ve learned in this article, Translating your Windows/Linux server skills for the cloud: How to deploy a server in Amazon AWS.

Right now I have two Linux servers on AWS which run WordPress. The content that I put on the two servers is almost identical. The WordPress was manually installed on both servers and an identical post was created on both of them.

This is a screenshot of the WordPress instance from the first server:

And this is from the second server:

At the very first sight, everything seems to be identical.

But if you would look better you would see that the tag line for the first server says “WordPress Blog – Server 1″ and for the second server is “WordPress Blog – Server 2″. This small difference will be used later to demonstrate the load balancing.

Of course in production, you will need to have identical content on all the servers serving the content. It will be embarrassing that two users get different information, based on which server their requests are landing.

Amazon AWS allows you to configure an Elastic Load Balancer (ELB). In a short description, you will create a frontend resource that will be accessed by the users. This will act like a proxy. That frontend resource will access one of the servers and provide the information from there to the user. The next user will be served by the proxy from the next server and so on. You can add multiple servers for which you can configure an ELB. You are not limited to only two like in this article.

From the AWS console, choose EC2:

From the left column, choose Instances under INSTANCES section:

You can see the two servers that will provide the content:

From the same left column, choose ‘Load Balancers’ under NETWORK & SECURITY section to begin the process of ELB creation:

Configure a name of your choice for the ELB and continue:

Configure the health check options and continue. In this specific case, I configured the ELB to monitor the presence and reachability of /wp-blog/. I also altered some default timers to speed up the failure detection or ability to be able to serve again. The drawback for having faster failure detection is that you add computation burden on the system.

Assign the security group and continue:

Add the instances that you want to be part of this ELB and continue:

Review what you did and create the ELB. You will be present with the list of available ELBs:

Right now, the ELB is not functional. This is seen on Status where I have “0 of 2 instances in service.” A little bit later the status will change to “2 of 2 instances in service.” If you click on that, you will be directed to Instances tab:

Now both instances are in InService state and one can access the ELB by using the value from “DNS Name” column. As a matter of fact, the WordPress blog can be accessed using:

There is some monitoring done automatically which can be accessed by using the Monitoring tab. As you can see, we have two healthy hosts in the ELB:

Let’s access this link twice and confirm that we will get to two different servers:

We landed on Server 2 and the next time when we access the same link, we land on Server 1:

As you can see the HTTP requests are balanced between the two instances that are part of the ELB.

Using ELB saves you from having headaches on how to configure load balancers. You can do it very quickly using the AWS feature.

As a side note, AWS has a template for a high availability WordPress deployment. It’s almost identical to the one that you can use to deploy a single instance of WordPress.

Be the first to hear of new free tutorials, training videos, product demos, and more. We’ll deliver the best of our free resources to you each month, sign up here:

This can be deployed by choosing CloudFormation from the AWS console:

Create a new stack and choose the WordPress High Available template:

Continue through the steps, review what you did and then create the stack. You will see something telling you that the deployment is still in progress:

After quite some time (in this my case, around 25 minutes), the process is finished and to access the WordPress from a browser, I have to go to Outputs tab to get the URL:

When I’m accessing the URL (, I’m redirected to the WordPress initial installation process:

From this point on, everything is the same as with the manual installation of WordPress.

When you choose this template, AWS automatically deploy the EC2 instances, the ELB and the RDS database.

This is easier than you having to deploy the EC2 instances, then ELB and so on. But the problem is that the templates are available for specific Web applications.

If you have your in-house built application, then you will have to do this manually as we did in the first part of the article.

As you can see, using AWS ELB is a fast method to improve the service provided to the users by adding high availability and load balancing.

This post was originally posted in