Ignoring\UserNames

• Type: REG_MULTI_SZ
• Unit: List of strings
• Default: “^.*$$”

This parameter specifies a list of names of accounts that are to be ignored and whose password changes are irrelevant and are not be tracked. This can be built-in accounts as the machine account and the guest account or other operating system related accounts as virtual machine accounts and the like. Every account in this list is specified as a regular expression. The default is the machine account (“^.*$$”) which is to be ignored if changing its password.

Ignoring\UserRids

• Type: REG_MULTI_SZ
• Unit: List of numbers
• Default: 500, 501, 502

Specifies a list of RIDs of accounts (relative part of a user SID number) that are to be ignored and whose password changes are irrelevant and are not to be tracked. This are built-in accounts as the machine account, the guest account and the like. Every account in this list is specified as an User-RID. RIDs of built-in accounts are the same on every machine. The default for this parameter is the RID of the built-in administrator account (500), the RID of the built-in guest account (501) and the RID of the built-in Kerberos ticket-granting-ticket account (502).

Achieving High Availability for the Webservice with Windows Network Load Balancing

Achieving High Availability for the Webservice with Windows Network Load Balancing

This appendix describes how to achieve high availability for the Webservice using Network Load Balancing service.

The Network Load Balancing cluster requires a dedicated IP address and fully qualified domain name. This should be setup before installing the cluster. This fully qualified domain name will be used later to access the Webservice. This means, that every host needs a certificate that is valid for the chosen fully qualified domain name and trusted by each domain controller.

Hosts in a Network Load Balancing cluster require at least two network interface cards. The first network interface cards should be for general communication and maintenance and the second network interface cards should be dedicated to Network Load Balancing traffic.

To allow high availability in a Network Load Balancing cluster, you need multiple hosts installed and configured with Webservice. These hosts should be dedicated to that task. Installing Network Load Balancing on domain controllers is not supported.

Example settings in this lab with network interface card (NIC) and fully qualified domain name (FQDN):

Host1

Web01.democorp.com (Windows Server 2012 R2)

NIC1: 192.168.0.20

NIC2: 192.168.0.200 (STATIC)

Host2

Web02.democorp.com (Windows Server 2012 R2)

NIC1: 192.168.0.21

NIC2: 192.168.0.201 (STATIC)

Network Load Balancing Cluster:

FQDN: ServiceCluster.democorp.com

IP: 192.168.0.50

Detailed information about this topic

• Step 1: Install the Windows Network Load Balancing Service
• Step 2: Configure Windows Network Load Balancing
• Step 3: Configuration Validation
• Step 4: Applying Password Capture Agent Web Service URL on the Password Capture Agent
• Troubleshooting

Step 1: Install the Windows Network Load Balancing Service

Step 1: Install the Windows Network Load Balancing Service

This step shows you how to install the required Windows feature to allow the configuration of Network Load Balancing. You should complete this task on all hosts that are supposed to be part of this cluster before continuing with the next step.

To install the required Windows feature (manually)

1. Start the Server Manager.
2. Click on Add roles and Features.
3. Skip the first page of the wizard.
4. Select Role-based or feature-based installation.
5. Select the server on which you want to install Network Load Balancing feature.
6. Click next on the server roles page.
7. Check Network Load Balancing on the features page.
8. Click Add-Feature on the menu.
9. Click next on the features page.
10. Click install on the confirmation page.

To install the required Windows feature (with Windows PowerShell)

1. Start a Windows PowerShell as administrator.
2. Enter Install-Windows Feature NLB.