Hi Antonio Trujillo Carmona. Antonio Trujillo Carmona have written on Fri, 12 May 2017 10:23:59 +0200:
> El 11/05/17 a las 15:06, Aleksandar Lazic escribió: > > .../ > > How about to activate the 'option tcp-check' as mentioned in the > > Warning? > > In the config below is it's commented, any reason why? > > > > It's also active in the doc which you maybe know. > > > > https://www.haproxy.com/doc/aloha/7.0/deployment_guides/microsoft_remote_desktop_services.html > > > > Does this changes anything? > ok cleaing up a liter I try: > frontend RDP > mode tcp > bind *:3389 > timeout client 1h > tcp-request inspect-delay 5s > tcp-request content accept if RDP_COOKIE > default_backend bk_rdp > ############################################################# > backend bk_rdp > mode tcp > balance leastconn > #balance rdp_coockie > timeout server 1h > timeout connect 4s > log global > option tcplog > stick-table type string len 32 size 10k expire 1h peers pares > stick on rdp_cookie(msthash) > # persist rdp-cookie > option tcp-check > # option ssl-hello-chk > # option tcpka > tcp-check connect port 3389 ssl > > # server gr43sterminal01 10.104.22.142:3389 weight 1 check > verify none inter 2000 rise 2 fall 3 > # server gr43sterminal02 10.104.23.141:3389 weight 1 check > verify none inter 2000 rise 2 fall 3 > # > default-server inter 3s rise 2 fall 3 > server gr43sterminal01 10.104.22.142:3389 weight 1 check > server gr43sterminal02 10.104.23.141:3389 weight 1 check > > And I got: > [ALERT] 131/100222 (8564) : Proxy 'bk_rdp', server 'gr43sterminal01' > [/etc/haproxy/haproxy.cfg:189] verify is enabled by default but no CA > file specified. If you're running on a LAN where you're certain to > trust the server's certificate, please set an explicit 'verify none' > statement on the 'server' line, or use 'ssl-server-verify none' in > the global section to disable server-side verifications by default. > [ALERT] 131/100222 (8564) : Proxy 'bk_rdp', server 'gr43sterminal02' > [/etc/haproxy/haproxy.cfg:190] verify is enabled by default but no CA > file specified. If you're running on a LAN where you're certain to > trust the server's certificate, please set an explicit 'verify none' > statement on the 'server' line, or use 'ssl-server-verify none' in > the global section to disable server-side verifications by default. > [ALERT] 131/100222 (8564) : Fatal errors found in configuration. > > So I try adding verify none in server line > > and haproxy see both server up (but one is down). > I try withou ssl: > > tcp-check connect port 3389 > server gr43sterminal01 10.104.22.142:3389 weight 1 check > server gr43sterminal02 10.104.23.141:3389 weight 1 check > > but the result is the same haproxy see both server up (but one is > down) > > only if I leve only option tcp-check (or none) it seem work > > > ################# > # persist rdp-cookie > option tcp-check > # option ssl-hello-chk > # option tcpka > # tcp-check connect port 3389 ssl > # tcp-check connect port 3389 > > # server gr43sterminal01 10.104.22.142:3389 weight 1 check > verify none inter 2000 rise 2 fall 3 > # server gr43sterminal02 10.104.23.141:3389 weight 1 check > verify none inter 2000 rise 2 fall 3 > # > default-server inter 3s rise 2 fall 3 > server gr43sterminal01 10.104.22.142:3389 weight 1 check > server gr43sterminal02 10.104.23.141:3389 weight 1 check > ################## > > > output: > > [WARNING] 131/102105 (8773) : Server bk_rdp/gr43sterminal01 is DOWN, > reason: Layer4 timeout, info: " at initial connection step of > tcp-check", check duration: 3001ms. 1 active and 0 backup servers > left. 0 sessions active, 0 requeued, 0 remaining in queue. So finally it works. Regards Aleks
