How to setup an NLB environment for TFS 2010 application tiers using ARR

  • Article

A very simple but effective way to setup an NLB environment for TFS 2010 Application tiers is to use Microsoft Application Request Routing (ARR) for IIS7.

ARR acts as a reverse proxy to direct requests from one machine/uri to a pool of servers that you define. It takes just a couple of minutes to setup, and you can easily configure it for client-based affinity or no affinity (round-robbin, where each subsequent request goes to a different server).

Below are the steps required to setup a simple NLB environment for TFS where 2 application tiers are behind an NLB

1) Install a primary AT/DT (or use an existing one)

2) Install a second AT and configure it using the "AT-only" setup wizard and point it to your existing DT.

3) On another Win2k8 server, install ARR Version 2: x86 or x64

4) Configure ARR

a. Open IIS Manager – you will now have a “Server Farms” node at the same level as “Sites”

b. Create a new Server Farm (the “name” doesn’t matter – use whatever you want)

c. Add your AT servers to the farm. When adding, click “Advanced” and change the httpPort to “8080” (assuming you installed the AT under port 8080).

5) You’re now ready to go. In Team Explorer use the ARR server name instead of AT1 or AT2 (e.g. https://arr/tfs instead of https://at1:8080/tfs)

NOTE #1: By default, this configuration maps the default site on your ARR server to port 8080 on the AT machines. So https://arr/tfs/web would get redirected to https://at1:8080/tfs/web or https://at2:8080/tfs/web. Note the different port mapping (80 to 8080). You can change the Bindings on your default website if you want to change the port of the NLB/ARR url (e.g. use https://arr:8080).

NOTE #2: You can change affinity options by clicking your Server Farm node in IIS manager, then selecting “Load Balance”. Use “Weighted Round Robin” with “Even Distribution” to get each request routed to a different server. For better performance, you can use client-based affinity which is available in the “Server Affinity” section.

NOTE #3: One problem you might run into, is getting prompted for credentials every time you connect. I saw this when connecting to WebAccess from IE. In this case, IE was detecting the sites to be in the Internet zone instead of Intranet. You can either explicitly add each machine to the Intranet zone, or change the security settings for the Internet zone to always send username and password (don’t prompt).

NOTE #4: Another problem you might run into, is getting '502 bad gateway' errors on long running operations. This is due to the default time-out being set to 30 seconds for the ARR proxy. You can increase this time-out setting by clicking your Server Farm node in IIS manager, then selecting "Proxy", and changing the value for "time-out (seconds)" field.

NOTE #5: If you continue to see the '502 bad gateway' error after you've increased proxy time-out value, you can click your Server Farm node in IIS manager, then select "Health Test", and change the setting for "Minimum servers" from 0 to 1. Somehow ARR would determine that all the backend servers were "unhealthy" and take them out of the pool. Changing "Minimum servers" value to '1' will keep an unhealthy server in the pool instead of giving '502 bad gateway'.