Load Balance Windows 2012 R2 Print Servers

[Clinton Dunn1709152451]

Hi,

 

We are looking at ways to load balance 2x 2012 R2 print servers since print clustering was removed. Has anyone had any success with this?

 

We have found some articles where people talk about CNAMES, so create a print queue on server 1 and the same print queue on server 2 and use the CNAME to make the name the same. I found a blog post (google load balance print server and read the blog from loadbalancer.org) about load balance through their appliance, I was thinking if the NetScaler could do the same?

 

Thanks as always for the help on this forum

 

 

[Christoph Wegener]

http://blog.loadbalancer.org/load-balancing-microsoft-print-server/

 

The blog only mentions TCP 135 which is the RPC Endpoint Mapper.

I doubt that TCP 135 would be sufficient ....

[Clinton Dunn1709152451]

Thanks for replying Christoph,

 

In the outline steps the blog suggests Create a Virtual Server (VIP) on the LB that listens on the various NetBIOS, RPC and SMB ports used by the server.

 

I think the NetScaler could do all their appliance does but I was hoping someone had managed to succeed at this already.

[Christoph Wegener]

I can't find a step-by-step guide. You would probably have to piece it all together by yourself.

 

http://blogs.technet.com/b/askperf/archive/2008/10/03/windows-printing-and-network-load-balancing.aspx

 

http://discussions.citrix.com/topic/295586-print-server-load-balancing/

 

http://social.technet.microsoft.com/Forums/windowsserver/en-US/e63472b2-a576-4458-84ae-987efc66ce72/network-load-balancing-print-servers-using-vip-issue

[Jay Stinson]

Has anyone been able to get this working yet?

 

I'm also looking for a Netscaler load balancing solution for Server 2012 R2 Print Servers.

 

Is there a trick to setting up the shared printers?

 

What ports do you balance?

 

Persistence?

 

Thanks.

[Mark Casey1709152433]

Hi Jay. I am in the process of doing this myself at the moment with some success but it's not there yet...I'm load balancing 2 like yourself by "ANY" as nothing else worked. The problem I think is the persistence. I'll keep you updated.

[Jay Stinson]

Mark, I'm curious to hear your results.

Please keep me in the loop.

Thanks!

[Paul Blitz]

The quick and dirty solution it to create a TCP "wildcard" server.... set the port as "*" and it will LB any port to the equivalent at the backend.

[Jay Stinson]

So I have been able to map to a shared printer through the Netscaler and I'm able to print.

 

However, whenever I disable the server that I was connected to when I originally mapped the printer, it does not fail over. Instead I get an error saying make sure that the printer is connected to the network.

 

I can see that the connection correctly failed to the other server because I can get to other resources by the VIP name. But for some reason the mapped printer is not picking up on that.

 

Any ideas?

[Paul Blitz]

Now you need to create / use a better monitor. The monitor probes the backend server, and decides if it is "ready to do work". By default, Netscaler will use a TCP monitor, which means if the server responds at all on the relevasnt port, it is marked as up.

 

You need to have a monitor which repelects the state of the actual service. For example, if this were an HTTP LB, then the monitor might pull up one of the live pages, and look for some text on the page.

[Ralf Walter1709154951]

Hello,

I also tried this scenario.

I used PVS 7.1 Server to provision two absolutly identical Printservers and configute netscaler with a VIP for the Printservers. I use protkolls ANY and Port * with the sercvies to the both IP Adresses of the Printserver VMs.

In the network I can see  by the name of the vip the shred printers.

When I want to connect to them i get error messages:

Operation could not be completed (error 0x00000709 ). Double checj the printer name and makee sure that the printer is connected to the network.

 

When I tried it in cmd to map the printer to lpt1, i get following error:

System error 67 has occurred.
The network name cannot be found.

 

 

I found several discussions and tried to configure several options:

Source: http://www.tech-no.org/?p=1122

- Disable "strict Name checking"

- Disable Loopback check

-Configure optional names

- Add DNSOnWire Registry Key

- Add vip in the printservers hosts file

 

 

Have you got teh step by step guide to configure Netscaler VIP to work with printserver with windows 2012R2 , perhaps there are some steps I don't do ?

 

Tanks

Ralf

[SCOTT HAHN]

I am currently doing this exact thing.

I setup the LoadBalanced VIP using the * and got the same Error Ralf got.

 

You have to add some reg keys

reg add hklm\system\currentcontrolset\control\print /v DnsOnWire /t REG_DWORD /d 1
reg add hklm\system\currentcontrolset\services\lanmanserver\parameters /v DisableStrictNameChecking /t REG_DWORD /d 1
reg add hklm\system\currentcontrolset\services\lanmanserver\parameters /v OptionalNames /t REG_SZ /d rightfax-vip

 

Replace the name rightfax-vip with whatever you are using as an alias to connect to it.

Now I need to find a good monitor

 

 

[Josh Hester]

Now I need to find a good monitor

 

Just curious - did you ever figure out a good monitor, besides just a default FTP handshake?  I'm currently in the process of trying to figure out how to monitor RightFax myself and am curious what you guys ended up doing. :)

[Thorsten Hesse]

There’s a software that delivers both failover and load balancing for print servers (from Win2008 to Win2016). :)

 

Special advantage: It doesn’t only look at general server availability but also monitors and reacts to print specific issues like printer mappings. Additionally it offers a maintenance mode for print servers and HA/failover also on the printer side.

 

The solution is called ThinPrint (Citrix Ready Partner). You can test it 30 day for free with the software download on www.thinprint.com or get more info first on https://www.thinprint.com/en/v11/high-availability-for-printing/

[Richard Foust]

So I have been able to map to a shared printer through the Netscaler and I'm able to print.

 

 

Would you please share any Windows side tricks you used to get this running?  I've followed all instructions I've found online with Reg hacks, etc... but still can't connect to the shared printer.  Thanks.

[Malcolm Turnbull]

The main problem that people run into with balancing Windows Print servers is that you need to have NETBIOS correctly configured. Windows clients don't NEED NETBIOS to print - BUT you can only load balance print services if it is configured correctly.  The other annoying thing I've seen is that if you change the required registry entries by merging a .reg file it doesn't always work (even though it shows the changes!) - I recommend you change the registry by hand. If you can access the load balanced VIP via IP address BUT can't print from the hostname then it is WINS / NETBIOS causing your problems. You can test for issues by changing the LMHOSTS file as discussed on the previously mentioned Loadbalancer.org blog about issues when balancing windows print servers:
https://www.loadbalancer.org/blog/load-balancing-microsoft-print-server/

 

 

[Marcus Öberg]

Is this topic still relevant? If so, I have some concerns I could use your expertise in.

 

Here's my issue: I cannot map printers/print on neither the VIP nor the "printserver-vip" DNS name 

I cannot perform an NSLOOKUP for either the VIP or "Printserver-vip" despite below config, maybe one shouldn't be able to but i feels natural.

 

I have a Netscaler LB setup with "ANY" protocol and "*" port to 2 separate (Identical) printservers running Windows Server 2016.

I have entered all the following REGEDITS on both Machines:

 

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Value: DisableLoopbackCheck
Type: REG_DWORD
Data: 1

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
Value: DisableStrictNameChecking
Type: REG_DWORD
Data: 1

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
Value: OptionalNames
Type: REG_MULTI_SZ
Data: printserver-vip

 

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print
Value: DNSOnWire
Type: REG_QWORD
Data: 1

 

 

I've also entered a Forward Lookup Zone Record on our DNS server pointing "Printserver-vip" to the VIP aswell as edited both Printservers local host files to include said record.

I've also disabled NetBIOS over TCP on both printservers according to this guide: https://www.loadbalancer.org/blog/load-balancing-microsoft-print-server/

 

 

[Malcolm Turnbull]

Your configuration looks OK, and yes it should definitely work.

You only need port 445.

Have you put the NetScaler in DSR mode?

The Loadbalancer.org examples all assume you are using DSR mode (because its source IP transparent)

[Marcus Öberg]

1 hour ago, Malcolm Turnbull said:

Your configuration looks OK, and yes it should definitely work.

You only need port 445.

Have you put the NetScaler in DSR mode?

The Loadbalancer.org examples all assume you are using DSR mode (because its source IP transparent)

Thanks for the answer!

 

I looked over the link for DSR mode, I didnt have Mac based redirection, but I already had configured the Loopback interfaces, however, I'm a bit unsure as to how they should look exactly, I think the guide misstypes one entry, but I'm guessing the Loopback interfaces om both machines should look like this:

 

NLB Virtual Server VIP: 10.21.0.219

Loopback NIC Server1: 10.21.0.219/255.255.255.255

Loopback NIC Server2: 10.21.0.219/255.255.255.255

 

I tested both and enabled Mac Based Forwarding, but I am still unable to neither map a printer by the VIP nor am I able to browse SMB to \\10.21.0.219\

 

Perhaps Worth to mention, I have below addons for my VIP, is it possible those are in someway redundant or "in the way"?

 

[Malcolm Turnbull]

 

For DSR mode on Windows 2012 you also need configure the weak hosts model (otherwise Windows will drop the packets to the loopback interface):

https://www.loadbalancer.org/blog/direct-server-return-on-windows-2008-using-loopback-adpter/

 

 

[Marcus Öberg]

43 minutes ago, Malcolm Turnbull said:

 

For DSR mode on Windows 2012 you also need configure the weak hosts model (otherwise Windows will drop the packets to the loopback interface):

https://www.loadbalancer.org/blog/direct-server-return-on-windows-2008-using-loopback-adpter/

 

 

My vad, forgot to mention I did that as well, we're running 2016 but I believe it was the same for those.

[Nishith Gupta]

It works for me. For those who can't make it work might have ignored either all or one of the 5 mandatory and 1 optional setting. Give them a try and let's see if that makes any difference.

 

Mandatory:

1. If you chose protocol as SMB and port as 445 in LB Virtual server then choose the same in services that you will bind to the LB Virtual Server. Similar logic applies to ANY as protocol and * as port because port translation is not possible in this scenario.
2. A monitor should be bound to the service because NetScaler obtains the print server’s MAC address from the monitor. Since the destination IP address is a VIP (assigned to loopback adapter) owned by the Citrix ADC appliance, the ARP requests always resolve to the MAC address of the Citrix ADC interface.
3. The Local Firewall on print servers should either be disabled or "File and Printer Sharing (SMB-In)" and "File and Printer Sharing (SMB-Out)" should be allowed on Domain, Private as well as Public profiles. The loopback adapter associates with public profile so SMB rules should definitely be allowed on that.
4. NetBIOS over TCP/IP should be disabled on loopback adapter unless you plan to use it.
5. "Client for Microsoft Networks" and "File and Printer Sharing for Microsoft Networks" should be checked (ticked) on loopback adapter.

Optional:

1. On print servers the source of returning traffic is the loopback adapter. In certain situations the source IP address of the traffic initiated by standard adapter may have the IP address configured on loopback adapter. To avoid that you can set SkipasSource flag to true on loopback adapter.

[array]$IPs = Get-NetIPAddress -InterfaceAlias loopback
Set-NetIPAddress -IPAddress $IPs.IPAddress -InterfaceAlias loopback -SkipAsSource $true

 

[Craig Mcdonald]

We had this same problem with load balancing Papercut printer servers. after reading the internet I found this gem on the last page: https://tech-no.org/?p=1122

 

Our environment:

Citirx ADC 13.1

2 x Windows 2022

 

We had done everything in the article except the host file:

 

Create a Host file on each print server referencing the name of the VIP and the local IP address of the print server.

Edit the hosts file located in c:\windows\system32\drivers\etc

If you used an A record for your VIP, then type the netbios and FQDN along with the ip of that server.

stsprint                     10.100.10.59

stsprint.fpfnet.local    10.100.10.59

 

On the ADC we have the LBs listening on  Any port, Any Protocol and same with the services.

 

In case the article gets removed in the future here are the settings recommended for the print servers:

 

Details of the registry settings to be applied at each node in the cluster (each print server)

Disable “strict name checking”

 

Locate and select the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters

On the Edit menu, click Add Value, and then add the following registry value:
Value name: DisableStrictNameChecking
Data type: REG_DWORD
Radix: Decimal
Value: 1

 

Disable Loopback Check

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer.

 

Configure Optional Names (the DNS Name of the Virtual Server)

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters,
then create the OptionalNames value, you can enter a list of names. (This should be the DNS name setup for the VIP.)
Restart the computer, and the server will then respond to any of the names you listed.

 

Add the following to the registry to work around DNSONWIRE in windows 2008 R2 SP1 (may 2012, TBD)

reg add HKLM\SYSTEM\CurrentControlSet\Control\Print /v DnsOnWire /t REG_DWORD /d 1

 

Create a Host file on each print server referencing the name of the VIP and the local ip address

Edit the hosts file located in c:\windows\system32\drivers\etc

If you used an A record for your VIP, then type the netbios and FQDN along with the ip of that server.

stsprint                     10.100.10.59

stsprint.fpfnet.local    10.100.10.59