Active Roles Community

Forum F5 VIP for administration service port 15172

F5 VIP for administration service port 15172

mpemba over 1 year ago

I'm working with our F5 load-balancing team. They created a VIP and are routing TCP 15172 to the admin servers. I'm having trouble connecting

Connect-QADService : Server not exist or could not be contacted

Are there any instructions specific to an F5 for ARS admin connections?

I am working off of this KB:

support.oneidentity.com/.../communication-ports-for-active-roles

Top Replies

glenn colville over 1 year ago +1

Hi - i am guessing you want to add resilience for your Active Roles instance and be able to reference multiple AR servers with one connection string?

Have you considered using multiple DNS cname entries…

Parents

0 nicole perrine over 1 year ago

We've done this and i don't recall any special F5 configurations. When you issue the connect command, you do need to add the -SERVICE <vip name>
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 nicole perrine over 1 year ago

We've done this and i don't recall any special F5 configurations. When you issue the connect command, you do need to add the -SERVICE <vip name>
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

0 mpemba over 1 year ago in reply to nicole perrine
Is it possible your F5 is configured to forward any/any?

After talking it over here we pretty much gave up on the idea when the ports documentation was updated to include the high ports:

Active Roles Administration Service:

15172 (HTTPS) TCP Inbound

All high ports (1024-65535) on port 15172

Client machines randomly select high ports to use for outgoing traffic on port 15172 to access the Active Roles Administration Service.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel