We are using the "mstshash" cookie, as opposed to the "msts" cookie. Is there a difference in functionality between those two cookies? Is there one we should be using over the other?
Thanks, Chris -----Original Message----- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: Saturday, March 19, 2011 2:53 AM To: Shaw, Christopher Cc: haproxy@formilux.org Subject: Re: Question about using "force-persist" On Thu, Mar 17, 2011 at 02:45:27PM -0500, Shaw, Christopher wrote: > Willy, > > I thought I had come up with a working config file, but the server > persistence still isn't behaving properly. If a server is down, or has > its weight dropped to 0, a user is unable to reconnect to their > session from a different IP -- which means that the RDP cookie > persistence is broken somewhere. > > Here is what I have under the "listen" section of my HAProxy config. > Is there a specific order necessary for some of these directives? Or > is there something else that I'm missing? Any help would be greatly > appreciated. No there is no particular order (except for the tcp-request content rules, of course). Your ACL is not used, you can remove it. I see no reason why this configuration would not work, as it's very basic. What you could do is to experiment with "balance roundrobin" to ensure that the RDP cookie is properly sent : if it is not sent, your session will be balanced across multiple servers. You can also check with tcpdump/wireshark that the incoming connections correctly contain the "msts" cookie. In fact, the symptoms you describ would indicate that this is not the case and that only load balancing is used, exactly as if this msts cookie was not sent by the client. The fact that it works for other situations tends to indicate that the client sends the "mstshash" cookie though (the one with the user name). Regards, Willy ----------------------------------------- The information contained in this e-mail message, and any attachment thereto, is confidential and may not be disclosed without our express permission. If you are not the intended recipient or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you have received this message in error and that any review, dissemination, distribution or copying of this message, or any attachment thereto, in whole or in part, is strictly prohibited. If you have received this message in error, please immediately notify us by telephone, fax or e-mail and delete the message and all of its attachments. Thank you. Every effort is made to keep our network free from viruses. You should, however, review this e-mail message, as well as any attachment thereto, for viruses. We take no responsibility and have no liability for any computer virus which may be transferred via this e-mail message.