Step-by-Step quide to install MBAM 2.5 using Windows NLB

This blog post describes the steps what you need to do when installing MBAM 2.5 server using Windows NLB for Web Applications. We assume that you already have servers running and join to same domain (DC, 2x NLB hosts and SQL).

Create following AD groups and Users:

AD Groups:
Compliance and Audit Database read/write group for reports: MBAMCompAuditDBRW
Compliance and Audit Database read-only group for reports: MBAMCompAuditDBR
Recovery Database read/write group for reports: MBAMRecoveryDBRW
Reports read-only domain access group: MBAMReports

MBAM Advanced Helpdesk Users access group: MBAM-Advanced-Helpdesk Users
MBAM Helpdesk Users access group: MBAM-Helpdesk Users
MBAM Report Users access group: MBAM-Report-Users

AD Accounts:
Compliance and Audit Database domain user account: MBAMCompAuditDBSVC
Web service application pool domain account: MBAMWebSVC

Add user Account MBAMWebSVC to following Groups: MBAMCompAuditDBRW;MBAMRecoveryDBRW;

Add user Account MBAMCompAuditDBSVC to following Groups: MBAMCompAuditDBR;

Add MBAMReports group as member of MBAMCompAuditDBR

NLB hosts IIS:

Common HTTP Features:
• Static Content
• Default Document
Application Development:
• ASP.NET
• .NET Extensibility
• ISAPI Extensions
• ISAPI Filters
Security:
• Windows Authentication
• Request Filtering
NET Framework 4.5 features:
.NET Framework 4.5
• WCF Activation
HTTP Activation
Non-HTTP Activation
• TCP Activation
Windows Process Activation Service:
• Process Model
• .NET Framework Environment
• Configuration APIs

ASP.NET MVC 4
http://www.asp.net/mvc/mvc4

Enable MAC spoofing from both NLB node VMs on nic which is used for NLB:

mbam01

On SQL Server start MBAM installation (SQL is already installed with reporting service):
mbam02
mbam03
mbam04
mbam05
mbam06
mbam07
mbam08

NLB servers configuring and installation:

SPN:

The web applications require an SPN for the virtual host name under the domain account that you use for the web application pools.If you have administrative rights in Active Directory Domain Services, MBAM creates the SPN for you.
If you do not have administrative rights, you have to create them manually using the following command.

Setspn -s http/mbam contoso\MBAMWebSVC
Setspn -s http/mbam.contoso.com contoso\MBAMWebSVC

Kerberos delegation from ADUC to user Account MBAMWebSVC :
mbam09

Choose “trust this user for delegation to specified…” and “Use Kerberos Only” and then Add:
mbam10

mbam11

mbam12

mbam13

It is also recommended to rename Nics so you can easily check which is what. Ensure that NLB is the first on both:
mbam14

Then install NLB feature for both nodes.

Start NLB on one of the hosts and create cluster:
mbam15
mbam16
mbam17
mbam18
mbam19
mbam20
mbam21

Then Add another host with same settings to just created cluster
mbam22

Last we need to install MBAM Web applications to hosts. Start MBAM installation:
mbam23
mbam24
mbam25
mbam26
mbam27
mbam28

Repeat Web application installations on another node and then test the webpages (not directly from NLB nosts)
mbam29

That´s it!

5 thoughts on “Step-by-Step quide to install MBAM 2.5 using Windows NLB

Leave a Reply

Your email address will not be published. Required fields are marked *