Do any one of you guys have used Azure Loadbalancer SAS version for HAA Load balancing ?
I am having issues with changing the dll.config, identity config files and then modifying the values in the tables. Once these values are changed i am not able to Login to the Orchestrator Webpage either using the Load Balancer URL or the actual Orchestrator URL.
Hi @dmadhan1980 - Are you trying to make the orchestrator public? What exactly is the error you are getting? Unfortunately I haven’t tried the Azure load balancer with multi-node yet.
We currently have a single node Orchestrator and we are upgrading our architecture to a Multinode Orchestrator with HAA for high availability. While doing that we have setup the HAA Nodes and the Orchestrator is talking perfectly to the HAA Nodes.
Now we are bringing in the Load Balancer in front of the current Orchestrator (Fully functional and working). for doing this change as mentioned in your article we are making changes to the orchestrator.dll.config (IdentityServer.Integration.Authority,Auth.OAuth.SharedRobotOAuthAuthority,ExternalAuth.System.OpenIdConnect.Authority,ExternalAuth.System.OpenIdConnect.RedirectUri,ExternalAuth.System.OpenIdConnect.PostLogoutRedirectUri) and the appsettings.Production.json (“IdentityServerAddress”: “https://esot1rpa.abc.xyz.ca/identity” , “OrchestratorUrl”: “https://esot1rpa.abc.xyz.ca”) files to have the Load Balancer URL.
We are also making a change to the 2 DB Tables as you mentioned.
- [identity].[ClientRedirectUris] - 4Rows updated
- [identity].[ClientPostLogoutRedirectUris] - 6 rows updated
Once we make the change we restart the IIS Orchestrator Server and we try to login to the Orchestrator using the Load Balancer URL and that is when we are seeing this failure.
I do not see any errors on the Orchestrator server’s Event Viewer.
So we are lost on what is happening and where it is going wrong.
I have never used Azure before - but a stab in the dark - Have you updated/verified your IIS Site Binding on each of your Orchestrator Nodes to ensure it is listening to all available hostnames/protocols/ports combinations, whether you have it wildcarded or explicitly defined?
I would imagine there are health checks you can look at on the Load-balancers to see if the heartbeat is healthy to determine if a particular target/member should be included in the LB Pool, what does it look like when you check the LB? (Although if you are following the tutorial from @JithinKP I don’t see a section on Health Monitors for the F5 LB)
We use F5 LBs as well and I’ve defined a very simple Health Monitor that polls the
/api/Status/Get endpoint every 5 seconds and looks for a
200 OK Response to determine if a member should be included in the pool.
I changed the binding like you mentioned and now i am getting a different error when using the LB URL to connect to the Orchestrator.
I think this is moving forward in the right direction.
I would review your Event Logs for the Orchestrator Node(s) - Should be something in there if it is making it through the LB.
I see no error on the Event Viewer on the IIS Server. When i searched the Internet for this error it seems like a certificate error “thumbprint” issue.
As Azure load Balancer does not support SSL offloading (I cannot update a certificate on the Azure Load Balancer) could it be the reason for this error ?
This issue is fixed
It was a issue with older version of UiPath Orchestrator 2020.10.8 and was told that this is fixed from 2020.10.14 version onwards.
- with Azure Load balancer not able to redirect the initial request to the same backend server to which it established the connection to.
So, the solution to this issue is a fix from the UiPath team to add a DNS entry on the Orchestrator server to redirect traffic to itself.
The change is to add an entry to the “Host” file in folder C:\Windows\System32\drivers\etc
IP Address of the Orchestrator Load balancer URL
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.