NLB Notes

How to Test Load Balancing:
For example you have found nodes in the cluster and want to check whether Load Balancing is working or not. Create different four shares on four nodes
and try to access them from one machine. You must get each time different share when browsing using UNC patch.

0. You can adjust the Convergence parameters by adjusting the following registry values:


0. Configuring more than one VIP (Virtual IP) is available only in Windows 2003 editions and later.

0. There is a different between STOP and DRAINSTOP commands. The STOP command will stop the NLB service on host and all existing connections will be lost
whereas DRAINSTOP will allow NLB to serve corrent connections and disable the new connections at the same time.

0. IGMP can be configured only when Cluster is configured to use Multicast support.

0. Server shouldn’t have any network property opened while configuring using NLB Manager.

0. NLB should have correct local time on all servers.

0. NLB doesn’t detect application failure. For example, a Web Server service may stop but NLB will still send TCP/IP requests to that server.

0. NLB is used for the TCP/IP based application for which the data changes happen rarely.

1. Do not any other protocol except TCP/IP to cluster adapter.

2. NLB Cluster can operate either in Unicast or Multicast mode but not both.

3. Microsoft doesn’t support mix of Server and NLB Cluster.

4. Mix-NLB is allowed. Windows NT WLBS can run in Windows 2000 NLB.

NLB doesn’t support Token Ring and ATM networks. It has only been tested on 10 and 100 MB Ethernet network.

Single Network Card Limitations: when running in Unicast Mode:

1.    Ordinary network communications between cluster hosts not possible.
Network traffic intended for any individual computer within the cluster generates additional networking overhead for all computers in the cluster.
2.    Further to this, we cannot use Network Load Balancing Manager on this computer to configure and manage nlb nodes.

•    Automatically detects and recovers from a failed or offline computer.
•    Automatically balances the network load when hosts are added or removed.
•    Recovers and redistributes the workload within 10 seconds.

5. The load is automatically redistributed to other nodes when a host goes offline. All the active connections to that host are lost. If you are
internationally taking a node offline then you can use the drainsstop command to service all the active connections before you take the node offline.

6. You can have a mix of applications running in the NLB cluster. For example, you can run an IIS Web Server on all nodes and SQL server on
one node only. This way you can designate the traffic for database to SQL server node only.

7. NLB and Clustering both can not be active on same computer but you can form two cluster – Four Node NLB cluster and 2 node server cluster
Is it necessary to have separate subnet for both the technology?

8. NLB Supports upto 32 computers in a single cluster but you can use RRDNS to increate the number.

9. NLB can load balance multiple requests from client on the same node or different node. This is done randomly.

10. NLB automatically detects and remove the failure of NLB Node but it can’t judge whether an application is running or stopped working. This
should be done manually by running a script.

11. Automatically load balances when new hosts are added or removed and this is done within 10 seconds.

12. Different Virtual Cluster IP can be created to load balance different applications.

13. Port rules must be same across the cluster but Port Rules can be different for multiple Virtual IP.

14. NLB doesn’t overlap the original computer name and IP address.

15. NLB can be enabled on multiple network adapters. This allows you to configure different NLB Cluster.

16. NLB can operate in two modes – Unicast or Multicast but both the modes can’t be enabled at the same time. Unicast is the default mode.

17. NLB enables each host to detect and receive incoming TCP/IP traffic. This traffic is received by all the hosts in cluster and NLB driver filter
the traffic as per the Port Rules defined. NLB nodes do not communicate with each other for incoming traffic coming from client because NLB
is enabled on all the nodes. A statistically mapping rule is created on each host to distribute incoming traffic. This mapping remains the same
unless there is a change in the cluster (for example, node removed or added).

18. Convergence is a process to re-build the cluster state. This process invokes when there is a change in cluster (for example, node fails, leaves,
or re-join the cluster). In this process the following actions are taken by cluster:

    1. Re-build the cluster state.
    2. Designate the host with the highest host priority as the Default Host.
    3. Load-balanced traffic is reparationed or re-distributed among the remaining hosts.

During this process, remaining host continues to handle incoming client traffic.If a host is added to the cluster, convergence allows this host to receive its share of the load-balanced traffic. Expansion of the cluster does not affect ongoing cluster operations and is achieved transparently to both Internet clients and to server applications. However, it might affect client sessions that span multiple TCP connections when client affinity is selected, because clients might be remapped to different cluster hosts between connections. For more information on affinity

19. All the nodes in cluster emits the heartbeat messages to tell their availability in the cluster. The default period for sending heartbeat
message is 1 second and 5 missed heartbeat messages from a host cause NLB to invoke Convergence process.

20. We can configure multiple NLB clusters on the same network adapter and then apply the specific port rules to each of those IP addresses.
These are referred to as “Virtual Clusters”.

21. Windows 2003 comes with a GUI tool called: Network Load Balancing Manager and NLB.exe – a command line tool. In Windows 2000 it is WLBS.exe and there is no GUI tool also.
This GUI tool can be installed on XP also to manage only Windows 2003 NLB. NLB Manager uses DCOM and WMI.

22. You should be the member of Administrators group on node for which you are configuring NLB. You don’t need to be an administrator to run the NLB Manager.

23. Single NIC > NLB Enabled in Unicast mode – You can not use NLB Manager on this computer to configure and manage other hosts because a
single network adapter in unicast mode cannot have intrahost communication.

24. Intra-host communication is possible only in multicast hode. To allow communication between servers in the same NLB cluster, each server requires the
following registry entry: a DWORD key named “UnicastInterHostCommSupport” and set to 1, for each network interface card’s
GUID (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WLBS\Parameters\Interface\{GUID})

25. There is no restriction on number of adapters. Different hosts can have different network adapters.

Single Network Adapter In Unicast Mode           

a. Adapter’s own MAC address is disabled: The cluster MAC address which is generated automatically replaces this address.
b. Both the dedicated IP address and Cluster IP Address resolve to the Cluster MAC address.
c. Ordinary Network communication between cluster hosts is not possible.

Cluster Parameters

1. Cluster MAC Address is generated automatically by using the Cluster IP Address and it is unique across the subnet.

2. Remote Control will not work if IPSEC is enabled. Remote control uses 1717 and 2504 on port over UDP.

3. Priority Unique Host ID: Lowest number is the highest – The host with this priority handles all the incoming traffic which are not covered by Port Rules.
If a cluster node is joined with the same priority, it is not accepted as the part of the cluster but other nodes will continue to operate. This is called
the Default Host. If Default Host fails, the other node with higher priority can act as a Default Host.

4. Dedicated IP Address must be entered first in TCP/IP Property. It cannot be DHCP enabled. This same applies to VIP also.

5. You can not add more than 32 Port Rules to one cluster and it must be same across the cluster.

Network Load Balancing Manager

1. You can not open any network property for the host if NLB Manager currently uses this.

2. NLB can be configured for any machine as long as you have administrative rights on the remote computer.

3. To configure NLB successfully on Windows 2003, use the NLB Manager – Make sure you have unchecked the NLB from all hosts.

4. When you add a host using NLB Manager the Port RUles and associated options will be inherited from the initial host.

5. You can not open other hosts from the NLB Manager if NLB is operating in Single Adpater with Unicast Mode because a single network adapter with unicast
mode cannot have intrahost communication. To make this happen use this registry: UnicastHostInterCommSupport and set it to 1.

6. You can use the Credentials Option in NLB Manager to specify the credentials for remote hosts. NLB Manager will try to connect to remote hosts using this

7. You should use either TCP/IP Property settings or NLB Manager but shouldn’t use both to configure NLB.

8. NLB Manager doesn’t connect or show the mis-configured Hosts in a cluster.

9. Hosts for which you don’t have administrative membership will not be displayed in NLB Manager.

10. The list of all port ranges are sorted by Port Range.


1. NLB can have mixed of Domain Controllers, Member Servers, Workgroup servers etc. This is not the limitation of NLB actually. NLB should be able to access
the computer using the built-in administrator account.

2. When you enable NLB on a server, the default registry entries are created under : HKLM\System\CurrentControlSet\Services\WLBS

3. The DIP and VIP must be entered correctly. The cluster nodes will converge with each other if you omit this step but they won’t be able to accept
and traffic.

4. IP Address conflict message is displayed for VIP only. Make sure VIP from all adapters is removed if you uncheck NLB on that host.

5. The following tools can be used with NLB for monitoring:

Data Warehouse Center
HTTPMon – for monitoring IIS Services.

6. When load balancing PPTP requests, the two network adapters are reuqired on each NLB host.

7. You should supply gateway address in TCP/IP property when configuring two network adapters. The gateway should be entered to FE NIC.

8. NLB must be enabled on the Public or Internet facing network adapter.

9. Loading Balancing a telnet connection requires the associated ports to be opened. A telnet connection spans only one connection per IP so affinity is not required in this case.

10. The original implementation of NLB is WLBS. All the events are recorded in the source of WLBS. The command line interface for NLB is WLBS and in Windows 2003 it is NLB.

11. NLB Manager WMI provider cannot connect to a cluster host for which the computer name starts with a numeric character. This is bug.

12. NLB doesn’t replicate the application data. You might need to use the Microsoft content Replication System (CRS) or third party software.

13. NLB doesn’t monitor the services stop or start also. You can use HTTPMon that comes with Resource kit. You can use the following tools described below:

Exception Monitor
Third-party monitoring tools
• SiteScope by Mercury Interactive Corporation ( (
• AppManager by NetIQ ( (
• WhatsUp Gold by Ipswitch ( (

Scenario and Setup Intructions for other services:

Terminal Services with NLB

Unicast Mode with Single NIC
In Unicast Mode, NLB modifies the Network Adapter’s MAC address to Cluster MAC. Now, there is only one MAC Address available in cluster – that is Cluaster MAC
and this MAC address has to be same on all cluster hosts. Network Re-director can’t forward the request to same MAC Address if it is originating from the same source.
and also host cannot communicate with each other – This is the disadvantage of Unicast Mode with Single NIC. To enable hosts to talk to each other, enable either
MULTICAST mode or install a second NIC.

14. You may get “No interace is available to configure load balancing” when using network load balancing manager. You get this error if you have imagaed a server
or copied to virtual machine. All network GUIDs will be same. You need to re-install the network adapater from device manager to overcome this problem.

15. While configuring NLB through NLB Manager and you have deleted the host from the cluster. If that status of that still shows pending for a long time then
manually disable the NLB in host. It would disapper from the Manager.

16. It is always best practice to add local host (on where you’re running NLB Manager) after adding all host when you’re running NLB Cluster in Single NIC with
Unicast Mode. Thnd ason is very clear. When you add local host and try to add

17. It is recommended to run NLB Manager on a separate computer which is not part of cluster when you’re running Cluster in Single NIC with Unicast or Multicast Mode.

18. If you have added the local host to NLB Manager in single nic unicast mode and when you refresh, all other hosts will be unreachable.

19. When you access VIP using UNC, you might get the login box if you’re request is being forwarded to a host who is not in domain and you’re member of domain. You might
need to supply user credentials.

20. Crossover cable between NLB nodes doesn’t work correctly for heartbeat messages and others. It works great in server clustering.

21. Heartbeat messages are transmitted over NLB Enabled NIC always whether you’re operating cluster in Unicast or Multicast mode.

22. When an application running on a host dies or stop the NLB will keep forwarding the requests to that server because NLB doesn’t monitor the state of the

23. Only Windows 2003 and later versions can be configured by the NLB Manager. However, you can manage previous versions of Windows but can’t configure them using NLb Manager.

24. Remote control for NLB uses UDP port 2504.

Windows 2008 Network Load Balancing Enhancements:

1. There is a support fo IPV6 in Windows server 2008 for NLB. An IPV6 host can join NLB node.

2. Multiple Dedicated IP Addresses are support in Windows Server 2008 for NLB.

3. Supports rolling upgrade from Windows 2003 to Windows 2008.

4. Supports for Unattended NLB Installation

5. Supports for NLB in server Core also.


1. Is it possible to access an NLB Host from command line even if the Remote Control is disabled?

2. What is IP Fragmentation and how it related to NLB?

3. What happens when you access the VIP using UNC for example: \\VIP?

4. Is it possible to query the real MAC address of the host if cluster is operating in Single NIC in Unicast mode.

5. Doesn’t NLB Manager refresh itself when a node fails?

6. What is the actual use of UnicastInterHostCommSupport registry entry?

7. Why does it take so long when adding NLB Hosts to NLB Manager?

8. When accessing NLB VIP using UNC I get the share list of only one Node and I don’t get for others.

9. What happens when a rouge server is trying to join the NLB Cluster?

NLB Tables on Cluster Nodes.















































Q. How does a NLB Node know that a client session has been retained by an application or Application maintain the client connections?

A. For Affinity: If affinity is selected as “Single”, NLB randomly picks up the hosts to maintain the same connection. For example:
   one client sends the TCP packet on port 20 to 21. It works like this:

    1. Checks the Affinity Table – it checks if the client IP address is listed in this list or not.
    if it is listed in the table then checks the Host Name who served the traffic last time and then forward the request to that host each time the
    same client sends the request.
    2. If client IP is not mentioned in the Affinity Table then it randomly picks up a host from the Host Table. NLB append this in the Affinity Table
    and continue to serve the client.

How Network Load Balancing Algorithm works internally

This article explains how NLB algorithm works internally from a technical point of view. This article only applies to Windows NT, Windows 2000 Server, Windows Server 2003 and Windows Server 2008.

General rule for a NLB Cluster which applies to each host in the cluster:

1. All port rules (range) defined in a host cluster must be unique across the cluster.

2. Host priority (Default Host) must be unique across the cluster.

3. Cluster mode must be unique across the cluster: either Unicast or Multicast.

A cluster node maintains a statistical mapping of port rules with associated Virtual IP of the cluster. I will give an port rule example and then explain how it works in cluster when an incoming TCP/IP packet arrives to cluster hosts. I have configured the following port rule at one of the cluster host:

Host 1

Port Range: 80 to 80

Protocol: TCP

Host ID: 1

Filtering Mode: Multiple, Load Weight: 70

Virtual IP

Host 2

Port Range: 80 to 80

Protocol: TCP

Host ID: 2

Filtering Mode: Multiple, Load Weight: 30

Virtual IP

After configuring port rules on cluster hosts, all the hosts simultaneously invoke a process called “Convergence Process”. The main objective of this process to check any inconsistency in the rule defined for that cluster and also designates a host as the Default Host in case of a host fails to converge successfully.

After convergence process has finished all the hosts will maintain a list of statistical mappings in the local computer as portrayed below:

Statistical mapping on Host 1 Counter = 1

Host Name Port Range Protocol Host ID Filtering Mode Load Weight Virtual IP Flag

Host 1 80 To 80 TCP 1 Multiple 70 1

Host 2 80 To 80 TCP 2 Multiple 30 1

Statistical mapping on Host 2 Counter = 1

Host Name Port Range Protocol Host ID Filtering Mode Load Weight Virtual IP Flag

Host 2 80 To 80 TCP 2 Multiple 30 1

Host 1 80 To 80 TCP 1 Multiple 70 1

Note: These two hosts are running IIS to host a company web site called and this site is mapped to virtual IP Address.

How a host does this internally when a client sends traffic for configured port rule

Let’s take an example: A client running Windows 2000 or XP open up a browser and type the

  1. Request is forwarded to the cluster IP Address (
  2. Cluster receives the traffic at Network Layer where the NLB driver service sits and watches for an incoming packet.
  3. All hosts simultaneously receive this packet and look in its statistical mapping to see if the traffic is covered in the port rules defined or not.
  4. If traffic is covered in the port rule then it checks whether this host has already served or not. The Flag column indicates the status of host whether this host served the last traffic or not. The Flag will be incremented by 1 if this host had served the last traffic. For example: if Host 1 receives the traffic, it will serve the client and then increment the Flag by 1.
  5. In this example, Host 1 receives the packet/traffic and other hosts discard the packet.
  6. If the traffic is not covered by the port rule then the only host will receive the traffic which has been designated as the Default Host. This is identified by the Host ID in statistical mapping.
  7. After Host 1 has served the request the statistical mapping on that host will look like below:

Statistical mapping on Host 1 after serving client Counter = 2

Host Name Port Range Protocol Host ID Filtering Mode Load Weight Virtual IP Flag

Host 2 80 To 80 TCP 2 Multiple 30 1

Host 1 80 To 80 TCP 1 Multiple 70 2

You notice that Flag value has been incremented by 1 to make sure this host doesn’t receive the next traffic for the configured port rules. This host will service the next traffic only when the Host 2 has served the second request after Host 1.

Please note: There are other things a host consider when receiving the incoming traffic. For example, checking Filtering Mode if configured for a single host or disabled for the configured port rules, Client Affinity, multiple Virtual IP Addresses in a single cluster, Host Priority ID (which is different from Host ID), Mode of the Host (Unicast, Multicast and IGMP), Layer 2 and Layer 3 switch.

General Network Load Balancing Knowledge Base Articles

Windows Load Balancing Service Does Not Work on Token Ring

Windows 2000 Interoperability Between MSCS and NLB

Using Terminal Server with Windows Load Balancing Service

Using Crossover Cable Causes Load Balancing Not to Work

Testing NLB with Homer Shows All Traffic Handled by a Single Host

System Error 52 When You Connect to an NLB Cluster Name

Support WebCast: Network Load Balancing in Microsoft Windows 2000

Support WebCast: Microsoft Windows Terminal Services: How to Configure

PRB: Application Center 2000 Replicates NLB Equal Load Weight Setting as Load Weight 50

PRB: Address Conflict When You Change an Application Center NLB Cluster

PRB: Adding a Cluster Member May Delete Existing IP Addresses on the Target Server

PRB: “550 Quoted Name Does Not Match IP Address” SMTP Error Message

Configuring Network Load Balancing

Only TCP/IP Should Be Bound to Virtual Network Adapter in WLBS Host

NLB Operations Affect All Network Adapters on the Server

Network Load Balancing Connection to a Virtual IP Address Not Made Across a Switch

Load Balanced Service May Not Work Properly With IP Fragmentation

L2TP Sessions Lost When Adding a Server to an NLB Cluster

IP Address Conflict Switching Between Unicast and Multicast NLB Cluster

IP Address Assignment for NLB with Multiple Network Adapters

INFO: Using NIC Teaming Adapters with Network Load Balancing May Cause Network Problems

How WLBS Handles the Dedicated IP Address

HOW TO: Install Network Load Balancing Service That Was Previously Uninstalled in Windows 2000

HOW TO: Configure Network Load Balancing Parameters in Windows 2000

HOW TO: Configure an IP Address for NLB with One Network Adapter

How to Configure WLBS with Multiple Virtual IP Addresses

How to Configure HTTPMon to Monitor NLB or WLBS Web sites

How NLB Hosts Converge When Connected to a Layer 2 Switch

FIX: Message Queuing Messages Not Validated with Network Load Balancing

Description of Network Load Balancing Features

Configuration Options for WLBS Hosts Connected to a Layer 2 Switches

Client Sessions May Be Lost While Accessing a Web Farm Program

Cannot Use Wlbs.exe Remote Control Commands From Load Balanced VPN Servers

“NLB Failed to Start” Error Message on Windows 2000 If NLB Is Not Installed

WLBS Cluster Is Unreachable from Outside Networks


NLB Cluster Does Not Converge When the MTU Size Is Less Than the Default Value

HOW TO: Set Up TCP/IP for Network Load Balancing in Windows Server 2003

HOW TO: Configure Network Load Balancing Parameters in Windows Server 2003

Cannot Ping IP Addresses After You Enable Network Load Balancing on Network Adapter

“RPC Server Is Unavailable” Error Message When You Connect to NLB Cluster Host through NLB Manager

[Back to top of Practices]