Hi, so I am looking at options to make a (currently) single Windows 2019 RRAS virtual server, Highly Available by adding a second.
We've been running an Always On VPN setup for over a year now (after migrating from Direct Access) and it works perfectly, but it's now becoming a more critical service so need to be able to make it HA, as well as be able to split the load with another server.
The VPN server is configured with the Remote Access role installed and the tole is configured as VPN Only (Not Direct Access) and users connect using IKE v2 using a mix of user-based certificates and others (Win 10 Ent. users) with device-based certificates.
It has 2 NIC's, one with an external IP and one with an internal IP. The NPS server is separate and all clients have a certificate from an internal CA.
I know with Direct Access, there is the option within the Remote Access Management Console to make a NLB Cluster, but this options does not exist for VPN only deployments.
I've tried building a second, identically configured server and installing the NLB feature on both, and configuring with Unicast etc. that way but I get mixed results - mainly errors such as 'Invalid Payload received'. Occasionally clients can connect,
but not always.
The second server also works stand alone if I point clients at that, it's only when they are clustered together with NLB I get issues.
Is there a better way of achieving this? HArdware load balancers are unfortunately, not possible.
Many thanks.