Welcome! Log In Create A New Profile

Advanced

Windows "Stealth“- Mode prevents failover detection

Posted by DanielZuercher 
Windows "Stealth“- Mode prevents failover detection
December 14, 2021 07:01AM
To implement failover in nginx we need a immediate 'connection refused' from the servers, otherwise we don't know if there is no service listing on this port. This is not possible with Windows 2016 Server as there is a security function 'stealth mode'. It means that there is not response for closed ports in TCP (no RST - RESET), requests run in timeout. Like this it's impossible to implement failover, because the LB never knows if there is no response from the service because it's slow or because it's not running.
 
Disabling the stealth mode is not possible for single ports, only for the whole machine. Because stealth mode is an important security feature, we don't want to disable it.

Anyone had the same issue and found a solution?
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 64
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready