2

Having followed the official docs on how to set up load balancing for Umbraco on IIS i went for the recommended option of File Storage with File Replication.

I set up the distributedCall element in config/umbracoSettings.config....

<distributedCall enable="true">
    <user>0</user>
    <servers>
        <server>ourserver-node1</server>
        <server>ourserver-node2</server>
    </servers>
</distributedCall>

but whenever i publish content it fails, and i get the following in the logs...

2013-10-01 17:42:34,054 [12] INFO  Umbraco.Core.Publishing.PublishingStrategy - [Thread 23] Content 'testing page' with Id '1215' has been published.

2013-10-01 17:42:34,101 [12] INFO  Umbraco.Core.Sync.DefaultServerMessenger - [Thread 23] Submitting calls to distributed servers

2013-10-01 17:42:34,179 [12] ERROR Umbraco.Core.Sync.DefaultServerMessenger - [Thread 23] Error refreshing a node in the distributed list, URI attempted: http://ourserver-node1/umbraco/webservices/cacheRefresher.asmx

System.Net.WebException: The request failed with HTTP status 401: Unauthorized.

   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)

   at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)

   at Umbraco.Core.Sync.DefaultServerMessenger.PerformDistributedCall(IEnumerable`1 servers, ICacheRefresher refresher, MessageType dispatchType, IEnumerable`1 ids, Type idArrayType, String jsonPayload)

There are 2 nodes configured, and i get an entry for each. We are using the same App Pool Identity for both servers.

The entire umbraco website is configured to use Windows Authentication, as its an intranet app that identifies article comments via their active directory account.

If i remove windows authentication on the webservices directory and allow anonymous it causes the entire umbraco backend cms to fail (all calls to services within the webservices directory fail, such as the node content loader etc..)

From the stack trace it would seem that the user cannot be authenticated.

I checked the machine key and it is the same for both.

Why would i still getting a 401 unauthorised?

I can hit the cacheRefresher.asmx via my browser, but it fails via fiddler with the same 401. So i gather its using my windows creds when going via the browser.

Baldy
  • 3,621
  • 4
  • 38
  • 60
  • Could you confirm that you can access http://ourserver-node1/umbraco/webservices/cacheRefresher.asmx in a browser from all the nodes without error? – user1069816 Oct 14 '13 at 11:10
  • yes, ive modified the post above with more detail. I forgot to mention that the entire site is using windows authentication (we are using umbraco on intranet) – Baldy Oct 14 '13 at 13:53

1 Answers1

2

So the problem turned out to be due to the fact that we had applied windows authentication at the root of the site and it was causing the calls to the other nodes in the cluster to fail.

The calls from the main node that sends a signal to other nodes in the cluster to update their content cache were failing because they were designed to use a custom method of authentication (passing the username and password as parameters to the service).

Adding the following to the root web.config enables the calls to pass through as normal...

 <location path="umbraco/webServices">
<system.web>
  <authorization>
    <allow users="*"/>
  </authorization>
</system.web>

Be aware that this means the directory is effectively unsecured, but this is by design. Each service in this subdirectory expects a username and password to be sent with each call so it could be considered secure. Use with discretion, or modify the umbraco source to suit.

Baldy
  • 3,621
  • 4
  • 38
  • 60