Share via

How to load balance multiple windows event collector using Network Load Balancing (NLB)?

nk 1 Reputation point
2021-05-18T03:05:54.977+00:00

I have two windows event collectors (Collector1 and Collector2), and I want to install a NLB to load balance Collector1 and Collector2 so that the windows event forwarding is evenly distributed. I have managed to forward windows event to each collector1 and 2 independently but it creates duplicate event and that is why I thought about using Windows NLB feature. But, it seems like WSMan/WinRM uses Kerberos Authentication and it does not work well with NLB.

Has anyone able to use windows NLB to load balance multiple windows event collectors (WEC)?

Has anyone able to workaround the issue with Kerberos Authentication when using NLB for multiple windows event collectors?

Is there any alternative windows built-in feature to make load balance multiple WEC or use high-availability to make one collector active and other passive to avoid duplication? Will Windows Failover Clustering feature work here?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sunny Qi 10,926 Reputation points Microsoft Vendor
    2021-05-18T09:19:21.49+00:00

    Hi,

    Thanks for posting in Q&A platform.

    Event forwarding depends on WSMan/WinRM (windows remote management service). For domain joined scenarios, this uses Kerberos as a default for authentication and encryption, which requires a service principal name (SPN). SPNs are meant to be unique. Therefore, no two domain joined computers should be permitted to register the same SPN for their computer accounts/identity, which makes load balancing with default setup unworkable. I'm afraid your goal cannot achieved by Windows Failover Clustering since the service provided by cluster was failover service such as when server 1 down, then server 2 will work continually.

    Here is a similar thread for your reference:

    Windows Event Collector Load Balancing to multiple Collectors
    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments