Managing Network Load Balancing from the command line

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Managing Network Load Balancing from the command line

After you have installed and configured Network Load Balancing, you can control its operations and modify parameter settings using the Network Load Balancing control application, Wlbs.exe, that is installed in the systemroot\System32 folder. To simplify and centralize system administration, you can run Nlb.exe either on the cluster hosts or on any remote computer that can access the cluster over a local or wide area network. Certain actions, such as modifying parameters, can be performed only on the cluster hosts. Because it is a shell-based application, this application can be incorporated into administrative scripts.

The command line for Nlb.exe has the following syntax:

Nlbcommand [cluster[**:**host] [remote options] ]

For more information on the Network Load Balancing control application, see Nlb. For information about using Network Load Balancing Manager from the command line, see Nlbmgr. For information about other command-line utilities, see Command-line reference A-Z. For more information about manageability, see Management Strategies and Tools.

Controlling remote access

You can help protect the cluster from unauthorized access by remote computers by using a strong remote control password. The password is assigned in the Network Load Balancing Properties dialog box for each cluster host to be protected. When password protection is enabled, remote invocations of Nlb.exe must include the /PASSW option followed by the password. If no password value is entered on the command line, the shell displays a prompt for a password.

Caution

  • The Network Load Balancing remote control option presents many security risks, including the possibility of data tampering, denial of service and information disclosure. It is highly recommended that you do not enable remote control and instead use Network Load Balancing Manager or other remote management tools such as Windows Management Instrumentation (WMI).

    Firewall blocking remote control commands If you choose to enable remote control, it is vital that you restrict access by specifying a strong remote control password. It is also imperative that you use a firewall to protect the Network Load Balancing UDP control ports (the ports that receive remote control commands) in order to shield them from outside intrusion. By default, these are ports 1717 and 2504 at the cluster IP address. Use remote control only from a secure, trusted computer within your firewall. For more information on the remote control parameter, see Remote control in Network Load Balancing parameters. For more information about strong passwords, see Strong passwords.

Note

  • WLBS stands for Windows NT Load Balancing Service, the former name of Network Load Balancing in Windows NT 4.0. For reasons of backward compatibility, WLBS continues to be used in certain instances.