PowerShell for NLB: Common Scenarios
Published Mar 15 2019 01:56 PM 1,260 Views
First published on MSDN on Nov 23, 2009


This is the second blog is our series of posts on PowerShell for Network Load Balancing (NLB).  The first post introduces you to the CMDlets: http://blogs.msdn.com/clustering/archive/2009/10/28/9913877.aspx

Most of NLB CMDlets have the following common parameters.


Specifies the interface to which NLB is bound


Specifies the name of the cluster node that you want to manage

Most CMDlets require reference to a Cluster object.   To get a Cluster object you can run Get-NLBCluster and pass the output object to the desired CMDlet or use the -interfaceName parameter.

We will discuss running CMDlets and using the output as input of another CMDlet in future posts.

Creating a New Cluster


A new cluster can be created via NLB using New-NLBCluster CMDlet. This is a synchronous command, meaning that it will only return after completing the operation.  You can also use this CMDlet to create a new cluster on remote nodes.  To achieve this, the managing system must have Windows Server 2008 R2 installed and the cluster node must be Windows Server 2008 or higher.

New-NLBCluster has the following parameters of interest.


Specifies the interface to which NLB is bound


The clusters primary IP address. More IP addresses can be added via Add-NLBClusterVIP


We can create a cluster on a remote machine by passing the machine name here


Specifies the name of the new cluster (optional)


This will add a dedicated IP address to the stack that can be used to reach this machine directly


The cluster operation mode can be one of the following: unicast, multicast, igmpmulticast


Adding Nodes to a Cluster


Once a cluster has been created, we may want to add more nodes to the cluster. This can be achieved via the Add-NLBClusterNode CMDlet.

Parameters of interest:


Specifies the interface to which NLB is bound


We can create a cluster on a remote machine by passing the machine name here


The name of the new node that needs to be added to the cluster


Interface on which we want to bind NLB on the new node


Managing Port Rules


After creating a new NLB cluster you may want to modify the port rules before adding any nodes.  To do so you will want to use the Set-NLBClusterPortRule CMDlet.

Set-NLBClusterPortRule will modify existing port rules.  For example, when creating a new cluster, the default port rule is added.  If you want to customize the port rule you can either delete the existing port rule or modify the existing port rule.  Modifying the existing port rule is the best approach because you run only one command rather than two commands.

Set-NLBClusterPortRule has the following parameters that I believe are the most useful.   As always, for detailed help on this please run Get-Help Set-NLBClusterPortRule.


Specifies the new start port for the cluster port rule. The acceptable range is between 0 and 65535


Specifies the new end port for the cluster port rule. The acceptable range is between 0 and 65535


Specifies the new affinity for the cluster port rule. There are three possible values for port rule affinity: none, single, and network


Specifies the new IP address for the cluster port rule


Specifies the new timeout in minutes for the cluster port rule. The acceptable range is between 0 and 240


Specifies the interface to which NLB is bound


Specifies a port number within the port rule to set


This shows how to change the port rule:

The previous example assumes that only one port rule exists prior to modifying the port rule.  If multiple port rules exist prior to running the command and you wanted to modify the StartPort or EndPort,  you will get an error because the port ranges (as specified by the start port and end ports) overlap.


If you want to modify the port range, you should use the -port parameter:

You may have noticed that the example shows changing affinity instead of the port range.   I did this to set up for the next example where I change the affinity to single affinity on both port rules.

Managing Cluster Nodes


To manage NLB node properties such as host priority, initial host state or persisted suspend state, you need to use Set-NLBClusterNode.


Specifies the host priority or host ID for the cluster node. The value should be between 1 and 32


Specifies the initial host state for the cluster node. The value is either started, stopped, or suspended

By default Set-NLBClusterNode manages only one node at a time.  For example, when running a command from one of the nodes the local host is the node that is managed.

If you want to run a command that executes on all nodes you can first run the Get-NLBClusterNode and redirect the output to Set-NLBClusterNode.

To view all node properties you can run the following Get-NLBClusterNode and pipe the output through Format-List CMDlet.

Controlling Cluster Nodes

Start-NLBClusterNode & Stop-NLBClusterNode

To control the state (such as stop or start) of the cluster or a node there is a CMDlet for the respective action or "verb" and the respective object.  For example to stop a cluster you could run Stop-NLBClusterNode while Start-NLBClusterNode CMDlet will start the specific cluster node.

The CMDlet I want to discuss here is the Stop-NLBClusterNode command, specifically the parameter, -Timeout.  This new parameter lets you control the time you want to wait before forcing the Stop operation on the node. Now you don’t have to wait for Drain to complete, before doing a stop. You can simply run this command with a timeout value, like in the example below.

In creating the CMDlets we combined stop and drainstop in to one CMDlet, Stop-NLBCluster and Stop-NLBClusterNode.


Drains existing traffic before stopping the cluster node


Specifies the number of minutes to wait for the drain operation before stopping the cluster node


This example will do the following:

1.       Drain all the connections on the Cluster

2.       If there are no outstanding connections, stop the cluster immediately

3.       If all connections are not drained in less than 10 minutes, force stop the node, breaking all existing connections to that particular node.

Debugging NLB with PowerShell


The NLB team has added an awesome CMDlet, Get-NLBClusterDriverInfo, this CMDlet is a replacement for the nlb.exe binary that you may have used. This is a loaded CMDlet with lots of options. Note, this CMDlet does not provide any remoting capabilities, so it does not take hostname as input parameter.

1.       Getting the Cluster configuration: When this CMDlet is run without any arguments, it returns the basic cluster configuration on the current machine.

2.       We can determine if a given connection will be handled by the current node using the -filter argument.  This argument requires the following additional arguments to be set:


IP Address of the client in question


If known, the client source port. This can be set to 0, if unknown


The destination port of the server. Example, http could be on 80


The server's IPAddress. For incoming connections, this means the VIP

In the following example, we are checking to see if a TCP connection coming from client: will be accepted by the NLB server on Port 80, whose VIP is

Stay tuned for more NLB PowerShell information!


Rohan Mutagi & Gary Jackman
Clustering & High-Availability Test Team

Version history
Last update:
‎Mar 15 2019 01:56 PM
Updated by: