How to Configure Network Load Balancing on Windows Server 2012 R2

Network Load Balancing (NLB) distributes incoming TCP/IP traffic across multiple servers in a cluster, providing both scalability and fault tolerance for stateless services such as web servers, terminal servers, and VPN endpoints. Unlike Failover Clustering, which is designed for stateful services with shared storage, NLB is designed for stateless workloads where each server maintains its own independent copy of the application.

Windows Server 2012 R2 NLB is a built-in feature that requires no shared storage, supports up to 32 nodes per cluster, and works with any TCP/IP-based application. This guide covers installing NLB, creating a cluster, configuring port rules, and managing the cluster with PowerShell.

Prerequisites

  • Two or more Windows Server 2012 R2 servers with identical application deployments.
  • Each server must have at least one network adapter. A dedicated NLB adapter is recommended on busy servers.
  • A virtual IP address (VIP) allocated for the NLB cluster — this is the IP clients connect to.
  • All NLB members should be in the same subnet.
  • Administrator account on all nodes.
  • NLB is incompatible with Failover Clustering on the same NIC.

Step 1: Install the Network Load Balancing Feature

# Install NLB on the first node (WEB01)
Install-WindowsFeature -Name NLB -IncludeManagementTools

# Install on second node (WEB02)
Invoke-Command -ComputerName WEB02 -ScriptBlock {
    Install-WindowsFeature -Name NLB -IncludeManagementTools
}

# Verify installation on both nodes
Get-WindowsFeature -Name NLB | Select-Object Name, InstallState

Invoke-Command -ComputerName WEB02 -ScriptBlock {
    Get-WindowsFeature -Name NLB | Select-Object Name, InstallState
}

# Import the NLB PowerShell module
Import-Module NetworkLoadBalancingClusters

Step 2: Create the NLB Cluster

# Get the NIC name on the first node
Get-NetAdapter | Select-Object Name, InterfaceDescription, Status

# Create the NLB cluster on WEB01 with a cluster IP and name
# InterfaceName must match the adapter name on this server
New-NlbCluster `
    -HostName WEB01 `
    -ClusterName "WEB-NLB" `
    -ClusterPrimaryIP "192.168.1.30" `
    -SubnetMask "255.255.255.0" `
    -InterfaceName "Ethernet" `
    -OperationMode Multicast

# OperationMode options:
# Unicast   - All nodes share the cluster MAC. Switch flooding occurs. Use with dedicated NIC.
# Multicast - Cluster uses a multicast MAC. Better switch behaviour. Recommended.
# IGMPMulticast - Multicast with IGMP snooping support for efficient switch handling.

# Verify the cluster was created
Get-NlbCluster

Step 3: Add the Second Node to the Cluster

# Add WEB02 to the NLB cluster
Get-NlbCluster | Add-NlbClusterNode `
    -NewNodeName WEB02 `
    -NewNodeInterface "Ethernet"

# Verify all nodes are in the cluster
Get-NlbClusterNode

# Check node status (should be Converged)
Get-NlbClusterNodeNetworkInterface

# Start NLB on all nodes if not already running
Start-NlbCluster -HostName WEB01
Start-NlbCluster -HostName WEB02

Step 4: Configure Port Rules

Port rules define which traffic the NLB cluster handles and how it is distributed. By default, NLB creates an “all traffic” rule. Refine this for your specific application.

# View existing port rules
Get-NlbClusterPortRule

# Remove the default all-traffic rule
Get-NlbClusterPortRule | Remove-NlbClusterPortRule -Force

# Add a rule for HTTP (TCP 80) with Equal load distribution
Add-NlbClusterPortRule `
    -IP "192.168.1.30" `
    -StartPort 80 `
    -EndPort 80 `
    -Protocol TCP `
    -Affinity None `
    -LoadBalancingAlgorithm Equal

# Add a rule for HTTPS (TCP 443) with Single affinity (same client always goes to same node)
# Single affinity is needed when the application maintains session state
Add-NlbClusterPortRule `
    -IP "192.168.1.30" `
    -StartPort 443 `
    -EndPort 443 `
    -Protocol TCP `
    -Affinity Single

# Add a rule for RDP (TCP 3389) to a specific node only (single-host mode)
Add-NlbClusterPortRule `
    -IP "192.168.1.30" `
    -StartPort 3389 `
    -EndPort 3389 `
    -Protocol TCP `
    -Mode Single

# Verify all port rules
Get-NlbClusterPortRule | Select-Object IP, StartPort, EndPort, Protocol, Affinity

Step 5: Configure Dedicated IP Addresses

Each NLB node should retain its own dedicated IP address in addition to the cluster VIP. This allows you to manage individual nodes and use them for outbound traffic without going through the VIP.

# Add a dedicated IP to WEB01's NLB interface
# This is the server's own non-VIP address on the NLB NIC
# Configure this in the NIC's TCP/IP properties (add as a secondary IP)
New-NetIPAddress `
    -InterfaceAlias "Ethernet" `
    -IPAddress "192.168.1.31" `
    -PrefixLength 24

# WEB02 should have 192.168.1.32 as its dedicated IP
Invoke-Command -ComputerName WEB02 -ScriptBlock {
    New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress "192.168.1.32" -PrefixLength 24
}

# Add the dedicated IPs to the NLB node configuration
Set-NlbClusterNode -NodeName WEB01 -DedicatedIPAddress "192.168.1.31"
Set-NlbClusterNode -NodeName WEB02 -DedicatedIPAddress "192.168.1.32"

Step 6: Test and Monitor the NLB Cluster

# Check the overall cluster status
Get-NlbCluster | Select-Object Name, ClusterIPAddress, OperationMode

# Check each node's status
Get-NlbClusterNode | Select-Object NodeName, NodeState, DedicatedIPAddress

# Drain connections from a node (for maintenance) — stops new connections, allows existing ones to complete
Stop-NlbClusterNode -NodeName WEB01 -Drain

# Immediately stop a node (cuts all connections)
Stop-NlbClusterNode -NodeName WEB01

# Bring a node back online
Start-NlbClusterNode -NodeName WEB01

# Test load distribution using curl from a client (observe which server responds)
# On each web server, add a custom header or page showing the server name
# Then from a client:
# for /l %i in (1,1,10) do curl -s http://192.168.1.30/

# View NLB event log
Get-EventLog -LogName System -Source "WLBS" -Newest 20

Step 7: Configure NLB via Network Load Balancing Manager GUI

For administrators who prefer a graphical interface, the NLB Manager MMC provides complete cluster management:

# Open NLB Manager
nlbmgr.exe

# To connect to an existing cluster via NLB Manager:
# Cluster menu -> Connect to Existing -> enter cluster IP or hostname
# The GUI shows all nodes, their status, and port rules
# Right-click any node for Start/Stop/Drain/Suspend operations

# Export NLB cluster settings for backup or redeployment
nlbmgr /export C:NLBBackupweb-nlb-config.xml /cluster 192.168.1.30

Summary

Network Load Balancing on Windows Server 2012 R2 provides a cost-effective, built-in solution for distributing stateless workloads across multiple servers. The key configuration decisions are: choose Multicast mode for better switch compatibility, define precise port rules rather than allowing all traffic, use Single affinity for HTTPS if the application maintains SSL session state, configure dedicated IP addresses on each node for direct management access, and use drain (not hard stop) when taking a node offline for maintenance to avoid dropping active sessions. NLB is an excellent fit for web tiers, terminal services gateways, and other stateless roles — for stateful workloads like database servers and file servers, use Failover Clustering instead.