Exchange, CAS, KEMP Load Balancer issue

casdagexchange

We recently purchased 2 Kemp 2200 Load Balancers for our Exchange DAG (3 servers).

We created the virtual service IP in KEMP that all the mail traffic will go to.

We replaced the Exchange IP in the firewall with the virtual service IP of the balancers in the NAT.

Our internal DNS servers have each of the Exchange servers pointing to the virtual service IP of the balancer as well.

Yet, we only get connectivity locally from the CAS. When checking mail from the outside using iPhone / Outlook, it can't connect to the server.

The certificate is loaded on the balancer as well.

Do I need to create a CAS array with the same VIP as the KEMP?

Thanks!

Best Answer

Without more info on your VIP/Virtual Services configuration and other settings the best I can say is this:

Your "email.company.com" DNS record should point to the External Address which NATs to your internal VIP of the load balancers. Each Load Balancer should have it's own IP (the load balancer IPs and VIP should be in a DMZ for security). You should have both your CAS servers added as Real Servers which should be added to your Virtual Services for the VIP. You should have a Virtual Service on your VIP for both port 80 (redirect) and port 443 (directs to CAS Servers). If your kemps are in a DMZ and being routed in a "one arm" configuration, you should also have the "Enable Non-Local Real servers" setting in L7 Config set to Yes

It's been awhile since I set up ours, but I remember having to set the L7 Config setting "Additional L7 Header" to X-Forwarded-For and L7 Transparency to Non Transparent.

Have you seen the Kemp deployment guide for Exchange 2010 Here?

If you can report back with some more configuration information I can compare to our setup and hopefully get you working.

**EDIT: **

Yes, You could setup your CAS array that way, but that would force all traffic, including local traffic through your Load Balancer. If you do this, you will also need to load balance the RPC traffic (possible but more configuration). See this article on a walk through with the KEMPs: Uncovering the new RPC Client Access Service in Exchange 2010 (Part 4)

We have our CAS array DNS records setup for each internal IP of the CAS servers, we have two so there are two A records for "outlook.mydomain.com" each pointing to one CAS. This by passes the need for Hardware Load Balancing and uses DNS Round Robin Load Balancing instead.

Related Topic