atm1989
asked on
Configuring 2 Exchange 2003 front-end servers for redundancy and load balance.
I have 2 front-end Exchange 2003 servers and 6 back-end Exchange 2003 servers. I have one routing group with one smtp connector to the Internet.
I would like for the 2 FE servers to handle both inbound and outbound email. How do I configure them to have redundancy and load balance between the two servers?
For inbound email, my mx records (mail1.company.com and mail2.company.com) are being answered by Postini for filtering spam. They forward the email to us. For outbound email, I would like to send email directly out from the 2 FE servers.
I would like for the 2 FE servers to handle both inbound and outbound email. How do I configure them to have redundancy and load balance between the two servers?
For inbound email, my mx records (mail1.company.com and mail2.company.com) are being answered by Postini for filtering spam. They forward the email to us. For outbound email, I would like to send email directly out from the 2 FE servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here is what I have done:
2 FE servers --> DNS A record for them are:
smtp2.company.com - NIC #1 - 10.10.0.12, NIC #2 - 10.10.10.12
smtp3.company.com - NIC #1 - 10.10.0.13, NIC #2 - 10.10.10.13
The NLB DNS A record is smtp1.company.com with an ip address of 10.10.10.11
You are recommending that I put smtp2.company.com and smtp3.company.com as bridgehead servers within the Internet Email connector.
Assign an external ip address to smtp1.company.com, let's say 198.212.146.26. Configure the firewall to translate smtp1.company.com (10.10.10.11) = mail1.company.com (198.212.146.26). Give the ISP the MX record = mail1.company.com (198.212.146.26).
Did I miss anything?
Are you recommending NLB over DNS round-robin (2 MX records with equal weights)? This means I would only need to create one mx record?
Let's say smtp2.winstead.com goes down, all email would still be flowing in and out because smtp3.winstead.com is up, correct?
2 FE servers --> DNS A record for them are:
smtp2.company.com - NIC #1 - 10.10.0.12, NIC #2 - 10.10.10.12
smtp3.company.com - NIC #1 - 10.10.0.13, NIC #2 - 10.10.10.13
The NLB DNS A record is smtp1.company.com with an ip address of 10.10.10.11
You are recommending that I put smtp2.company.com and smtp3.company.com as bridgehead servers within the Internet Email connector.
Assign an external ip address to smtp1.company.com, let's say 198.212.146.26. Configure the firewall to translate smtp1.company.com (10.10.10.11) = mail1.company.com (198.212.146.26). Give the ISP the MX record = mail1.company.com (198.212.146.26).
Did I miss anything?
Are you recommending NLB over DNS round-robin (2 MX records with equal weights)? This means I would only need to create one mx record?
Let's say smtp2.winstead.com goes down, all email would still be flowing in and out because smtp3.winstead.com is up, correct?
You didn't miss anything that's exactly it.
about round robin, you don't need it as the mails will come on the NLB IP which is load balanced already, the out going mails will try the other server if the 1st is down, to make it real I would say do it without Round Robin and put off one server, it's always good to see what a disaster will look like before it happen.
MG
about round robin, you don't need it as the mails will come on the NLB IP which is load balanced already, the out going mails will try the other server if the 1st is down, to make it real I would say do it without Round Robin and put off one server, it's always good to see what a disaster will look like before it happen.
MG
ASKER
We will put this into production this Saturday night. I will let you know how it goes. Thanks.
ok thank you.
ASKER
Do I need to restart any services in order for the back-end servers to know how to route outbound mail to the new front-end bridgehead servers?
usually not, but in case of any problems review your configurations and reboot just to be sure.
MG
MG
ASKER
The PIX could not route mail from external through the NLB cluster name. We ended up specifying the 2 SMTP servers in the PIX. We will only use NLB for OWA.
that is strange, to make sure that the problem is in the PIX side not the Exchange try to telnet to the NLB IP on port 25 and send mail.
Telnet NLBIP 25
helo
mail from: xyz@gmail.com
rcpt to: anyuser@yourdomain.com
data
blah blah.
.
quit
and check if u got the mail if yes then PIX is the problem cause.
If zou can let the PIX make the load balance that's ok.
http://support.microsoft.com/kb/153119
Thank you
MG
Telnet NLBIP 25
helo
mail from: xyz@gmail.com
rcpt to: anyuser@yourdomain.com
data
blah blah.
.
quit
and check if u got the mail if yes then PIX is the problem cause.
If zou can let the PIX make the load balance that's ok.
http://support.microsoft.com/kb/153119
Thank you
MG
ASKER
From the behind the PIX, I cannot telnet to the NLB IP (10.10.10.11) via port 25. I just get a blank screen. I get the same result when I telnet to the physical nodes IP addresses, 10.10.10.12 and 10.10.10.13.
I can telnet to port 25 via these ip addresses, 10.10.0.12 and 10.10.0.13. So I ended up configuring the PIX with these ip addresses to get Internet mail to flow in.
I will need to get NLB to work for OWA though. In theory, I should be able to have one DNS record for OWA, like owa.company.com pointing to the NLB Clustered Name. It should be able to direct HTTPS traffic to any of the 2 nodes that are associated to it.
Any input would be appreciated.
I can telnet to port 25 via these ip addresses, 10.10.0.12 and 10.10.0.13. So I ended up configuring the PIX with these ip addresses to get Internet mail to flow in.
I will need to get NLB to work for OWA though. In theory, I should be able to have one DNS record for OWA, like owa.company.com pointing to the NLB Clustered Name. It should be able to direct HTTPS traffic to any of the 2 nodes that are associated to it.
Any input would be appreciated.
well, can you telnet to the NLB IP address from inside ur LAN? if yes then NLB is fine it's just a PIX issue.
If not then its NLB issue.
You can also configure the OWA DNS to be round Robin in case u have 2 IPs.
MG
If not then its NLB issue.
You can also configure the OWA DNS to be round Robin in case u have 2 IPs.
MG
ASKER
That's what I meant by behind the PIX. I cannot telnet via port 25 to the NLB IP from my pc. I can ping the IP address.
I can connect to this NLB cluster via the NLB Manager. I am not getting any errors, so I have to guess that it is configured correctly.
I can connect to this NLB cluster via the NLB Manager. I am not getting any errors, so I have to guess that it is configured correctly.
Then its the PIX, to be honest I don't know PIX, but may be someone else here can help or in the networking zone.
MG
MG
http://technet2.microsoft.com/windowsserver/en/library/fa6ef832-1aa7-472f-b492-0dd3c60bd46d1033.mspx?mfr=true
How to NLB:
http://support.microsoft.com/kb/323437/en-us
http://support.microsoft.com/kb/816111/en-us
http://support.microsoft.com/kb/323431/en-us
How to SMTP connector:
http://support.microsoft.com/kb/319426/en-us
http://support.microsoft.com/kb/265293/en-us