Link to home
Start Free TrialLog in
Avatar of atm1989
atm1989Flag for United States of America

asked on

Configuring 2 Exchange 2003 front-end servers for redundancy and load balance.

I have 2 front-end Exchange 2003 servers and 6 back-end Exchange 2003 servers.  I have one routing group with one smtp connector to the Internet.

I would like for the 2 FE servers to handle both inbound and outbound email.  How do I configure them to have redundancy and load balance between the two servers?

For inbound email, my mx records (mail1.company.com and mail2.company.com) are being answered by Postini for filtering spam.  They forward the email to us.  For outbound email, I would like to send email directly out from the 2 FE servers.
ASKER CERTIFIED SOLUTION
Avatar of msghaleb
msghaleb
Flag of Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of atm1989

ASKER

Here is what I have done:

2 FE servers --> DNS A record for them are:
smtp2.company.com - NIC #1 - 10.10.0.12, NIC #2 - 10.10.10.12
smtp3.company.com - NIC #1 - 10.10.0.13, NIC #2 - 10.10.10.13

The NLB DNS A record is smtp1.company.com with an ip address of 10.10.10.11

You are recommending that I put smtp2.company.com and smtp3.company.com as bridgehead servers within the Internet Email connector.

Assign an external ip address to smtp1.company.com, let's say 198.212.146.26.  Configure the firewall to translate smtp1.company.com (10.10.10.11) = mail1.company.com (198.212.146.26).  Give the ISP the MX record = mail1.company.com (198.212.146.26).

Did I miss anything?

Are you recommending NLB over DNS round-robin (2 MX records with equal weights)?  This means I would only need to create one mx record?

Let's say smtp2.winstead.com goes down, all email would still be flowing in and out because smtp3.winstead.com is up, correct?
You didn't miss anything that's exactly it.

about round robin, you don't need it as the mails will come on the NLB IP which is load balanced already, the out going mails will try the other server if the 1st is down, to make it real I would say do it without Round Robin and put off one server, it's always good to see what a disaster will look like before it happen.

MG
Avatar of atm1989

ASKER

We will put this into production this Saturday night.  I will let you know how it goes.  Thanks.
ok thank you.
Avatar of atm1989

ASKER

Do I need to restart any services in order for the back-end servers to know how to route outbound mail to the new front-end bridgehead servers?
usually not, but in case of any problems review your configurations and reboot just to be sure.

MG
Avatar of atm1989

ASKER

The PIX could not route mail from external through the NLB cluster name.  We ended up specifying the 2 SMTP servers in the PIX.  We will only use NLB for OWA.
that is strange, to make sure that the problem is in the PIX side not the Exchange try to telnet to the NLB IP on port 25 and send mail.

Telnet NLBIP 25
helo
mail from: xyz@gmail.com
rcpt to: anyuser@yourdomain.com
data
blah blah.
.
quit

and check if u got the mail if yes then PIX is the problem cause.

If zou can let the PIX make the load balance that's ok.

http://support.microsoft.com/kb/153119

Thank you

MG
Avatar of atm1989

ASKER

From the behind the PIX, I cannot telnet to the NLB IP (10.10.10.11) via port 25.  I just get a blank screen.  I get the same result when I telnet to the physical nodes IP addresses, 10.10.10.12 and 10.10.10.13.

I can telnet to port 25 via these ip addresses, 10.10.0.12 and 10.10.0.13.  So I ended up configuring the PIX with these ip addresses to get Internet mail to flow in.

I will need to get NLB to work for OWA though.  In theory, I should be able to have one DNS record for OWA, like owa.company.com pointing to the NLB Clustered Name.  It should be able to direct HTTPS traffic to any of the 2 nodes that are associated to it.

Any input would be appreciated.
well, can you telnet to the NLB IP address from inside ur LAN? if yes then NLB is fine it's just a PIX issue.

If not then its NLB issue.

You can also configure the OWA DNS to be round Robin in case u have 2 IPs.

MG
Avatar of atm1989

ASKER

That's what I meant by behind the PIX.  I cannot telnet via port 25 to the NLB IP from my pc.  I can ping the IP address.

I can connect to this NLB cluster via the NLB Manager.  I am not getting any errors, so I have to guess that it is configured correctly.
Then its the PIX, to be honest I don't know PIX, but may be someone else here can help or in the networking zone.

MG