Julian123
asked on
Exchange 2010 and NLB
I'm currently having an issue where NLB failover is working inside the firewall but not outside. I currently have the FQDN EXCHNLB.domain.org pointing to the IP 10.x.x.x internally. If I attempt to connect to that hostname with https://EXCHNLB.domain.org/owa from an internal machine, I can get the OWA page without any issues for the two CAS servers I have that are part of the NLB cluster. I can stop either host in the cluster manager and when I reconnect it will seamlessly fail over to the other one. However, when I connect to https://external_public_IP/owa externally, which NATs to 10.x.x.x, failover does not work. The requests always go to one CAS server only and if I stop that server in the cluster manager OWA access no longer works. Why would failover work inside the firewall but not outside?
I'm using multicast NLB and both CAS boxes are virtusl machines on ESXI.
I'm using multicast NLB and both CAS boxes are virtusl machines on ESXI.
ASKER
Thanks for your response.
Yes, each server does have two NICs. Only one NIC from each is part of the NLB cluster. The secondary Nic on each one has an IP on the same subnet but no gateway set.
Under "filtering mode" multiple host is checked. The affinity is set to single.
Yes, each server does have two NICs. Only one NIC from each is part of the NLB cluster. The secondary Nic on each one has an IP on the same subnet but no gateway set.
Under "filtering mode" multiple host is checked. The affinity is set to single.
Can you change affinity to network and then test?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check this as well NLB in Virtual Environment
http://www.vmware.com/files/pdf/implmenting_ms_network_load_balancing.pdf
http://www.vmware.com/files/pdf/implmenting_ms_network_load_balancing.pdf
ASKER
I attempted to change the affinity to network and tested but that did not help. I have not yet done any configuration on the switch. Are you referring to the static Mac address ARP mapping? I have not yet done that, though my understanding is that that will prevent switch flooding but will not make connectivity work where it did not before.
Thanks.
Thanks.
limit Switch flooding comes into play when you use IGMP Multicast. Try creating static enteries as suggested in the doc and test
It is not a question of affinity it should be single
try to do it unicast and see if it works!
try to do it unicast and see if it works!
It is not a question of affinity it should be single
try to do it unicast and see if it works!
If it works then the issue is from multicast as I told you in a my previous post you probably didn't configure the switch for multicast
try to do it unicast and see if it works!
If it works then the issue is from multicast as I told you in a my previous post you probably didn't configure the switch for multicast
ASKER
test
Does your cas servers have multiple nics?
What is filtering mode and affinity set to?