Exchange 2010 CAS Array with NLB

I have set up 2 CAS / Hub Transport server and configured NLB and the CAS Array. i can connect to the owa site from each server but not from anywhere else. I have a DNS record for the cas array name pointing to the virtual IP of the NLB. if i try to connect just using the Virtual IP of the NLB i can not connect to the owa page either, i have test the load balancing and it is working, i just think i am missing somthing with my cas configurationl.
slambert01Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rajkumar-MCITPCommented:
Do you have A Record in DNS with the name MAIL (mail.domainname.com) and assigned the ip address of  NLB ?

Is that mail.domainname.com mentioned on the OWA url?

can you explain the CAS array setting little more..
0
slambert01Author Commented:
yes my A record is mail.domain.com. where do you mean in the OWA url? ass for the cas array i created it by using the new-clientaccessarray -fdqn "mail.domain.com" cmdlet
0
Rajkumar-MCITPCommented:
Sever configuration -> Client Access Server -> Select the server and bottom you will see OWA tab, go to the properties of OWA and you have to enter the internal url.

If you are going to have the same url for external , you can use the same url for external also

inform if any issue.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

slambert01Author Commented:
yes i do have the mail.domain.com as the internal and external on the owa. i wasnt sure if that is what you ment or you ment something in IIS.
0
Justin OwensITIL Problem ManagerCommented:
Why error do you get when you try to connect to OWA cluster IP?
0
slambert01Author Commented:
webpage can not be displayed.
0
Justin OwensITIL Problem ManagerCommented:
404, 500, or something else?
0
slambert01Author Commented:
using firefox i get "the Connection was rest" the connection to the server was reset while the page was loading.
0
Rajkumar-MCITPCommented:
help me to know the below details. run the below command from command prompt

Ping -a mail.domain.com

Is that ip address of ping result showing the IP of NLB virtual IP?
you are trying to access owa using https://mail.domain.com/owa from internal or external network ? and getting the page cannot be display.
0
slambert01Author Commented:
yes that is exactly what is happening.
0
slambert01Author Commented:
I think i narrowed it down, if i shut down one or the other CAS server i can get to the OWA site, just not with them both up at the same time.
0
Justin OwensITIL Problem ManagerCommented:
What are you using to load balance them?  Exchange/Windows or Exchange/Hardware appliance?
0
slambert01Author Commented:
windows network loadbalacing
0
Justin OwensITIL Problem ManagerCommented:
And to further clarify, you have not joined the two servers together as a cluster?
0
slambert01Author Commented:
no cluster just the nlb
0
Justin OwensITIL Problem ManagerCommented:
0
slambert01Author Commented:
yes that is the exact document i used to set it up.
0
Rajkumar-MCITPCommented:
can you explain the exchange infrastructure in detail?

are you having all the default servers roles installed on those two servers?

If yes, do you configure dag on the same server?

If yes, then it will be a best practise to use a hardware load balancer.

I got this information from here - http://www.msexchange.org/articles_tutorials/exchange-server-2010/high-availability-recovery/load-balancing-exchange-2010-client-access-servers-using-hardware-load-balancer-solution-part1.html
0
slambert01Author Commented:
the exchange enviroment is 2 load balanced CAS/HT server and 1 Mailbox server, they are running in a VM enviorment. I have read alot of articles saying that hardware load balancer would be best practice or using microsoft TMG as a load balancer, which is what i am starting to lean toward after troubleshooting this for over a week now.
0
tigermattCommented:
These parts are for your information/attention but don't actually address your problem... (see below for that)

>> hardware load balancer would be best practice or using microsoft TMG as a load balancer

The product group (for Exchange) at MS actually discourage the use of Windows NLB as a load balancing solution. The recommended method is indeed to use a hardware load balancer of some description - most decent load balancers are service-aware. They integrate with Exchange to determine that the Exchange services are functional on a host; NLB just uses ping, so could send traffic to a host on which Exchange is dead.

If you actually care about your failover system, I'd certainly follow Ross Smith IV's advice and go for a hardware balancer. Plus, then you've not got NLB on the CAS boxes, which means a (marginal) performance improvement! :)

The Forefront TMG solution is fantastic (since the same infrastructure can then handle your outward- and inward-facing load balancing). I certainly rate TMG for external publishing, but remember: a TMG host can only publish/balance HTTP(S) traffic. Internally, you would need to use Outlook in Outlook Anywhere mode for this to work. A TMG array cannot natively publish and load balance MAPI, even internally.

You're also going to need to review your Client Access Array configuration. Using mail.domain.com as the actual name of the array will cause innumerable problems in the long run, since it is also your outward facing OWA URL. The name you assign the array goes on to be used on the RpcClientAccessServer attribute on each of your mailbox databases. This is the Client Access Server your Outlook users will be reconfigured to use (for MAPI mode) once mailboxes are moved to the 2010 environment.

If you use an FQDN which is publicly resolvable, you run in to major issues with Outlook Anywhere users. Their Outlook instance will fire up - off your network - and attempt to resolve the MAPI RPC server, in this case, mail.domain.com. It resolves in your outward-facing DNS, so Outlook tries to initiate a connection by MAPI - you then have to wait for timeouts before the Outlook Anywhere connection might be tried. Users will get impatient, and it's certainly no success on the user experience side of matters.

Instead, you should use an FQDN which can only be resolved in internal DNS. This ensures you won't get timeouts when away from the network, as the RPC server/client access array name will fail a DNS check, and Outlook shouldn't even bother to try a MAPI connection.

A typical setup might be:

Client Access Array FQDN: outlook.domain.local
DNS record in domain.local DNS zone - maps to VIP of load balancing solution
OWA Virtual Directory on CAS servers - set to https://mail.domain.com/owa for both internal and external
In your domain.com split DNS zone (assuming you are a split setup), create an A/CNAME mail.domain.com which points at the VIP/aliases the outlook.domain.local record

You can still send traffic to the VIP of the load balancing system without any care over the specific domain in the URL used to send that data in. That's why mail.domain.com is still valid as the URLs for the OWA Virtual Directory. This part isn't a Client Access Array thing - that's just standard load balancing. What really matters is that you don't end up with a public-facing DNS record in any Outlook profiles, as you will run in to problems/timeouts/disgruntled users.

Finally, unless this is a lab for experimenting, I'd seriously question the need for 2 HT/CAS but only one mailbox server! If you're going for high availability, then you really want a DAG across two mailbox servers on two physical hosts. If you subscribe to a hardware load balancer, then you can consolidate CAS/HT/Mailbox roles onto one host, requiring just two Exchange Servers to do all those roles *and* still operate as a member of a DAG array.

For your actual problem...

You're already in capable hands, but from my reading, it sounds like your issue lies in the way you have NLB configured. What I've mentioned won't directly cause issues at this stage of initial configs, so you're going to need to dig deeper in the NLB config. I don't want to walk on the toes of the Experts trying to troubleshoot with you already.

-Matt
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.