Solved

Load-Balancing Exchange CAS with Kemp - Ironport in the Mix

Posted on 2013-11-06
8
233 Views
Last Modified: 2015-04-01
Hi all,

We are running into a strange issue where we get messages queuing on our Ironport device and not delivering when we introduce a load-balancer in front of our CAS array. As soon as we remove the LB, set DNS back in order, flush the DNS cache on the Ironport all the messages start flowing. This only affect mail coming from outside of our network.

Does anyone have any experience with this mail flow: Outside email -> Ironport -> Kemp LB -> CAS Array ?

The specs are: Exchange 2010, Ironport C350, Kemp 7-0.4.

Any help is greatly appreciated.

Thanks.
0
Comment
Question by:PoorNonProfit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 19

Expert Comment

by:Kash
ID: 39627249
0
 

Author Comment

by:PoorNonProfit
ID: 39627917
Yes, we have those documents and it is setup per their instructions. The strange part is the Ironport seems to be the one not delivering the messages. Without the LB, the Ironport continues to deliver to the CAS array, with the LB the Ironport seems to queue them as though it can't find where to deliver the messages. We are using CNAMES and confirm that the Kemp is setup with the proper services to deliver the messages as internal ones come through fine.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39629572
The CAS array shouldn't be used for anything other than Outlook TCP MAPI traffic. You should not be using the address for anything else.

Therefore you should configure another address for the other traffic. The CAS Array also does not need to be in the SSL certificate and if you have used the CAS Array address for HTTPS traffic then you should change that. It simply confuses the clients and the Exchange.

As this is email delivery, you have an SMTP template in the Kemp for delivery? Are you using the same or a different virtual IP address?
Can you telnet in through the Kemp on port 25?
Have you got restrictions on the Receive Connectors to only accept email from the Ironport device? If the Kemp isn't configured correctly then it can appear to be coming from the wrong address.

Simon.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:PoorNonProfit
ID: 39633407
Thanks for your reply, Simon.

We do have an SMTP template and I have attached a screenshot of our kemp VSes.
We are using the same virtual IP for all services.
We can telnet through the Kemp on port 25.
We have zero restrictions on our receive connectors and at one point had one with all connections allowed for testing to no avail.

The next time we attempt this we plan to enable more detailed protocol logging on the receive connectors to try and determine if Exchange is refusing the messages though on the Ironport there is no indication that they are being refused.

In this case it seems as though they are being queued on the Ironport and it cannot figure out where to deliver these messages.
kemp-vs.jpg
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39633422
Logging on the Receive Connectors is about the only thing you can do. The Kemp devices should just pass the traffic straight through, without any problems. It would tend to suggest that something is blocking the traffic and Exchange is rejecting it.

Simon.
0
 

Author Comment

by:PoorNonProfit
ID: 39633452
That is what we figured, we will be doing some more detailed analysis once we attempt a cutover again. Thanks again for your help!
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Journaling 2 15
outlook, autodiscover 1 59
Exchange 2008 new SSL certificate with new name 3 56
Outlook Outbox Messages in Exchange 4 27
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question