?
Solved

Load-Balancing Exchange CAS with Kemp - Ironport in the Mix

Posted on 2013-11-06
8
Medium Priority
?
248 Views
Last Modified: 2015-04-01
Hi all,

We are running into a strange issue where we get messages queuing on our Ironport device and not delivering when we introduce a load-balancer in front of our CAS array. As soon as we remove the LB, set DNS back in order, flush the DNS cache on the Ironport all the messages start flowing. This only affect mail coming from outside of our network.

Does anyone have any experience with this mail flow: Outside email -> Ironport -> Kemp LB -> CAS Array ?

The specs are: Exchange 2010, Ironport C350, Kemp 7-0.4.

Any help is greatly appreciated.

Thanks.
0
Comment
Question by:PoorNonProfit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 19

Expert Comment

by:Kash
ID: 39627249
0
 

Author Comment

by:PoorNonProfit
ID: 39627917
Yes, we have those documents and it is setup per their instructions. The strange part is the Ironport seems to be the one not delivering the messages. Without the LB, the Ironport continues to deliver to the CAS array, with the LB the Ironport seems to queue them as though it can't find where to deliver the messages. We are using CNAMES and confirm that the Kemp is setup with the proper services to deliver the messages as internal ones come through fine.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39629572
The CAS array shouldn't be used for anything other than Outlook TCP MAPI traffic. You should not be using the address for anything else.

Therefore you should configure another address for the other traffic. The CAS Array also does not need to be in the SSL certificate and if you have used the CAS Array address for HTTPS traffic then you should change that. It simply confuses the clients and the Exchange.

As this is email delivery, you have an SMTP template in the Kemp for delivery? Are you using the same or a different virtual IP address?
Can you telnet in through the Kemp on port 25?
Have you got restrictions on the Receive Connectors to only accept email from the Ironport device? If the Kemp isn't configured correctly then it can appear to be coming from the wrong address.

Simon.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:PoorNonProfit
ID: 39633407
Thanks for your reply, Simon.

We do have an SMTP template and I have attached a screenshot of our kemp VSes.
We are using the same virtual IP for all services.
We can telnet through the Kemp on port 25.
We have zero restrictions on our receive connectors and at one point had one with all connections allowed for testing to no avail.

The next time we attempt this we plan to enable more detailed protocol logging on the receive connectors to try and determine if Exchange is refusing the messages though on the Ironport there is no indication that they are being refused.

In this case it seems as though they are being queued on the Ironport and it cannot figure out where to deliver these messages.
kemp-vs.jpg
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 2000 total points
ID: 39633422
Logging on the Receive Connectors is about the only thing you can do. The Kemp devices should just pass the traffic straight through, without any problems. It would tend to suggest that something is blocking the traffic and Exchange is rejecting it.

Simon.
0
 

Author Comment

by:PoorNonProfit
ID: 39633452
That is what we figured, we will be doing some more detailed analysis once we attempt a cutover again. Thanks again for your help!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question