Solved

Load-Balancing Exchange CAS with Kemp - Ironport in the Mix

Posted on 2013-11-06
8
209 Views
Last Modified: 2015-04-01
Hi all,

We are running into a strange issue where we get messages queuing on our Ironport device and not delivering when we introduce a load-balancer in front of our CAS array. As soon as we remove the LB, set DNS back in order, flush the DNS cache on the Ironport all the messages start flowing. This only affect mail coming from outside of our network.

Does anyone have any experience with this mail flow: Outside email -> Ironport -> Kemp LB -> CAS Array ?

The specs are: Exchange 2010, Ironport C350, Kemp 7-0.4.

Any help is greatly appreciated.

Thanks.
0
Comment
Question by:PoorNonProfit
  • 3
  • 2
8 Comments
 
LVL 19

Expert Comment

by:Kash
ID: 39627249
0
 

Author Comment

by:PoorNonProfit
ID: 39627917
Yes, we have those documents and it is setup per their instructions. The strange part is the Ironport seems to be the one not delivering the messages. Without the LB, the Ironport continues to deliver to the CAS array, with the LB the Ironport seems to queue them as though it can't find where to deliver the messages. We are using CNAMES and confirm that the Kemp is setup with the proper services to deliver the messages as internal ones come through fine.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39629572
The CAS array shouldn't be used for anything other than Outlook TCP MAPI traffic. You should not be using the address for anything else.

Therefore you should configure another address for the other traffic. The CAS Array also does not need to be in the SSL certificate and if you have used the CAS Array address for HTTPS traffic then you should change that. It simply confuses the clients and the Exchange.

As this is email delivery, you have an SMTP template in the Kemp for delivery? Are you using the same or a different virtual IP address?
Can you telnet in through the Kemp on port 25?
Have you got restrictions on the Receive Connectors to only accept email from the Ironport device? If the Kemp isn't configured correctly then it can appear to be coming from the wrong address.

Simon.
0
Why are Office 365 signatures so complicated?

Trying to setup transport rules for Office 365 email signatures and can’t quite figure it out? Having to test the signature over and over? Make things simple by using Exclaimer Cloud - Signatures for Office 365.

 

Author Comment

by:PoorNonProfit
ID: 39633407
Thanks for your reply, Simon.

We do have an SMTP template and I have attached a screenshot of our kemp VSes.
We are using the same virtual IP for all services.
We can telnet through the Kemp on port 25.
We have zero restrictions on our receive connectors and at one point had one with all connections allowed for testing to no avail.

The next time we attempt this we plan to enable more detailed protocol logging on the receive connectors to try and determine if Exchange is refusing the messages though on the Ironport there is no indication that they are being refused.

In this case it seems as though they are being queued on the Ironport and it cannot figure out where to deliver these messages.
kemp-vs.jpg
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39633422
Logging on the Receive Connectors is about the only thing you can do. The Kemp devices should just pass the traffic straight through, without any problems. It would tend to suggest that something is blocking the traffic and Exchange is rejecting it.

Simon.
0
 

Author Comment

by:PoorNonProfit
ID: 39633452
That is what we figured, we will be doing some more detailed analysis once we attempt a cutover again. Thanks again for your help!
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now