Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Publishing Exchange HT-CAS 2007 with Threat Management Gateway 2010 ?

Posted on 2014-02-09
10
Medium Priority
?
445 Views
Last Modified: 2014-02-11
Hi Folks,

I got 2 Exchange servers 2007 with the Hub Transport and Client Access Server role combined together and then running Windows NLB with IGMP Multicast (recommended by Vmware).

When publishing with Forefront Threat Management Gateway 2010, shall I create the rule to point into the Virtual Server / cluster name or one of the HT-CAS server only ?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
10 Comments
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 39846539
So is it possible to change the published site to point to the NLB cluster virtual IP instead of one server FQDN ?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39847110
When you are dealing with a Load Balancer the point of the Vitrual IP is so that it can distribute the load between the 2 servers based on the servers health. If you point it directly to the IP or FQDN of one of the servers this defeats the purpose of a load balancer. Also another thing, WNLB is not supported in a production environment and only should be used for testing environments.

If possible i would consider getting a hardware load balanacer or a vitrual load balancer.

Will.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 39847154
Will,

Is this official from Microsoft or not the best practice ?
because when I join this company, the HT-CAS is already using WNLB as IGMP Multicast and then published by TMG 2010 to the internet.

if it is not recommended by Microsoft, then what should I do then to publish it to the internet securely ?
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 2000 total points
ID: 39847176
WNLB is not supported in a production environment and only should be used for testing environments

WNLB is most certainly supported on the CAS/HT role. What isn't specifically supported is the use of Exchange Server authentication on the HT role when using WNLB. See here: http://technet.microsoft.com/en-us/library/dd577077%28v=exchg.80%29.aspx

That said, I don't recommend using WNLB. Hardware load balancers are far superior. Unfortunately, they are also expensive, so you may be stuck with WNLB due to your budget.

Another option you have is to ditch WNLB and setup TMG to publish your servers as a farm. You would need to have your internal clients pointed at your TMG server to maintain redundancy though. Also, I assume you have have a TMG array for fault tolerance and redundancy.

-JJ
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 39847232
No my TMG 2010 is just standard deployment.

I had a problem when I vMotioned the HT-CAS it broke the Activesync, so the fix was to change the Activesync publishing rule in TMG 2010 to pint just one HT-CAS server instead of the VIP fqdn or the WNLB DNS names.

Strange and hard to believe.

It used to work fine but somehow live migration broke the Activesync
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 39847255
My suggestion would be to ditch WNLB and use farm publishing in TMG.

-JJ
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 39848347
Cool,

So in this case let the existing HT-CAS configuration work as it is but then change the TMG publishing rule only into farm publishing for the Activesync ?

For the Hub Transport I see no issue with email flow. It was just the Activesync that is doesn't work when the NLB is drainstopped and then resumed and started.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 39848387
I would go to farm publishing for all your web services. You get the added benefit that TMG can do some health checks and automatically remove a member from the farm if there is an issue.

-JJ
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 39849526
Thanks man ! you are very helpful !
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question