Load balancing Exchange 2013 CAS servers using DNS Round Robin

Currently in the process of implementing Exchange 2013 to migrate from Exchange 2007.  Am planning on having two multi-role 2013 servers at production and at least 1 multi-role 2013 server at DR site.  Obviously I will be using DAGs to provide HA for the mailbox role, but want to have HA for the CAS role as well before I configure everything for co-existence with Exchange 2007.  Eventually I plan to have a hardware load-balance like a Kemp LM-2400 or Netscaler, but for now I will have to settle for DNS Round Robin.  

In reading some articles on DNS RR and Exchange 2013 CAS servers, they've only been referencing examples with Outlook Anywhere and OWA and how you need to use the same namespaces for Outlook Anywhere and OWA (e.g. mail.domain.com) on both servers, but what about the other virtual directories like ECP, EWS, Active-Sync, and OAB?  Currently I have just one Exchange 2013 CAS and their namespaces all begin with mail.domain.com, should both CAS servers be identical?  Do I need to change the Service Connection Point to be the same on the 2nd CAS as well?  

Thanks in advance for your input.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Guy LidbetterCommented:
Hi Dave,

ECP, EWS, Active-Sync, and OAB would be configured as virtual directories under your namespace i.e. when configuring  ECP you would set it up as
Set-ECPVirtualDirectory -ExternalUrl ‘https://mail.DOMAIN.com/ECP’ -InternalUrl ‘https://mail.DOMAIN.com/ECP’ 

Open in new window

Both CAS boxes should be identical as you expect and you should not change the SCP. The Autodiscover DNS record should just be  CNAME for the DNS RR A Records...

Host (A) mail.domain.com : 192.168.x.x1
Host (A) mail.domain.com : 192.168.x.x2
CNAME Autodiscover.domain.com : mail.domain.com



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simon Butler (Sembee)ConsultantCommented:
Round robin DNS does not give you any kind of high availability.
Waste of time.

If you are planning to implement a Kemp, then I would consider deploying their free load balancer launched at the start of this week.

Then when you are ready to purchase, you just put in a new key.

I am going to have to disagree with the above recommendation on using a CNAME, as that is not best practise. A records should be used, particularly for Autodiscover.

Setup a split DNS and then configure all of the virtual directories with the same host name internally as you are using externally.

Guy LidbetterCommented:
Hi Simon,

Please show me where it says using an A record is best practice? I'm genuinely interested... As far as I'm aware you can use either an A, CNAME or SRV interchangeably with various pro's\con's. However using an SRV record solves a lot of issues...

In a non load balanced DNS RR solution I would most definitely use a CNAME. RR does provide some level protection as you can lose a CAS box and still keep running. Just have a low TTL and remove the failed CAS Record when it happens.

The autodiscover A record is usually (In my world) configured to the CAS ARRAY VIP. in this case there is none so a failed CAS box that the A record is pointing to means complete outage. Unless you DNS RR the autodiscover record as well which would be daft in this case.

I was unaware that Kemp have a free loadbalancer... cool... the other option, as the CAS boxes are layer 4 sessionless is you could use a windows NLB in the interim.
npdodgeAuthor Commented:
Very cool that they now offer a free load balancer.  That must have just been offered because I didn't see it last week.  Too bad it's limited to 20Mbps of throughput, not sure I really want to limit the bandwidth that much on the CAS servers.  I know DNS RR isn't true HA but it does provide some automatic redundancy in the event a CAS/MBX server fails.  Not an immediate failover but the client would hit the other CAS server pretty quickly from what I've read, but will need to test.  I don't know how soon we would be able to purchase a hardware LB and still don't know if we're going to do Kemp or Netscaler.  We want Netscaler to put some Xenapp security policies in place for the client devices connecting and found out that Netscaler can also LB Exchange and other web servers so there would be no need for a Kemp appliance.  Until then, I would like to have something so DNS RR would suffice.  Do you agree Simon?
Will SzymkowskiSenior Solution ArchitectCommented:
Hey Guys,

For Autodiscover specifically i personally use a CNAME record for this. You can in fact use either A or CNAME does not matter, really becomes a matter of preference.

Below is the actual link from technet which references Autodiscover and appropriate ways to configure DNS. This link references Lync 2013 but the same concept applies.


O365 also suggest CNAME records to be configured as well.

npdodgeAuthor Commented:
I've always used a CNAME for autodiscover as well.
Simon Butler (Sembee)ConsultantCommented:
Office365 is a completely different matter when it comes to CNAMEs, because you are pointing the record at any entry that is not under your control - which I believe is the main reason for them.
However it is an internal system, where you have complete control over everything the question I would ask is why WOULD you use a CNAME? DNS best practise in general is to avoid using them because they increase the load on the server, as it requires an additional lookup.

"Too bad it's limited to 20Mbps of throughput, not sure I really want to limit the bandwidth that much on the CAS servers. "

I am doing some testing on this, and the initial indications are that if you use the load balancer in Direct Server Return (http://kemptechnologies.com/uk/white-papers/direct-server-return-it-you/) then you use very little bandwidth. The bulk of the traffic is usually outbound. Still testing, it has only been available since Monday and I have had a busy week!

Simon Butler (Sembee)ConsultantCommented:
Need to pick up on this one...

"RR does provide some level protection as you can lose a CAS box and still keep running. Just have a low TTL and remove the failed CAS Record when it happens."

That isn't high availability. DNS has no idea the server is down. Until you notice it will keep sending traffic to a server that isn't available.

Guy LidbetterCommented:
Hi Simon, never said HA... I said "some level of protection"... There's a difference.

And your other question "why would you use a CNAME?" Because you are using DNS RR and setting a single A record in a non HA environment could cause a blackout. And using DNS RR for autodiscover as well would be daft... How about that? All in context of the question.... Outside in a different environment... By all means push your A record.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.