Hello world,
In the part I of this post, we have configured and setup our Exchange 2010 infrastructure in order to achieve high availability for Client Access Server (CAS) through the CASarray approach. In this part of this post, we will briefly describe how you can configure your Zen load Balancer in order to effectively provide load balancing capabilities to Exchange 2010 CAS.
Let’s go…..
Configure Zen load balancer for Exchange
Note : A step by step guide on how to install Zen load balancer can be found here
It’s time to configure our Zen Load Balancer. We have updated a little bit the initial drawing and we have added the port that would need to be load balance via our Zen software. We will use this information to create our Farms within the Load balancer appliance
Click on image for better resolution
We will create 5 Farms within the Zen Load Balancer (one farm for each port to be load balanced). To create a farm, you will need first to connect to the management console of the Zen box. This is easily done via a web browser and using the following url
http://IP_Address_LoadBalancer:444/
You will be prompted for credentials. If you have not change the defaults, you will need to use the following information
- User : admin
- Password : admin
Step 1 – creating your Farms
Go on the Manage:: Farms page (click on the bar menu > Manage > Farms. You will be presented with a screenshot similar to the one below
Click on image for better resolution
In the Configure a new Farm, provide the requested information
- Farm description Name
- Virtual IP
- Port
The screenshot (above) shows that we have created a farm called CASARRAYExchange2010SP using the virtual IP 192.168.1.200 and the virtual port 135. We have to perform the same actions for each services/ports that needs to be load balanced. The final result should look like the following screenshot
Click on image for better resolution
Step 2 – associates target servers to your farm
After creating your farms, you will need to tell the load balancer where the redirect the traffic it will receive. You will need to perform this action for each farm you have created.
To associate the target servers to a farm, you will simply go to the manage::Farms page. In the farm table, select the farm that you need to configure and click on the edit icon (in the action column).
You will be redirected to another page, where you can configure some settings regarding the load balancer. And just below that, you will see a table where you can add the real IP addresses of the servers that need to be load balanced.
Click on image for better resolution
Click on image for better resolution
That’s it. You have configured the Zen Load Balancer to provide Load balancing capabilites for Exchange 2010 CAS. That’s so easy 🙂
Testing your configuration
To validate your configuration, you will need to configure your Outlook client to connect to the Exchange cas array object. Remember that we have created DNS entry for that. When your outlook is correctly configured, you will have to check that the connection is performed against the CAS Array object. To check that, you will simply Hold down CTRL while right-clicking on the Outlook icon in the systray in the lower right corner. Select Connection status in the context menu and you should see the following windows displaying information about the CASArray you are connected to
Another simple test to check that the CAS Servers are load balanced consists of bringing down one of these servers and connects to the casarray exchange using Outlook WebApp, you should then be able to access your mailbox.
Final Words
These 2 part post has shown that an open source solution such as ZenloadBalancer could be used to provide load balancing capabilities to Exchange 2010 CAS Array. In this post, we have provided really a basic and minimal configuration demonstration (but it’s working). I’ll definitely use this software for my test lab and for demo purposes at customer location.
What’s your take on that ? Have you tried to perform such configuration (with exchange 2010) ? If you have tips and tricks, let us know…..
Till Next Time
See ya
Hi, Congra! Great post and very useful.
One recomendation.
On v2rc1 you can change your load balancing for outlook webapp with a profile of type HTTPS, add the ssl certificate on the zen lb and zen lb is going to connect with the backend over HTTP, this is good for no overload on backends.
We going to add a href on our zen web to this posts!
Regards!
Hello Emilio,
Thank you for you comments and positive input… As soon as I have some free time, I’ll probably update this post based on the new V2 of the software.
Thank you and the Zen Load Balancer Team… for bringing nice and easy to use software solution :-))
See ya around
Hi,
Do you not get errors with having different farms so a client could get half of its connections to one CAS server and the other half to another? MS recommend affinity and persistence to avoid this but not sure how when you create a farm for each port.
Hello Brett
No no errors. By the way, note that you can select between multiple load balancing algorithm. You can achieve sticky connection by using one of these algorithm.
I would recommend you to have a look already in Zen Load Balancer v2. In this version, you have 4 algorithm available. One of them is called hash Sticky client. I’ve not checked yet the v2 but you have also new features such as http/https profiles….
I hope this help
See ya
I do not see the command for FarmGuard checking for CAS servers. Could you please share with us about this check
Hello there,
I’ve got much time to look at it but I can provide a really (really) short explanation.
the Farm Guardian provides an additional level of monitoring. In Zen Load balancer, using Farm Guardian, you can basically run a script that will check on a regular basis the status of the real servers. As long as your real servers are up and running, the Zen load balancer can connect to any of them. If one goes down, the Farm Guardian feature will detect that and exclude the server from the Farm. You can use 4 scripts that are available with the Zen LB software or you can create you own custom script. You can have a look at /usr/local/Zenloadbalancer/app/libexec…
To check HTTP protocol; you can use the script called check_http. This script is one of the plugin for nagios. Yuo can see how you can use it by having a look in this manpages ()
I hope that in a “near” future I’ll be able to post additonal information on farm guardian and Zen LB Cluster
Till then
See ya
brett is right. You can’t use this in a production environment because you’d have to have a farm for each port.
I would love for zen to support balancing multiple ports (or ranges) together in one farm! That would make my life infinitely easier…
I found that in order to get Outlook Anywhere working, you have to add farms for RPC endpoint ports 6001 and 6002, as well as, NSPI port 6004.
Hello Gin,
Thank you for the information….
Some more info can be found here http://blogs.technet.com/b/exchange/archive/2008/06/20/3405633.aspx
What profile should I use in creating the farm for port 135, 60000 and 60001?
If you look this post; you can see that I’ve been using tcp profile.
Hope this answer your question
till next time
See ya
If you have two CAS servers on two different IP networks (sites), will the load balancer still work? We have two servers (one per site) doing all Exchange roles.
Hello There,
Do you have 2 different ACtive Directory Sites or simply 2 different IP Subnets ?. In Exchange 2010, You load balance CASArray. Only one CasArray can exits per AD Site. So, if you have 2 different AD Subnets, each having only one CAS server -> you cannot load balance them. If I remember correctly, if you are using NLB, you cannot load balance between different IP Subnets (even if the same AD Sites). With Zen load balancer, I’ve never tried this setup. However, I’m guessing that as long as routing is in place, you should be able to load balance between different IP segments (located in the same AD Sites)
Interesting question..If I have time, I’ll try this setup and share my findings
Hope this help
See ya
This is all the same domain, but two different AD sites.
Hello Scott,
As mentioned in my previous comment, if you have cas servers located in different AD Sites, you will not be able to load balance (through the CASArray). The servers needs to be on the same Active Directory site (but can be spanning multiple IP Segments).
Hope this answer your question
Till next time
See ya
Okay. Thanks!
No Problem
Till next time
See ya 🙂
I have 2 Exchange nodes, currently setup with DAG, hitting any of the servers alone is working fine, would it be possible to use ZEN to load balance the CAS array on those same servers along with their DAG Configs ? if it’s possible, could you please shed some light on how to load balance the CAS Array using those 2 DAG servers ? or at least a little more details on the differences from your current guide ? , the goal is using the currently functioning DAG/HUB servers to add an extra layer of HA on the CAS side of things … if that makes any sense 🙂
Thank you
Hello Hany,
Yes, you can have your current DAG working in conjunction with Zen load balancer to load balance the CAS roles. Yes, you can install CAS Roles on top of your DAG.
If you have already a working DAG (I’m assuming in a single Active Directory) that based on 2 Exchange Nodes, you will simply need to install the CAS role on these nodes. When the role is installed, you simply follow the instructions found at http://c-nergy.be/blog/?p=2196 (part I) and http://c-nergy.be/blog/?p=2207” (part II) to configure it to load balance the traffic through the zen load balancer.
Let me know if this is enough information for you
Hope this help
Till next time
see ya
Hello ,
Im planning to use only Zen for load balancing pop3 accounts in my CAS Servers. Can i use the same setting in your article ?
Thanks
Hello John,
yes, you can probably use this post as a base for your setup. Obviously, you will have to create your pop3 farm, set the correct ports (110 or 995)
You normally do not need persistence settings for pop3 protocol
Hope this help
Till next time
See ya
Hi all I know its been a long time since anyone asked a question on here but this is my situation:
2 x AD servers
2 x Exchange servers (hub, cas, mailbox)
2 x Edge Servers
2 x Zen LB
Everything is on Windows 2008 R2
All Exchange related servers are running 2010 SP3
the 2 Exchange servers are in a DAG which is working fine
The Zen LB that I have are running v2.
I have setup clustering on the LB as described and all working ok.
I am using a public cert on the LB and doing SSL off-loading to the Exchange servers
OWA and Active-Sync are working perfectly.
Static DNS records exist on all servers and also they are in the AD DNS server.
Now my issue:
Outlook Anywhere does not work, I get the cannot ping 6001 error:
An RPC error was thrown by the RPC Runtime process. Error 1818 CallCancelled
I have tried all sorts of fixes on the the internet (spent 2 weeks trying to sort this out) each time the server is left for 20 minutes and then rebooted and then tested. RPC-Over HTTP has been removed and added again along with OutlookAnywhere, each time I test and it doesnt work I return the system back to how it was.
I have tested the RPC url from the internet and I am asked to login and then I get a blank page, so this is a dll test and then dll?servername test.
I know this is not an exchange forum but my first question is, is it possible that the LB are doing something to make this not work? do I need v3? It is hard for me to test without the LB now as I would need to re-enable the SSL ect…
Can anyone help me. Please…..
Hello Martin,
I do not think that the problem is related to the Zen Loadbalancer given that the error you are getting can occur while having no Load balancer infrastructure.
In the past, we had encountered such issues and needed to update some registry keys. I do not remember them by heart but I’ll try to come back to you and see if I can provide you more info about that
Have you already modified some registry keys (specifically related to your problem i.e. rpxproxy,…) ? can you provide info about changes you have performed
have you checked that your certificates are still valid ?
Till then
See ya
hi, just asmall question
https loadbalancing with no offload , can that be done only with tcp ( and not http) ??
hello,
i do not understand you question. what protocol/port do you want to load balance.either http or a tcp protocol. zen load balancer isa layer 7 load balancer, so you should be able to load balance using tcp protocol
With Exchange 2013 it gets even easier. All you have to load balance is 443 and SMTP if you desire because all the RPC traffic is between the CAS and MB servers. The client no longer is an RPC endpoint. Yay Microsoft. Yay Zen LB. This is a fantastic solution.
Hello Michael,
Im using Zen with my Exchange infastructure and i have problem with autodiscover. In testconnectivity i take the following error
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server c738e8d9-40c7-4b18-a128-f1a95f43ae3a@interworkscloud.net.
The attempt to ping the endpoint failed.
Additional Details
An RPC error was thrown by the RPC Runtime process. Error 1818 CallCancelled
Elapsed Time: 33131 ms.
If i bypass Zen it plays just fine.
Any ideas?
Hello,
as a first guess, I would say the persistence configuration is not correct on the Load balancer
If you go through the Zen Load balancer and have only 1 exchange server connected in the back end…. you should check if the test-connectivity is succeeding, if this is the case, check the persistence settings
till next time
see ya
I’m having a very similar issue to post 27; although my failure occurs with the Outlook Anywhere test.
I’ve created TCP farms for ports 6001,6002 and 6004 and all of my Exchange 2010 related farms point to a single backend server.
The error I get is:
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server outlook.domain.com.
The attempt to ping the endpoint failed.
Additional Details
An RPC error was thrown by the RPC Runtime process. Error 1818 CallCancelled
Elapsed Time: 32876 ms.
I know the Error 1818 is a timeout that occurs in the “TestConnectivity” site after 30 seconds.
I’m running Zen 3.02 on VMware
Hello There,
I’m currently on Holidays…But you might wanna check your ports… I see you are using port 6001,6002,6003,…In the post and in the Exchange documentation, ports to be used should be higher ports, this is why in our post, we have used port 60001,60002,60003
Try with these settings and let us know if it’s working
till next Time
See ya
Hello There,
seems that you have no access to the /var/log folder… Edit the permissions and see if this is working for you
Change the permissions on /var/log as described in the post and you should be good to go
Till Next Time
See ya
Hello,
Just started with the Zen, works great internally but Outlook Anywhere clients on the internet will not. The CAS Array is populated but the mailbox is not resolved.
I have configured rpc static ports for rpc mapi and address book, using ports 59532, 59535. Outlook Anywhere is configured with SSL Offloading. I’ve created TCP farms for 80 (landing page), 135, 443, 59532,59535. I have ‘sticky’ configured as the algorithm, all other settings are default.
I’ve tried disabling ssl offloading and ipv6, neither resolves the issue. If I connect directly to the CAS all is good
Hello Kirk,
I has been some time I have check my zen Configuration.
So, Let’s start with some basic questions ?
On Exchange is Outlook Anywhere configured(Enabled) ?
is Outlook Client configured correctly for RPC Over HTTP connections ?
Do you have configured the firewall accordingly (or create publishing rules) ?
Do you have a Public DNS entry for your Exchange URL ?
If you use OWA, can you connect to your mailboxes
Resolved my problem, had to configure internet fqdn for autodiscover, all is good. Good resource here!!
Hello Kirk,
Happy to hear that you were able to solve your problem
Thank you for the visit 🙂
Till next time
See ya
Thanks for such g8 work,
I have 2 questions:
Frist: As I don’t have hardware load balancer so am using DNS Round Robin (POOR MAN Load Balancing) LOL, can you tell me how much is dealy if one exchange goes down in how much time it will redirect to 2nd exchange server?
second: can it work with DAG ? coz NLB can’t work with DAG due to CLUSTER SERVICES?
Regards,
IMRAN SAFI
From Afghanistan 🙂 thank u
Hello Hello,
if you are using round robin, because the dns will round you will have 50% success and 50% failure (I’m assuming you have two records)
you can use Zen load balancer as a virtual machine and have CAS and DAG installed on the same exchange server
Hope this help
Till next time
See ya
hi,
can you tell plz what profile i hv to use for exchange 2013, tcp or http ?
Regards
Hello There,
Sorry for late answer: I have seen a lot of posts using tcp profile but I would try the http/https profile for Outlook WebApp and Outlook Access anywhere…
Hope this help
till next time
See ya
Hello,
I am writing from Zevenet, previously Zen Load Balancer and I am so happy to read you are interested in our product. We do invite you to try our new solution under Zevenet brand. Shortly we will release a demo to for Zevenet 5.0.1,
Would you be interested in reviewing our solution? If so, please pin me an email and I’ll be on your disposition.
Thank you very much C-nergy team!!
Cheers.
Hello Fabiola,
Thank you for letting us know about the move from zen to Zevenet… we really enjoy your solution
As soon as we have a little bit of time, we will investigate again the load balancer solution and come up with some new tip and tricks
Thank you for your visit
Till next time
See ya