Load balancing Exchange 2010 CAS using ZenLoadBalancer – Part 2

Hello world,

In the part I of this post, we have configured and setup our Exchange 2010 infrastructure in order to achieve high availability for Client Access Server (CAS) through the CASarray approach.  In this part of this post, we will briefly describe how you can configure your Zen load Balancer in order to effectively provide load balancing capabilities to Exchange 2010 CAS.

Let’s go…..

Configure Zen load balancer for Exchange

Note :  A step by step guide on how to install Zen load balancer can be found here

It’s time to configure our Zen Load Balancer. We have updated a little bit the initial drawing and we have added the port that would need to be load balance via our Zen software.  We will use this information to create our Farms within the Load balancer appliance

Click on image for better resolution

We will create 5 Farms within the Zen Load Balancer (one farm for each port to be load balanced).  To create a farm, you will need first to connect to the management console of the Zen box.  This is easily done via a web browser and using the following url 


You will be prompted for credentials.  If you have not change the defaults, you will need to use the following information

  • User : admin
  • Password : admin

Step 1 – creating your Farms

Go on the Manage:: Farms page (click on the bar menu > Manage > Farms. You will be presented with a screenshot similar to the one below

Click on image for better resolution

In the Configure a new Farm,  provide the requested information

  • Farm description Name
  • Virtual IP
  • Port

The screenshot (above) shows that we have created a farm called CASARRAYExchange2010SP using the virtual IP and the virtual port 135. We have to perform the same actions for each services/ports that needs to be load balanced. The final result should look like the following screenshot

Click on image for better resolution

Step 2 – associates target servers to your farm

After creating your farms, you will need to tell the load balancer where the redirect the traffic it will receive.  You will need to perform this action for each farm you have created.

To associate the target servers to a farm, you will simply go to the manage::Farms page. In the farm table, select the farm that you need to configure and click on the edit icon (in the action column).

You will be redirected to another page, where you can configure some settings regarding the load balancer. And just below that, you will see a table where you can add the real IP addresses of the servers that need to be load balanced.

Click on image for better resolution

Click on image for better resolution

That’s it. You have configured the Zen Load Balancer to provide Load balancing capabilites for Exchange 2010 CAS. That’s so easy 🙂

Testing your configuration

To validate your configuration, you will need to configure your Outlook client to connect to the Exchange cas array object. Remember that we have created DNS entry for that.  When your outlook is correctly configured, you will have to check that the connection is performed against the CAS Array object.  To check that, you will simply  Hold down CTRL while right-clicking on the Outlook icon in the systray in the lower right corner. Select Connection status in the context menu and you should see the following windows displaying information about the CASArray you are connected to

Another simple test to check that the CAS Servers are load balanced consists of bringing down one of these servers and connects to the casarray exchange using Outlook WebApp, you should then be able to access your mailbox.

Final Words

These 2 part post has shown that an open source solution such as ZenloadBalancer could be used to provide load balancing capabilities to Exchange 2010 CAS Array. In this post, we have provided really a basic and minimal configuration demonstration (but it’s working).  I’ll definitely use this software for my test lab and for demo purposes at customer location.

What’s your take on that ? Have you tried to perform such configuration (with exchange 2010) ? If you have tips and tricks, let us know…..

Till Next Time

See ya


41 thoughts on “Load balancing Exchange 2010 CAS using ZenLoadBalancer – Part 2

  1. Hi, Congra! Great post and very useful.
    One recomendation.
    On v2rc1 you can change your load balancing for outlook webapp with a profile of type HTTPS, add the ssl certificate on the zen lb and zen lb is going to connect with the backend over HTTP, this is good for no overload on backends.

    We going to add a href on our zen web to this posts!


  2. Hello Emilio,

    Thank you for you comments and positive input… As soon as I have some free time, I’ll probably update this post based on the new V2 of the software.

    Thank you and the Zen Load Balancer Team… for bringing nice and easy to use software solution :-))

    See ya around

  3. Hi,

    Do you not get errors with having different farms so a client could get half of its connections to one CAS server and the other half to another? MS recommend affinity and persistence to avoid this but not sure how when you create a farm for each port.

  4. Hello Brett

    No no errors. By the way, note that you can select between multiple load balancing algorithm. You can achieve sticky connection by using one of these algorithm.

    I would recommend you to have a look already in Zen Load Balancer v2. In this version, you have 4 algorithm available. One of them is called hash Sticky client. I’ve not checked yet the v2 but you have also new features such as http/https profiles….

    I hope this help

    See ya

  5. I do not see the command for FarmGuard checking for CAS servers. Could you please share with us about this check

  6. Hello there,

    I’ve got much time to look at it but I can provide a really (really) short explanation.
    the Farm Guardian provides an additional level of monitoring. In Zen Load balancer, using Farm Guardian, you can basically run a script that will check on a regular basis the status of the real servers. As long as your real servers are up and running, the Zen load balancer can connect to any of them. If one goes down, the Farm Guardian feature will detect that and exclude the server from the Farm. You can use 4 scripts that are available with the Zen LB software or you can create you own custom script. You can have a look at /usr/local/Zenloadbalancer/app/libexec…

    To check HTTP protocol; you can use the script called check_http. This script is one of the plugin for nagios. Yuo can see how you can use it by having a look in this manpages ()

    I hope that in a “near” future I’ll be able to post additonal information on farm guardian and Zen LB Cluster

    Till then

    See ya

  7. brett is right. You can’t use this in a production environment because you’d have to have a farm for each port.
    I would love for zen to support balancing multiple ports (or ranges) together in one farm! That would make my life infinitely easier…

  8. I found that in order to get Outlook Anywhere working, you have to add farms for RPC endpoint ports 6001 and 6002, as well as, NSPI port 6004.

  9. If you have two CAS servers on two different IP networks (sites), will the load balancer still work? We have two servers (one per site) doing all Exchange roles.

  10. Hello There,

    Do you have 2 different ACtive Directory Sites or simply 2 different IP Subnets ?. In Exchange 2010, You load balance CASArray. Only one CasArray can exits per AD Site. So, if you have 2 different AD Subnets, each having only one CAS server -> you cannot load balance them. If I remember correctly, if you are using NLB, you cannot load balance between different IP Subnets (even if the same AD Sites). With Zen load balancer, I’ve never tried this setup. However, I’m guessing that as long as routing is in place, you should be able to load balance between different IP segments (located in the same AD Sites)

    Interesting question..If I have time, I’ll try this setup and share my findings

    Hope this help
    See ya

  11. Hello Scott,

    As mentioned in my previous comment, if you have cas servers located in different AD Sites, you will not be able to load balance (through the CASArray). The servers needs to be on the same Active Directory site (but can be spanning multiple IP Segments).

    Hope this answer your question
    Till next time
    See ya

  12. I have 2 Exchange nodes, currently setup with DAG, hitting any of the servers alone is working fine, would it be possible to use ZEN to load balance the CAS array on those same servers along with their DAG Configs ? if it’s possible, could you please shed some light on how to load balance the CAS Array using those 2 DAG servers ? or at least a little more details on the differences from your current guide ? , the goal is using the currently functioning DAG/HUB servers to add an extra layer of HA on the CAS side of things … if that makes any sense 🙂

    Thank you

  13. Hello Hany,

    Yes, you can have your current DAG working in conjunction with Zen load balancer to load balance the CAS roles. Yes, you can install CAS Roles on top of your DAG.

    If you have already a working DAG (I’m assuming in a single Active Directory) that based on 2 Exchange Nodes, you will simply need to install the CAS role on these nodes. When the role is installed, you simply follow the instructions found at http://c-nergy.be/blog/?p=2196 (part I) and http://c-nergy.be/blog/?p=2207” (part II) to configure it to load balance the traffic through the zen load balancer.

    Let me know if this is enough information for you

    Hope this help
    Till next time

    see ya

  14. Hello ,

    Im planning to use only Zen for load balancing pop3 accounts in my CAS Servers. Can i use the same setting in your article ?


  15. Hello John,

    yes, you can probably use this post as a base for your setup. Obviously, you will have to create your pop3 farm, set the correct ports (110 or 995)

    You normally do not need persistence settings for pop3 protocol

    Hope this help
    Till next time
    See ya

  16. Hi all I know its been a long time since anyone asked a question on here but this is my situation:

    2 x AD servers
    2 x Exchange servers (hub, cas, mailbox)
    2 x Edge Servers
    2 x Zen LB

    Everything is on Windows 2008 R2
    All Exchange related servers are running 2010 SP3
    the 2 Exchange servers are in a DAG which is working fine

    The Zen LB that I have are running v2.

    I have setup clustering on the LB as described and all working ok.

    I am using a public cert on the LB and doing SSL off-loading to the Exchange servers

    OWA and Active-Sync are working perfectly.

    Static DNS records exist on all servers and also they are in the AD DNS server.

    Now my issue:
    Outlook Anywhere does not work, I get the cannot ping 6001 error:
    An RPC error was thrown by the RPC Runtime process. Error 1818 CallCancelled

    I have tried all sorts of fixes on the the internet (spent 2 weeks trying to sort this out) each time the server is left for 20 minutes and then rebooted and then tested. RPC-Over HTTP has been removed and added again along with OutlookAnywhere, each time I test and it doesnt work I return the system back to how it was.

    I have tested the RPC url from the internet and I am asked to login and then I get a blank page, so this is a dll test and then dll?servername test.

    I know this is not an exchange forum but my first question is, is it possible that the LB are doing something to make this not work? do I need v3? It is hard for me to test without the LB now as I would need to re-enable the SSL ect…

    Can anyone help me. Please…..

  17. Hello Martin,

    I do not think that the problem is related to the Zen Loadbalancer given that the error you are getting can occur while having no Load balancer infrastructure.

    In the past, we had encountered such issues and needed to update some registry keys. I do not remember them by heart but I’ll try to come back to you and see if I can provide you more info about that

    Have you already modified some registry keys (specifically related to your problem i.e. rpxproxy,…) ? can you provide info about changes you have performed

    have you checked that your certificates are still valid ?
    Till then
    See ya

  18. hello,

    i do not understand you question. what protocol/port do you want to load balance.either http or a tcp protocol. zen load balancer isa layer 7 load balancer, so you should be able to load balance using tcp protocol

  19. With Exchange 2013 it gets even easier. All you have to load balance is 443 and SMTP if you desire because all the RPC traffic is between the CAS and MB servers. The client no longer is an RPC endpoint. Yay Microsoft. Yay Zen LB. This is a fantastic solution.

  20. Hello Michael,

    Im using Zen with my Exchange infastructure and i have problem with autodiscover. In testconnectivity i take the following error

    Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server c738e8d9-40c7-4b18-a128-f1a95f43ae3a@interworkscloud.net.
    The attempt to ping the endpoint failed.

    Additional Details

    An RPC error was thrown by the RPC Runtime process. Error 1818 CallCancelled
    Elapsed Time: 33131 ms.

    If i bypass Zen it plays just fine.

    Any ideas?

  21. Hello,

    as a first guess, I would say the persistence configuration is not correct on the Load balancer
    If you go through the Zen Load balancer and have only 1 exchange server connected in the back end…. you should check if the test-connectivity is succeeding, if this is the case, check the persistence settings

    till next time
    see ya

  22. I’m having a very similar issue to post 27; although my failure occurs with the Outlook Anywhere test.
    I’ve created TCP farms for ports 6001,6002 and 6004 and all of my Exchange 2010 related farms point to a single backend server.

    The error I get is:
    Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server outlook.domain.com.
    The attempt to ping the endpoint failed.
    Additional Details
    An RPC error was thrown by the RPC Runtime process. Error 1818 CallCancelled
    Elapsed Time: 32876 ms.

    I know the Error 1818 is a timeout that occurs in the “TestConnectivity” site after 30 seconds.
    I’m running Zen 3.02 on VMware

  23. Hello There,

    I’m currently on Holidays…But you might wanna check your ports… I see you are using port 6001,6002,6003,…In the post and in the Exchange documentation, ports to be used should be higher ports, this is why in our post, we have used port 60001,60002,60003

    Try with these settings and let us know if it’s working

    till next Time
    See ya

  24. Hello There,

    seems that you have no access to the /var/log folder… Edit the permissions and see if this is working for you
    Change the permissions on /var/log as described in the post and you should be good to go

    Till Next Time
    See ya

  25. Hello,

    Just started with the Zen, works great internally but Outlook Anywhere clients on the internet will not. The CAS Array is populated but the mailbox is not resolved.

    I have configured rpc static ports for rpc mapi and address book, using ports 59532, 59535. Outlook Anywhere is configured with SSL Offloading. I’ve created TCP farms for 80 (landing page), 135, 443, 59532,59535. I have ‘sticky’ configured as the algorithm, all other settings are default.

    I’ve tried disabling ssl offloading and ipv6, neither resolves the issue. If I connect directly to the CAS all is good

  26. Hello Kirk,

    I has been some time I have check my zen Configuration.

    So, Let’s start with some basic questions ?

    On Exchange is Outlook Anywhere configured(Enabled) ?
    is Outlook Client configured correctly for RPC Over HTTP connections ?
    Do you have configured the firewall accordingly (or create publishing rules) ?
    Do you have a Public DNS entry for your Exchange URL ?

    If you use OWA, can you connect to your mailboxes

  27. Resolved my problem, had to configure internet fqdn for autodiscover, all is good. Good resource here!!

  28. Thanks for such g8 work,

    I have 2 questions:

    Frist: As I don’t have hardware load balancer so am using DNS Round Robin (POOR MAN Load Balancing) LOL, can you tell me how much is dealy if one exchange goes down in how much time it will redirect to 2nd exchange server?

    second: can it work with DAG ? coz NLB can’t work with DAG due to CLUSTER SERVICES?

    From Afghanistan 🙂 thank u

  29. Hello Hello,

    if you are using round robin, because the dns will round you will have 50% success and 50% failure (I’m assuming you have two records)

    you can use Zen load balancer as a virtual machine and have CAS and DAG installed on the same exchange server

    Hope this help

    Till next time
    See ya

  30. Hello There,

    Sorry for late answer: I have seen a lot of posts using tcp profile but I would try the http/https profile for Outlook WebApp and Outlook Access anywhere…

    Hope this help
    till next time

    See ya

  31. Hello,

    I am writing from Zevenet, previously Zen Load Balancer and I am so happy to read you are interested in our product. We do invite you to try our new solution under Zevenet brand. Shortly we will release a demo to for Zevenet 5.0.1,
    Would you be interested in reviewing our solution? If so, please pin me an email and I’ll be on your disposition.

    Thank you very much C-nergy team!!


  32. Hello Fabiola,
    Thank you for letting us know about the move from zen to Zevenet… we really enjoy your solution
    As soon as we have a little bit of time, we will investigate again the load balancer solution and come up with some new tip and tricks
    Thank you for your visit
    Till next time
    See ya

Leave a Reply