This tutorial will demonstrate the steps for deploying Exchange Server 2010 as a Client Access Server array using Windows NLB.
If you’re new to the concept of Client Access Server arrays and need to know more then check out this article for an introduction and overview of CAS Arrays.
Client Access Server Array Pre-Requisites
Two or more Exchange Server 2010 Client Access Servers can be configured as a CAS array using NLB as long they are not also installed as Mailbox servers that are members of a Database Availability Group (DAG).
The reason is that DAG members utilize Windows Failover Clustering, which can’t co-exist with NLB.
To demonstrate the setup of a CAS array the following servers have been provisioned.
Server #1
- Operating System: Windows Server 2008 64-bit R2
- Name: EX3.exchangeserverpro.local
- Primary Interface: 192.168.0.34/24
- Secondary Interface: 192.168.0.36/24
Server #2
- Operating System: Windows Server 2008 64-bit R2
- Name: EX4.exchangeserverpro.local
- Primary Interface: 192.168.0.35/24
- Secondary Interface: 192.168.0.37/24
The IP address allocated to the NLB cluster will be 192.168.0.38.
Installing the Exchange Server 2010 Client Access Server Pre-Requisites
On each server, from an elevated Windows PowerShell prompt, run the following commands.
PS C:\> Import-Module ServerManager
Note: In my lab the servers are also Hub Transport servers, and so I installed both sets of pre-requisites. I also use the -Restart switch to automate the restart of the servers, however you can remove this if you wish to control when the servers are restarted.
For only the Client Access Server pre-requisites:
PS C:\> Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
For the Client Access Server and Hub Transport Server pre-requisites:
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
After the servers are restarted run the following command, again from an elevated PowerShell window.
Set-Service NetTcpPortSharing -StartupType Automatic
Installing the Exchange Server 2010 Client Access Server Role
From an elevated command prompt run the following unattended setup command.
Note: Again, my lab servers are also Hub Transport servers.
For only the Client Access Server role with Management Tools:
C:\admin\Exchange Server 2010> setup /m:install /r:ca,mt
For both the Client Access and Hub Transport Server roles with Management Tools:
C:\admin\Exchange Server 2010> setup /m:install /r:ca,ht,mt
Installing Windows Network Load Balancing
On each of the servers, from an elevated PowerShell window run the following commands.
PS C:\> Import-Module servermanager
PS C:\> Add-WindowsFeature NLB
Creating the NLB Cluster
After both servers have been prepared the NLB cluster can be created. On the first server launch the Network Load Balancing Manager from Administrative Tools.
From the Cluster menu choose New.
Connect to the first server for the NLB cluster.
Choose the interface that is to be used for the cluster, and then click Next.
Accept the default Host parameters and click Next.
Click Add and enter an IPv4 address for the NLB cluster, then click OK.
Click Next to continue.
Enter a name for the cluster. In this example I’m using casarray.exchangeserverpro.local. Click Next to continue.
Although the port rules can be made more specific, in this example the default rule is acceptable. Click Finish to complete the creation of the NLB cluster.
At this stage you should have a single host NLB cluster that is successfully converged.
Right-click the cluster name and choose Add Host to Cluster.
Enter the name of the second server and click Connect. Choose the interface to be used for the cluster and click Next.
Accept the default Host Parameters and click Next.
There are no changed necessary to the port rules, so click Finish.
You should now have a dual host NLB cluster that is successfully converged.
One final step, on each of the NLB members run the following command to allow the NLB virtual IP address to be reachable from outside of the subnet that it resides in.
netsh interface ipv4 set int "NLB" forwarding=enabled
Replance “NLB” with the name of your NLB interface on your server.
Creating the Client Access Server Array
Now that the NLB cluster has been formed we can create the CAS array in Exchange Server 2010.
First, register a DNS record for the NLB cluster name.
Next, launch the Exchange Management Shell on one of the Exchange servers and run the following command.
[PS] C:\>New-ClientAccessArray -Name CASArray -Site "Default-First-Site-Name" -Fqdn casarray.exchangeserverpro.local
Name Site Fqdn Members
---- ---- ---- -------
CASArray Default-First-Sit... casarray.exchangeserverpro.... {EX3, EX4}
Substitute the Name, Site, and FQDN as appropriate for your environment.
Updating Existing Mailbox Databases
When the CAS array has been established any new mailbox databases created on servers in that Active Directory Site will be configured with the CAS array as their RpcClientAccessServer.
However any existing mailbox databases need to be manually updates so that those mailbox users begin connecting to the new CAS array.
You can see here that the existing mailbox database on server EX2 is still configured with a standalone Client Access server as its RpcClientAccessServer.
[PS] C:\>Get-MailboxDatabase -Server EX2 | fl name, rpc* Name : Mailbox Database 02 RpcClientAccessServer : EX3.exchangeserverpro.local
To update all databases on the server with the new RpcClientAccessServer run the following command.
[PS] C:\>Get-MailboxDatabase -Server EX2 | Set-MailboxDatabase -RpcClientAccessServer casarray.exchangeserverpro.local
The change can be seen by running the same command as earlier.
[PS] C:\>Get-MailboxDatabase -Server EX2 | fl name, rpc* Name : Mailbox Database 02 RpcClientAccessServer : casarray.exchangeserverpro.local
Note that any existing Outlook profiles will not automatically update from the single Client Access Server to the new CAS array name. Those clients will not automatically failover to an alternate member of the CAS array when there is a server failure. You will need to update those profiles for them to receive the high availability benefits of the CAS array. This is one reason that it is important to establish CAS arrays prior to migrating user mailboxes to Exchange Server 2010.
About Paul Cunningham
That’s an excellen walk-through, thanks! Just wanted to add that NLB needs some additional configuring, it’s not recommended to keep the default port rule in place. Maybe and idea for part two?
Hi Jetze, thanks for pointing that out. I do want to work a few of the NLB best practices into this article on the next revision, or perhaps as a part 2 as you suggest. I’ll include port rules.
Is there any point in creating a CAS array with a single CAS server? I know that sounds like a daft question, but if I intend on adding new CAS servers in the future in an NLB cluster, would it not make sense to set this up now?
Hi Matt, not daft at all. You’ll note in the article that I point out the recommended practice is to establish CAS arrays before migrating users to Exchange 2010. So even establishing one as a single-node NLB cluster will save you effort later on, because you can simply scale out the NLB cluster with more nodes as required without having to reconfigure any Outlook profiles.
Thanks for the excellent article.
What is the difference between the NLB you created and a Failover Cluster? Will the NLB array be able to give high availability and redundancy or does this just balance the traffic going to the CASs?
Im asking because I just got done upgrading to 2010 from 2007 and now the suits want high availability. I installed 2008 R2 Standard which doesnt give HA because there is no clustering service unless you go enterprise or datacenter. Id rather not have to install an enterprise r2 server and move everyone off the standard then format the standard to put enterprise on it.
Any thoughts would be awesome!
You want to use NLB clustering for the CAS role, basically because it is based on IIS and the config across your CAS servers will all be almost the same. Failover clustering should be used for services such as SQL or the Exchange mailbox role (when separated from the other roles).
An NLB cluster does give high availability and redundancy based on the fact that there is a ‘heartbeat’ between all servers in an NLB cluster that will recognise when a server dies and will take it out of the cluster. The more servers in the cluster, the more resilient the cluster will be. Up to 32 nodes are possible. It is also possible to balance the load either equally or based on the power of the servers in the cluster e.g. with 3 servers where 2 have dual core CPUs and the other has an equivalent speed quad core, you could give more priority to the quad core so it handles more requests based on its power (this is a simplistic explanation).
NLB clustering works well when the service being balanced is the same across the group e.g. web based, VPN. Failover clustering works where the backend data is on shared storage e.g. a SAN. Each cluster host would take ownership of the clustered resources (disks, files shares, IP addresses etc.) whilst it is the active node – if it goes down, the heartbeat dying tells the passive node to seize ownership of these resources.
Effectively two different technologies for different situations. Failover clustering doesnt allow you share the load. Hope this helps.
Thanks for the reply. I read this post this morning and it prompted me to get more info on it.
As you can tell from the post, I have a complete setup using 2008 R2 standard and Exchange 2010 functioning very well but now have a need for high availability. Will this NLB cluster work for what im trying to do? I do NOT have the databases (mailbox and pub folders) on a shared resource so I would have to move the to a SAN to build a failover cluster. This post hints at the fact that I can build two separate servers with local resources and put them into a NLB cluster and it will work like a failover cluster….
Hi DJ, this post describes building a highly available CAS (Client Access Server) Array using Windows NLB.
HA for the Mailbox Server role is provided by the Database Availability Group (DAG) feature of Exchange Server 2010, which uses an underlying Failover Cluster (Exchange sets it all up automatically when you configure the DAG).
If you want HA of all Exchange Server 2010 roles you would normally start with a pair of CAS + HT servers in an NLB cluster, and a pair of MB servers in a DAG (4 servers total). That is the most basic HA configuration for Exchange Server 2010.
Note that DAGs don’t require shared storage resources unlike some of the clustering modes in previous versions of Exchange Server. Each DAG member maintains its own replica of the database(s), so it is in fact better to have separate storage for each DAG member.
I’m planning a walk-through article on setting up a DAG sometime in the next few weeks so if you are sitll stuck maybe that will help.
Please read my previous post. You should use a failover cluster for the mailbox role. For Exchange 2010, read about Database Availability Groups (DAGs). An NLB cluster is used to cluster services where the data\config is the same but separate on each server (think of a fancy round robin with bells and whistles).
If you had two mailbox servers in an NLB cluster, the mailbox databases on each would be different so you wouldn’t be balancing them.
Hi,
It is not clustering NLB/Failover related but Related to Client Access server question please answer.
I have 2 Exchange 2010 server EX1(Roles–>MB,CA,HUB and UM) and EX2 (Roles–> MB and HUB)
My CA URL is EX1.DOMAIN.COM
Exchange 2003server still there in the organisation
My question is see I am able to connect to mailboxes residing on EX1 using CA URL mentioned above.
But for mail boxes residing on EX2 the URL is not working means its not at all login in using same above URL
What modification I have to do on CA or DNS i want single name space for this.
I read your CA array config above so confused here
please help
You need to use a cert with multiple Subject Alternate Names (SAN) to take all your servers and the relvant services (e.g. Autodiscovery) in to account. I know some people who simply use a wildcard cert (myself included in one case) but as this thread explains:
http://www.petri.co.il/forums/showthread.php?t=43634
there are prerequisites to using a wildcard cert.
should i first migrate user mailbox 2003 to 2010 and then configure cas array,
i configured cas array and then migrate mailbox but migrated mailboxes don’t see the cas array name.profile is still trying to connect legacy exchnane.
ıs there a way to automatite this
Please could you help to provide me with a step by step guide to setting up and configuring ADDS on windows server 2008 and Exchange server 2010 on different Hardwares.
Thank you in advance
When you create an NLB and add the CAS/HUB roles to it, are there any special settings you need to do to prevent the hubs from load balancing to themselves for internal communication?
The NLB doesn’t handle Hub Transport traffic so you shouldn’t need to do anything special at all.
Hi Paul,
just to clarify, do you mean that normal hub transport to hub transport traffic is not dealt with my NLB? In an environment with no Edge Transport servers, the Hub transport servers can use NLB for incoming email from the Internet.
There is no need to load balance internal HT traffic. Incoming internet mail is a different story. You could load balance that if you like or just use two equal cost MX records (if you have enough public IP space to do it).
What is the recommended procedure to run maintenance on a 2 box CAS/HUB configuration? Do you just drainstop the one box, apply a rollup/update and re-add it to the NLB? Great article, by the way.
Hi Marc, it just so happens I’ve written an article about that here:
http://exchangeserverpro.com/how-to-install-updates-on-exchange-server-2010-cas-arrays
Hi Paul,
A very useful article; I managed to set up CAS for internal use. However I could not get it working for external access, using OWA. To make it simple, in a test environment, I set up a single node CAS. When NATting to the actual CAS, I can connect to the server from the outside; however, when I NAT to the CAS Array IP (NLB), I cannot connect. in both situations, I can connect to my CAS from computers on the LAN. I read a number of articles regarding this problem. they talk about unicast and multicast, VMs & Physical machines, static ARP, etc… I did all theses combinations, except for static ARPing. the result is the same. i get the same result for VM servers too. I use Win Server 2008 R2, Exch 2010 SP1 & router Dreytek Vigor 2820. Many thanks for your help in advance.
Hi,
I am trying to setup a CAS array. I am struggling after step 2.6
I created the NLB cluster on a host (Host1) which is my DC, Hub transport and CAS.
When I try to join Host 2 which is an additional DC in the same domain, CAS and Hub transport, that machine hangs. The modes I selected are affinity = single and multicast.
Could it be possible that the change of MAC addresses is causing this state in the addition of a host?
I tried restarting the Host2. It comes up and I could ping the fqdn of the Cas Array.
However in the NLB on Host 1 I see the error “NLB not bound” for Host2′s entry. How could I solve this?
Nice article. One thing that is missing is that you need to enable IP forwarding on the NLB NIC (Server 2008 R2 disables this by default). The command is this: netsh interface ipv4 set int “NIC2-NLB” forwarding=enabled
Hi Paul,
First of all I would like to thank you for your excellent walk through and providing useful articles like this.
I have done all the steps as given above in my lab. I have six virtual machines in which I have configured AD and DNS on one machine and CAS1 (Exchange 2010) , CAS2, Mailbox1 (for CAS1), Mailbox2 (for CAS2) and CASARRAY on another machines. And they all are in the same domain. I have added CAS1 and CAS2 in the nlb and gave ip address of CASARRAY as cluster IP. The status for CAS1 and CAS2 is showing “converged” in NLB. I have run command for creating new cas array and assigned mailbox to this cas array. But I am unable to open “OWA” page from cluster ip. Either it is opened by ip address of CAS1 or CAS2 but not through cluster’s ip.
So kindly give some comments about above to resolve the issue.
Thanks and Regards,
Avinash
When you say “unable to open…” what do you mean? Is there an error message?
No it’s not an error message. The page is giving error like try again. Means it does not have any service like OWA, i guess.
OWA can work through an NLB cluster just fine. If its working when you hit the CAS directly then start troubleshooting.
Is DNS for the CAS array name working properly? Ping, nslookup, etc
Is there an IE proxy setting causing a problem? Sometimes you need to set exceptions in IE’s proxy settings or your ISA server so clients go directly to the URL.
Is the port rule configure correctly on the NLB?
Can you see the access attempts in the IIS logs on the CAS servers?
Yes, DNS for the CAS array is working good. I have also tried it without any proxy. I have set the port rule as on default settings.
Did you enable IP forwarding on the NLB NIC (Server 2008 R2 disables this by default). The command is this: netsh interface ipv4 set int “NIC2-NLB” forwarding=enabled, where “NIC2-NLB” would be the name of the NIC used for NLB. I mentioned this in a previous comment.
Nice Work and very helpful to the New Exchange 2010 Administrators who willing to learn. Keep it up me8…
Hi Paul,
nice article. Having one question, I am having right now exchange 2007 environment, CAS array is there.
we are planning to transition to 2010 full redundant setup with DAG and CAS array, now what is the process of introducing a new CAS 2010 array. as you know you cant create two CAS array in the same site, how can we solve this issue?
Nazmi, the Client Access Server Array is new to Exchange 2010. What do you mean when you say you’re running an Exchange 2007 CAS array?
you are right,
working more hours daily sometimes lead to selly question:)
please delete my post
Hi Paul,
I have a question for you about NLB & Cas Array. I Have 1 HT server, 2 CAS&Mailbox server. I created NLB for 2 CAS&Mailbox server & Create DAG. After they successful created, my client in outlook 2003/2007 cannot discover the server for Cas Array, I try to ping the hostname & ip for Cas Array, but not resolved(RTO). And then i try ping my IP/hostname Cas Array from my one cas&mailbox server is resolved.
I try to discuss about they problem with my network tim, but they say my IP Cas Array must be have an Ip gateway to resolved this issue. Because the ip from server with the client is diffrent segmentation. I say my network tim about Cas Array don’t have an IP Gateway, when I set the NLB, I just can set the IP and Subnetmask. My Question is, can’t NLB/Cas Array used at the diffrent Ip segmentation??
1 HT Server= Ip. 10.60.1.3
1 CAS&Mailbox Server(have 2 NIC)= Ip. 10.60.1.4—>Replication Ip. 10.10.10.1
1 CAS&Mailbox Server(Have 2 NIC)= Ip. 10.60.1.5 —>Replication Ip. 10.10.10.2
CasArray/NLB = Ip. 10.60.1.6
DAG Ip. 10.60.1.7
Ip Gateway. 10.60.1.1
PC Client Ip scope. 10.64.1.15 – 10.64.1.85(DHCP)
PC Client Ip scope. 10.65.1.15 – 10.64.1.85(DHCP)
Thank’s
Hi Satriyo, NLB and DAGs aren’t compatible. If you want your Mailbox servers to be in a DAG then they can’t also be in an NLB cluster. The two features just don’t work together.
In your situation the options are to separate the CAS and Mailbox roles, or use a Hardware Load Balancer for the CAS Array instead of NLB.
Paul… Thank you for the great article, it is most helpful. We had to rebuild our CAS/HUB servers and mistakenly forgot to recreate the CAS Array during our initial migration. So, my understanding is first make a new CAS Array, stamp the existing databases to use the new CAS array then update the Outlook clients so that they may make use of the HA now available. My question is: After I create the CAS Array and update the databases will my existing clients (which are all directed to only one of the CAS servers) still function? If so, I can update at my leisure, by doing a profile repair, a “check name” on the profile or by migrating everyone to a new database that has the CAS Array as default. Is my thinking correct?
Hi DP, yes clients that are still pointing directly at a CAS instead of the CAS Array will still work, they’ll just have no HA benefit. Your plan to update profiles is fine.
Hi,
we’re going to set up Exchange 2010 next year and we plan to cluster it. Let’s say we use NLB for a CAS Array and use DAG on a total of 4 servers.
DAG features “lagged” databases, is it even possible to use this feature in a CAS Array? It isnt, right? Because some clients would be redirected to the lagged database!? How many Exchange servers would you need to cluster the Mailbox AND use lagged databases?
Thanks 4 help
Hi Benjamin, though you can install the CAS and Mailbox roles together on servers a server can be a member of an NLB-based CAS Array or a DAG but not both at once.
If you want to the CAS/MB roles to co-exist in a DAG you’d need to use a hardware load balancer for the CAS Array.
Anyway, to answer the other part of your question, a CAS (whether in an array or standalone) will connect the user to their mailbox on the active database copy only, never on a passive replica (whether that passive replica is lagged or not).
If you want to use lagged copies I recommend having at least three replicas of each database, so that would be a minimum of three MB servers in the DAG.
Hi Paul, I have found your article very useful. Thank you.
Can you explain to me what happens if the CAS server which has the NLB configuration on it goes down? Does this stop the CAS array from working? Would it be better to have NLB on a totally different server all together?
Many thanks,
Karl.
If there are two or more NLB cluster members then it can survive one server going down, the other server(s) continue to serve requests sent to the NLB virtual IP.
If you want to separate your load balancing from your CAS servers you’d need to look at hardware load balancers.
Hi Paul,
I have question about the CAS HT server, I have 2 Exchange 2010 servers that has CAS,HT and Mailbox installed on 2 separate servers.
The 2 Exchange servers are members in a DAG group and that works fine.
I simulated a test when one node dies for a exampel, that is my Exchange01 the first server that was installed, i changed the dns records and ip on the second backup Exchange server “EXCHANGE02″, but when I start up the EMC and go to server config -> Client Acceess, and point on the Exchange02 it says “The task wasn`t able to connect to IIS on the server “Exchange01.itsthlm.local”" Make sure that the server exists and can be reached from this computer. RPC-servern is not reachable. It was running the command “Get-OwaVirtuallDirectory”.
When I access the https://localhost/owa on the second server “EXCHANGE02″ i can login and send mails but not receive. The mails that recevies are stuck in the mail queue on the “EXCHANGE02″.
I have test with several commands like Set-RpcClientAccess, Set-OwaVirtuallDirectory etc etc and point it on the EXCHANGE02 but the same error in EMC could not contact the “EXCHANGE01″ but that server is dead….
Do I have missed a powershell to take over the whole CAS and point it on the Exchange02??
I want to set EXCHANGE02 as a primary CAS server what powershell command is that?
Best Regards
Michael Szymanski
Hi Michael…
Ok first, understand that you can’t run an NLB cluster on the same servers that are also DAG members. I assume you realise that, I just want to be clear. So by the sounds of it you are not running a CAS Array of any kind (whether using NLB or a hardware load balancer).
This article is about CAS Arrays. It sounds to me like you’re trying to create a DR solution without using a CAS array, which is going to be far more complex and less reliable, as you’ve discovered.
Second, you’ve changed the IP address of your second Exchange server? There should be no need to do that. I don’t understand why you’ve done that.
Third, yes you’ll often get errors like that in the EMC when one of your servers is down.
Fourth, whether your mail can send/receive is more to do with your Hub Transport roles and whether they are working properly, and whether your incoming SMTP from the internet is set up correctly in your firewall and DNS etc.
Finally, I think you need to go back to the start and work out your DR strategy a little more. I don’t know enough about your environment or what you’re planning to achieve to give much more detail at this point.
Hi Paul,
What about if my Outlook machines belong to a different CAS array? Will they be automatically update to the new CAS array? I’m in the migration process of Exchange 2007—>Exchange 2010. Client already had CAS array in Ex2007. I’ve created a different CAS array name for the 2010. During mailbox migration I’m wondering about the impact of CAS array name change for the end users.
Thanks,
Susantha
Hi Susantha, Exchange 2007 did not have CAS Arrays as a feature. Are you referring to something else?
So when I create the CASArray name would this be a different fqdn then I use for OWA ie mail.company.com if so do I need to have the CASArray name on my SAN certificate for when my outlook users connect?
Great article Paul. What are the pros and cons of NLB versus a hardware load balancer for a CAS array?
Hi Jeff, this would be a good video to watch if you want to learn more (and I mean *lots* more) about load balancing for Exchange:
http://channel9.msdn.com/Events/TechEd/Australia/Tech-Ed-Australia-2011/EXL304
Dear Paul thank you for you article
but when i run the command
Get-MailboxDatabase -Server EX2 | Set-MailboxDatabase -RpcClientAccessServer casarray.exchangeserverpro.local
the error of casarray.domain not found
i did all the steps as you mentioned
The RPCClientAccessServer you specify needs to be a valid Exchange server or CAS array object for the command to be successful.
Has anyone noticed in this config (using dual NICs) that you get an event log error 4319 that says A duplicate name has been detected on the TCP network. Now, I’m pretty sure that unchecking “File and Print Sharing for Microsoft Networks” on the NLB NIC will solve my problem but I haven’t done that just yet (waiting until after we close for the day). Is there a different solution?
Hi Corbett, that should work fine.
Paul;
Thanks for the article. I am getting ready to implement a CAS array with a hardware load balancer. My question actually has to do with our Edge Transport servers. Are their any changes that need to be made on the Edge Transport servers when dealing with a CAS Array. I am not sure if you answered this question anywhere above (at least I didn’t see it if you did).
Regards.
The Edge and Client Access roles don’t relate to each other. The Edge will send mail to the Hub Transports in the site it is subscribed to.
Hi Paul
I have used your article to set up a CAS Array.
It all works fine, NLB and the Array. there is only a few test users on the Exchange 2010 system and no connectors, until now.
Problem is that we have a Exchange 2003 server that is a “all-in one” (The old one). and the system is
the main Exchange server for all the users. and now after I have setup Connectors and try to test the mail flow, I can see that the 2010 system can’t send to the 2003 system, and the opposite way.
Also when try to accessing the Legacy mailbox users in the 2010 Management console, I receive a error, telling that the system can’t see the mailbox server (2003).
I have tried to re run all the settings and have searched the web for a solution.
Do you have any ideas?
Right now I am removing the CAS Array.
Regards Preben Madsen
great article! setting up a cas array using vmware vm’s any suggestions as far as unicast or multicast?
and if so what considerations to take in the vswitches?
I’ve followed you article and have been running our CAS array for 6 months in production without any issues. We have four Exchange servers; two CAS/HT servers (NLB) and two MBX servers (DAG). All four servers are virtual using 2008 Hyper-V R2.
We recently tried to move one CAS/HT server to a Cisco UCS system and found that our CAS array even though appeared to be functional, was not. Our Cisco vendor stated that Unicast cannot be used and we need to use Multicast mode instead. I imagine that I need to break down the WNLB and recreate choosing Multicast but since Unicast is the recommendation for WNLB, what are the issues that I might see with Multicast?
With Multicast, do I still use two NIC’s on the CAS/HT or change it to just one NIC?
Hi Paul,,
Great Article, we used your article as basis for our NLB implementation, however, i have a question in mind.
we got a problem in our first setup upon implementing NLB. Please take a look below.
Previous Setup:
2 CAS,HT Servers
2 MB Servers— DAG
now in the setup above, we encountered an issue because after we are done configuring NLB on the 2 servers which has the role of CAS/HUB, our DAG got crazy.. ^_^ i mean it cannot replicate on its database copy and cannot failover seamlessly.
my question is that is it Possible to configure NLB on servers having CAS/HUB Roles at the same time?
Our resolution is to separate all roles. see current setup below.
2 CAS Servers–NLB
2 HUB Servers
2 MB Server -DAG
NLB and DAG works perfectly but our HUB is not automatically redundant.
Your thoughts would be a great help.
Hi Pual
my environment is like below
1. 2 MB server – DAG
2. 2 CAS server – CAS/HUB
But just like know few things
First, NLB and CAS array is necessary to have High Availiblity in CAS/HT server
Second, I already done the migration of our users it will be around 350 users would like to setup CAS array is there any harm does it require any restart of CAS servers
Third, I would like my DAG whether it works fine or not without any downtime is there any steps can I perform
Your help in this regard would be great help
Hi Ehsan,
1) A CAS array with either NLB or a hardware load balancer is required for CAS high availability. HT high availability can be achieved by simply installing more than one HT in a site, no need to load balance that traffic as Exchange does it automatically.
2) No harm, however you will need to look at updating the profiles on the existing users as they will still point directly to one CAS not the new CAS array.
3) I don’t understand the third question, sorry.
Hi Paul,
I have an existing client access array for exchange 2007. I have now installed 2 exchange 2010 CAS servers (Same AD site.Same forest, same subnet where the exchange 2007 cas/ht/mbx servers reside). When I run the get-clientaccessarray cmdlet on Exchange 2010, I get a blank response. I checked and the CAS array with the FQDN of prod-mailbox.xyz.com does exist for this AD site. So here’s my question, when the clients mailboxes are moved to the new exchange 2010 database, the outlook user profile will still point to the existing cas array (prod-mailbox.xyz.com) yet, the mailbox will not be there.
The existing exchange 2010 mailbox servers and databases are pointing the localhostname.server.name for CAS. How can I create or these servers to the existing CAS array or can’t I?
What will happen? I hope I didn’t’ ramble on too much, but this is a huge concern.
Thanks in advance for your response.
Tash
There is no CAS array in Exchange 2007. prod-mailbox.xyz.com may just be a friendly DNS record that points to your Exchange 2007 mailbox servers in your enviroment.
Client Outlook profiles will be redirected to the new CAS array once there mailbox is moved to Exchange 2010 providing the CAS array is set on all the DB.
Aha. I’ll have to start digging into the existing record, wherever the exchange 2010 system is seeing that from.
Thanks Paul !
I understand that you can create an array with just one CAS, which is what I’ve done. I also understand that I can add another CAS to the existing array, which is what I plan to do. The question is, what is the cmdlet to add the new Cient Access Server to the existing CAS array?
Hi Doug, think of the Client Access Server array itself as a pointer. It associates an AD Site with a DNS name for RPC client access, which resolves to an IP address.
If you establish a single-server CAS Array in the site (which Microsoft does now recommend as best practice) you are pointing your DNS record at that server’s IP address.
When you later wish to scale out to multiple CA servers for high availability, you install them into the site and then establish a new load balanced IP address (using either Windows NLB or a hardware load balancer), and then update your DNS record to point to that new IP address.
The load balancer (or NLB if you choose) then handles the distribution of client traffic across all of the CA servers in the “array”, not Exchange itself.
Hope that helps.
Hello Doug,
After a Client Access server array is defined within an Active Directory site, all Client Access servers within that Active Directory site are automatically part of the Client Access server array.
http://technet.microsoft.com/en-us/library/ee332317.aspx
Hi Pete, correct, and then in addition to that the FQDN of the CAS Array itself needs to point to an IP that will load balance the traffic across all available CA servers.
OK. I think I’m catching on. So, the array name, or FQDN, is really an rpc client access pointer for mailbox databases. When another CAS is added to the AD site, I need to configure it’s IP on the NLB as another server that the array VIP points to. That all makes sense.
So, I setup CAS02. Configure it’s IP on the NLB for ARRAY01 VIP to point to. Then, it will be part of the load balanced array and direct Outlook clients to their proper mailbox database. Am I on the right track?
Would the new CAS02 server then show up as CAS Array member server when the Get-ClientAccessArray cmdlet is run?
Thanks for the quick responses guys, by the way. I really appreicate it.
Hi Doug,
Yes as soon as the new CAS is in that site, it will appear in the Get-ClientAccessArray output as a member for that site’s CAS Array object. It will do that whether it is a member of an NLB or not.
And yes, if you’ve already got an NLB VIP you’ll need to add that new CAS to the NLB before it can participate in the load-balanced client traffic.
Hi Paul:
We have a 3 server DAG with a 2 server CAS Array using NLB. The 3 DAG servers also have the CAS role installed and we have run into issues where clients have connected to a particular DAG node for free/busy lookup. For example, if we put DAG001 into maintenance mode, it will not have any active mailboxes so you’d think that rebooting that node wouldn’t cause any issues. It turns out that if we were to reboot that node in the middle of the day, users who have connected to it for free/busy lookup will get an error.
Does it makes sense to remove the CAS role from all 3 DAG nodes? Would there be any configuration files that we need to edit after we do that, or will Autodiscover and such take care of redirecting clients to the 2 CAS NLB nodes only? Thank you.
Yeah the issue is that you’re rebooting your Client Access server (that co-exists with the Mailbox server role on that node), that clients are connecting to for Availability service lookups. Makes sense that would cause issues.
What I recommend you look at is pointing your EWS URLs at a DNS name that resolves to your load-balanced IP address(es). There is an article here on TechNet that described this:
http://technet.microsoft.com/en-us/library/aa997237.aspx
Paul: Thank you for your reply. That seems like it will work and we can leave the CAS role installed on the DAG MB servers. I really appreciate how you take the time to reply to the comments that your visitors post. I don’t know where you find the time to do it, but it’s very helpful.
Paul, we are going forward with a screwy topology that consists of two “well connected,high speed” physical sites in one domain(single Exchange org). Both physical sites will have a HT/CAS server as well as an mbx server. The HT/CAS servers will be on two different subnets that are routable to each other. Is it possible to place these two CAS servers into a CAS array using NLB? Is it possible to publish the CAS array VIP to both physical sites?
The CAS Array name has a corresponding DNS entry that needs to resolve to an IP address. That IP address can be made highly available through load balancing, but it is a single IP address. If you can load balance that single IP across both sites then it may work. Otherwise you need to keep it in a single site and use manual DNS updates to failover to the other site if the primary site CAS is down (keeping in mind that Microsoft has never intended for full datacenter switchover capability to be fully automatic, it always involves manual steps).
Hi Paul,
Would like some information on below mention points
1) On the NLB NIC do i need to put the gateway IP address
2) How do i connect the NLB NIC of both the server ? do i connect it back to back with cross over cable or do i connect NLB NIC’s directly to switch.
1) No.
2) Connect them to the LAN switch, not with a cross over cable.
Hi Paul,
Great article. I have a single Exchange 2010 with MB, HT, and CAS roles on it. What it is the simplest way to start creating redundancy on our way to full redundancy? I publish OWA, Outlook Anywhere, and eventually Active Sync. We do have a VM cluster available. Thanks in advance.
Dear
thank you very much
I have Intalled lab that Include
1 dc server
2 mailbox servers
2 cas servers
I have enabled the NLB for on both cas servers.
the nlb record = mail.test.local with ip 10.0.0.11.
i am trying to access cas server by nlb record ( https:\\mail.test.local\owa) but it gave me IE CAN NOT DISplay the webpage …. but if wrote https:\\cas1.test.local\owa or https:\\cas2.test.local\owa it works.
please advise
Excellent article!!
Easy to understand.
Questions on NLB
in what scenario we select “UNICAST” , MULTICAST AND IGMP MULTICAST
WHAT IS THE USE
I created a cas array a year after isntalling exchange 2010 and it updated all of my outlook clients to the cas array name instead of server name despite your comment “Note that any existing Outlook profiles will not automatically update from the single Client Access Server to the new CAS array name. ”
It did take a few days, i believe it was the autodiscover service that did this for me. It popped up and said a system administrator has made changes that require you to restart outlook.
Yep, something that causes Autodiscover/autoconfiguration to run again would kick the profile across to the CAS array name.
I’m not 100% sure but one of the fixes in the latest update rollup might also help with this situation. I’ll have to check that out a bit more.
Hi paul,
Very Usefull article, thanks fort that.
Can you describe if client DNS should be enablend on Both NIC, if we need to enable box “Register this connection’s addresses in DNS”, if gateway should be specified for all the NIC etc. ?
On the NICs that will be used for the NLB virtual IP, don’t register them in DNS and don’t configure a default gateway.
Hello Paul,
Great Article very usefull. However i have some questions. I’m trying to setup a lab environment for a basic HA Exchange 2010 environment with a Single AD Site design. This is the equipment i have:
1. VMware hypervisor esxi with: 1xDC, 1xCAS/HUB01 & 1xMAILBOX01 < – All Servers Win 2008 R2 ENT
2. VMware hyperviso esxi with: 1xCAS/HUB02 & 1xMAILBOX02 < – All Servers Win 2008 R2 ENT
3. Physical Server Win 2008 R2 ENT
What i understand from all your replys & article is:
1. CAS ARRAY & DAG Setup can't live together on the same box. Hence why min of 4 servers are required for HA/DR that is HA for 2 x CAS & 2 x Mailbox. Is this correct?
2. Since CAS ARRAY & DAG Setup can't live together on the same box i have decided to put a physical server to act as a Load Balancer for CAS and Witness Folder Server for DAG is this correct? the reason i'm doing this is if 1 x VMware hypervisor fails we have another hypervisor as HA hence why i'm not putting witness folder/nlb in any of the hypervisors.
3. Will a physical win 2008 r2 ent server handle NLB for about 15-20 staff in a company?
4. How will this affect auto-discover will all the certs need to be install on NLB Server or NLB server is there just to forward requests to the next available server in a round robin fashion.
thanks for your HELP!!!!!
1) The conflict isn’t CAS Array members and DAG members, it is Windows NLB and DAG members (because DAG uses failover clustering, which can’t run on the same server as NLB).
So if you’re using NLB, yes they need to be separate.
2) If you’re using NLB then the CAS servers themselves form the NLB cluster. The NLB isn’t a separate server. Putting the FSW on a separate server is fine as that will assist with some DAG failure scenarios.
3) Refer to answer above. The NLB isn’t a separate host.
4) The CAS Array really refers to the RPCClientAccessServer, which is for RPC/MAPI connectivity only.
You can load balance the other CAS services such as Autodiscover as well, using the same NLB, but it is completely separate to the role of the CAS Array for RPC/MAPI traffic.
A good article series to read is this one from the MS Exchange team, which clears up a lot of misunderstandings:
http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
Hi Paul. This is the best Ex 2010 CAS/NLB article I’ve seen! Thanks for putting it together.
We are planning to do a 4 server Exchange 2010 HA setup for a client. It will be 2 CAS/HT in an NLB and 2 MBX in a DAG as you described in comments above. All 4 servers are Hyper-V VMs on 2008 R2 Enterprise.
The tricky part here is the current mail system is an all-in-one Exchange 2003 box that we will be moving away from so there is a whole migration piece that ties into the implementation above. I’ve read a ton of material and feel good about the overall process. However, I have a concern about the order of events below. Which is the right order – the Exchange migration introduction of 1st CAS, then NLB or NLB and then intro of 1st CAS into EX 2003 site?
1. Prepare forest and domain for Ex 2010
2. Introduce 1st CAS server into 2003 site
3. Introduce 2nd CAS server into 2003 site
4. Make sure mail is still flowing correctly
5. Install NLB, configure cluster, define CAS Array
6. Configure CAS Array
Does that order make sense? My biggest concern is not disrupting mailfow during the whole process so I need to get 2010 introduced into our existing 2003 environment, configure HA for CAS, configure DAG, then move existing clients to 2010. If you know of any good write-ups that combine a migration with introductio of HA features noted above, I’d really appreciate it!
Many thanks!
Hi Paul,
Thanks u very much.this article is very useful.
I want ask a small question that can NLB work in different subnet.(different location but single site)
eg. one NLB node is 192.168.10.xx and another NLB node is 192.168.90.xx
you can check this link
http://social.technet.microsoft.com/Forums/zh/exchange2010/thread/d49b3a48-5749-4478-8ebf-058bf8d36a16
it is urgent for please help me for the same
Regards,
sudam sahoo
Paul,
Thank you for posting nice articles. I have one exchange 2010 server with all the roles. The server name a1.abcd.com and the SSL certificate installed is : mail.abcd.com
When I want to use Outlook anywhere, it doesn’t allow me to use mail.abcd.com as the mail server. The proxy settings are pointing to mail.abcd.com – But the mail server name I have to give as a1.abcd.com
How do I make use mail.abcd.com everywhere? It will eliminate users to remember the original netbios name of exchange server.
When you have enabled Outlook Anywhere did you set mail.abcd.com as the external host name?
http://exchangeserverpro.com/how-to-configure-exchange-server-2010-outlook-anywhere
Hi,
Please receive my thanks for the good articles you are publishing. They helped me a lot in learning and configuring Exchange 2010.
I have a problem and I hope you can guide me in solving it.
My test infrastructure contains:
1. DC1 – GC/DC (win 2008 R2)
2. EX1 + EX2 – Client Access Server + Hub Transport roles (win 2008 R2, Exchange 2010 + Sp1)
3. EX3 + EX4 – Mailbox Role (win 2008 R2, Exchange 2010 + Sp1)
4. DT3 – client station.( Windows 7 Pro)
I have I external domain which I use:domain.com.
Internally I use corp.domain.com. I have an internal DNS which I use only for internal DNS resolving.
I configured the CAS as instructed, step by step. 20 times.
Each time I configure the client using Autodiscovery, in the e-mail address field I get =SMTP:user@domain.corp.com.
The “Server” is well recognized by the Autodicovery service as CAS1.corp.domain.com.
Please help me in troubleshooting this.
Kindly let me know what additional info can I provide.
Thank you,
Valentin
Do you have your SSL certificates configured correctly on the Client Access servers?
Hi Paul,
I tried both, with self signed Exchange certificates and with a certificate issued by a certificate authority which I installed on my domain controller.
For getting an Exchange certificate from my CA i followed the next steps:
1. On van-ex1 created the request.xml.
2. Opened the http://van-dc1/certsrv
3. advanced request for certificate; pasted the contents of the request.xml; selected web server; downloaded the issued certificate
4. from the van-dc1 exported the root ca and imported to the van-ex1, otherwise it would not recognise the certificate
5. on van-ex1 completed the certificate requeste; assigned serviceds to certificate
6 on van-ex1 exported the certificate
7 on van-ex2 imported the root ca and the certificate.
Maybe I am wrong in this?
Is the private CA you’re using also trusted by the clients?
Did you include the correct names in the SSL certificate? Does it work for other acess such as OWA without giving any certificate warnings or errors?
Hi Paul,
the private CA is trusted because I exported it from my DC and imported it in the Trusted CA’s container on the clients.
The OWA works ok Externally (I configured same address internally and externally). Intermally does not work. There is a problem with the internal DNS I think. Could this be the reason why autodiscovery does not work either?
Thank you,
Valentin
Hi Paul,
I managed to solve the problem. Split DNS was the solution.
Regards,
Valentin
Hi Paul,
Excellence post. i have followed all of your steps and it is working well in internal domain and sent out to internet domain is also working well but the problem is unable to receive mail from outside domain. Send connector / receive connector are already created by adding both HUBCAS into receive connector
Let me tell about network setup:
1. HUBCAS01 = 192.168.10.10
2. HUBCAS02 = 192.168.10.11
–> NLB VIP = 192.168.10.12
3. MBX01 = 192.168.10.13
4. MBX02 = 192.168.10.14
If i forward SMTP port 25 to 192.168.10.12 in my Cisco Linksys E1200 router it will not receive any mail from outside domain and it doesn’t allow to telnet on port 25. but if i forward smtp port 25 to 92.168.10.10 or 92.168.10.11 it will working well
Can you bring me to the right place to pointing out my NLB working properly?
Million thanks
Saravuth
Can you telnet to the NLB VIP on port 25 from a server such as MBX01 or a non-Exchange server within that same subnet?
Is it just external connections and those from anywhere outside of the 192.168.10.x subnet that aren’t working?
Hello Paul, many thanks for so many really excellent tutorials on Exchange. I’m learning alot from following your work. I’m studying to learn Exchange in more detail. I’m trying to build an HA Exchange 2010 – This tutorial has provided many answers to the questions I’ve been looking for. A few remain though, and I was wondering if you had time to field a few?
I’m puzzled by the path – C:\admin\Exchange Server 2010>
Can you elaborate for a noob – am I creating this path, copying Exchange CD files to it? what am I missing here?
When do I run Prepare AD/Schema – as the CAS/HT will be the first servers I’m building into my environment (After a DC) I’m getting conflicting info and when this should happen. A colleague assures me Exchange 2010 SP2 does it for you, but I ran the installer for an HT, got no AD prep prompt and the readniness check subsequently failed
If you had time for any insights, you have my thanks in advance
Best
C:\Admin\Exchange Server 2010 just happens to be where I have extracted the Exchange setup files on my server.
The schema preparation can be performed manually ahead of the first Exchange server install, or when you install the first server it will do it for you automatically if it detects that it has not already been done (assuming all other requirements are met).
The readiness check can fail for many reasons so you’ll need to be more specific.
thank you for your post.
am new at exchange .
i have two questions
1- when we do the second CAS installation before or after the creation of casarray?
2-when i install the CAS can i use the same External url for both of my CAS ??
thanks
1 – Doesn’t matter. You can establish the CAS Array before or after installing the second, third, fourth etc CA servers.
2 – Yes, in fact that is required if you also plan to load-balance other CAS traffic such as OWA, ActiveSync etc.
High Paul, thanks for your good article.
Regarding to the note in the end of the article, how can I update those profiles for them to receive the high availability benefits of the CAS array?
can you explain it to me please?
Hi Paul you are forgot me
I don’t have any sample code available, but you can do it with a login script. The Outlook profiles are stored in the user’s registry.
You should be able to find a few examples in a Google search, eg
https://www.google.com.au/search?q=logon+script+to+update+outlook+profile+to+new+server&oq=logon+script+to+update+outlook+profile+to+new+server&sugexp=chrome,mod=8&sourceid=chrome&ie=UTF-8
G’day Paul,
Nice one!
BTW, wha’ts your take on this article about Windows NLB with Exchange 2010:
http://www.stevieg.org/2010/11/exchange-team-no-longer-recommend-windows-nlb-for-client-access-server-load-balancing/
Cheers Leo
My take is that hardware load balancing is better for a lot of reasons, but if you can’t get a HLB and you still want some level of HA and load balancing for your CAS then NLB is your only option.
Thanks Paul…appreciate it.
Will Windows NLB still works for smaller site like 700 mailboxes for HA? Isn’t Windows NLB is not application aware hence if CAS A for instance goes offline for some reason, Windows NLB won’t have a clue about it therefore it will continue to sent the traffic to CAS A instead of CAS B therefore failover will not possible to achieve with Windows NLB?
I think NLB tops out around 10,000 max users, and it can’t scale out to more than 8 CAS servers.
Yes, it is server-aware but not service aware. So there are failure scenarios where the NLB will continue sending traffic to a server that may only have say a stopped service rather than the whole server going down.
Thanks Paul
In E2K13, how is HA gets handle? Do you still need hardware load balancer?
2013 has the same story with NLB, but for HLB it has been simplified somewhat as it now only needs a layer 4 load balancer instead of layer 7 like Ex2010. HLB is also still the recommended way to go.
Cheers Paul.
Some clarification…….
I gather that Outlook MAPI clients will be looking for casarray.exchangeserverpro.local to benefit from HA provided that you have setup your CAS array first before migrating the mailboxes?
Therefore, if I have 2 or more CAS member in the CAS array, i still need to run the below in Powershell cmdlet for each Exchange server?
Get-MailboxDatabase -Server EX2 | Set-MailboxDatabase -RpcClientAccessServer casarray.exchangeserverpro.local
The CAS Array object itself is separate from the HA.
The CAS Array is a DNS name that points to an IP address. That IP address can just be a single Client Access server. Or it can be a load-balanced IP address for multiple Client Access servers (via NLB or HLB).
But the CAS Array itself is not providing HA or load balancing.
There’s more on this topic in this article:
http://exchangeserverpro.com/exchange-server-2010-cas-array
I guess my question is, If I have two or three Exchange Servers 2010 in CAS array (i.e., casarray.domain.local), I still have to run the below in Powershell for Exchange Server 1, for Exchange Server 2, Exchange 3 so forth etc, to change the “RpcClientAccessServer, right?
Get-MailboxDatabase -Server EX2 | Set-MailboxDatabase -RpcClientAccessServer casarray.domain.local
Note: At this point in time, there are no mailboxes have been migrated yet or created in those Exchange servers (i.e., they are freshly installed…..just building my CAS array at this moment…Outlook profiles don’t even exist for Outlook MAPI clients at this point).
That is covered towards the end of the article above.
“When the CAS array has been established any new mailbox databases created on servers in that Active Directory Site will be configured with the CAS array as their RpcClientAccessServer.
However any existing mailbox databases need to be manually updates so that those mailbox users begin connecting to the new CAS array.”
HI Paul, first of all , you are the pro
, your article is awesome , I want to tell you my scenario to upgrade my 2003 environment to 2010, ” DCs 2003 to 2008 and Exchange 2003 to 2010 and applying TMG to publish the CAS ARRAY URL” … I have one two servers , one for DC 2003 and the other one for EX 2003 , on the EX 2003 I have 5 mailbox database , all of this will migrate to a Hyper V environment contains Two hosts that will carry the Virtual machines , the first host will have the following VMs :
DC1 , HUB-CAS01 , MB01 , TMG
the second host will have the following VMs:
HUB-CAS02 , MB02
we will apply NLB between the two VMs ” HUB-CAS01 and HUB-CAS02″ and a DAG for ” MB01 and MB02″ ,.
can you give me more specific details about DNS configuration for every member server in the cluster because each server has two NICs and how registration should apply for the IPs in DNS and about placing the Mailbox databases .. should I place two DBs on one server and three DBs on the other or place all the five DBs on one server and DAG will replicate them to the other one.
Dear Paul,
I confused, do we really need two NIC for CAS/HT server. any reason you had used two NIC.
because I used only one NIC for CAS/HT server.
Best Regards,
Danushka
The second NIC is for NLB.
I currently have an environment with 2 CAS/HT servers and no CAS array and I want to move to 2 new servers in a CAS array. What I am planning to do is create a new mailbox DB after the CAS Array is created and then move users to the new mailbox DB. Can I do this without disrupting the users (except while their mailbox is migrating)? Is there an easier way to transition to the CAS array other than modifying all of the Outlook profiles and changing the RPCClientAccess setting on the current databases?
Within the same AD site, no I don’t believe that will work.
Dear Paul,
In our exchange 2010 environment we have two hubcas server with NLB configured. But mails hits only hubcas server one if the hubcas server one down then the mail folw through hubcas server2. Please tel me how to set the virtual ip to get all the hits straterway. where to chenge that seetings in exchage ?
What do you mean “mails hit only hubcas server one”? Which emails do you mean, incoming internet email?
yes incoming internet mails
I believe that you’ll need to configure a port rule for SMTP traffic for it to be load balanced the way you want it to.
http://technet.microsoft.com/en-us/library/bb742455.aspx
Thank you very much for your article Paul, it is greatly appreciated. Here I have three questions:
1) For the command: New-ClientAccessArray -Name “CAS-Array-Name” -Fqdn “NLBcluster.abc.local” -Site “ABC”,
I understand that “NLBcluster.abc.local” is the FQDN of NLB cluster network name, SHOULD or SHOULDN’T I use “NLBcluster” for “CAS-Array-Name”? (if I use any other name, than it has no match DNS record obviously)
2) We have two CASs, the internal owa URL is https://cas1.abc.local/owa and https://cas2.abc.local/owa respectively. After creating NLB cluster(NLBcluster.abc.local), should I change the internal URL on both servers to “https://NLBcluster.abc.local/owa”?
3) The last one may should go to NLB section (more NLB related), but with your extented knowledge Paul, when we say “no default gateway should be configured on NLB NIC” and “no DNS register entry for NLB NIC”, should I also disable “File/Printer sharing for MS network” and disable “NetBIOS over TCP/IP” on NLB NIC?
Thanks again for your time to clearify my doubts. Grace
1) The CAS Array name and the NLB cluster name don’t need to match. I would actually recommend that they should not be the same. Yes, you need to create a DNS record for your CAS Array name.
2) You can, but it is not required. I usually use the External URL as the common OWA namespace.
3) The only requirement is the default gateway and DNS registration.
Amazing…thank you Paul for getting back to me so quick and it does clarify my thoughts, thumb up
Thank you Mr.Paul. Good explanation.
Hi Paul,
First up , thanks Paul for all your great guides. I’m having an issue after setting up a CAS array as per the steps above. I have 2 x CAS\HT servers using NLB. I have then created separate Mailbox servers with various databases in a single DAG. This has been added to an existing Exchange 2007 organisation. When I move the first user mailbox from the Exchange 2007 to the Exchange 2010 mailbox server I can no longer connect to the mailbox using Outlook. User receives a prompt that a change has been made that requires them to restart outlook but when they do it prompts for authentication to access the CAS array name and no matter how many times entered it just keeps prompting and can not access the mailbox. Accessing via OWA is successful.
It is possible that the RPC/MAPI connection is failing so it tries Outlook Anywhere instead (hence the auth prompt).
I would check that:
a) The RPCClientAccessServer for the Exchange 2010 databases has been set to the CAS Array nam
b) The CAS Array name is resolving correctly in DNS
c) The NLB port rules are correct for RPC/MAPI access.
d) If the clients are from different subnets than the NLB cluster, that the “netsh interface ipv4 set int “NLB” forwarding=enabled” has been run.
You can also test whether its an issue with the NLB by changing the CAS Array DNS record to point directly at one of the Client Access server IPs instead of the NLB VIP.
After double checking everything I noticed a typo in one of my settings … Doh. Everythings working now.
Thanks,Paul for the help.
Hi Paul,
I have a question that for the interface configuration that you said above:
Server 1:
Primary Interface: 192.168.0.34/24
Secondary Interface: 192.168.0.36/24
Server 2:
Primary Interface: 192.168.0.35/24
Secondary Interface: 192.168.0.37/24
Could i use private interface to connect 2 CAS server together? For Example:
Primary Interface: 192.168.0.34/24 – GW 192.168.0.1 – Server 1 and Primary Interface: 192.168.0.35/24 – GW 192.168.0.1 for Virtual IP
and secondary: 10.0.0.x/24 for connect 2 CAS server together?
The manner here is i don’t understand why you use 4 interface connect to an switch in the same VLAN. It is mandatory? And could i use my configuration like description above ?
Many thanks!
The secondary interface is not for the two servers to talk to each other. It is for use in the NLB cluster.
Two interfaces means you can have one interface for the NLB cluster, and the other for everything else (eg management, non-CAS traffic, etc).
Thanks Paul for your reply
What does “It is for use in NLB Cluster” mean? Sorry for my question but i’m not clear to understand your information.
Do you mean that i could use only 2 interface to build an NLB VIP for Client Access Server Role in Unicast Mode, it is possible? Because i have read some topic said that in the Unicast mode, we have to use 1 more interface on each server to talk to each other.
The second question is that: my current setup has the Hub Transport Role and the Client Access Server Role are installed together. This means 2 HUB-CAS server: HUBCAS_01 & HUBCAS_02. Each server has 4 NIC and i build 2 NIC Teaming: Team1 and Team2.
So i’m trying to do:
- HUBCAS_01_Team1 & HUBCAS_02_Team1 form an VIP for NLB CAS service (HTTP/HTTPS request from client).
- HUBCAS_01_Team2 & HUBCAS_02_Team2 is used for Load Balancing SMTP traffic from/to EDGE_01 & EDGE_02 (2 Edge Transport Server) via Edge Subscription Process (What i have read from the technet is that Exchange 2010 automatically load balances all intra-organization message traffic between Edge Transport, Hub Transport, and Mailbox servers using enhanced DNS – http://technet.microsoft.com/en-us/library/ff634392(v=exchg.141).aspx)
So the question is: after run Edge Subscription and the Default Receive, Send Connector is automatically created, which interface team on 2 HUBCAS server is use for SMTP traffic. Does it recognizes to use only NIC Teaming 2 or it will use all 2 NIC Teaming? Or maybe i have to mannually edit the Send/Receive Connector parameter?
Thanks Paul in advanced
Thanks,
but will this also create the Virtual directories for CAS on each server IIS
and is it important to use the default website for the CAS Array.
Thanks
The virtual directories are created for you when you install the Exchange Client Access server role. And yes, they are installed to the default website.
Thanks for reply
I know that the Virtual Directories installed when the CAS installed, but when you make the NLB cluster we have to make some changes to the Exchange Web Services like Autodiscover – OWA so URL will point to the NLB not to a single server.
would you please tell us about how to make this service modification.
Hi Paul,
One quick question on NLB setup.
When I setup my hosts as unicast, I couldn’t get other servers to be able to ping the cluster.
the hosts could ping the cluster name (CASArray) and resolve etc, but not other servers. (IE, DC in the same subnet.)
Error is destination host unreachable.
the following were checked with no issues that I could see:
- NLB Cluster settings (according to the artical)
- DNS
- NICs set to forward
I changed to multicast and it started working.
Is there a specific reason for using unicast vice multicast and if so, any ideas why I couldn’t get it to work with unicast?
Hi Paul,
I followed the above steps, I just have one problem. When I setup Outlook 2007 and let the automatic configuration continue, it hangs on “Online search for server setting” and it will tell you that Microsoft Exchange is unavailable… but when I put in the CAS Array name on the server field, and click check name… I can successfully finish the outlook configuration.
Hi everybody,
I have configured my system as the guide of Paul above : eache server have 1 interface to outboud traffic (have Default GW) and 1 another Inbound interface to build VIP NLB unicast mode.
But from reality for what i have tested –> this topology is unstable when sometime, client can’t ping the VIP or maybe also the Dedicate Inbound IP with no clause, no change, no influence to system. Check on Switch, the switch operates correctly.
Here we try to use just one Interface (with Default GW) on each server to build VIP NLB unicast mode and everything seems to be fine, the NLB service work stable. On strange thing is that i can ping between each other server (not like Microsoft’s Document say that in unicast mode, we have to use 2 interface on each server if we want to communicate between member server)
So what is the trick here??
I’m very happy to share with everybody !
Thanks !