Sign in
 
HomeOnline20132010Other VersionsLibraryForumsGalleryEHLO Blog
TechCenter >
CAS Array Network Load Balancing Issues causing Outlook Login Pop-Ups

Answered CAS Array Network Load Balancing Issues causing Outlook Login Pop-Ups

  • Monday, August 15, 2011 12:00 AM
     
     
    Sign In to Vote
    0

    Hi Folks:

     

    I have a CAS Array in an Exchange 2010 DAG enviroment (non SP1). We are having issues with the Network Load Balancing when both CAS1 and CAS2 are "converged" causing Outlook Login Pop-Ups for end users. In order to fix this issue temporairly, I had to disable one of two CAS servers windows NLB. Very starnge..can't figure out the problem..any help will be greatly appreciated.

    Luis
     

All Replies

  • Monday, August 15, 2011 10:10 AM
     
     Proposed Answer
    Sign In to Vote
    0
    Are these physical or virtulized?

    Which NLB Operation mode you were using ? Multicast or unicast?

    Exchange 2010 doesn't supported in unicast, it should be running in multicast.

    What is your NLB configuration, how you configured NICs on the both CAS Servers?

    try this:

    on the client side, change the host file and point to the client to mail.domain.com (nlb fqdn) and map the FQDN in host file for one static IP Address of one CAS and test the client working one by one for both CAS Servers and see what happens?

    Also change the NIC order on both CAS servers, the NLB NIC should be set as first NIC to work for communication.


    If it works for you, mark this as answer, so it helps others.
    Zahir Hussain Shah | Senior Infrastructure Consultant - Messaging | My blog: http://zahirshahblog.com | [Info: If you see my answer, fixes your problem, please mark my reply as "Answer", so I can help others.
     
  • Monday, August 15, 2011 10:15 AM
     
     
    Sign In to Vote
    0

    Hi there,

    We'll need some more information. Are you using hardware load balancing or Windows load balancing (converged =  I guess WLNB) ? It seems like you might have some low time out issues or a NLB misconfiguration in the affinity settings, switch configuration, etc. Most hardware load balancing companies have information on what the best configuration is for for Exchange 2010 environment.

    Here's some information to start with:

    http://blogs.dirteam.com/blogs/davestork/archive/2011/07/15/exchange-load-balancers-and-recommendations.aspx

    http://www.msexchange.org/articles_tutorials/exchange-server-2010/high-availability-recovery/load-balancing-exchange-2010-client-access-servers-using-hardware-load-balancer-solution-part1.html

    http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-exchange-2010-part1.html

    Good luck,

    Didier Van Hoye

    http://workinghardinit.wordpress.com

     

     
  • Monday, August 15, 2011 10:54 AM
     
     
    Sign In to Vote
    0

    Dear,

    I think this is related to kerberos authentication, you need to create a computer account for the CAS array and then set the SPN as in the following article (http://blogs.technet.com/b/kpapadak/archive/2011/03/13/setting-up-kerberos-with-a-client-access-server-array.aspx)

     
  • Monday, August 15, 2011 2:56 PM
     
     
    Sign In to Vote
    0

    Hello everyone and thanks for your replies!

    Here is more information:

    My entire Exchange 2010 DAG enviroment is running on windows 2008 vmware esxi, hence, Windows Network Load Balancer.

    CAS Array Cluster IP 172.16.9.52

    CAS2 IP 172.16.9.51 (Priority Unique Identifier 2, Default State Started, Load is equal, Affinity is single, Multicast, Protocol TCP)

    CAS1 IP 172.16.9.50 (Priority Unique Identifier 1, Default State Started, Load is equal, Affinity is single, Multicast, Protocol TCP)

     

    Hope this helps!

    Thanks all!!!

    Luis
     
  • Monday, August 15, 2011 3:15 PM
     
     
    Sign In to Vote
    0
    Was the CAS array created before the outlook profiles were configured or did you create the CAS array later?
     
  • Monday, August 15, 2011 4:10 PM
     
     
    Sign In to Vote
    0
    I'm not sure but before I began working here it was all wokring. One day it just started to give problems so the temporary work around was to disable one of two CAS servers from the WNLB. Thanks
    Luis
     
  • Monday, August 15, 2011 4:23 PM
     
     
    Sign In to Vote
    0
    what is teh message in outlook pop up?
     
  • Monday, August 15, 2011 4:44 PM
     
     
    Sign In to Vote
    0
    Can you see what https://www.testexchangeconnectivity.com tells you baout the configuration?
     
  • Monday, August 15, 2011 7:49 PM
     
     
    Sign In to Vote
    0

    Ive seen issues with virtual CAS servers causing problems with NLB. 

    -Not sure how many vmware esx hosts you have, try to run the virtual servers on one esx server.

    -If nothing helps then try Hardware Load Balancing. 

     

     
  • Tuesday, August 16, 2011 7:24 AM
     
     Answered
    Sign In to Vote
    0
    Luis,

    One time in one the biggest Exchange Implementation, I did for one customer, we were continiously facing the same problem on a random client machines, that suddenly Outlook drops the session, and request to enter the user name and password, and later on while working on this case, we found that it was a performance problem, which cased RPC Dialogbox on client end.

    Check the performance monitor on your side, and I also seen sometime, there is a virus (confliker) on the client end, which causes the denial of service attack on DCs, so when the user initiate truck loads of request for DC, so eventually OUTLOOK drops the session.

    Zahir Hussain Shah | Senior Infrastructure Consultant - Messaging | My blog: http://zahirshahblog.com | [Info: If you see my answer, fixes your problem, please mark my reply as "Answer", so I can help others.
     
  • Tuesday, August 16, 2011 7:47 AM
     
     Answered
    Sign In to Vote
    0

    It seems RPC issue going on for one server. Colud you post the error message from Outlook which may us help in depth.

    When the issue appears what was the RPC usage status for the affected server ?

    Thanks

    Mihir Nayak
     
  • Tuesday, August 16, 2011 8:29 AM
     
     Answered
    Sign In to Vote
    0

    Hello Luis

    This is a Known Issue - try to ping the NLB IP from a External System & in about 30 min you will find packet drops starting
    As far as my knowledge there is no known fix for this 

    Syed MM - MCTS: Microsoft Exchange Server 2007/2010 || MCSE || MCSA ||
     
  • Friday, March 02, 2012 12:24 AM
     
     
    Sign In to Vote
    0

    Can you please reference a KB article where this known issue is described?


     
  • Thursday, June 14, 2012 2:43 PM
     
     
    Sign In to Vote
    0
    Same issue here. No packet drops and only 2 users right now. If one user is connected to the rebooting server, he will get the authentication pop-up as soon as the load balancer switch him to the other server.
     
  • Thursday, June 14, 2012 4:10 PM
     
     
    Sign In to Vote
    0

    Use Hardware based load balancer

    Exchange team no longer recommend windows nlb for Exchange 2010 client access server load balancing

    http://www.stevieg.org/2010/11/exchange-team-no-longer-recommend-windows-nlb-for-client-access-server-load-balancing/

     
  • Thursday, June 14, 2012 4:56 PM
     
     
    Sign In to Vote
    0

    Use Hardware based load balancer

    Exchange team no longer recommend windows nlb for Exchange 2010 client access server load balancing

    http://www.stevieg.org/2010/11/exchange-team-no-longer-recommend-windows-nlb-for-client-access-server-load-balancing/

    I do have an hardware load balancer and I do have the same problem.