none
Windows NLB Not Working for Exchange 2013 CU2 CAS

    Question

  • Exchange 2013 CU2 lab environment on Windows Server 2012.

    Exchange works perfectly from Internet with a single CAS. But when a 2nd CAS is added and NLB is configured, in Chrome the OWA page begins to load (blue spinner), but then times out. In IE, the OWA page just times out.

    Any idea how to get NLB working?

    I followed these instructions: http://msexchangeguru.com/2013/08/14/windowsnlb/

    NLB configuration:

    NLB VIP: 192.168.1.21

    CAS01 Main IP: 192.168.1.31

    CAS02 Main IP: 192.168.1.32

    CAS01 NLB IP: 192.168.1.33

    CAS02 NLB IP: 192.168.1.34

    NLB converges successfully.

    External DNS set to resolve to NLB VIP, e.g. mail.domain.com

    CAS URL set to mail.domain.com (resolves to VIP)

    NIC bind order set correctly on both CAS servers (Main NIC first, then NLB NIC).

    Forwarding set up on NLB NICs

    On the Port Group in ESXi, Notify Switches = No. Both CAS servers on same ESXi host (as per VMware recommendations for Unicast NLB)

    Manually set MAC address of both NLB NICs to be the same as the NLB cluster's MAC address.



    • Edited by Hexen2929 Sunday, September 22, 2013 4:46 PM
    Sunday, September 22, 2013 4:37 PM

Answers

  • Hi,

    There are several limitations associated with deploying WNLB with Exchange.

    WNLB doesn't detect service outages.

    WNLB only detects server outages by IP address.

    This means that if a particular web service, such as OWA, fails, but the server is still functioning, WNLB won't detect the failure and will still route requests to that CAS server.

    Manual intervention is required to remove the CAS server experiencing the outage from the load balancing pool.

     

    More details in the following article:

    Load Balancing

    http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx

     

    Thanks

    Mavis

    Monday, September 23, 2013 11:55 AM

All replies

  • More information:

    I’m using a private CA cert. I’ve installed the root CA cert on all clients. I’ve also disabled the IE setting “Check for server certificate revocation”.

    This is the behaviour I get now:
    1) From a client within the datacenter (but not a member of the same AD domain as Exchange and the CA), OWA now loads fine. However, externally I still get timeouts.
    2) If I remove the NLB cluster and change the IP of CAS01 to the address of the VIP, OWA works both internally and externally.

    I think this might be a problem with our firewall. I'll ask our networking guys.

    • Proposed as answer by svuksano Friday, January 24, 2014 9:16 AM
    Sunday, September 22, 2013 6:48 PM
  • Hi,

    There are several limitations associated with deploying WNLB with Exchange.

    WNLB doesn't detect service outages.

    WNLB only detects server outages by IP address.

    This means that if a particular web service, such as OWA, fails, but the server is still functioning, WNLB won't detect the failure and will still route requests to that CAS server.

    Manual intervention is required to remove the CAS server experiencing the outage from the load balancing pool.

     

    More details in the following article:

    Load Balancing

    http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx

     

    Thanks

    Mavis

    Monday, September 23, 2013 11:55 AM