none
2 CAS, 2 Mailbox/CAS (DAG), Citrix Load Balancer

    Question

  • In doing the setup of Exchange 2013 we made sure that the internal and external URLs on all 4 servers were the external FQDN. What I am wondering is if internally we pointed the URLs to the internal server mailbox/cas server for that particular AD site if an outage occurred, such a down for an offline defrag, would the DAG route the traffic to the other mailbox/cas server without the load balancer?

    The reason I ask, is I think the LB and/or firewalls are negatively impacting the flow of traffic between clients and servers internally.  So if the DAG will failover without a LB, and internal clients will not be affected, I'd prefer to route the clients internally to the internal FQDN of the servers.

    Friday, May 13, 2016 5:40 PM

Answers

  • Single namespace for internal and external URL's seems to be the preferred way. In this case though you would need to use split DNS or firewall rules to make the URL's resolve to the internal IP address of the load balancer for internal clients. We use different URL's for internal and external clients (".local" for internal and ".com" for external)
    Thursday, May 26, 2016 7:15 PM
  • Hi Daniel, 

    Welcome to our forum.

    Q: “I think the LB and/or firewalls are negatively impacting the flow of traffic between clients and servers internally.  So if the DAG will failover without a LB, and internal clients will not be affected,”

    A: DAG failover without a load balance

    Citrix Load balance is a load balance for client access, for example outlook, OWA, ActiveSync, it could balance client access for all Exchange CAS server in organization and avoid single CAS server burden, it also improve Exchange CAS performance with load balance, so we suggest you don’t configure internal clients route to the internal FQDN of the server directly.

    Best Regard,

    Jim Xu

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    Monday, May 16, 2016 6:36 AM
    Moderator
  • you should leverage the load balancer for both internal and external mail access. Not sure if you are using split-dns, if not then you may want to consider it.

    You can also test the HA of CAS by putting one server each time in maintenance mode  and make sure it work when it fails.


    Where Technology Meets Talent

    Monday, May 16, 2016 2:35 PM
  • You should still use a LB to frontend the client connectivity.  While you can use the internal FDQN of the CAS servers (The CAS server will proxy the connection to the mailbox server hosting the DB) this will cause unbalanced CAS server loads and could impact clients if a specific CAS server/service is offline.  If I remember correctly, if multiple FDQN's are listed in AD, the client will randomly pick one.  If you have multiple AD sites, then additional configuration is required to keep clients from choosing a CAS server in a different site.

    If you want to try to isolate the issue, you could try using host file entries on your workstation to point your external URL to your internal LB IP address.

    Like ExchangeITPro suggested, split DNS would be a simple solution to the issue if you find that the host file change fixes your problem.

    Monday, May 16, 2016 3:10 PM

All replies

  • Hi Daniel, 

    Welcome to our forum.

    Q: “I think the LB and/or firewalls are negatively impacting the flow of traffic between clients and servers internally.  So if the DAG will failover without a LB, and internal clients will not be affected,”

    A: DAG failover without a load balance

    Citrix Load balance is a load balance for client access, for example outlook, OWA, ActiveSync, it could balance client access for all Exchange CAS server in organization and avoid single CAS server burden, it also improve Exchange CAS performance with load balance, so we suggest you don’t configure internal clients route to the internal FQDN of the server directly.

    Best Regard,

    Jim Xu

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    Monday, May 16, 2016 6:36 AM
    Moderator
  • you should leverage the load balancer for both internal and external mail access. Not sure if you are using split-dns, if not then you may want to consider it.

    You can also test the HA of CAS by putting one server each time in maintenance mode  and make sure it work when it fails.


    Where Technology Meets Talent

    Monday, May 16, 2016 2:35 PM
  • You should still use a LB to frontend the client connectivity.  While you can use the internal FDQN of the CAS servers (The CAS server will proxy the connection to the mailbox server hosting the DB) this will cause unbalanced CAS server loads and could impact clients if a specific CAS server/service is offline.  If I remember correctly, if multiple FDQN's are listed in AD, the client will randomly pick one.  If you have multiple AD sites, then additional configuration is required to keep clients from choosing a CAS server in a different site.

    If you want to try to isolate the issue, you could try using host file entries on your workstation to point your external URL to your internal LB IP address.

    Like ExchangeITPro suggested, split DNS would be a simple solution to the issue if you find that the host file change fixes your problem.

    Monday, May 16, 2016 3:10 PM
  • Hi Daniel, 

    Is there any update for this thread?

    If the above suggestions are helpful to you, please mark it as answer so that someone who has similar issue could find this thread as soon as possible.

    Best Regard,

    Jim Xu

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    Wednesday, May 18, 2016 8:02 AM
    Moderator
  • So what is the recommended config for the internal and external URLs? internally pointing to themselves and externally a single namespace?

    I ask because everything I have read shows changing both internal and external URL's to a same single external namespace but maybe that's in a non-LB scenarios?

    Thursday, May 26, 2016 6:00 PM
  • Single namespace for internal and external URL's seems to be the preferred way. In this case though you would need to use split DNS or firewall rules to make the URL's resolve to the internal IP address of the load balancer for internal clients. We use different URL's for internal and external clients (".local" for internal and ".com" for external)
    Thursday, May 26, 2016 7:15 PM
  • We were able to solve the issues we were having by pointing the internal DNS for the external URL to the internal IP's of the load balancer rather than attempting that routing at the firewall level.
    Friday, May 27, 2016 8:33 PM
  • We were able to solve the issues we were having by pointing the internal DNS for the external URL to the internal IP's of the load balancer rather than attempting that routing at the firewall level.
    Friday, May 27, 2016 8:33 PM