REF: Server 2008 NLB

 

http://technet.microsoft.com/zh-tw/library/ff625247.aspx

http://technet.microsoft.com/zh-tw/library/gg476050.aspx

http://technet.microsoft.com/zh-tw/library/aa997237.aspx

http://technet.microsoft.com/en-us/library/cc754833(WS.10).aspx

http://www.dotblogs.com.tw/dotjason/archive/2009/04/27/8209.aspx

http://technet.microsoft.com/zh-tw/library/cc771300(WS.10).aspx

http://social.technet.microsoft.com/Forums/en-US/winserverClustering/thread/0afdb0fc-2adf-4864-b164-87e24451f875/

http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-exchange-2010-part3.html

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/35f2f669-fc27-4471-b5e9-e11d554b2a2f

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/7ac5a550-269e-4f53-9da3-cbede707e698

LAB: Exchange 2010 CAS NLB on VM

 

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1006558&sliceId=1&docTypeID=DT_KB_1_1&dialogID=42912404&stateId=0%200%2041454115

 

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006580

http://communities.vmware.com/message/1392417

http://communities.vmware.com/message/1775552

LAB: Update NLB Basic

 

 

http://blog.morecoffeeany1.com/2010/03/19/building-nlb-exchange-2010-rtm-cas-ht-servers-hyper-v-%E2%80%93-part-1/

http://blogs.kraftkennedy.com/index.php/2009/11/25/configuring-nlb-for-exchange-2010-cas-load-balancing/ (***)

Quote from  http://blogs.kraftkennedy.com

 

 

 

1. Create IP and A record for CAS Array

VIP: 192.168.1.70  (CASArray.lab2.local)

 

2. LAN Preparation

Node1:
Public LAN:
192.168.1.71 (LAB2-CAS01.lab2.local)
255.255.255.0
1921.68.1.1

NLB LAN:
192.168.1.73
255.255.255.0

 

Node2:
Public LAN:
192.168.1.72 (LAB2-CAS02.lab2.local)
255.255.255.0
1921.68.1.1

NLB LAN:
192.168.1.74
255.255.255.0

3. NIC Advanced Settings

 

4. Create NLB

 

5. NLB LAN enable forwarding on both nodes

That is: netsh interface ipv4 set int “NLB LAN” forwarding=enabled
For me the following code worked: netsh interface ipv4 set interface “NLB LAN” forwarding=enabled

c:> netsh interface show int

c:> netsh interface ipv4 show interface l=verbose

c:> netsh interface ipv4 set interface “NLB LAN” forwarding=enabled

6.  Review NIC settings

Ticket: Exchange 2010 on server 2008 – Event ID 10009 — COM Remote Service Availability

 

網路負載平衡 (NLB)：單點傳播 (Unicast) 與 多點傳送 (Multicast) 的差異

 

on node1 BQT-CAS01 NLB monitoring status

on Node1 BQT-CAS01 ping testing

but on Node2 BQT-CAS02 NLB manager seems fine

on Node2 BQT-CAS02 ping testing

 

Event ID 10009 — COM Remote Service Availability

Check the firewall settings and enable the firewall exception rule

To check the firewall settings and enable the firewall exception rule:

1. Click Start, and then click Run.
2. Type wf.msc, and then click OK. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
3. In the console tree, click Inbound rules.
4. In the list of firewall exception rules, look for COM+ Network Access (DCOM In).
5. If the firewall exception rule is not enabled, in the details pane click Enable rule, and then scroll horizontally to confirm that the protocol is TCP and the LocalPort is 135. Close Windows Firewall with Advanced Security.

 

on Node1  “COM+ Network Access (DCOM In)” is disabled

 

But on Node2 has enabled.

Verify

You can verify that the COM service is available remotely by running the Component Services administrative tool and ensuring that the required properties for remote access are configured.

To perform these procedures, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To open Component Services and verify that the required properties for remote access are configured:

1. Click Start, and then click Run.
2. Type comexp.msc, and then click OK. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
3. To locate your computer, click Component Services, click Computers, and then click My Computer.
4. Right-click My Computer, and then click Properties.
5. Click the Default Protocols tab, and confirm that the appropriate communication protocols are listed.
6. Click each protocol, and then click Properties to verify that the settings for the protocol are correct.

Node1 BQT-CAS01

Node2 BQT-CAS02

Issue: Exchange 2010 CAS NLB configuration – netsh

 

 

Balancing Act: Dual-NIC Configuration with Windows Server 2008 NLB Clusters

Configuring NLB for Exchange 2010 CAS Load Balancing

Next Steps

Before you start using your new NLB cluster for CAS functionality, you should complete two final tasks.  First, IP forwarding should be enabled on each cluster member’s NLB LAN NIC.  By default, Windows 2008 disables IP forwarding, which causes problems with NLB.  IP forwarding enabled allows, from an NLB perspective, requests sent from one NIC to be sent out the other.  IP forwarding can be enabled on your NLB LAN NIC by running netsh interface ipv4 set int “NLB LAN” forwarding=enabled from a command prompt.

 

 

netsh interface show int

• That will show you the interfaces in the server.  Find the name of the cluster NIC and put it in quotes in the following command:
  • netsh interface ipv4 set interface "Cluster NIC" forwarding=enabled

    
    

• You can confirm that it is changed by running the command:
  • netsh interface ipv4 show interface l=verbose

    

Exchange 2010 CAS NLB Part3 – Install Exchange 2010 CAS role on Server 2008 R2

 

1.

Open Powershell with elevated rights using "Run As Administrator", and run below cmdlets to install prerequisites…

• Import-Module ServerManager
• Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
• Set-Service NetTcpPortSharing -StartupType Automatic

Cannot install Exchange 2010 on Win Server 2k8R2

 

2. Import-Module ServerManager

3.
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy –Restart

4.
Set-Service NetTcpPortSharing -StartupType Automatic

5.

Client Access Role
Failed

Error:
The following error was generated when "$error.Clear(); if ( ($server -eq $null) -and ($RoleIsDatacenter -ne $true) ) { Update-RmsSharedIdentity -ServerName $RoleNetBIOSName }" was run: "Active Directory operation failed on RDC11.corp.com. This error is not retriable. Additional information: The name reference is invalid.
This may be caused by replication latency between Active Directory domain controllers.
Active directory response: 000020B5: AtrErr: DSID-03152392, #1:
    0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90d73a1f (msExchRMSComputerAccountsLink)
".

Active Directory operation failed on RDC11.corp.com. This error is not retriable. Additional information: The name reference is invalid.
This may be caused by replication latency between Active Directory domain controllers.
Active directory response: 000020B5: AtrErr: DSID-03152392, #1:
    0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90d73a1f (msExchRMSComputerAccountsLink)

A value in the request is invalid.

Elapsed Time: 00:00:20

Finalizing Setup
Cancelled

6. Enable Outlook Anywhere

7. Configure External Clinet Access Domain

8.

9.

Exchange 2010 CAS NLB Part2 – Add Additional NLB Node

 

1.

2.

3.

4.

5.

6.

Exchange 2010 CAS NLB Part1 – Add First NLB Node

 

1. Exchange Queue & A: CAS Arrays – Server Roles, Client Creation, Load Balancing and More

2. Configuring NLB for Exchange 2010 CAS Load Balancing

3. Unable to connect to Windows Server 2008 NLB Virtual IP Address from hosts in different subnets when NLB is in Multicast Mode

4. Building NLB Exchange 2010 RTM CAS / HT Servers (Hyper-V) – Part 1 (***)

5. 網路負載平衡 (NLB)：單點傳播 (Unicast) 與 多點傳送 (Multicast) 的差異

6. 安裝手冊範本 – Client Access Server (Windows Server 2008)

7. Uncovering the new RPC Client Access Service in Exchange 2010 (Part 3)

8. Unicast or Multicast Mode?

9. Quick Tip: Configuring Network Load Balancing (NLB) on Windows 2008 for Exchange CAS Servers…

10. 分享exchange 2007系列之四:Windows 2008 & Exchange CAS NLB

11. Windows Server 2008怎麼設定網路負載(Network LoadBalance)

1.

ServerManagerCmd -i NLB

 

2.

 

Internal CAS array name: BQT-CASArray.MSFT.corp.com
CAS server: BQT-CAS01.MSFT.corp.com  – 10.82.246.91, NIC2 – 192.168.0.91
CAS server: BQT-CAS02.MSFT.corp.com – 10.82.246.92, NIC2 – 192.168.0.92
Internal NLB Cluster name: BQT-CASNLB.MSFT.corp.com

10.1.240.100 and EXCHCASArray.client.local.  Please note that the IP address should be on the same subnet as the two CAS servers that will become members of the NLB cluster.
(Configuring NLB for Exchange 2010 CAS Load Balancing)

3. CAS Array & WNLB 的名稱是可以共用一個, 也可以分開, 只是不知道分開的使用理由為何….
目前就先設定共用一個, 同時也就不需要額外的IP, FYI

WNLB & CAS array name: BQT-CASArray.MSFT.corp.com
DMZ Vitrual IP: 10.82.246.x

When using WNLB to load balance Client access server traffic, does the FQDN of the WNLB need to match the FQDN of the CAS array?
This is not a requirement at all. Personally when using WNLB to load balance CAS server traffic, I call the FQDN of the WNLB something like casarray01.domain.com and the FQDN of the CAS array outlook.domain.com and this works just fine for me, as well as being fully supported. As long as the internal DNS record for the CAS array points to the VIP of the WNLB things should super-duper.

Q: When using Windows Network Load Balancing (WNLB) to load-balance traffic to an Exchange 2010 CAS array, does the FQDN of the WNLB need to match that of the CAS array?
A: This isn’t a requirement at all. For instance, when using Windows NLB to load-balance traffic going to the CAS array, you could specify an FQDN for the Windows NLB of, say, casarray01.contoso.com and assign the CAS array outlook.contoso.com. This would work just fine and is fully supported. As long as the internal DNS record for the CAS array points to the virtual IP of the WNLB, things should be fine.

4.

5.

6.

7.

8.

9.

10.

11.

12.
In this case this would be port TCP 135 endpoint mapper port which is required for the CAS array.

Update: Please note that, for internally facing CAS servers front-ending MAPI traffic, you will also need to create port rules for TCP port 135 (RPC Endpoint Mapper) and TCP ports 1024-65535 (the dynamic port range for Outlook RPC access).

13.

14.

15.

16.

Exchange 2010 RPC CA service and CAS arrays – Quickfacts!

 

原文出自,

MSExchange.org – March 2010 Newsletter

Henrik Walther
http://www.msexchange.org/pages/newsletter.asp

以下截錄重點翻譯

1. What is RPC CA service?

RPC Client Access
Outlook 用戶端直接存取CAS, 再由CAS 存取DC/GC 等目錄服務.
Outlook MAPI 也不存取Mailbox 後端server 了, 改存取CAS.

理由
為了便於使用者 的 failover & switchovers (*overs).
提供使用者一個單一存取點.

2. What is a CAS array?

CAS array 是某一AD site 中所有CAS server 的集合.
每一AD site 中只能建立一個CAS Array.
CAS array 的目的在於提供單一MAPI endpoint name (FQDN).
CAS array 的FQDN 可設定為mailbox database 所對應的 "RpcClientAccessServer" .
CAS array 可避免多台CAS server (未建成array)的單點失敗情況.
CAS array 需由NLB 建置來達成.

3. Is it true that Outlook clients no longer make any connections directly to the Mailbox server in Exchange 2010?

Exchange 2010 中公用資料夾 public folder 還是需直接存取到mailbox role.
Addressbook 也改由CAS 提供.

4. Is Outlook 2007 or Outlook 2010 required in order to be able to connect to the RPC CA service or CAS array?

Outlook 2003 完全支援存取RPC CA or CAS array.
需啟用 RPC encryption in the Outlook profile or 停用 the RPC encryption requirement on the CAS servers.
建議是啟用, 如下連結.

Outlook connection issues with Exchange 2010 mailboxes because of the RPC encryption requirement

5. Do I need four Exchange 2010 servers if I want to both use the Database Availability Group functionality to protect mailbox databases and at the same time load balance traffic Client Access server traffic using Windows Network Load Balancing (WNLB) technology?

無法同時建立WNLB & Failover clustering 在同一台server 上.
原因是可能的port 共享衝突.
若有hardware NLB 可行.

6. Would I need to include the CAS array FQDN in the certificate installed on the Client Access servers?

CAS array 的FQDN, 是不用納入憑證的subject name 中.

7. When using WNLB to load balance Client access server traffic, does the FQDN of the WNLB need to match the FQDN of the CAS array?

不需要. CAS array FQDN & WNLB FQDN 是可以不同的.

8. Should I use the same FQDN to load balance internal Outlook clients and external Exchange clients (OWA, EAS, Outlook Anywhere etc.)?

內外的Outlook 連線FQDN 建議是區分.
ex: internet – mail.domain.com
      internal – outlook.domain.local.com

9. When should I change the RpcClientAccessServer property on a mailbox database?

調整 RpcClientAccessServer 至建立好的CAS array FQDN.
若不調整, Outlook 2007 & 2010 用戶端可能還是會連接到 CAS server 的FQDN.
就算AutoDiscover service 也不會更新Outlook profile.

Blog Extended Reading

More Information & Reference

1. Exchange Server 2010 and RPCClientAccessServer Madness
2. Load Balancing Exchange 2010 Client Access Servers using an Hardware Load Balancer Solution (Part 1)

E14 – RPCClientAccessServer

 

 

•Default – CAS Server

•Each MailboxDatabase has a RpcClientAccessServer field.

•This is the end point that mailboxes in those mailbox databases use to connect to the database. When a database fails over, that value doesn’t change. The clients are still connecting through that endpoint.

•If you can you want that endpoint to be an NLB Cas Array. There’s no DNS record changing in your standard database failover.

•The attribute gets set when you create mailbox database.

•The attribute does not seem to get updated when a database is moved.

•The attribute also does not get updated when the CAS server defined in that attribute is down or removed from the organization.

 

 

 

 

 

Blog Extended Reading

More Information & Reference

1. Exchange Server 2010 and RPCClientAccessServer Madness
2.