Exchange 2010: High availability - CAS array with Windows NLB

Introduction

The DAG (Database Availablity Group) makes it easy for administrators to ensure high availability for the mailbox servers. Spanning a DAG with multiple databases across multiple servers is quite simple. But what about the other Exchange Server roles? If there are highly available mailbox servers, but the only CAS server in the company fails due to a defect, clients can no longer connect to the mailbox servers. This comes close to a total system failure. In this test environment, I focus specifically on the CAS role; the DC and mailbox role are not designed to be fail-safe due to a lack of hardware resources on the test system.

I have installed the following systems for the test environment:

1 Windows Server 2008 R2 as DC and Exchange mailbox server (ExSRV01)

2 Windows Server 2008 R2 as CAS and Hub Transport Server (ExSRV02 and ExSRV03)

The drawing shows the network configuration of the individual systems.

The IP configuration of the servers is as follows:

ExSRV01:

IPv4: 192.168.1.240/24

IPv6: 1999::1/64

ExSRV02:

IPv4: 192.168.1.241/24

IPv6: 1999::2/64

ExSRV03:

IPv4: 192.168.1.242/24

IPv6: 1999::3/64

The IPv4 address 192.168.1.243/24 and the IPv6 address 1999::4/64 are used as cluster IP addresses.

Note:
With Windows Server 2003, it was still standard to use 2 network cards for NLB clusters. This is no longer mandatory since Windows Server 2008. The "Network Load Balancing Manager" nags a little at startup. However, the function is not impaired. For the sake of simplicity, I am only using one network card in this example to keep things clearer. However, 2 network cards should be used in productive environments. The configuration is largely the same.

Installation and configuration NLB:

First, we install the Windows feature "Network load balancing" on ExSRV01 and ExSRV02. We can do this very easily via the Server Manager:

Server Manager -> Windows Features -> Add Feature -> Network Load Balancing

Click on "Next" to install the desired feature. After installation, the "Network Load Balancing Manager" can be found under Start -> Administration.

Next, we configure a new cluster by clicking on the "Cluster" menu item and then on "New". The dialog for creating a new cluster opens.

We first connect to the server "ExSRV02", then click on "Next". We do not need to change anything in the next dialog and confirm the IP configuration with "Next".

We then enter the IP address at which the cluster can be reached in future, i.e. we add 192.168.1.243/24 as the IPv4 address and 1999::4 as the IPv6 address and click "Next"

Next, we enter the future DNS name for the cluster, in my example this is "casarray.frankysweb.local". This new host must also be made known on our DC and DNS server "ExSrv01" as a host with its corresponding cluster IP address.

Note: I have selected "Multicast" as the cluster management mode. Further information on the cluster management modes can be found here:

The required ports are configured in the next dialog. I have created the following rules:

Port 80 HTTP (not actually required, but quite useful for testing purposes)

Port 443 HTTPS (HTTP over SSL, required for OWA)

Port 110 POP (only required if the POP protocol is also used)

Port 143 IMAP (only required if IMAP is used)

Port 135 RPC endpoint mapper (for MAPI clients, i.e. Outlook)

Port 1024 - 65535 (dynamic for Outlook RPC or MAPI connection)

Click on "Finish" to create the new cluster. Once this is done, we add the second CAS server "ExSRV03" to the cluster. To do this, we select the entry for the cluster and click on "Cluster" and then on "Add host". We enter "ExSRV03" as the host and click on "Connect", then on "Next"

Further dialogs follow in which no settings need to be changed

After a while, the new host should also have been added to the cluster.

The configuration of the NLB cluster is now complete. In order to avoid problems, we switch on IP forwarding on both CAS servers. We can do this via the command prompt.

netsh int ipv4 set int "Internal" forwarding=enabled
(Where "Internal" stands for the name of the network connection)

Done!

Exchange configuration

Abschließend muss noch ein neues CAS-Array über die Exchange Management Shell angelegt werden.

New-ClientAccessArray -Name "CAS Array" -site "Default-First-Site-Name" -FQDN "casarray.frankysweb.local"

The "Site" parameter stands for the Active Directory location of the CAS array. "FQDN" is the name of our NLB cluster.

Next, we assign the new CAS array to the mailbox database:

Get-MailboxDatabase | Set-MailboxDatabase -RPCClientAccessServer "casarray.frankysweb.local"

We can check whether this has worked with the following command:

Get-MailboxDatabase | select Name,RPCClientAccessServer | ft

If the name of our NLB cluster is in the "RPCClientAccessServer" column, everything went well.

Addendum: If you want to design the CAS role to be fail-safe, the only way supported by Microsoft is the NLB solution. However, as Windows NLB is quite limited in its options, you should consider using a hardware load balancer in production environments. I have also planned to test a fail-over cluster with the CAS role, but as mentioned earlier, this variant is not supported by Microsoft.

In the next few days I will connect a client with Outlook 2010 to the cluster and carry out a few failure tests. The results will then be published here.