Comments on: Exchange 2010 RTM High Availability Load Balancing Options

By: MDJ

MDJ — Sat, 28 Aug 2010 19:40:43 +0000

Tnx nice article. DNS RR with a TTL value of 0 seems an good option i think for cashub. KISS (keep it simple stupid ;-)

By: blueberries

blueberries — Sat, 31 Jul 2010 07:53:39 +0000

Excellent article. thankyou

By: Eugene

Eugene — Thu, 29 Jul 2010 09:18:30 +0000

thanks for the article! The one I was lookig for.

By: Exchange 2010 RTM High Availability Load Balancing Options | Loop Network Consulting

Thu, 22 Jul 2010 22:21:12 +0000

[...] If you want to know, read on here. [...]

By: Ekrem

Ekrem — Tue, 20 Jul 2010 08:00:55 +0000

thank you very much Elan. it's really a useful and helpful article.

By: eshudnow

eshudnow — Thu, 10 Jun 2010 01:27:36 +0000

It will not automatically failover. This is what NLB or HLBs are for. There's also the DNS Round Robin option. But as I state in my articles, that's not automatic and there is some administrator intervention but you won't have to change the FQDNs on the clients in regards to where they should connect.

By: tyler

tyler — Wed, 09 Jun 2010 22:30:02 +0000

Thanks for the clarification on that.

One more question. If I choose not to do NLB and just load two machines with all the features, setup a DAG but do not setup a CAS array if one machine fails it will auto fail over to the other correct? I am just trying to put together each option to present as a possible solution. Thanks.

Tyler

By: eshudnow

eshudnow — Wed, 09 Jun 2010 17:50:41 +0000

Well, you really didn't need to do it with Exchange 2007 either. I need to update one of my articles. Truth is, you only ever really need the minimum I just told you. The key here, is that you would need to update all your InternalURLs, ExternalURLs, and AutodiscoverServiceInternalURI to your webmail.domain.com FQDN and either DNS Round Robin that FQDN or load balance it. And you don't absolutely have to have the FQDN of the connectors on the cert. The TLS selection process in Exchange will always fallback to the self-signed certificate if it's enabled for TLS in case the 3rd party certificate doesn't have that matching FQDN. I perosnally always leave the self-signed certificate on my servers only for SMTP as a precaution for TLS fallback. I will still include Connector FQDNs on the 3rd party certificate.

So either way, only ever need an absolute minimum of what I posted previously. Just take that cert, export it, put it on the other servers and update all your web service URLs as I stated in the above paragraph.

By: Mike

Mike — Wed, 09 Jun 2010 17:11:30 +0000

Thanks for the reply.

So If I am understanding correctly if you are running 2010 you do not need the entries where netbios name of cas server or cas array FQDN anymore? I think I found a post from you where you explain how to use a single cert with 2007 which worked for me but still get autodiscover errors with outlook 2007 when I have multiple exchange servers. I do in fact have a FQDN on one of my connectors but I was using it for anonymous authentication with TLS. I am doing an upgrade from 2007 so they will need to coexist for a shortime. So if I get a Unified Cert and I get up to 5 hosts which do I choose? Especially with a load balancer?

1. autodiscover.primarysmtpdomain.com
2. webmail.domain.com
3.smtp.domain.com (internal connector)
4.?
5.?

Thanks again

By: eshudnow

eshudnow — Wed, 09 Jun 2010 05:14:57 +0000

It can depends. At minimum, you need at least 2:
1. autodiscover.primarysmtpdomain.com
2. webmail.domain.com

If you're going to be co-existing with Exchange 2003 and/or Exchange 2007, you'll want to add a legacy FQDN which can be anything such as legacy.domain.com. If you will have several FQDNs on your Connectors, I would add the FQDN of those connectors as well so you can use this certificate for TLS negotiation.