That looks helpful. Thanks, Michael!
From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, February 28, 2011 4:13 PM To: NT System Admin Issues Subject: RE: Windows 2008 R2 NLB There is probably a simple howTO out there for this, but this is an excerpt from a High-Availability Exchange class I teach, that gives the "500 foot view" of how to set this up, granted it's based on Hyper-V. It should be enough to get you going: Configuration Documentation All servers running Server 2008 R2 Enterprise (evaluation) Exchange 2010 RTM + UR3 (evaluation) CAS+HT installed on Mail01, Mail02 MB installed on MBX01, MBX02 No UM, no Edge No Internet AD01 172.16.3.5 Mail01 172.16.3.10 Mail02 172.16.3.15 MBX01 172.16.3.20 MBX02 172.16.3.25 mail.smithcons.com 172.16.30.30 TEC-DAG 172.16.3.100 Domain Setup Boot AD01 Add mail.smithcons.com to DNS on AD01 - 172.16.30.30 NLB Preparation Add new NIC to Mail01, Mail02 Mark all NICs on Mail01, Mail02 for MAC Spoofing Boot Mail01, Mail02 Verify that all "Automatic" services have started on Mail01, Mail02 Install NLB Cluster Add NLB Feature Configure NICs: Mail01 - 172.16.30.10 Mail02 - 172.16.30.15 No gateway, no DNS, no WINS Rename lower-numbered Local Area Connection (LAC) to CorporateNetwork Rename other LAC to NLBNetwork Update binding order to put CorporateNetwork first Create NLB cluster on Mail01 Use NLB network 172.16.30.30 mail.smithcons.com Allow cluster to converge Add Mail02 to cluster Allow cluster to converge ...resolve inevitable issues Test NLB Cluster https://mail01/owa https://mail02/owa https://mail.smithcons.com/owa Drainstop both servers, illustrate cluster no longer works, individuals do Resume servers Configure NLB for HT Discuss round-robin vs. NLB for HT Discuss issue with doing LB of internal SMTP On the Default receive connector on each HT, change to use CorporateNetwork IP and the non-load-balanced IP from the NLBNetwork Create a new receive connector on each HT, for the load-balanced IP as Custom, port 25 Set Permission Groups for each new receive connector to "Anonymous Users" Remove Anonymous Users from the Default receive connector on each HT Mark that the new receive connectors can relay email to any internal user: Get-ReceiveConnector "Incoming SMTP NLB" | Add-AdPermission -user "NT Authority\Anonymous Logon" -ExtendedRights ms-Exch-SMTP-Accept-Any-Recipient Remove the default IP port configuration from the cluster and add port 25 and optionally 587 Show that it works (drainstop, etc.etc.) Configure NLB for CAS Add ports 80, 443, 110, 143 Import SSL certificate using Certificates MMC Get-ExchangeCertificate to obtain thumbprint Enable-ExchangeCertificate -thumb ### -Services IIS, SMTP Set-OutlookProvider EXPR -CertPrincipalName 'msstd:*.smithcons.com' Restart-Service MSExchangeTransport Iisreset /noforce Configure profile for Outlook 2007 on AD01; illustrate Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Monday, February 28, 2011 2:35 PM To: NT System Admin Issues Subject: Windows 2008 R2 NLB I am trying to setup an NLB cluster in Windows Server 2008 R2 and having some difficulties. I am trying to use the same methodology that I have before with Windows 2003, without success. It appears that there are several changes in 2008 that affect NLB. I am using 2 NICs that are on different subnets, the second of which does not have a gateway. The second NIC is the one that has the NLB attached. I have found info on turning on forwarding but that did not resolve it. It looks like you can actually setup an NLB in 2008 with only one NIC, and I even found an article where the person was putting both NICs on the same subnet, which I thought was a no-no. Basically, what I need is some information on best practices regarding how to setup each NIC (same or different subnet, gateway or not, which NIC to use to create the NLB). Bill Mayo P.S. I am also working in vSphere, which I understand adds some issues with unicast, but I think if I can figure out the correct way to setup the NICs I can handle that. If anyone has any all-in-one info on 2008 R2 NLB in vSphere, that would be even better. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
