Exchange HTTPS high availability with Kemp load balancer

It’s time to configure Exchange Server high availability because we did install a second Exchange Server in the domain. A great way is to set up Exchange HTTPS high available with a load balancer. This article will teach you how to load balance Exchange Servers HTTPS (port 443) with Kemp load balancer.

Introduction

HTTPS and SMTP are both network layer protocols to transfer information between hosts. SMTP will transfer emails between mail servers, while HTTPS is used to transfer secure communication over a network.

We will load balance Exchange Server for the protocols:

• HTTPS (Hypertext Transfer Protocol Secure) (this article)
• SMTP (Simple Mail Transfer Protocol)

Important: Read the article Exchange high availability namespace design and planning before proceeding.

An architecture view of load balancing HTTPS connection with Kemp load balancer is shown below in the diagram.

Before you start, read the articles:

• Install Kemp virtual load balancer on VMware
• Configure Kemp virtual load balancer

Configure Exchange HTTPS high availability

To configure Exchange HTTPS high availability on the Kemp LoadMaster, follow the below steps.

1. Install Microsoft Exchange template

It’s good that Kemp provides templates to configure the load balancer. It will make it a bit easier than doing it all by yourself.

Visit the Kemp documentation page to download the Exchange template.

Choose the template that suits your Exchange Server version.

We will choose Exchange 2016 because we have Exchange Servers 2016 running in the environment.

Download Core services: MAPI, SMTP and Unified HTTP/HTTPS and save the .tmpl file on the machine.

Sign in to Kemp Loadmaster load balancer.

On the left menu, click on Virtual Services > Manage Templates.

Click Browse and select the template that you downloaded in the previous step.

Click Add New Template.

Kemp LoadMaster did add the templates. You can click the delete button if you want to delete a template.

2. Create new virtual service

Click on Add New in the menu.

Select from the dropdown menu Exchange 2016 HTTPS Reencrypted.

Specify the Virtual Address. In our example, it’s 192.168.1.54.

Click Add this Virtual Service.

Make sure that the IP address is not taken by another device. If you already have an old load balancer and want to replace it with Kemp LoadMaster, you can keep using the same IP address. The HTTPS connection will go through Kemp LoadMaster.

Click on SubVSs and then on Modify.

Click on Add New.

Add the Exchange Server IP address.

Check the checkbox Add to all SubVSs.

Click on Add This Real Server.

Add the second Exchange Server IP address.

Check the checkbox Add to all SubVSs.

Click on Add This Real Server.

If you have more than two Exchange Servers, add them with the same steps.

You can see which Exchange Servers you added.

3. Import certificate

Click on View/Modify Services on the menu.

Click on Add New.

Note: The first line shows that port 80 (HTTP) redirects to port 443 (HTTPS). Kemp automatically redirects HTTP to HTTPS.

Click Import Certificate.

Browse to the Exchange certificate. This will be your SAN certificate or wildcard certificate. We recommend you export the certificate from Exchange Server and browse to that certificate.

Fill in the certificate password.

Give the certificate a name you can remember.

Click Save.

From Available VSs, click the arrow to move the virtual IP address to Assigned VSs.

Click Save Changes.

You can confirm and check that the certificate is installed.

4. Edit internal DNS

Change the internal DNS mail host record to the virtual address.

Change the internal DNS autodiscover host record to the virtual address.

In our example, we set the IP address 192.168.1.54 as the virtual address in the previous step. So we will add that IP address to the internal DNS.

5. Edit firewall VIP

In the firewall, change the VIP with protocol HTTPS (443) to the Kemp virtual address. In our example, the IP address 192.168.1.54.

6. Check real time statistics

Click Statistics > Real Time Statistics in the menu.

Click Real Servers.

The Exchange Servers status shows that they are up.

First, make sure to ping the hostname or do a NsLookup. It needs to resolve to the virtual address.

Note: It depends on the TTL of these records on how long it will take to resolve.

After confirming it resolves, start Outlook on a computer or browse to Outlook Web Access (OWA). You will see that the connections start to show numbers.

Test and verify that it works

It’s always good to test the load balancer and check if it works as expected.

Disable the network card on one of the Exchange Servers and check the statistics. The real time statistics will show the Exchange Server status Down.

Have a look at your Outlook client or OWA, and that the connection is still available without any hiccups. Don’t forget to enable the network card on the Exchange Server to bring it back up.

We did successfully configure Exchange HTTPS high availability with Kemp load balancer. In the next article, we will configure Exchange SMTP high availability.

Keep reading: Let’s Encrypt unable to install certificate (0x80070520) »

Conclusion

You learned how to configure Exchange HTTPS high availability with Kemp load balancer. First, download the templates from Kemp’s documentation page. After loading the templates, configure HTTPS load balancing with Kemp LoadMaster by following the steps. Finally, test Exchange HTTPS load balance by connecting with Outlook or OWA, and verify that it works by checking the statistics.

Did you enjoy this article? You may also like Exchange Server setup operation didn’t complete. Don’t forget to follow us and share this article.