Microsoft Exchange team releases Exchange Server Security Updates (SUs) when vulnerabilities are discovered. You don't…
Exchange HTTPS high availability with Kemp load balancer
It’s time to configure Exchange Server high availability because we did install a second Exchange Server in the domain. A great way is to set up Exchange HTTPS high available with a load balancer. This article will teach you how to load balance Exchange Servers HTTPS (port 443) with Kemp load balancer.
Table of contents
Information
HTTPS and SMTP are both network layer protocols to transfer information between hosts. SMTP will transfer emails between mail servers, while HTTPS is used to transfer secure communication over a network.
We will load balance Exchange Server for the protocols:
- HTTPS (Hypertext Transfer Protocol Secure) (this article)
- SMTP (Simple Mail Transfer Protocol)
Important: Read the article Exchange high availability namespace design and planning before you go further.
An architecture view of load balancing HTTPS connection with Kemp load balancer is shown below in the topology.
Before you start, read the articles:
Microsoft Exchange template
It’s good to know that Kemp provides templates to configure the load balancer. It will make it a bit easier than doing it all by yourself. Visit the Kemp documentation page to download the Exchange template.
Choose the template that suits your Kemp version and your Exchange Server version. We will choose Exchange 2016 (Kemp LoadMaster 7.2.37.1) because we have Exchange Servers 2016 running in the environment and Kemp LoadMaster 7.2.x.
Log into Kemp Loadmaster load balancer. On the left menu, click on Virtual Services > Manage Templates. Click Browse and select the template that you did download in the previous step. Click Add New Template.
Kemp LoadMaster did add the templates. If you want to delete a template, you can click on the delete button.
Create new virtual service
Click on Add New in the menu. Start first by selecting from the dropdown menu Exchange 2016 HTTPS Reencrypted. Specify the Virtual Address. In our example, it’s 192.168.1.54. Click Add this Virtual Service.
Make sure that the IP address is not taken by another device. If you already have an old load balancer and want to replace it with Kemp LoadMaster, you can keep using the same IP address. The HTTPS connection will go through Kemp LoadMaster.
Click on SubVSs and then on Modify.
Click on Add New.
Add the Exchange Server IP address. Check the checkbox Add to all SubVSs. Click on Add This Real Server.
Add the second Exchange Server. Check the checkbox Add to all SubVSs. If you have more than two Exchange Servers, add them with the same steps.
You can see which Exchange Servers you did add.
Add certificate
Click on View/Modify Services on the menu. Click on Add New. The first line shows that port 80 (HTTP) redirects to port 443 (HTTPS).
Kemp automatically redirects HTTP to HTTPS.
Click Import Certificate.
Browse to the Exchange certificate. This will be your SAN certificate or wildcard certificate. We recommend you to export the certificate from Exchange Server and browse to that certificate. Fill in the certificate password and give it a name that you can remember. Click Save.
From Available VSs, click the arrow to move the virtual IP address to Assigned VSs. Click Save Changes.
You can confirm and check that the certificate is installed.
Edit internal DNS
Change the mail internal DNS host record to the virtual address.
Change the autodiscover internal DNS host record to the virtual address.
Read more: Configure internal DNS Exchange 2016 »
Edit firewall VIP
In the firewall, change the VIP with protocol HTTPS (443) to the Kemp virtual address. In our example, the IP address 192.168.1.54.
Check real time statistics
Click Statistics > Real Time Statistics in the menu. Click Real Servers. The Exchange Servers status shows that they are up.
First, make sure to ping the hostname or do a NsLookup. It needs to resolve to the virtual address. In our example, it’s 192.168.1.54. It depends on the TTL of these records on how long it will take to resolve.
After you can confirm that it resolves, start Outlook on a computer or browse to Outlook Web Access (OWA). You will see that the connections start to show numbers.
Test and verify that it works
It’s always good to test the load balancer and if it works as expected. Disable the network card on one of the Exchange Server and check the statistics. The real time statistics will show the Exchange Server status Down.
Have a look at your Outlook client or OWA, and that the connection is still available without any hiccups. Don’t forget to enable the network card on the Exchange Server to bring it back up.
We did successfully configure Exchange HTTPS high availability with Kemp load balancer. In the next article, we will configure Exchange SMTP high availability.
Keep reading: Let’s Encrypt unable to install certificate (0x80070520) »
Conclusion
In this article, you learned how to configure Exchange HTTPS high availability with Kemp load balancer. Download the templates from Kemp’s documentation page. After loading the templates, configure HTTPS load balancing with Kemp LoadMaster by following the steps. Test Exchange HTTPS load balance by connecting with Outlook or OWA, and verify that it works by checking the statistics.
Did you enjoy this article? You may also like Exchange Server setup operation didn’t complete. Don’t forget to follow us and share this article.
What Others Are Reading
This Post Has 0 Comments