Microsoft Exchange 2013

1 Introduction

 The KEMP LoadMaster combines versatility with ease-of-use to speed deployment of the complete portfolio of advanced messaging applications and protocols used by Exchange 2013, including Outlook Web App (OWA), Outlook Anywhere (OA),  Exchange ActiveSync (EAS), Simple Mail Transfer Protocol (SMTP), Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4 (IMAP4). With built-in SSL acceleration and/or overlay, the LoadMaster offloads a key source of CPU drain to improve the capacity of Client Access Servers (CASs). Layer 7 health checking at the LoadMaster ensures that if one of the CASs becomes inaccessible, the load balancer will take that server offline, while automatically re-routing and reconnecting users to other functioning servers.

The entire KEMP LoadMaster product family, including the Virtual LoadMaster (VLM) supports Microsoft Exchange 2013.

1.1 About This Manual

This manual addresses how to deploy and configure a LoadMaster appliance with Microsoft Exchange 2013.

KEMP’s LoadMaster family of products is available in various models to support networks of different throughput requirements. Information in this manual applies to all LoadMaster models.

1.2 Prerequisites

It is assumed that the reader is a network administrator or a person otherwise familiar with networking and general computer terminology. It is further assumed that the Exchange 2013 environment has been set up and the KEMP LoadMaster has been installed.

LoadMaster documentation is available at http://www.kemptechnologies.com/documentation.

At a minimum, you should have:

  • Installed the Microsoft Servers, Active Directories and followed other Microsoft requirements
  • Installed the LoadMaster on the same network as the servers.
  • Established access to the LoadMaster Web User Interface (WUI)

2 Exchange 2013 Overview

Microsoft Exchange Server is a mail server, calendaring software and contact manager. It is a server program that runs on Windows Server and is part of the Microsoft Servers line of products. The improvements made in Exchange 2013 have made it easier to load balance Exchange-related traffic.

Exchange 2013 includes the following solutions for switchover and failover redundancy:

High availability: Exchange 2013 uses Database Availability Groups (DAGs) to keep multiple copies of your mailboxes on different servers synchronized. That way, if a mailbox database fails on one server, users can connect to a synchronized copy of the database on another server.

Site resilience: You can deploy two Active Directory sites in separate geographic locations, keep the mailbox data synchronized between the two, and have one of the sites take on the entire load if the other fails.

Online mailbox moves: During an online mailbox move, email accounts are still accessible. Users are only locked out for a brief period of time at the end of the process, when the final synchronization occurs. Online mailbox moves can be performed across forests or in the same forest.

Shadow redundancy: Shadow redundancy protects the availability and recoverability of messages while they are in transit. With shadow redundancy, the deletion of a message from the transport databases is delayed until the transport server verifies that all the next hops for that message have completed. If any of the next hops fail before reporting successful delivery, the message is resubmitted for delivery to the hop that did not complete.

2.1 Differences Between Exchange 2010 and Exchange 2013

One of the biggest changes in Exchange 2013 is that the number of server roles has reduced to just two. In older versions of Exchange there were a number of server roles for Hub Transport, Unified Messaging, Mailbox and Client Access. In Exchange 2013 there are just two server roles:

  • The Mailbox Server which includes all of the functions to route mail, render web content and receive voicemail
  • The CAS which authenticates clients and routes requests to the correct mailbox server

The CAS now acts as a reverse proxy. The CAS no longer renders OWA when a user accesses it. The CAS determines which mailbox database their mailbox is located on and provides the request to the back-end mailbox server that hosts the database. The mailbox server then renders the OWA content, not the CAS.

Clients no longer interact with Exchange using RPC, it is all done over HTTPS. Outlook Anywhere is the protocol that Outlook clients use to access their mailbox.

Exchange 2013 Service Pack 1 introduces new connectivity option MAPI/HTTP which is disabled by default. It must be manually enabled by administrator and is only available as a connectivity option to clients running Office 2013 Service Pack 1 or later. Older clients continue using RPC/HTTP.

Outlook 2003 is not supported with Exchange 2013.

Unlike previous versions of Exchange, Exchange 2013 no longer requires session affinity at the load balancing layer. For more information, refer to the related article in The Exchange Team Blog: Load Balancing in Exchange 2013.

2.2 Understanding Server Load Balancing

Server load balancing is a way to manage which servers receive traffic. Server load balancing provides failover redundancy to ensure users continue to receive service in case of failure. It also enables your deployment to handle more traffic than one server can process while offering a single host name for clients.

Server load balancing serves two primary purposes. It reduces the impact of a single CAS failure within one Active Directory site. In addition, server load balancing ensures that the load on the CAS and Transport servers is optimally distributed.

Two key changes in Exchange 2013 make load balancing a lot simpler:

  • HTTPS-only access from clients means that there is only one protocol to consider. The HTTP failure states are well known and clients typically respond in a similar way.
  • As OWA is rendered on the same server that is hosting the user’s mailbox database; if a client hits a different CAS there is no performance degradation as the session rendering for that user is already up and running.

Forms-based authentication has also been improved. The authentication cookie is provided to the user after logon and it is encrypted using the CAS’s SSL certificate. This allows a logged in user to resume their session on a different CAS without having to re-authenticate (if servers share the same SSL certificate).

Understanding Server Load.png

3 Virtual Service Templates

KEMP have developed templates containing our recommended settings for Exchange 2013. These templates can be installed on the LoadMaster and can be used when creating each of the Virtual Services. Using a template automatically populates the settings in the Virtual Services. This is quicker and easier than manually configuring each Virtual Service. If needed, you can make changes to any of the Virtual Service settings after using the templates.

Released templates can be downloaded from the KEMP documentation page: http://www.kemptechnologies.com/documentation/.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description.

The Microsoft Exchange 2013 templates currently available are grouped in three downloadable files as follows:

  • Exchange2013Core

This file contains templates for non-SSL offloaded HTTPS, SSL offloaded HTTPS and SMTP Virtual Services.

This is the primary set of services needed to balance Exchange 2013.

  • Exchange2013ESP

This set contains individual templates for a HTTPS service with SSL offloading and an SMTP service, both with ESP enabled.

These services are only necessary if you want to use ESP functionality.

  • Exchange2013Additional

This set contains templates for IMAP, POP and SMTP services, including variants for STARTTLS and SSL secured services.

If you create another Virtual Service using the same template, ensure to change the Service Name to a unique name.

When using SNMP monitoring of ESP-enabled Virtual Services that were created using a template, ensure to monitor each SubVS directly rather than relying on the master service. This is because the Authentication Proxy sub-service will always be marked as up and, as a consequence, so will the master service.

 

4 Configuring Virtual Services for Exchange 2013

The sections below give instructions on how to configure the various Virtual Services related to Microsoft Exchange. The settings in this document are recommended by KEMP. They may not be applicable to your specific configuration. For further information and help, please contact our Support team.

If using Exchange 2013 (not SP1), ensure to enable SSL re-encryption. Also, if using Exchange 2013 (not SP1), MAPI is not used and can be removed.

4.1 HTTPS Virtual Service

Follow the instructions below to set up a HTTPS Virtual Service:

1. Select the Add New option within the Virtual Services section of the main menu tree.

HTTPS Virtual Service.png

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 443 in the Port field.

4. Type a name, for example Exchange 2013 HTTPS in the Service Name field.

5. Select tcp in the Protocol drop-down list.

6. Click the Add this Virtual Service button to add the Virtual Service.

HTTPS Virtual Service_1.png

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type HTTP/HTTPS  

Standard Options

Force L4 Disabled *
  Transparency Disabled  

 

Persistence Mode None  

 

Scheduling Method Round Robin  
  Idle Connection Timeout 1800 Click Set Idle Timeout.
SSL Properties SSL Acceleration Disabled  
Advanced Options Redirection URL https://%h%s Click Add HTTP Redirector. This creates a new redirect Virtual Service on port 80 with the same IP address.
ESP Options Enable ESP Disabled  

Real Servers

Real Server Check Method HTTPS Protocol  
  Checked Port 443 Click Set Check Port.
  URL /owa/healthcheck.htm Click Set URL.
  Use HTTP/1.1 Disabled  
  HTTP Method GET  

*When L7 is referred to in KEMP documentation it is in relation to the actual TCP connection. When Microsoft refer to L7 for Exchange it is in relation to SSL decryption and re-encryption. This is different and what KEMP recommends is not necessarily L7 configuration unless SSL acceleration is enabled.

To add content rules to the VS, follow the steps in the Create Content Rules section.

Minor changes now need to be made to the redirect Virtual Service that was added:

1. Click View/Modify Services in the main menu.

2. Click Modify on the Redirect Virtual Service with the blank name which has the same IP address as the Virtual Service that was just created.

HTTPS Virtual Service_6.png

3. Enter a recognizable Service Name, for example Exchange 2013 HTTP Redirect and click Set Nickname.

4. In Standard Options, set the Persistence Mode to None.

4.1.1 HTTPS using SubVSs

Follow the instructions below to set up a HTTPS Virtual Service with SubVSs.

4.1.1.1 Create the Parent Virtual Service

Follow the instructions below to set up the parent HTTPS Virtual Service:

1. Select the Add New option within the Virtual Services section of the main menu tree.

HTTPS using SubVSs.png

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 443 in the Port field.

4. Type a name, for example Exchange 2013 HTTPS in the Service Name field.

5. Select tcp in the Protocol drop-down list.

6. Click the Add this Virtual Service button to add the Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type HTTP/HTTPS  

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Persistence Mode None  

 

Scheduling Method Round Robin  
  Idle Connection Timeout 1800 Click Set Idle Timeout.
SSL Properties SSL Acceleration Enabled  
  Reencrypt Enabled  
Advanced Properties Redirection URL https://%h%s Click Add HTTP Redirector. This creates a new redirect Virtual Service on port 80 with the same IP address.
ESP Options Enable ESP Disabled  

4.1.1.2 Create the SubVSs

Follow the instructions below to set up the SubVSs:

1. In the Real Servers section of the Virtual Services options page, click the Add SubVS button.

2. A message stating that the SubVS has been created appears, click OK.

The Real Servers section should now be renamed to SubVSs.

The following steps deal with creating a SubVS for an Exchange service such as owa.

3. In the SubVSs section of the SubVS options page, click the Modify button next to the SubVS and select the following options:

HTTPS using SubVSs_5.png

a) In the SubVS Name field enter a relevant name such as owa

b) In the SubVS Type field select the HTTP/HTTPS option

HTTPS using SubVSs_6.png

4. Within the ESP Options section, ensure that the Enable ESP check box is not selected.

HTTPS using SubVSs_7.png

5. In the Real Servers section of the SubVS options page select the following options:

a) Enter /owa/healthcheck.htm in the URL field and click the Set URL button.

b) Ensure the Use HTTP/1.1 checkbox is deselected

c) Ensure that the GET option is selected from the HTTP Method drop-down list.

6. When finished editing the SubVS, click Back. Now you can add other SubVSs to this Virtual Service as needed.

7. Configure each SubVS using the settings in the table below.

SubVS Name

 

Healthcheck URL

Allowed Virtual Directories

OWA (as in steps above)

 

/owa/healthcheck.htm

/owa*

Autodiscover

 

/autodiscover/healthcheck.htm

/autodiscover*

ECP

 

/ecp/healthcheck.htm

/ecp*

EWS

 

/ews/healthcheck.htm

/ews*

ActiveSync

 

/microsoft-server-activesync/healthcheck.htm

/microsoft-server-activesync*

OAB

 

/oab/healthcheck.htm

/oab*

Powershell

 

/powershell/healthcheck.htm

/powershell*

RPC

 

/rpc/healthcheck.htm

/rpc*

MAPI

 

/mapi/healthcheck.htm

/mapi*

Authentication Proxy

 

 

 

If you are using Kerberos Constrained Delegation (KCD) please ensure you add a Real Server to the Authentication Proxy SubVS. For further information on KCD, refer to the KCD, Feature Description

4.1.1.3 Create Content Rules

Content Rules need to be created for the Virtual Services to function correctly.

To create a Modify URL rule for owa please complete the following steps:

1. Select the Rules & Checking > Content Rules menu option

2. Click the Create New button

HTTPS using SubVSs_8.png

3. Enter a relevant name, for example Redirect_Root in the Rule Name field

4. Select the Modify URL option in the Rule Type drop-down

5. Enter /^\/$/ in the Match String field

6. Enter /owa in the Modified URL field

7. Click the Create Rule button

To create a Content Matching rule for owa please complete the following steps:

1. Select the Rules & Checking > Content Rules menu option.

HTTPS using SubVSs_9.png

2. Click the Create New button.

HTTPS using SubVSs_10.png

3. Enter a relevant name, for example OWA in the Rule Name field.

4. Select the Content Matching option is selected in the Rule Type drop-down list.

5. Ensure the Regular Expression option is selected in the Match Type drop-down list.

6. Enter /^\/owa.*/ in the Match String field.

7. Select the Ignore Case checkbox.

8. Click the Create Rule button.

Create additional Content Matching rules following steps 1 to 8 above but using the values as described in the table below.

Rule Name

Match String

Ignore Case

ActiveSync

/^\/microsoft-server-activesync.*/

yes

Autodiscover

/^\/autodiscover.*/

yes

ECP

/^\/ecp.*/

yes

EWS

/^\/ews.*/

yes

OAB

/^\/oab.*/

yes

PowerShell

/^\/powershell.*/

yes

RPC

/^\/rpc.*/

yes

Root

/^\/$/

No

MAPI

/^\/mapi.*/

yes

Authentication Proxy

/^\/lm_auth_proxy*$/

yes

4.1.2 HTTPS Offloading Using SubVSs

To set up HTTPS Offloading Using SubVSs, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

HTTPS Offloading Using SubVSs.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 443 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 HTTPS Offloaded.

5. Click Add this Virtual Service.

6. Configure the settings as shown in the following table:

Section

Option

Value

Comment
SSL Properties SSL Acceleration Enabled  
  Reencrypt Enabled Optional

Standard Options

Idle Connection Timeout 1800 Click Set Idle Timeout.
Advanced Properties Show Header Rules Modify URL: Redirect_Root Click Add.*

 

Add HTTP Headers X-Forwarded-For  

 

Redirection URL https://%h%s Click Add HTTP Redirector. This creates a new redirect Virtual Service on port 80 with the same IP address.
ESP Options Enable ESP Disabled  

Real Servers

URL /owa/healthcheck.htm Click Set URL.
  Use HTTP/1.1 Disabled  
  HTTP Method GET  

*If the Redirect Root content rule does not exist yet, refer to the Create Content Rules section to create it.

7. In the Real Servers section, click the Add SubVS button.

8. A message stating that the SubVS has been created appears, click OK.

The Real Servers section should now be renamed to SubVSs.

The following steps deal with creating a SubVS for an Exchange service such as owa.

9. In the SubVSs section of the SubVS options page, click the Modify button next to the SubVS and select the following options:

HTTPS Offloading Using SubVSs_4.png

a) In the SubVS Name field enter a relevant name such as owa

b) In the SubVS Type field select the HTTP/HTTPS option

HTTPS Offloading Using SubVSs_5.png

10. When finished editing the SubVS, click Back. Now you can add other SubVSs to this Virtual Service as needed.

11. Configure each SubVS using the settings in the table below.

SubVS Name

 

Healthcheck URL

OWA (as in steps above)

 

/owa/healthcheck.htm

Autodiscover

 

/autodiscover/healthcheck.htm

ECP

 

/ecp/healthcheck.htm

EWS

 

/ews/healthcheck.htm

ActiveSync

 

/microsoft-server-activesync/healthcheck.htm

OAB

 

/oab/healthcheck.htm

Powershell

 

/powershell/healthcheck.htm

RPC

 

/rpc/healthcheck.htm

MAPI

 

/mapi/healthcheck.htm

 

4.1.3 HTTPS Offloading Using ESP and SubVSs

To set up HTTPS Offloading Using ESP, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

HTTPS Offloading Using ESP.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 443 as the Port.

4. Enter a Service Name, for example Exchange 2013 HTTPS Offloading with ESP.

5. Click Add this Virtual Service.

6. Configure the settings as shown in the following table:

Section

Option

Value

Comment
SSL Properties SSL Acceleration Enabled  
  Reencrypt Enabled Optional

Standard Options

Idle Connection Timeout 1800 Click Set Idle Timeout.
Advanced Properties Show Header Rules Modify URL: Redirect_Root Click Add.*

 

Add HTTP Headers X-Forwarded-For  
  Redirection URL https://%h%s Click Add HTTP Redirector. This creates a new redirect Virtual Service on port 80 with the same IP address.

*If the Redirect Root content rule does not exist yet, refer to the Create Content Rules section to create it.

7. Now you need to add the SubVSs. To do this, expand the Real Servers section and click Add SubVS. Then click the Modify button to configure it.

Details for each of the SubVSs that need to be created are below.

8. For each of the SubVSs created, ensure that in the ESP section, the Enable ESP checkbox is selected, and select the following options:

a) Select the User Access, Security and Connection check boxes in ESP Logging.

b) Select the relevant SSO Domain.

For instructions on how to add an SSO domain, refer to the ESP, Feature Description.

c) Enter all of the allowed virtual hosts into the Allowed Virtual Hosts text box, for example mail.example.com, and click the Set Allowed Virtual Hosts button.

d) Configure each SubVS using the settings in the table below.

SubVS Name

Allowed Virtual Directories

Pre-Authorization Excluded Directories

Client Auth. mode

Server Auth. mode

SSO Image Set

SSO Greeting Message

Autodiscover

/autodiscover*

 

None

None

n/a

 

ECP

/ecp*

 

Form Based

.Form based

Exchange

Please enter your Exchange credentials.

EWS

/ews*

 

None

None

n/a

 

ActiveSync

/microsoft-server-activesync*

 

Basic Auth.

Basic Auth.

n/a

 

OAB

/oab*

 

None

None

n/a

 

Powershell

/powershell*

 

None

None

n/a

 

RPC

/rpc*

 

None

None

n/a

 

OWA

/owa*

/owa/<guid@smtpdomain>*1

Form Based

Form based

Exchange

Please enter your Exchange credentials.

MAPI

/mapi*

 

None

None

n/a

 

Authentication Proxy

/*

 

Form Based

Form based

Exchange

Please enter your Exchange credentials.

If you are using Kerberos Constrained Delegation (KCD) please ensure you add a Real Server to the Authentication Proxy SubVS. For further information on KCD, refer to the KCD, Feature Description

1 GUID is unique to each Exchange deployment. To find the correct GUID, run the following command on the Exchange Server:

Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “OrganizationCapabilityClientExtensions”} | fl exchangeGUID, primarysmtpaddress

The Logoff String must be set to /owa/logoff.owa in the OWA SubVS. In a customized environment, if the OWA logoff string has been changed, the modified logoff string must be entered in the Logoff String text box.

HTTPS Offloading Using ESP_3.png

 

The SSO Greeting Message field accepts HTML code, so you can insert your own image if required. However, there are several characters that are not supported. These are the grave accent character ( ` ) and the single quotes (’). If a grave accent character is used in the SSO Greeting Message, the character will not display in the output, for example a`b`c becomes abc. If a single quote is used, users will not be able to log in.

9. For each of the SubVSs created, configure the settings as shown in the following table:

Section

Option

Value

Comment

Real Servers

Checked Port 443 Click Set Check Port.
  Use HTTP/1.1 Disabled  
  HTTP Method GET  
  URL Enter the relevant health check URL. Refer to the table in the Create the SubVSs section for the health check URLs.

10. After the SubVSs have been created, in the parent Virtual Service; enable Content Switching by clicking the Enable button in the Advanced Properties section.

4.2 IMAP Virtual Service

Follow the instructions below to set up an IMAP Virtual Service:

1. Select the Add New option within the Virtual Services section of the main menu tree.

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 143 in the Port field.

4. Type a name, for example Exchange 2013 IMAP in the Service Name field.

5. Select tcp in the Protocol drop-down list.

6. Click the Add this Virtual Service button to add the Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type Generic  

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Server Initiating Protocols IMAP4  

 

Persistence Mode None  
  Scheduling Method round robin  
  Idle Connection Timeout 3600 Click Set Idle Timeout.
SSL Properties SSL Acceleration Disabled  

Real Servers

Real Server Check Parameters Mailbox (IMAP) Protocol  
  Checked Port 143 Click Set Check Port.

4.2.1 IMAP STARTTLS Virtual Service

To configure the IMAP STARTTLS VS, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

2. Enter a Virtual Address.

3. Enter 143 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 IMAP with STARTTLS.

5. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type STARTTLS protocols  

Standard Options

Transparency Disabled  
  STARTTLS mode IMAP  

 

Idle Connection Timeout 3600 Click Set Idle Timeout.

Real Servers

Checked Port 143 Click Set Check Port.

4.2.2 IMAPS Virtual Service

To configure the IMAPS VS, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

 

2. Enter the IP address in the Virtual Address text box.

3. Enter 993 in the Port field.

4. Enter a recognizable Service Name, for example Exchange 2013 IMAPS.

5. Click Add this Virtual Service.

6. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Transparency Disabled  
  Server Initiating Protocols IMAP4  

 

Idle Connection Timeout 3600 Click Set Idle Timeout.

Real Servers

Real Server Check Method TCP Connection Only  
  Checked Port 993 Click Set Check Port.

4.2.3 IMAPS Offloaded Virtual Service

To configure the IMAPS Offloaded, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

 

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 993 in the Port field.

4. Enter a recognizable Service Name, for example Exchange 2013 IMAPS Offloaded.

5. Configure the settings as shown in the following table:

Section

Option

Value

Comment
SSL Properties SSL Acceleration Enabled  

Standard Options

Transparency Disabled  
  Server Initiating Protocols IMAP4  

 

Idle Connection Timeout 3600 Click Set Idle Timeout.

Real Servers

Real Server Check Method Mailbox (IMAP) Protocol  
  Checked Port 143 Click Set Check Port.

4.3 POP Virtual Service

Follow the instructions below to set up a POP Virtual Service:

1. Select the Add New option within the Virtual Services section of the main menu tree.

 

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 110 in the Port field.

4. Type a name, for example Exchange 2013 POP in the Service Name field.

5. Select tcp in the Protocol drop-down list.

6. Click the Add this Virtual Service button to add the Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type Generic  

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Server Initiating Protocols POP3  

 

Persistence Options None  
  Scheduling Method round robin  
  Idle Connection Timeout 3600 Click Set Idle Timeout.
SSL Properties SSL Acceleration Enabled  

Real Servers

Real Server Check Method Mailbox (POP3) Protocol  
  Checked Port 110 Click Set Check Port.

4.3.1 POP with STARTTLS Virtual Service

To configure a POP Virtual Service with STARTTLS, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

 

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 110 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 POP with STARTTLS.

5. Click Add this Virtual Service.

6. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type STARTTLS  

Standard Options

Transparency Disabled  
  Idle Connection Timeout 3600 Click Set Idle Timeout.

Real Servers

Checked Port 110 Click Set Check Port.

4.3.2 POPS Virtual Service

To configure a POPS VS, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

 

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 995 in the Port field.

4. Enter a recognizable Service Name, for example Exchange 2013 POPS.

5. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Transparency Disabled  
  Server Initiating Protocols POP3  

 

Idle Connection Timeout 3600 Click Set Idle Timeout.

Real Servers

Checked Port 995 Click Set Check Port.

4.3.3 POPS Offloaded Virtual Service

To configure a POPS Offloaded Virtual Service, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

 

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 995 in the Port field.

4. Enter a recognizable Service Name, for example Exchange 2013 POPS Offloaded.

5. Click Add this Virtual Service.

6. Configure the settings as shown in the following table:

Section

Option

Value

Comment
SSL Properties SSL Acceleration Enabled  

Standard Options

Transparency Disabled  
  Server Initiating Protocols POP3  

 

Idle Connection Timeout 3600 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters Mailbox (POP3) Protocol  
  Checked Port 110 Click Set Check Port.

4.4 SMTP Virtual Service

Follow the instructions below to set up an SMTP Virtual Service:

1. Select the Add New option within the Virtual Services section of the main menu tree.

 

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 25 in the Port field.

4. Type a name, for example Exchange 2013 SMTP in the Service Name field.

5. Select tcp in the Protocol drop-down list.

6. Click the Add this Virtual Service button to add the Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type Generic  

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Server Initiating Protocols SMTP  

 

Persistence Mode Source IP Address  
  Idle Connection Timeout (Default 660) 1 Hour  
  Scheduling Method round robin  
  Idle Connection Timeout 120 Click Set Idle Timeout.
SSL Properties SSL Acceleration Disabled  
ESP Options Enable ESP Disabled  

Real Servers

Real Server Check Parameters Mailbox (SMTP) Protocol  
  Checked Port 25 Click Set Check Port.

4.4.1 SMTPS Virtual Service

To configure an SMTPS Virtual Service, follow the steps below:

1. In the main menu of the LoadMaster WUI, select Virtual Services and Add New.

 

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 587 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 SMTPS.

5. Click Add this Virtual Service.

6. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Transparency Disabled  
  Server Initiating Protocols SMTP  

 

Persistence Mode Source IP Address  

 

Idle Connection Timeout (Default 660) 1 Hour  
  Idle Connection Timeout 120 Click Set Idle Timeout.

Real Servers

Checked Port 587 Click Set Check Port.

4.4.2 SMTPS Offloaded Virtual Service

To configure a SMTPS Offloaded Virtual Service, follow the steps below:

1. In the main menu of the LoadMaster WUI, select Virtual Services and Add New.

 

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 587 in the Port field.

4. Enter a recognizable Service Name, for example Exchange 2013 SMTPS Offloaded.

5. Click Add this Virtual Service.

6. Configure the settings as shown in the following table:

Section

Option

Value

Comment
SSL Properties SSL Acceleration Enabled  

Standard Options

Transparency Disabled  
  Server Initiating Protocols SMTP  

 

Persistence Mode Source IP Address  

 

Idle Connection Timeout (Default 660) 1 Hour  
  Idle Connection Timeout 120 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters Mail (SMTP) Protocol  
  Checked Port 25 Click Set Check Port.

4.4.3 SMTP with STARTTLS Virtual Service

To configure a SMTP Virtual Service with STARTTLS, follow the steps below:

1. In the main menu of the LoadMaster WUI, select Virtual Services and Add New.

 

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 25 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 SMTP with STARTTLS.

5. Click Add this Virtual Service.

6. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type STARTTLS  

Standard Options

Transparency Disabled  
  STARTTLS mode SMTP (STARTTLS if requested)  

 

Persistence Mode Source IP Address  

 

Idle Connection Timeout (Default 660) 1 Hour  
  Idle Connection Timeout 120 Click Set Idle Timeout.

Real Servers

Checked Port 25 Click Set Check Port.

4.4.4 SMTP with ESP Virtual Service

To configure a SMTP VS with ESP, follow the steps below:

1. In the main menu of the LoadMaster WUI, select Virtual Services and Add New.

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 25 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 SMTP with ESP.

5. Click Add this Virtual Service.

6. Configure the settings as shown in the following table:

Section

Option

Value

Comment
ESP Options Enable ESP Enabled  
  Connection Logging Enabled  
  Permitted Domains Enter all permitted domains that are allowed to be received by this service. Click Set Permitted Domains.

Standard Options

Transparency Disabled  
  Server Initiating Protocols SMTP  

 

Persistence Mode Source IP Address  

 

Persistence Timeout 1 Hour  
  Idle Connection Timeout 120 Click Set Idle Timeout.

Real Servers

Checked Port 25 Click Set Check Port.

References

Unless otherwise specified, the documents below can be found at http://kemptechnologies.com/documentation

Web User Interface (WUI), Configuration Guide

Virtual Services and Templates, Feature Description

ESP, Feature Description

Microsoft Exchange 2010, Deployment Guide

Exchange Team Blog post on Load Balancing in Exchange 2013

http://blogs.technet.com/b/exchange/archive/2014/03/05/load-balancing-in-exchange-2013.aspx

KCD, Feature Description

View or configure Outlook Web App virtual directories

https://technet.microsoft.com/en-us/library/dd298140(v=exchg.150).aspx

 

Last Updated Date

This document was last updated on 04 January 2018.

Was this article helpful?

0 out of 0 found this helpful

Comments