Exchange 2013 SMTP Virtual service and Source IP

0

 Hi,

I have configured a Virtual Kemp  (Version 7.2.38.0.14750.RELEASE) on VMWARE.

Two NICS are enabled, eth0 for management and eth1 for Exchange.  VLANS are sorted on VMWARE and are not configured on the Kemp.

The default gateway is configured on eth0 for the Kemp, however each virtual service has its gateway configured to use the Exchange network default gateway.

I have configured an SMTP virtual service on the kemp checking on port 25. This monitors the SMTP service on an Exchange 2013 server.

I have configured the Exchange 2013 receive front end connector so that it only accepts traffic from the virtual service IP defined above.

The real server checks on the Kemp state that the service is down.  When I change the receive connector to allow all IP's the service changes to up on the Kemp.

I have performed a wireshark and it appears that the Health check for the SMTP service is coming from the IP address of the interface connected to the exchange network and not from the Virtual Service IP.  Subnet Originating Requests is not enabled.

 

In fact the Wireshark trace indicates that health checks to all virtual services on the Kemp are being done through the Kemp Interface IP on the Exchange network and not the virtual server.

Note the other Virtual services I have created for Exchange 2013 all appear to work ok, just not the SMTP virtual service.

Any Help would be appreciated.

2 comments

Avatar
0
matthew.ridley

Am I right in my thinking below:

Virtual Service Health check is sent from the Interface IP and NOT the Virtual service IP.

Any user traffic sent to the Virtual Service IP will cause traffic from the virtual service IP to be directed to the Exchange servers.

 

In which case (Although I didn't have to do this for Exchange 2010), I would need to add both the Interface IP and the Virtual service IP to the receive connector remote IP address list.

Hopefully someone can help.

 

Regards Matt

Avatar
0
Tony Vaughan

Morning Matt,

you are correct,

health checks will always come from the local interface,
production traffic will may be seen using a different IP depending on the LM settings

the following is regrading the virtual service settings
if Transparency is off and Subnet Originating Requests is off, then the real server will see the virtual service address
if Transparency is off and Subnet Originating Requests is on, then the real server will see the interface address

if Transparency is on and Subnet Originating Requests is off, then the real server will see the clients IP
if Transparency is on and Subnet Originating Requests is on, then the real server will see the clients IP

let me know if this helps