Microsoft exchnage Load Balancing



First off, this is a Free LoadMaster running on Hyper-V, which is an excellent platform, and I've got no complaints about this itself.

But, just wondering if anyone has any ideas. We started publishing our new Exchange 2013 environment as a load-balanced object on our firewall appliance. The appliance got upgraded, which broke load-balancing on it. The vendor is aware of this and is due to issue a fix soon, but in the meantime I've got the Kemp working as a load balancer so our firewall only needs to see it as a single device, rather than trying to load balance our Exchange servers.

This worked fine in testing for webmail- we have another public-facing DNS name which we used to try with webmail and it was fine, the Kemp was passing OWA no problem. When we put this live, OWA and SMTP worked great from outside, but we were unable to connect to Outlook internally. This would fail either by trying to point DNS at the public-facing address, or by going straight to the Kemp. All the time, the Kemp was handling external 443 and SMTP without issue.

Can anyone think of any issues that may have been stopping the Kemp accepting internal hits from an Outlook client? I've got SSL acceleration turned on with re-encryption so that the correct certificate is published.

Just too re-iterate; my actual problem is with our firewall appliance and not the Kemp, which has been so easy to configure and is doing it's job, I've obviously just mis-configured it. The LoadMaster was "thrown-in" and I have no training, so I'm just digging around in case there are any really obvious fixes to try.

Many thanks,



Barry Gleeson Official comment

Hi Rhidian,
My initial thoughts would be that the internal traffic is failing to connect due to routing issues but would need to look closed to confirm.
Do you have the loadmaster setup as two-armed i.e one Public and one private arm?
If so are the internal clients on the same network as the Exchange Servers?
Also do you have Subnet Originating Requests enabled on the Virtual Service? (this may be a simple test to do i.e enable Subnet Originating Requests globally under System Configuration-Miscellaneous Options-Network Options-Subnet Originating Requests )



Hi Barry, thanks for this info- I've set the subnet requests and it's now working. We've got internal DNS pointing straight at the Kemp, external is being NAT'd through our firewall. Seems to be accessible via an external 4G connection (W8.1 App and browser) and internally without issue.

The LB100 has just saved our Exchange! Very impressed with it, the only thing I need to work out now is if we need a paid-for license or whether the 20MB can cope.

Thanks again,