How to Configure Network Load Balancing (NLB) on Windows 2008 for Exchange CAS Server
When using the NLB Manager in conjunction with a host which has a single NIC and is set to use UNICAST communication you will receive the following error message when the management tool starts:
Ironically it still appears when you have configured your Cluster to use Multi-cast.
The following is an interesting read on Unicast limitations when using a single NIC on your server (taken directly fromÂ http://support.microsoft.com/kb/556067)
Unicast Mode with Single NIC
- In Unicast Mode, NLB modifies the Network Adapters MAC address to Cluster MAC. Now, there is only one MAC Address available in cluster â€“ that is Cluster MAC and this MAC address has to be same on all cluster hosts. Network Re-director canâ€™t forward the request to same MAC Address if it is originating from the same source and also host cannot communicate with each other â€“ This is the disadvantage of Unicast Mode with Single NIC. To enable hosts to talk to each other, enable either MULTI-CAST mode or install a second NIC.Â
- You may get â€œNo interface is available to configure load balancingâ€ when using network load balancing manager. You get this error if you have imaged a server or copied to virtual machine. All network GUIDs will be same. You need to re-install the network adapter from device manager to overcome this problem.
- While configuring NLB through NLB Manager and you have deleted the host from the cluster. If that status of that still shows pending for a long time then manually disable the NLB in host. It would disappear from the Manager.
- It is always best practice to add local host (on where youâ€™re running NLB Manager) after adding all host when youâ€™re running NLB Cluster in Single NIC with Unicast Mode.
- It is recommended to run NLB Manager on a separate computer which is not part of cluster when youâ€™re running Cluster in Single NIC with Unicast or Multi-cast Mode.
- If you have added the local host to NLB Manager in single NIC Unicast mode and when you refresh, all other hosts will be unreachable.
- When you access VIP using UNC, you might get the login box if youâ€™re request is being forwarded to a host who is not in domain and youâ€™re member of domain. You might need to supply user credentials.
- Crossover cable between NLB nodes doesnâ€™t work correctly for heartbeat messages and others. It works great in server clustering.
- Heartbeat messages are transmitted over NLB Enabled NIC always whether youâ€™re operating cluster in Unicast or Multi-cast mode.
- When an application running on a host dies or stop the NLB will keep forwarding the requests to that server because NLB doesnâ€™t monitor the state of the application.
- Only Windows 2003 and later versions can be configured by the NLB Manager. However, you can manage previous versions of Windows but canâ€™t configure them using NLB Manager.
- Remote control for NLB uses UDP port 2504.Â
- You will notice that some areas of the my guide have incomplete IP addresses and Subnet masks â€“ its pretty obvious as to why I have done this.
Installing Windows 2008 NLB on Node 1;
Network Load Balancing is available in both the Standard and Enterprise Editions of Windows 2008 (it is also available in other higher level variants of Windows 2008). Essentially NLB uses a node based distributed process which farms network traffic between a number of Hosts (or nodes) â€“ each node constitutes a member of a NLB cluster (this should not be confused with Windows Failover Clustering Services â€“ NLB clustering is designed mainly around the distribution of Network traffic and providing fault tolerance at the interface level).
In order to install and correctly configure NLB in your environment you will need the following:
- At least two servers (or if you do not have two servers one server with two NIC interfaces â€“ however under this scenario you would be at the mercy of the other components within the architecture).
- If you are Load Balancing two separate servers (which this article is about) you will require x 3 free IP addresses on your network:
- x 2 for the Public Addresses of your nodes
- x 1 for the NLB Cluster Address
- A DNS entry that points to the NLB clustered address â€“ this will be used for hosts to connect to the Clustered NLB IP Address
Therefore before proceeding â€“ ensure that each node (machine) that is going to form part of the NLB cluster has a Unique IP address on your Network, then, create a DNS host entry which points at the NLB Cluster IP Address â€“ below is a simple overview diagram of how the NLB cluster will function as a Exchange Client Access Server:
When you have ensured that the above criteria has been met, open a Windows 2008 Command Prompt and type in the following command:
serverManagerCMD -i NLBÂ â€“ then press <Enter> (see below);
You will need to perform this on all nodes (computers) that will form that NLB cluster.
When NLB has completed installing (on both Nodes) on the Primary Node (First Machine you installed NLB) â€“ go to the following [Â START -> Programs -> Administrative Tools -> Network Load Balancing ManagerÂ ] â€“ see below:
The following Window will open:
From the top left pane â€“ right click on the â€œNetwork Load Balancing Clustersâ€ and from the context menu that appears choose â€œNew Clusterâ€:
You will then be presented with the â€œNew Cluster: Connectâ€ option â€“ in the section that is entitled â€œHostâ€ type in the Host name of the Primary Node in the cluster then click on the â€œConnectâ€ buttonÂ and then Click â€œNextâ€ when the â€œInterfaces available for configuring this clusterâ€ populates which will display the following:
As this the first node interface in the cluster you should ensure that the Priority is set to â€œ1â€ â€“ you can then leave the rest of the configuration options as the default and click on the â€œNextâ€ button which will display the following screen:
This screen allows for you to configure the IP addresses that will be shared by each node of the NLB cluster â€“ so for example earlier we created a DNS entry which corresponds to the CAS serverâ€™s Clustered IP address â€“ click on the â€œAddâ€ button which will open the following screen:
Enter in the Cluster IP addresses (which corresponds to the DNS entry) in the section entitled â€œAdd IPv4 addressâ€ (you should also include the Subnet Mask) â€“ then click on the â€œOKâ€ button â€“ this will return you to the main Cluster IP address screen â€“ click on the â€œNextâ€ button to be taken to the â€œCluster Parametersâ€ screen:
Here you will see that the Cluster IP address and Subnet have been pre-populated â€“ however in the â€œFull Internet Nameâ€ section you will need to provide the FQDN of the DNS entry that we did at the start of the article (under the pre-requisites section) â€“ as I am using a single network card I have chosen to use â€œMulti-castâ€ for the cluster operation mode â€“ if you have two NICâ€™s in your server you should choose the Unicast option.
We you are happy with the setting above click on the â€œNextâ€ button:
Here you will be presented with the â€œPort Rulesâ€ section of the configuration.
Essentially this screen provides a means for you to reduce the â€œAttack Surfaceâ€ area of the clustered IP address by allowing you to specify specificÂ port traffic which is allowed via the IP address.
As you can see thereÂ is a default rule defined which essentially allows all traffic â€“Â select it and then click on the â€œRemoveâ€ button.
Now for the purposes of my CAS server I will only require portsÂ 80 (HTTP)Â andÂ 443 (SSL)Â â€“Â however it is possible that other people would also requireÂ 110Â (POP3)Â and143 (IMAP)Â to be added.
To add a port rule click on the â€œAddâ€ button and the following dialog box will appear:
In order to configure HTTP Un-tick the â€œAllâ€ button, and then choose the IP address of your cluster from the â€œCluster IP Addressâ€ area â€“ then ensure that the rest of the configuration option match that as above. When you are happy with your choices click on the â€œOKâ€ button.
You will be taken back to the main â€œPort Rulesâ€ screen â€“ repeat the process for the other ports â€“ when you have configured the remaining ports click on the â€œFinishâ€ button.
Installing Windows 2008 NLB on Node 2;
You will now be returned to the main screen of the NLB cluster manager â€“ which will now be processing your configuration changes. When it has finished â€“ right click the New entry under â€œNetwork Load Balancing Clustersâ€ (which is your new cluster) and from the context menu that appears choose the â€œAdd Host to clusterâ€ option â€“see below
You will be presented with the familiar â€œAdd host to clusterâ€ dialog box â€“ here type in the Host name of the second node and then click on the â€œConnectâ€ button â€“ then when the â€œConnection Statusâ€ changes to â€œConnectedâ€ click on the â€œNextâ€ button:
You will then be presented with the â€œHost Parametersâ€ dialog box â€“ ensure that the priority assigned is set to â€œ2â€ â€“ then click on the â€œNextâ€ button:
You will given the option to Edit the port rules again â€“ confirm that they are as expected then click on the â€œFinishâ€ button:
The cluster will then return you to the NLB manager screen â€“ where it will be processing the changes made and converge the interfaces.
When it has completed voila! â€“ Windows 2008 Server NLB for Exchange CAS.