CAS array DNS wnlb

Status
Not open for further replies.
S

skipster



Hello all

When i configure my CAS array, the FQDN for the CAS array name will be "outlook.mydomain.com" and this name will point to the vip on the wnlb cluster. We have a split DNS setup, we have an internal and external DNS zone called "mydomain.com" I know i need to create the A record for outlook.mydomain.com in my internal DNS, but do i also have to create an A record for outlook.mydomain.com in my external dns zone?

and lastly i have two 2010 CAS severs that are running on windows 2008 sp2 and configured using wnlb. The vip ip for the wnlb array in internal dns points to outlook.mydomain.com, and this is working fine. All of my exchange web services and OWA point to https://mail.mydomain.com/autodiscover/autodiscover.xml ect,ect,ect I want to load balance any request comming to mail.mydomain.com across the two CAS2010 servers as well. Can i use the same ip address that the wnlb cluster is using for outlook.mydomain.com as well as mail.mydomain.com ? so in internal DNS i would point (for exmaple) 10.7.13.2 to outlook.mydomain.com and then create another dns record for mail.mydomain.com that also maps to 10.7.13.2 ? This way i dont need to add another ip address to the cluster nic

Thanks

Bulls on Parade
 
B

Brian Day MCITP [MVP]



Is "outlook.mydomain.com" going to be specifically for MAPI connections, or something else too? You do not want your MAPI connection point name to be resolveable externally or else Outlook will hang while it tries to connect via TCP/MAPI first. So with that said I would suggest against creaing an A record for outlook.mydomain.com in your external DNS zone.

For your second question, yes all URLs can resolve to the same WNLB VIP. You'll just need to make sure if you're using SSL that the proper certificate for OWA/OLA/EAS/AutoD is installed on the CAS servers.

Brian Day, Overall Exchange & AD Geek
MCSA 2000/2003, CCNA
MCITP: Enterprise Messaging Administrator 2010
Microsoft MVP, Exchange Server
 
E

Exchange Mail Man



Brian,

Thanks for the info on the internal vs. external records.

I do have one further question...

I have WNLB setup for 2 CAS/HUB servers. Everything works great from within my network but I cannot log into the Web App from outside my network even with a firewall rule of "any" "any" to the NLB VIP. I suspect its an ARP issue with my firewall but I'm not sure. Are there any special considerations for allowing users to access the Outlook Web App through a firewall?

Thanks,

Lance

Lance
 
B

Brian Day MCITP [MVP]



Is your firewall using your external DNS servers for resolution and have the WNLB VIP hostname in the rule? If so, it probably isn't resolving to the proper IP. You may need to edit a hosts file on the FW box (if that is possible) or define the WNLB VIP IP by some other means.

Brian Day, Overall Exchange & AD Geek
MCSA 2000/2003, CCNA
MCITP: Enterprise Messaging Administrator 2010
Microsoft MVP, Exchange Server
 
E

Exchange Mail Man



Brian,

The firewall is a NAT based firewall. A virtual IP is created that is NAT'ed to the internal IP of the NLB IP address. DNS is done through an external DNS provider. The DNS provider has an A record of mail.company.com which resolves to xxx.xxx.xxx.xxx on my firewall. The firewall then NAT's that address to the internal IP of my CAS array. I had read somewhere that Microsoft was aware of an issue when using NLB. Something about and ARP issue on the NIC's as well as having to enable forwarding.

Lance
 
Status
Not open for further replies.
Top