Load Balancing Exchange SMTP Relay and IIS SMTP Relay

By Dan Schlimme posted 12-27-2016 06:04 AM

  

Load Balancing Exchange SMTP Relay and IIS SMTP Relay

 

I recently had to load balance our Exchange SMTP Relay and IIS SMTP Relay.  Both of these require the use of DSR which I was unfamiliar with and wanted to share my experience.

 

Important Pieces of Information

  • Netscaler Firmware
    • NS 10.5 61.11.nc
  • Exchange Environment
    • Exchange 2010
  • Server OS
    • Server 2012 R2
  • Your vip needs to be on the same VLAN as your load balanced servers
  • You will need a SNIP for the VLAN of your load balanced servers
  • You will need to add the VLAN of your load balanced servers to your network port
  • MAC based forwarding needs to be enabled

 

Netscaler and Server Networking configuration are the same for Exchange SMTP Relay and IIS SMTP Relay

 

Netscaler Configuration

  • Add the VLAN you will be working with to your Netscaler
    • Navigate to System\Network\VLANs
      • Select Add
        • Enter the VLAN ID
        • Bind to the Interface you need
          • I tagged the traffic, but this may not be needed in your environment

VLAN

  • Add SNIP to the Netscaler on the VLAN you just added
    • Navigate to System\Network\IPs
      • Select Add
        • Enter the IP
        • Enter the Netmask
        • Select IP Type as Subnet IP
        • OPTIONAL STEP - Uncheck “Enable Management Access control to support the below listed applications”

SNIP

  • Add the servers you want to load balance
  • Create the SMTP Monitor
    • Standard Parameters
      • Give it a name
      • Set the port number to 25

SMTP Monitor Standard Parameters

    • Special Parameters
      • Select Script of nssmtp.pl
      • Set Dispatcher IP to 127.0.0.1
      • Set Dispatcher port to 3013

SMTP Monitor Special Parameters

  • Create the Service Group
    • Basic Settings Configuration
      • Give it a name
      • Set Protocol to ANY

Service Group Basic Settings

    • Settings Configuration
      • Select Use Proxy Port
      • Select Down State Flush
      • Select Use Client IP

Service Group Settings Configuration

    • Monitor Configuration
      • Add the SMTP Monitor you created earlier
      • You also need to add a second monitor of TCP/Ping/ARP
        • I used ARP
          • This has something to do with learning the MAC address. I am not entirely certain.
    • Service Group Members Configuration
      • Add the Servers you added earlier

 

  • Create the Virtual Server
    • Basic Settings Configuration
      • Give it a name
      • Set Protocol to ANY
      • Assign IP
      • Set Redirection Mode to MAC Based

Virtual Server Basic Settings Configuration

    • Service and Service Groups Configuration
      • Bind the Service Group you created earlier
    • Method Configuration
      • Set Load Balancing Method to Round Robin

 Virtual Server Method Configuration

    • Persistence Configuration
      • Set Persistence to SourceIP

Virtual Server Persistence Configuration

    • Traffic Settings Configuration
      • Select Sessionless Load Balancing

Virtual Server Traffic Settings Configuration

  • Your Virtual Server is now configured

 

 

  

 

Server Configuration

  • Add a loopback network adapter
  • Rename Ethernet adapter to Ethernet
  • Rename the Loopback adapter to Loopback
  • Open properties of the Loopback adapter
    • Uncheck everything except Internet Protocol Version 4 (TCP/IPv4)

Server Configuration Loopback Adapter

    • Select Internet Protocol Version 4 (TCP/IPv4) and select Properties
      • General Settings Configuration
        • Add the IP you used for your SMTP Virtual Server
        • Set the Subnet Mask to 255.255.255.255
        • Do not set DNS

 Server Configuration Loopback Adapter General Settings Configuratino

    • Advanced Configuration Settings
      • IP Settings
        • Uncheck Automatic metric
        • Set Interface Metric to 254
          • This prevents the ip from arping

 Server Configuration Loopback Adapter IP Settings

      • DNS
        • Uncheck Register this connection’s address in DNS

Server Configuration Loopback Adapter DNS Configuration

      • WINS
        • Select Disable NetBIOS over TCP/IP

 Server configuration Loopback Adapter WINS Configuration

  • From command line run the following commands with elevated privileges
    • netsh int ipv4 set int "Loopback" weakhostreceive=enabled weakhostsend=enabled
    • netsh int ipv4 set int "Ethernet" weakhostreceive=enabled
    • arp -d *
  • Your Server is now configured for DSR

 

IIS SMTP Relay Configuration

  • Open IIS on your Relay server
  • Go to properties of your SMTP Virtual server in IIS
    • General Settings
      • You will see an IP in the middle, this is the IP of the Relay server itself.
      • Select Advanced next to the Relay Server IP

 IIS SMTP Relay General Settings

        • Select Add
          • Choose the IP of the VIP created earlier
          • Set the port to 25

 IIS SMTP Relay Add IP

    • Access Settings
      • Select Relay

IIS SMTP Relay Access Settings)

        • Select Add

    IIS SMTP Relay Add Relay

        • Add the VIP you created earlier

    IIS SMTP Relay Add Relay IP

    • IIS SMTP Relay is now configured

     

    Exchange SMTP Relay Configuration

    • Open Exchange Management Console
    • Expand Server Configuration
      • Select Hub Transport
        • Select a Hub Transport

    Exchange SMTP Relay

     

    Exchange SMTP Relay Network Tab

          • In the “Use these local IP addresses to receive mail” section, select Add
            • Select “Specify an IP address”
            • Enter the VIP you created earlier
            • Set the Port to 25

    Exchange SMTP Relay Add Receive Connector Binding

      • You now need to do the same step to all of your Hub Transport Servers
    • Your Exchange SMTP Relay is now Configured

    Comments

    07-26-2018 01:55 AM

    Read this if DSR and Netscaler isn't working for you

    https://discussions.citrix.com/topic/361612-exchange-and-source-ip/

    As per the comment from rbarrick on the above article, I also found the same problem. I had more than one VIP with the same IP and even though they were disabled it would not connect until I deleted the disabled Virtual Servers with the same IP. I had them setup after following this article on Exchange Load balancing so when it came to configuring DSR I had multiple VIP's with the same IP. Deleting them or changing the IP they use is the only solution. Hope this saves someone some head scratching.