>From within VMware the default network configuration will allow for NLB. If you've made changes then you may run into a problem.
Configuration tab > Networking Pick a switch > Properties edit vSwitch > Security Default should be Promiscuous - Reject MAC Address Changes - Accept Forged Transmits - Accept Some security docs suggest you change the last two to Reject will will 'break' MS NLB at the guest level. We found out when we made these changes in one of our environments. Steven Peck http://www.blkmtn.org On Mon, Feb 28, 2011 at 1:26 PM, Mayo, Bill <[email protected]> wrote: > That looks helpful. Thanks, Michael! > > > > *From:* Michael B. Smith [mailto:[email protected]] > *Sent:* Monday, February 28, 2011 4:13 PM > > *To:* NT System Admin Issues > *Subject:* RE: Windows 2008 R2 NLB > > > > There is probably a simple howTO out there for this, but this is an excerpt > from a High-Availability Exchange class I teach, that gives the “500 foot > view” of how to set this up, granted it’s based on Hyper-V. It should be > enough to get you going: > > > > Configuration Documentation > > All servers running Server 2008 R2 Enterprise (evaluation) > > Exchange 2010 RTM + UR3 (evaluation) > > CAS+HT installed on Mail01, Mail02 > > MB installed on MBX01, MBX02 > > No UM, no Edge > > No Internet > > AD01 172.16.3.5 > > Mail01 172.16.3.10 > > Mail02 172.16.3.15 > > MBX01 172.16.3.20 > > MBX02 172.16.3.25 > > mail.smithcons.com 172.16.30.30 > > TEC-DAG 172.16.3.100 > > Domain Setup > > Boot AD01 > > Add mail.smithcons.com to DNS on AD01 – 172.16.30.30 > > NLB Preparation > > Add new NIC to Mail01, Mail02 > > Mark all NICs on Mail01, Mail02 for MAC Spoofing > > Boot Mail01, Mail02 > > Verify that all “Automatic” services have started on > Mail01, Mail02 > > Install NLB Cluster > > Add NLB Feature > > Configure NICs: > > Mail01 – 172.16.30.10 > > Mail02 – 172.16.30.15 > > No gateway, no DNS, no WINS > > Rename lower-numbered Local Area Connection (LAC) to > CorporateNetwork > > Rename other LAC to NLBNetwork > > Update binding order to put CorporateNetwork first > > Create NLB cluster on Mail01 > > Use NLB network > > 172.16.30.30 > > mail.smithcons.com > > Allow cluster to converge > > Add Mail02 to cluster > > Allow cluster to converge > > …resolve inevitable issues > > Test NLB Cluster > > https://mail01/owa > > https://mail02/owa > > https://mail.smithcons.com/owa > > Drainstop both servers, illustrate cluster no longer works, > individuals do > > Resume servers > > Configure NLB for HT > > Discuss round-robin vs. NLB for HT > > Discuss issue with doing LB of internal SMTP > > On the Default receive connector on each HT, change to use CorporateNetwork > IP and the non-load-balanced IP from the NLBNetwork > > Create a new receive connector on each HT, for the load-balanced IP as > Custom, port 25 > > Set Permission Groups for each new receive connector to “Anonymous Users” > > Remove Anonymous Users from the Default receive connector on each HT > > Mark that the new receive connectors can relay email to any internal user: > > Get-ReceiveConnector “Incoming SMTP NLB” | > > Add-AdPermission –user “NT > Authority\Anonymous Logon” > > -ExtendedRights > ms-Exch-SMTP-Accept-Any-Recipient > > Remove the default IP port configuration from the cluster and add port 25 > and optionally 587 > > Show that it works (drainstop, etc.etc.) > > Configure NLB for CAS > > Add ports 80, 443, 110, 143 > > Import SSL certificate using Certificates MMC > > Get-ExchangeCertificate to obtain thumbprint > > Enable-ExchangeCertificate –thumb ### -Services IIS, SMTP > > Set-OutlookProvider EXPR –CertPrincipalName ‘msstd:*. > smithcons.com’ > > Restart-Service MSExchangeTransport > > Iisreset /noforce > > Configure profile for Outlook 2007 on AD01; illustrate > > > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Mayo, Bill [mailto:[email protected]] > *Sent:* Monday, February 28, 2011 2:35 PM > *To:* NT System Admin Issues > *Subject:* Windows 2008 R2 NLB > > > > I am trying to setup an NLB cluster in Windows Server 2008 R2 and having > some difficulties. I am trying to use the same methodology that I have > before with Windows 2003, without success. It appears that there are > several changes in 2008 that affect NLB. I am using 2 NICs that are on > different subnets, the second of which does not have a gateway. The second > NIC is the one that has the NLB attached. I have found info on turning on > forwarding but that did not resolve it. > > > > It looks like you can actually setup an NLB in 2008 with only one NIC, and > I even found an article where the person was putting both NICs on the same > subnet, which I thought was a no-no. Basically, what I need is some > information on best practices regarding how to setup each NIC (same or > different subnet, gateway or not, which NIC to use to create the NLB). > > > > Bill Mayo > > > > P.S. I am also working in vSphere, which I understand adds some issues with > unicast, but I think if I can figure out the correct way to setup the NICs I > can handle that. If anyone has any all-in-one info on 2008 R2 NLB in > vSphere, that would be even better. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
