Hello All... Continuing my deploy tests and internal documentations, i'm now facing trouble regarding seting up a CAS Array (NLB Based) through a Wan IP Sec... Configurations have been done based on following thread : http://social.technet.microsoft.com/Forums/en-US/exchangesvrdeploy/thread/4f19cdff-27a2-4ef4-bcbe-826b1565c948 I'll post the configuration resumee : Site A : 10.10.x.x (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251 (AD is on this Site) Site B : 192.168.44.x (255.255.255.0) - GW : 192.168.44.254 - DNS : 192.168.44.253/254 Both Sites are linked via a VPN Ipsec Connection. ExchCas1 : LAN (MAPI) : 192.168.44.111 (255.255.255.0) - GW : 192.168.44.254 - DNS : 10.10.11.250/251 CAS (Replication) : 192.168.49.10 (255.255.255.0) ExchCas2 : LAN (MAPI) : 10.10.20.1 (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251 CAS (Replication) : 192.168.50.10 (255.255.255.0) I've added connectivity between the two nodes : ExchCas1 : netsh interface ipv4 add route 192.168.50.0/24 "CAS" 192.168.49.254 ExchCas2 : netsh interface ipv4 add route 192.168.49.0/24 "CAS" 192.168.50.254 Both servers have been correctly added to AD domain that is stretched to both Datacenters... All server NIC's ping correctly.. I Installed CAS Role Correclty on both nodes... No problem up to there.. I then go to NLB installation and that's where i suppose i stard having trouble : Cluster properties are following : Cluster IP : 10.10.20.200 (I think problem resides here... I've read somewhere that the cluster IP which will be used by NLB must be network accessible by clients : Our 10.10 network is the internal public network, but my NLB CAS NIC's are on the 192.168.49/50 networks : A pathping seems in anycase to indicate that it talks to cluster through correct nic : Dtermination de l'itinraire vers exchcasarray.local [10.10.20.200] avec un maximum de 30 sauts : 0 ExchCas1.local [192.168.49.10] 1 exchcasarray.local [10.10.20.200] Traitement des statistiques pendant 25 secondes... Source vers ici Ce noud/lien Saut RTT Perdu/Envoy = % Perdu/Envoy = % Adresse 0 ExchCas1.local [192.168.49.10] 1 0ms 0/ 100 = 0% 0/ 100 = 0% exchcasarray.local [10.10.20.200] Pathping through a network client (10.10.100.90 ie) also works 100 % ok) Cluster Parameters : IP Adress : Same / Mask : 255.255.0.0 / Internet FQDN : exchcasarray.local Network Adress : MAC Adress / Operational Mode : Multicas. Port Rules : Cluster IP : All / Port Range : 0 to 65535 / Proto : Both (UDP / TCP) / Filter Mode : Multiple Hosts checked, with Unique Affinity When i add my two nodes lets say from Node 1 : Exchcas1, During adding session i see both nodes affected to cluster.. If I close NLB Manager, and restart it, once connected to cluster, i only see the local Node, and not the distant node in the list... If i try to add ExchCas2 once more, it answers me that the node is already member of the cluster... So Questions are : - Is This NLB one node visualisation normal ? If yes, how do i monitor correct NLB activity ? If no, how do i debug things (Or log things) - Once NLB is setup what is the following step for CAS configuration ?? Thanks by advance for any help or better documentation sights given.. Yours Tdldp

CAS Array include only CAS servers from one AD siteNLB is not designed to work over WAN - it create virtual MAC address and IP to spread them through some network switch ports.Regards, Konrad Sagala, MCT, MCSE+M, MCITP: Exchange 2007/2010

Hello Konrad... Thanks for your return ... 1- No problem with that, we have a unique AD Site stretched between our 2 datacenters (with replication) - On the paper, Cas array can be deployed... 2- Is this 2008 specific ? In my searches i'm often falling on a 2003 tutorial explaining NLB over IPsec Wan deployement (http://support.microsoft.com/kb/820752/en-us) ... Exception made of one chapter (Permit the NLB cluster to accept IPsec traffic - chapter 5), my tests respect this tutorial and i still have symptoms explained... Thanks for returns.. Tdldp

Hello Konrad... Thanks for your return ... 1- No problem with that, we have a unique AD Site stretched between our 2 datacenters (with replication) - On the paper, Cas array can be deployed... 2- Is this 2008 specific ? In my searches i'm often falling on a 2003 tutorial explaining NLB over IPsec Wan deployement (http://support.microsoft.com/kb/820752/en-us) ... Exception made of one chapter (Permit the NLB cluster to accept IPsec traffic - chapter 5), my tests respect this tutorial and i still have symptoms explained... Thanks for returns.. Tdldp

Windows NLB is always used per network/ad site If you are going to use VMware or Hyper-V you can face some issues that should be aware of, but since i don't know if you're going to use it, i'll post the links anyway just to be sure I've saved some forum threads that related to NLB issues using VMware Check these links, make sure you read through them http://blogs.msdn.com/b/brad_hughes/archive/2008/05/05/how-not-to-deploy-client-access-servers.aspx http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/0b84bf09-0570-4564-a438-ff7e5a56643d http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/a20b2bd6-655c-4a16-a318-a62d0d4b4ddd http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/888bf549-ab3d-4f02-98ac-945dce4340c1 http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/b6c7c0eb-ea44-4300-ad10-9e955a7213b4 http://social.technet.microsoft.com/Forums/en/exchangesvravailabilityandisasterrecovery/thread/6277b695-8f18-413d-9be0-deeba2d284ef http://marksmith.netrends.com/Lists/Posts/Post.aspx?ID=71 Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82