One of the major changes in Exchange 2013 is the concept of Managed Availability. I wont go too deep into it, but it is the ability of Exchange 2013 to monitor itself, detect problems and attempt to resolve them. One of the added bonuses of this, is that Managed Availability then knows when a particular application is working and able to serve data. One of these specific instances where we can use it with third party tools is with hardware based load balancers.
One of the jobs of the hardware load balancer is to detect the health of the server that it is load balancing, something that Managed Availability is already doing itself! Hardware load balancers can detect the health through a variety of different ways. The basic is ping, which just checks if the host is responding to ping. The obvious problem here is that the host could be up, but none of the services! The next would be to check if a port is accessible. Here you configure the load balancer to check if say port 443 is alive. This is better than ping, but doesn’t check if the application is actually working behind the scenes, just that it can telnet to 443. We can use Managed Availability with our hardware load balancer to check if the application itself is actually healthy.
How do we do that? Say we want a HLB to check if OWA is healthy on a server. The normal http path would be https://servername/owa right? Well, if you navigate to https://servername/owa/healthcheck.htm, you will get a page generated on the stop indicating if OWA is working on that server.
For example, say we have two Exchange 2013 servers:
PHDC-SOAE13CAS1 – 10.220.10.3
PHDC-SOAE13CAS2 – 10.220.10.4
And we want to publish OWA through a HLB to email.company.com at ip address 10.220.10.1
If we navigate to https://PHDC-SOAE13CAS1/owa/healthcheck.htm on this server with working OWA, we get the following page:
Not a lot too it, but essentially its returning a 200 OK message indicating the service is working. If the service was not working, this page would not generate. So we can have our HLB check to see if it gets a 200 OK response from a particular server.
We want to configure these in our load balancer for services such as OWA, Activesync, Outlook Anywhere etc. So, we will configure Exchange 2013 using Citrix’s Netscaler in this example. The configuration will be similar for other HLB, but we’ll go through the steps here.
On the Netscaler go to Load Balancing->Monitors and click add to create a new monitor. Here, we will create a custom monitor for the Netscaler, so that it can poll that web page. Name the monitor MONITOR-EXCHANGE2013_OWA and set the type to HTTP-ECV. Ensure to select the Secure check box at the bottom as this will be over SSL. Leave the other options default:
Next, click on the Special Parameters tab. In the Send String box enter in GET /owa/healthcheck.htm. In the Receive String box, enter in 200 OK:
Click create to save, and navigate over to Load Balancing –>Service Groups
Add a new Service Group, and name it Exchange2013-OWA and set the protocol to SSL. Enter in the IP addresses of your CAS servers, and set their ports to 443
Next, click on the Monitors tab. Find the Monitor_Exchange2013_OWA monitor we created above and add it to the configured Monitors selection
Click on the SSL Settings tab and select the SSL certificate that you will use to publish the Netscaler service to the internet. I have a preloaded one named Lab-2013 that I will be using:
Click Create to save the Service Group.
If we check, our service group should be reporting up, that’s good, it means our monitor is working!
Next lets go to Load Balancing->Virtual Servers
Create a new Virtual Server and name it Exchange2013_OWA, Set the Protocol to SSL, and assign it an IP, in our case 10.220.10.1. Leave the SSL Port at 443.
Select the Service Groups tab and select the service group Exchange2013-OWA we created earlier:
Then click on the SSL Settings tab and select the same certificate as you did on the service group, in our case Lab-2013:
Click Create to save the virtual server.
Next, make sure your DNS address is pointing to the IP address of the virtual server and lets try to login:
There we go! There is are OWA page! But, the question is how do we test that our monitor is working. That’s easy. On PHDC-SOACAS2, lets go into IIS Manager and stop the MsExchangeOWAAppPool:
If we check our Netscaler, we see that one of the servers is now being reported as down:
If we try to telnet to that server on port 443:
We can see it works fine:
I know it doesn’t show much, but it shows that the server is still listening on port 443. This also proves that using Managed Availability for your HLB is much better. Here, the standard checks would have said the server was working fine, sent user requests to it, but in fact OWA isn’t working. But since we are using Managed Availability, we are passing that knowledge on an application layer to our HLB.
If we try to go back to OWA:
The HLB sees that one server is down, and runs everything to the server that’s still up. But, if both servers have their application pools stopped:
We get a HTTP Error, The Service is unavailable:
This works for all of the Exchange web services. So that means you can create separate monitors just be appending healthcheck.htm at the end of the URL. So for ActiveSync its https://servername/Microsoft-Server-ActiveSync/healthcheck.htm. The only one that has a stipulation is OWA, which requires Forms Based Authentication to be enabled for it to provide a HealthCheck.htm page.
I hoped you have found this helpful, and hopefully it will save you some configuration steps (and some uptime!) on your hardware load balancer