Настройка Citrix ADC VPX Load Balancer для MS Exchange 2016\2019

Подсеть пользовательского доступа 192.168.0.0/24
UA — 192.168.0.0/24
CX-LB-VIP — 192.168.0.100/24, mail.specnix.ru

Подсеть почтовых серверов 192.168.100.32/27
CX-LB-SNIP — 192.168.100.34
ESMB01 — 192.168.100.36
ESMB02 — 192.168.100.37

1. НАСТРОЙКА БАЛАНСИРОВКИ HTTP(SSL) ТРАФИКА
1.1 Загрузить pfx сертификат на кластер Citrix ADC с именем сертификата mse_lb_cx_md (в данной статье не рассматривается)
1.2 Добавить сервера для распределения нагрузки

add ns ip 192.168.100.34 255.255.255.0 -type SNIP
add server esmb01 192.168.100.36
add server esmb02 192.168.100.37

add ns ip 192.168.100.34 255.255.255.0 -type SNIP

add server esmb01 192.168.100.36

add server esmb02 192.168.100.37

1.3 Добавить Service Group и связать с серверами для распределения нагрузки

add serviceGroup  lb-sg_ssl     ssl
add serviceGroup  lb-sg_ssl_oab ssl
bind serviceGroup lb-sg_ssl     esmb01 443
bind serviceGroup lb-sg_ssl     esmb02 443
bind serviceGroup lb-sg_ssl_oab	esmb01 443
bind serviceGroup lb-sg_ssl_oab	esmb02 443

add serviceGroup lb-sg_ssl ssl

add serviceGroup lb-sg_ssl_oab ssl

bind serviceGroup lb-sg_ssl esmb01 443

bind serviceGroup lb-sg_ssl esmb02 443

bind serviceGroup lb-sg_ssl_oab esmb01 443

bind serviceGroup lb-sg_ssl_oab esmb02 443

1.4 Добавить Virtual Server и связать с Service Group

add lb vserver lb_vserver_owa  SSL 0.0.0.0 0 -timeout 30 -lbMethod LEASTCONNECTION -cltTimeout 30 -persistenceType COOKIEINSERT
add lb vserver lb_vserver_ews  SSL 0.0.0.0 0 -timeout 30 -lbMethod LEASTCONNECTION -cltTimeout 30
add lb vserver lb_vserver_mapi SSL 0.0.0.0 0 -timeout 30 -lbMethod LEASTCONNECTION -cltTimeout 30
add lb vserver lb_vserver_ecp  SSL 0.0.0.0 0 -timeout 30 -lbMethod LEASTCONNECTION -cltTimeout 30 -persistenceType COOKIEINSERT
add lb vserver lb_vserver_rpc  SSL 0.0.0.0 0 -timeout 30 -lbMethod LEASTCONNECTION -persistenceType SOURCEIP
add lb vserver lb_vserver_autodiscover SSL 0.0.0.0 0 -persistenceType SOURCEIP -lbMethod LEASTCONNECTION -timeout 30
add lb vserver lb_vserver_activesync SSL  0.0.0.0 0 -persistenceType RULE -timeout 30 -lbMethod LEASTCONNECTION -rule "HTTP.REQ.HEADER(\"Authorization\")" -cltTimeout 30
add lb vserver lb_vserver_oab  SSL 0.0.0.0 0 -persistenceType NONE
bind lb vserver lb_vserver_owa  lb-sg_ssl
bind lb vserver lb_vserver_ews  lb-sg_ssl
bind lb vserver lb_vserver_mapi lb-sg_ssl
bind lb vserver lb_vserver_ecp  lb-sg_ssl
bind lb vserver lb_vserver_rpc  lb-sg_ssl
bind lb vserver lb_vserver_oab  lb-sg_ssl_oab
bind lb vserver lb_vserver_autodiscover lb-sg_ssl
bind lb vserver lb_vserver_activesync  lb-sg_ssl

add lb vserver lb_vserver_owa SSL 0.0.0.0 0 -timeout 30 -lbMethod LEASTCONNECTION -cltTimeout 30 -persistenceType COOKIEINSERT

add lb vserver lb_vserver_ews SSL 0.0.0.0 0 -timeout 30 -lbMethod LEASTCONNECTION -cltTimeout 30

add lb vserver lb_vserver_mapi SSL 0.0.0.0 0 -timeout 30 -lbMethod LEASTCONNECTION -cltTimeout 30

add lb vserver lb_vserver_ecp SSL 0.0.0.0 0 -timeout 30 -lbMethod LEASTCONNECTION -cltTimeout 30 -persistenceType COOKIEINSERT

add lb vserver lb_vserver_rpc SSL 0.0.0.0 0 -timeout 30 -lbMethod LEASTCONNECTION -persistenceType SOURCEIP

add lb vserver lb_vserver_autodiscover SSL 0.0.0.0 0 -persistenceType SOURCEIP -lbMethod LEASTCONNECTION -timeout 30

add lb vserver lb_vserver_activesync SSL 0.0.0.0 0 -persistenceType RULE -timeout 30 -lbMethod LEASTCONNECTION -rule "HTTP.REQ.HEADER(\"Authorization\")" -cltTimeout 30

add lb vserver lb_vserver_oab SSL 0.0.0.0 0 -persistenceType NONE

bind lb vserver lb_vserver_owa lb-sg_ssl

bind lb vserver lb_vserver_ews lb-sg_ssl

bind lb vserver lb_vserver_mapi lb-sg_ssl

bind lb vserver lb_vserver_ecp lb-sg_ssl

bind lb vserver lb_vserver_rpc lb-sg_ssl

bind lb vserver lb_vserver_oab lb-sg_ssl_oab

bind lb vserver lb_vserver_autodiscover lb-sg_ssl

bind lb vserver lb_vserver_activesync lb-sg_ssl

1.5 Назначить сертификаты

bind ssl vserver lb_vserver_owa  -certkeyName mse_lb_cx_md
bind ssl vserver lb_vserver_ews  -certkeyName mse_lb_cx_md
bind ssl vserver lb_vserver_mapi -certkeyName mse_lb_cx_md
bind ssl vserver lb_vserver_ecp  -certkeyName mse_lb_cx_md
bind ssl vserver lb_vserver_rpc  -certkeyName mse_lb_cx_md
bind ssl vserver lb_vserver_oab  -certkeyName mse_lb_cx_md
bind ssl vserver lb_vserver_autodiscover -certkeyName mse_lb_cx_md
bind ssl vserver lb_vserver_activesync  -certkeyName mse_lb_cx_md

bind ssl vserver lb_vserver_owa -certkeyName mse_lb_cx_md

bind ssl vserver lb_vserver_ews -certkeyName mse_lb_cx_md

bind ssl vserver lb_vserver_mapi -certkeyName mse_lb_cx_md

bind ssl vserver lb_vserver_ecp -certkeyName mse_lb_cx_md

bind ssl vserver lb_vserver_rpc -certkeyName mse_lb_cx_md

bind ssl vserver lb_vserver_oab -certkeyName mse_lb_cx_md

bind ssl vserver lb_vserver_autodiscover -certkeyName mse_lb_cx_md

bind ssl vserver lb_vserver_activesync -certkeyName mse_lb_cx_md

1.6 Добавить Content Switching с указанием VIP-адреса

add cs vserver vserver_cs SSL 192.168.0.100 443 -cltTimeout 30 -caseSensitive OFF -comment "MS Exchange over HTTP"
bind ssl vserver vserver_cs -certkeyName mse_lb_cx_md

add cs action cs_action_owa  -targetLBVserver lb_vserver_owa
add cs action cs_action_ews  -targetLBVserver lb_vserver_ews
add cs action cs_action_mapi -targetLBVserver lb_vserver_mapi
add cs action cs_action_ecp  -targetLBVserver lb_vserver_ecp
add cs action cs_action_rpc  -targetLBVserver lb_vserver_rpc
add cs action cs_action_oab  -targetLBVserver lb_vserver_oab
add cs action cs_action_oautodiscover -targetLBVserver lb_vserver_autodiscover
add cs action cs_action_activesync   -targetLBVserver lb_vserver_activesync

add cs policy cs_policy_owa  -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/owa\")" -action cs_action_owa
add cs policy cs_policy_ews  -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/ews\")" -action cs_action_ews
add cs policy cs_policy_mapi -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/mapi\")" -action cs_action_mapi
add cs policy cs_policy_ecp  -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/ecp\")" -action cs_action_ecp
add cs policy cs_policy_rpc  -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/rpc\")" -action cs_action_rpc
add cs policy cs_policy_oab -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/oab\")" -action cs_action_oab
add cs policy cs_policy_autodiscover -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/autodiscover\")" -action cs_action_oautodiscover
add cs policy cs_policy_activesync -rule 'HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/Microsoft-Server-ActiveSync")' -action cs_action_activesync
#OWA Fix https://support.citrix.com/article/CTX209060

bind cs vserver vserver_cs -policyName  cs_policy_owa -priority 100
bind cs vserver vserver_cs -policyName  cs_policy_ews -priority 110
bind cs vserver vserver_cs -policyName  cs_policy_mapi -priority 150
bind cs vserver vserver_cs -policyName  cs_policy_ecp -priority 170
bind cs vserver vserver_cs -policyName  cs_policy_rpc -priority 160
bind cs vserver vserver_cs -policyName  cs_policy_oab -priority 140
bind cs vserver vserver_cs -policyName  cs_policy_autodiscover -priority 120
bind cs vserver vserver_cs -policyName  cs_policy_activesync -priority 130
	
bind cs vserver vserver_cs -lbvserver lb_vserver_owa
bind cs vserver vserver_cs -lbvserver lb_vserver_ews
bind cs vserver vserver_cs -lbvserver lb_vserver_mapi
bind cs vserver vserver_cs -lbvserver lb_vserver_ecp
bind cs vserver vserver_cs -lbvserver lb_vserver_rpc
bind cs vserver vserver_cs -lbvserver lb_vserver_oab
bind cs vserver vserver_cs -lbvserver lb_vserver_autodiscover
bind cs vserver vserver_cs -lbvserver lb_vserver_activesync

add cs vserver vserver_cs SSL 192.168.0.100 443 -cltTimeout 30 -caseSensitive OFF -comment "MS Exchange over HTTP"

bind ssl vserver vserver_cs -certkeyName mse_lb_cx_md

add cs action cs_action_owa -targetLBVserver lb_vserver_owa

add cs action cs_action_ews -targetLBVserver lb_vserver_ews

add cs action cs_action_mapi -targetLBVserver lb_vserver_mapi

add cs action cs_action_ecp -targetLBVserver lb_vserver_ecp

add cs action cs_action_rpc -targetLBVserver lb_vserver_rpc

add cs action cs_action_oab -targetLBVserver lb_vserver_oab

add cs action cs_action_oautodiscover -targetLBVserver lb_vserver_autodiscover

add cs action cs_action_activesync -targetLBVserver lb_vserver_activesync

add cs policy cs_policy_owa -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/owa\")" -action cs_action_owa

add cs policy cs_policy_ews -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/ews\")" -action cs_action_ews

add cs policy cs_policy_mapi -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/mapi\")" -action cs_action_mapi

add cs policy cs_policy_ecp -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/ecp\")" -action cs_action_ecp

add cs policy cs_policy_rpc -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/rpc\")" -action cs_action_rpc

add cs policy cs_policy_oab -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/oab\")" -action cs_action_oab

add cs policy cs_policy_autodiscover -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"/autodiscover\")" -action cs_action_oautodiscover

add cs policy cs_policy_activesync -rule 'HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/Microsoft-Server-ActiveSync")' -action cs_action_activesync

#OWA Fix https://support.citrix.com/article/CTX209060

bind cs vserver vserver_cs -policyName cs_policy_owa -priority 100

bind cs vserver vserver_cs -policyName cs_policy_ews -priority 110

bind cs vserver vserver_cs -policyName cs_policy_mapi -priority 150

bind cs vserver vserver_cs -policyName cs_policy_ecp -priority 170

bind cs vserver vserver_cs -policyName cs_policy_rpc -priority 160

bind cs vserver vserver_cs -policyName cs_policy_oab -priority 140

bind cs vserver vserver_cs -policyName cs_policy_autodiscover -priority 120

bind cs vserver vserver_cs -policyName cs_policy_activesync -priority 130

bind cs vserver vserver_cs -lbvserver lb_vserver_owa

bind cs vserver vserver_cs -lbvserver lb_vserver_ews

bind cs vserver vserver_cs -lbvserver lb_vserver_mapi

bind cs vserver vserver_cs -lbvserver lb_vserver_ecp

bind cs vserver vserver_cs -lbvserver lb_vserver_rpc

bind cs vserver vserver_cs -lbvserver lb_vserver_oab

bind cs vserver vserver_cs -lbvserver lb_vserver_autodiscover

bind cs vserver vserver_cs -lbvserver lb_vserver_activesync

1.7 Добавить Monitors

add lb monitor lb-mon_owa HTTP-ECV -send "GET /owa/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES
add lb monitor lb-mon_ecp HTTP-ECV -send "GET /ecp/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES
add lb monitor lb-mon_ews HTTP-ECV -send "GET /ews/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES
add lb monitor lb-mon_mapi HTTP-ECV -send "GET /mapi/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES
add lb monitor lb-mon_rpc HTTP-ECV -send "GET /rpc/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES
add lb monitor lb-mon_oab HTTP-ECV -send "GET /oab/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES
add lb monitor lb-mon_autodiscover HTTP-ECV -send "GET /Autodiscover/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES
add lb monitor lb-mon_activesync HTTP-ECV -send "GET /Microsoft-Server-ActiveSync/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

bind serviceGroup lb-sg_ssl -monitorName lb-mon_owa
bind serviceGroup lb-sg_ssl -monitorName lb-mon_ews
bind serviceGroup lb-sg_ssl -monitorName lb-mon_mapi
bind serviceGroup lb-sg_ssl -monitorName lb-mon_ecp
bind serviceGroup lb-sg_ssl -monitorName lb-mon_rpc
bind serviceGroup lb-sg_ssl_oab -monitorName lb-mon_oab
bind serviceGroup lb-sg_ssl -monitorName lb-mon_activesync
bind serviceGroup lb-sg_ssl -monitorName lb-mon_autodiscover

add lb monitor lb-mon_owa HTTP-ECV -send "GET /owa/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

add lb monitor lb-mon_ecp HTTP-ECV -send "GET /ecp/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

add lb monitor lb-mon_ews HTTP-ECV -send "GET /ews/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

add lb monitor lb-mon_mapi HTTP-ECV -send "GET /mapi/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

add lb monitor lb-mon_rpc HTTP-ECV -send "GET /rpc/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

add lb monitor lb-mon_oab HTTP-ECV -send "GET /oab/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

add lb monitor lb-mon_autodiscover HTTP-ECV -send "GET /Autodiscover/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

add lb monitor lb-mon_activesync HTTP-ECV -send "GET /Microsoft-Server-ActiveSync/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

bind serviceGroup lb-sg_ssl -monitorName lb-mon_owa

bind serviceGroup lb-sg_ssl -monitorName lb-mon_ews

bind serviceGroup lb-sg_ssl -monitorName lb-mon_mapi

bind serviceGroup lb-sg_ssl -monitorName lb-mon_ecp

bind serviceGroup lb-sg_ssl -monitorName lb-mon_rpc

bind serviceGroup lb-sg_ssl_oab -monitorName lb-mon_oab

bind serviceGroup lb-sg_ssl -monitorName lb-mon_activesync

bind serviceGroup lb-sg_ssl -monitorName lb-mon_autodiscover

2. НАСТРОЙКА БАЛАНСИРОВКИ SMTP
3.1 Настроить Citrix балансировки входящего SMTP трафика

add serviceGroup lb-sg_smtp tcp -state ENABLED  -healthMonitor YES -AppflowLog ENABLED
bind serviceGroup lb-sg_smtp esmb01 25
bind serviceGroup lb-sg_smtp esmb02 25
add cs action cs_action_smtp -targetLBVserver lb_vserver_smtp
add lb vserver lb_vserver_smtp TCP 192.168.0.100 25 -persistenceType SOURCEIP -timeout 60 -lbMethod ROUNDROBIN -cltTimeout 30
bind lb vserver lb_vserver_smtp lb-sg_smtp

add serviceGroup lb-sg_smtp tcp -state ENABLED -healthMonitor YES -AppflowLog ENABLED

bind serviceGroup lb-sg_smtp esmb01 25

bind serviceGroup lb-sg_smtp esmb02 25

add cs action cs_action_smtp -targetLBVserver lb_vserver_smtp

add lb vserver lb_vserver_smtp TCP 192.168.0.100 25 -persistenceType SOURCEIP -timeout 60 -lbMethod ROUNDROBIN -cltTimeout 30

bind lb vserver lb_vserver_smtp lb-sg_smtp

2.2 Настроить NAT на Citrix для проксирования исходящего SMTP трафика
Не обязательно прятать за NAT ваши почтовые сервера, в большинстве случаев не требуется

add rnat nat-esmb01 192.168.100.36 255.255.255.255
add rnat nat-esmb02 192.168.100.37 255.255.255.255
bind rnat nat-esmb01 192.168.0.100
bind rnat nat-esmb02 192.168.0.100

add rnat nat-esmb01 192.168.100.36 255.255.255.255

add rnat nat-esmb02 192.168.100.37 255.255.255.255

bind rnat nat-esmb01 192.168.0.100

bind rnat nat-esmb02 192.168.0.100

2.3 На почтовых серверах маршрутизировать трафик через балансировщик

route add 0.0.0.0 MASK 255.255.255.255 192.168.100.34

1	route add 0.0.0.0 MASK 255.255.255.255 192.168.100.34

ПРИМЕЧАНИЕ: route add добавляет временный маршрут

4. НАСТРОЙКА ВИРТУАЛЬНЫХ КАТАЛОГОВ НА СЕРВЕРАХ MS EXCHANGE 2016
Настроить URL на DNS имя LB mail.specnix.ru
4.1 Сменить адрес виртуальных каталогов, ECP и OWA на всех серверах MSE2016 должны быть настроены одинаково

Set-EcpVirtualDirectory -Identity "esmb01\ecp (Default Web Site)" -InternalUrl https://mail.specnix.ru/ecp
Set-EcpVirtualDirectory -Identity "esmb02\ecp (Default Web Site)" -InternalUrl https://mail.specnix.ru/ecp
Set-OwaVirtualDirectory -Identity "esmb01\owa (Default Web Site)" -InternalUrl https://mail.specnix.ru/owa
Set-OwaVirtualDirectory -Identity "esmb02\owa (Default Web Site)" -InternalUrl https://mail.specnix.ru/owa

Set-EcpVirtualDirectory -Identity "esmb01\ecp (Default Web Site)" -InternalUrl https://mail.specnix.ru/ecp

Set-EcpVirtualDirectory -Identity "esmb02\ecp (Default Web Site)" -InternalUrl https://mail.specnix.ru/ecp

Set-OwaVirtualDirectory -Identity "esmb01\owa (Default Web Site)" -InternalUrl https://mail.specnix.ru/owa

Set-OwaVirtualDirectory -Identity "esmb02\owa (Default Web Site)" -InternalUrl https://mail.specnix.ru/owa

4.2 EWS (Get-WebServicesVirtualDirectory)

set-WebServicesVirtualDirectory -Identity "esmb01\EWS (Default Web Site)" -InternalUrl https://mail.specnix.ru/EWS/Exchange.asmx
set-WebServicesVirtualDirectory -Identity "esmb02\EWS (Default Web Site)" -InternalUrl https://mail.specnix.ru/EWS/Exchange.asmx

1 2	set-WebServicesVirtualDirectory -Identity "esmb01\EWS (Default Web Site)" -InternalUrl https://mail.specnix.ru/EWS/Exchange.asmx set-WebServicesVirtualDirectory -Identity "esmb02\EWS (Default Web Site)" -InternalUrl https://mail.specnix.ru/EWS/Exchange.asmx

4.3 MAPI — настройки для подключения Outlook через mail.specnix.ru

Set-MapiVirtualDirectory -Identity "esmb01\mapi (Default Web Site)" -InternalUrl https://mail.specnix.ru/mapi -IISAuthenticationMethods Ntlm,OAuth,Negotiate
Set-MapiVirtualDirectory -Identity "esmb02\mapi (Default Web Site)" -InternalUrl https://mail.specnix.ru/mapi -IISAuthenticationMethods Ntlm,OAuth,Negotiate

Set-MapiVirtualDirectory -Identity "esmb01\mapi (Default Web Site)" -InternalUrl https://mail.specnix.ru/mapi -IISAuthenticationMethods Ntlm,OAuth,Negotiate

Set-MapiVirtualDirectory -Identity "esmb02\mapi (Default Web Site)" -InternalUrl https://mail.specnix.ru/mapi -IISAuthenticationMethods Ntlm,OAuth,Negotiate

4.4 Настроить Outlook Anywhere на CAS MS Exchange 2016\2019

Set-OutlookAnywhere -identity "esmb01\Rpc (Default Web Site)" -InternalHostname mail.specnix.ru -InternalClientsRequireSsl $false -InternalClientAuthenticationMethod NTLM -SSLOffloading $true -IISAuthenticationMethods Ntlm -ExternalClientAuthenticationMethod NTLM
Set-OutlookAnywhere -identity "esmb02\Rpc (Default Web Site)" -InternalHostname mail.specnix.ru -InternalClientsRequireSsl $false -InternalClientAuthenticationMethod NTLM -SSLOffloading $true -IISAuthenticationMethods Ntlm -ExternalClientAuthenticationMethod NTLM

Set-OutlookAnywhere -identity "esmb01\Rpc (Default Web Site)" -InternalHostname mail.specnix.ru -InternalClientsRequireSsl $false -InternalClientAuthenticationMethod NTLM -SSLOffloading $true -IISAuthenticationMethods Ntlm -ExternalClientAuthenticationMethod NTLM

Set-OutlookAnywhere -identity "esmb02\Rpc (Default Web Site)" -InternalHostname mail.specnix.ru -InternalClientsRequireSsl $false -InternalClientAuthenticationMethod NTLM -SSLOffloading $true -IISAuthenticationMethods Ntlm -ExternalClientAuthenticationMethod NTLM

4.5 Настроить CAS
проверить наличие SRV записи
_autodiscover._tcp.specnix.ru -> autodiscover.specnix.ru
autodiscover.specnix.ru — Это альяс mail.specnix.ru

Проверить SRV запись
nslookup -type=srv _autodiscover._tcp.specnix.ru

Set-ClientAccessService -Identity "esmb01" -AutoDiscoverServiceInternalUri "https://autodiscover.specnix.ru/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Default-First-Site-Name"
Set-ClientAccessService -Identity "esmb02" -AutoDiscoverServiceInternalUri "https://autodiscover.specnix.ru/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Default-First-Site-Name"

Set-ClientAccessService -Identity "esmb01" -AutoDiscoverServiceInternalUri "https://autodiscover.specnix.ru/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Default-First-Site-Name"

Set-ClientAccessService -Identity "esmb02" -AutoDiscoverServiceInternalUri "https://autodiscover.specnix.ru/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Default-First-Site-Name"

4.6 Настроить OAB

Set-OABVirtualDirectory -Identity "esmb01\OAB (Default Web Site)" -InternalUrl "https://mail.specnix.ru/OAB"
Set-OABVirtualDirectory -Identity "esmb02\OAB (Default Web Site)" -InternalUrl "https://mail.specnix.ru/OAB"

1 2	Set-OABVirtualDirectory -Identity "esmb01\OAB (Default Web Site)" -InternalUrl "https://mail.specnix.ru/OAB" Set-OABVirtualDirectory -Identity "esmb02\OAB (Default Web Site)" -InternalUrl "https://mail.specnix.ru/OAB"

4.7. После выполнения настроек на серверах ESMB выполнить: iisreset /noforce

citrix, dag, exchange, load balancer

Citrix

Настройка HA LB Citrix ADC

MSE2016/2019 Happy New Year Bug

Пн	Вт	Ср	Чт	Пт	Сб	Вс
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Настройка Citrix ADC VPX Load Balancer для MS Exchange 2016\2019

Добавить комментарий Отменить ответ

Рубрики

Свежие записи

Метки

Свежие комментарии

Архивы