@Emalacar wrote:
Hello Everyone!
I had been been testing an HAPROXY configuration with 2 Exchange 2013 servers. Between the documentation and some help from this forum, I was able to get a functional load balancer working for all exchange services. I ran a pilot test with roughly 30 users (Various versions of outlook and ActiveSync on both android and apple devices). Everything went well and I really didn't receive and complaints or issues.
We've gone live with the configuration (full user base is roughly 300 users). While there have been no specific issues, I have noticed that Outlook clients intermittently take a bit to connect as well as pulling up things like shared calendars.
Everything on the Exchange side checks out. The only thing I've noticed is that (as the title says) There are a high number of connection resets during transfers. I feel like the volume of resets isn't normal but I'm not sure what else I can adjust.
I have attached my configuration below, any assistance would be greatly appreciated!
global
log 127.0.0.1 local0 info maxconn 10000 daemon quiet tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECD$ ssl-default-server-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:E$defaults
log global mode http option httplog option dontlognull timeout connect 60000ms timeout client 30000ms timeout server 60000ms timeout check 60000ms stats enable stats hide-version stats show-node stats auth admin:password stats uri /statsfrontend unsecured 1.2.3.4:80
redirect location https://mail.domain.com/owafrontend fe_ex2013
mode http bind *:443 ssl crt /etc/ssl/certs/exchange_certificate acl autodiscover url_beg /Autodiscover acl mapi url_beg /mapi acl rpc url_beg /rpc acl owa url_beg /owa acl eas url_beg /microsoft-server-activesync acl ecp url_beg /ecp acl ews url_beg /ews acl oab url_beg /oab use_backend be_ex2013_autodiscover if autodiscover use_backend be_ex2013_mapi if mapi use_backend be_ex2013_rpc if rpc use_backend be_ex2013_owa if owa use_backend be_ex2013_eas if eas use_backend be_ex2013_ecp if ecp use_backend be_ex2013_ews if ews use_backend be_ex2013_oab if oab default_backend be_ex2013backend be_ex2013_autodiscover
mode http balance leastconn option httpchk GET /autodiscover/healthcheck.htm 0ption log-health-checks http-check expect status 200 server Cas1 10.10.10.31:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt server Cas2 10.10.10.28:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_mapi
mode http balance leastconn option httpchk GET /mapi/healthcheck.htm option log-health-checks http-check expect status 200 server Cas1 10.10.10.31:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt server Cas2 10.10.10.28:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_rpc
mode http balance leastconn option httpchk GET /rpc/healthcheck.htm option log-health-checks http-check expect status 200 server Cas1 10.10.10.31:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt server Cas2 10.10.10.28:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_owa
mode http balance leastconn option httpchk GET /owa/healthcheck.htm option log-health-checks http-check expect status 200 server Cas1 10.10.10.31:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt server Cas2 10.10.10.28:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_eas
mode http balance leastconn option httpchk GET /microsoft-server-activesync/healthcheck.htm option log-health-checks http-check expect status 200 server Cas1 10.10.10.31:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt server Cas2 10.10.10.28:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_ecp
mode http balance leastconn option httpchk GET /ecp/healthcheck.htm option log-health-checks http-check expect status 200 server Cas1 10.10.10.31:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt server Cas2 10.10.10.28:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_ews
mode http balance leastconn option httpchk GET /ews/healthcheck.htm option log-health-checks http-check expect status 200 server Cas1 10.10.10.31:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt server Cas2 10.10.10.28:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013_oab
mode http balance leastconn option httpchk GET /oab/healthcheck.htm option log-health-checks http-check expect status 200 server Cas1 10.10.10.31:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt server Cas2 10.10.10.28:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtbackend be_ex2013
mode http balance leastconn server Cas1 10.10.10.31:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crt server Cas2 10.10.10.28:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-bundle.crtlisten smtp *:25
mode tcp option tcplog balance leastconn server Cas1 10.10.10.31:25 check server Cas2 10.10.10.28:25 check
Posts: 2
Participants: 2