Load Balancing Exchange 2013 With Citrix NetScaler 11

Today, I am publishing a small guide written and intended to be used as a starting point for Load Balancing Microsoft Exchange 2013 via Citrix NetScaler 11 Build 64.34 and newer with the following expectations:

  • Provide Load Balancing (LB) to all Exchange services.
  • Provide ActiveSync Kerberos Constrained Delegation to function with iPhone, iPad (iOS Configuration Utility or AirWatch), Android (TouchDown Mail Client or AirWatch), or Windows Phone (AirWatch).
  • Provide service monitors that are in line with Microsoft best practices.
  • Provide all Exchange services via Content Switching Services (CSS) to only use one IP address.
  • Utilize responder and rewrite policies and actions to automatically redirect unsecured and root URL connections.
  • All communication from the client through to the Exchange 2013 servers will be secured.

I hope that this will be a help to the Citrix NetScaler community as a whole.  Thanks go to Rafyel G. Brooks who published a guide back in 2014 on how to deploy ActiveSync with KCD.  This guide resolves some issues with the configuration with the new NetScalers and expands on it to encompass the entire Exchange 2013 Load Balancing scenario.

Here It Is: NS11-Exchange2013-KCD-ActiveSync-Deployment

Please Enjoy!

6 thoughts on “Load Balancing Exchange 2013 With Citrix NetScaler 11

  1. Hi Ted,
    I’m having an extremely difficult issue with NS 10.5.58 and the VIP for lb rpc on exchange 2013. If the vip goes down for any amount of time, all outlook clients disconnect, and the burst traffic from outlook clients sporadically causes a 100% cpu issue (w3wp rpc app pools) on all 3 dag nodes (mbx/cas/CU10). No matter what I do it take hours to recover from the problem. I have persistence set to sourceip, to 35 mins, a tcp keep alive profile on the lb, and keep alives set to 30 mins on exchange along with all the best practices for rpc settings on the servers.
    I’m wondering if I need surge protection on the rpc vip?
    The problem is, I make a settings change and sometimes it takes months for the problem to occur again. I would appreciate any guidance, thanks,
    Zach

        1. I never received the NSCONFIG to look into it. If you can send me a diagnostics file and/or a config I will be happy to take a look.

  2. Hi, Ted!

    This is a fantastic guide – I wish i’d have found it sooner! I was one of the poor sods who had to cobble together the build from Microsoft/Citrix guides (such that they are) and random blog posts. This has been a great sanity check for my config, though, so I’m super glad to have found it!

    One question: I noticed that on your Activesync service, you set compression to “No.” Any particular reason for that? I’ve been working a lot with our Exchange guys in migrating our front-end off F5 to NetScaler, and so I’ve been searching for any/all tweaks, fixes, and optimizations that make sense. I’d love to hear any specific thoughts or pearls of wisdom on this. 🙂

    Thanks again for your work!

    1. John,

      Thanks! I am glad to have helped! Regarding the ActiveSync, it is my understanding that compression is enabled by default on the Virtual Directory, so compression is not really going to help much. You are probably better off optimizing traffic with Nagle’s Algorithm, SACK, and Window Scaling. That said, I don’t think it should hurt to compress it — if you do give it a try, let me know!

      Ted

Leave a Reply

Your email address will not be published. Required fields are marked *