New to Haproxy and linux. We have 2 Haproxy VMs load balancing an Exchange 2019 DAG group consisting of 2 Exchange servers.
Recently we tried to put the passive Exchange server into maintenance mode to patch reboot etc. The active Exchange server was able to take email internally as well as send to external clients. The problem is that we were not able to receive from external senders. Both proxy VMs are configured for round robin. Is there a is there a section or a command in the front or back end configuration that is needed when one of the Exchange servers is down for maintenance?
Thanks.
While the passive Exchange server in the DAG is going into maintenance is it necessary to change the Back End sections to rem out the lines that have the passive server’s name and IP address?
How do you health check the SMTP connector ?
Exchange provides urls for health checking client access / DAG but not SMTP.
Did all inbound mail stop or just some ? I would think that some would still come in even if one node is down in the cluster…
Here is the config for the SMTP connector (generic names and IPs):
backend bk_exchange_SMTP
mode tcp
server Exchange01 1.2.3.20:25 maxconn 10000 check
server Exchange 1.2.3.23:25 maxconn 10000 check backup
It looks like all inbound mail from the internet stopped. Outgoing to the internet was working and internal mailbox to mailbox was working.
Noticed that in the general section the command balance is blank: #---------------------------------------------------------------------
When we do maintenance on an Exchange server in a DAG group, would it be enough to REM out the lines that refer to the server we are working on? Probably be a good idea to do it for both internal and external LBs. Or, is there command or other best practice to accomplish this?
Just checking into the group. Has anyone had any experience with Exchange DAG not being able to receive external traffic when the passive node is placed into maintenance mode? If this has something to do with the HAProxy VMs how would we we test to be sure? Thanks.
We’re using roundrobin balancing with HAProxy for Exchange SMTP with no issues; don’t think that’s the problem.
Side note: you mention you’re using two HAProxy VMs; I presume the IP address for client connections to Exchange is configured with keepalived to automatically failover if one NLB node goes down?
Anyway, you don’t appear to have defined an SMTP check, so HAProxy isn’t detecting the absence of the node which has been placed into maintenance mode. Speaking of which, do you have a particular reason for defining one of the nodes as a backup wrt SMTP traffic? The DAG should transparently route incoming messages to whichever cluster member has the active database, so you can use either node interchangeably and actually balance load. It’s kind of meaningless to define any kind of balance method if you only have two servers and one is defined as a backup; there’ll be no traffic sent to the backup server unless all non-backup servers are down.
For SMTP in HAProxy, not sure if there’s much point in defining a separate frontend/backend as you have to run in tcp mode and can’t do SSL termination. You could pull your SMTP config into a single “listen” directive instead:
listen exchange_SMTP
mode tcp
bind 10.2.3.20:25 # (target client IP for Exchange)
balance roundrobin
option tcplog
option smtpchk HELO exchange.dom.ain
server Exchange01 1.2.3.20:25 check
server Exchange 1.2.3.23:25 check