Alan's sysadmin Blog

Working smarter not harder

Exchange 2010 NLB and remote Subnets

Posted by Alan McBurney on June 14, 2011

While configuring an Exchange 2010 NLB I had no choice but to publish direct access to the Exchange servers from the Internet instead of using my preferred method of directing all traffic through a TMG\ISA server.

Consequently access to the published NLB wouldn’t resolve properly from external locations. All traffic on the local LAN was fine although traffic originating from outside the local subnet was dropped and no response was received by clients.

The servers were configured with dual NIC’s with a dedicated NIC on each host being assigned for NLB traffic. As the NLB NIC only has an IP and Subnet entered I suspected that the lack of default gateway to be the issue.

I changed the Firewall rules to point to an individual servers Public NIC then everything was fine although this bypassed the NLB and as such wasnt really of much use to me.

As of Windows 2008 R2 all networking uses “Strong Host Model” whereby traffic can only exit from the interface that it entered on.

A resolution for this was to allow forwarding of traffic from the NLB NIC to the public NIC via the following command.

netsh int ipv4 set int “[Name of NLB NIC]” forwarding=enabled


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: