Load-balancing Exchange 2013 on Citrix Netscaler

So I’ve gotten this questions lot the last couple of days, and I see it on the search terms statistics on the blog. So it is possible to load balance Exchange 2013 on Netscaler? Yes!
Now Microsoft usually has a list of “certified” load balancers that can be used on Exchange, but there still hasn’t been made one for Exchange 2013.
You can see the one for Exchange 2010 here à

now the problem with load balancing Exchange 2010 on a HLB (Hardware Load Balancer) was that you need to do it on L7 and using persistency why? because of the way that Exchange 2010 operated was that when a user
connected to OWA or other Exchange protocols, it was bound to that particular CAS server for the time of the connection. (Since the CAS rendered the mailbox, and if the connection moved to another CAS the user would need to reauthenticate)
You can see the old documentation for Exchange 2010 and Netscaler here à

With Exchange 2013 the roles and how it functions have changed. First of we only have two roles. We have the Mailbox and the Client Access Server role. The CAS role now only acts like a proxy, which allows for communication to a mailbox server and does the logic with protocol redirect.
These changes makes it easier to setup load balancing for now we have the option to load balance on L4 and are not dependent on using session persistency (Where we just need to define a VIP, SNIP, and a service. (+ Maybe a certificate for SSL offload purposes.)
You can read more about it here à

Here are the different protocols used in Exchange 2013

Port 443: Autodiscover (AS) Exchange ActiveSync (EAS) Exchange Control Panel (ECP) Offline Address Book (OAB) Outlook Anywhere (OA) Outlook Web App (OWA)
Port 110 and 995 (POP3)
Port 143 and 993 (IMAP)

A note thou: SSL offloading is not supported on Exchange 2013 Yet…

Citrix does not have a wizard, which you can go through to set this up, so you need to fill in all the blanks yourself J

here is simple setup for load balancing OWA in Netscaler VPX.

First I define which servers I need to add to the list,

Create a service (In my case I have OWA setup on port 80 (not recommended thou) and bind a monitor to it.

Then I create a virtual server and attack the server I added first to setup load balancing.

And voila!

Now If I needed to setup Netscaler for other Exchange Services such as ActiveSync, SMTP, and so on I would need to use Content Switching to redirect the user to the correct endpoint on the server.
Instead of having one virtual server for each service.

Now this setup also applies for using SSL offload (when this is supported) just add a public certificate and choose port 443 in the virtual service.

Leave a Reply

Scroll to Top