Category: Uncategorized

Kemp Virtual Load Balancer Review

I have had the opportunity to use a Kemp Load Balancer in my lab recently so thought it good to create a review on the product (I have a few more new toys in the lab so expect some reviews for them as well), Kemp Technologies currently have several load balancing solutions available and are a Microsoft Certified partner for both Exchange and Lync, the product I have in my lab is the Hyper V .

Over the next few months I will create a few step by steps on how to use the product (most likely against Lync 2013 as that is what is currently running in my lab), but for now I thought it would summarise the product and my first experiences with it.

Why choose it?

Kemp are highly rated in the world of load balancing and have an active partnership with Microsoft especially around Lync and Exchange, the great thing with Kemp’s load balancers is as well as providing traditional hardware based load balancing devices that we have all come to know and love they also have a virtual machine appliance for both VMWare and Microsoft Hyper-V bringing the cost of the solution down drastically so it is great for those on a tight budget.

I really like the idea that I can have it on my virtual hosts with my Lync servers as it is one less device in the data centre, the only issue I did found is that the licensing system being used is very inflexible as you are unable to move the virtual machine without contacting Kemp to relicense the device (I tried both a manual export and using System Centre 2012 VMM). This restriction might be a shortcoming for the product especially for those in very fluid data centres where you need to be able to move virtual machines quickly and at a whim, as your virtual infrastructure expands and contracts so it is worth bearing this in mind as it might be a sticking point.

Documentation

Kemp have an excellent 40+ page step by step setup guide for getting the product going with Lync 2010 and is very comprehensive and straightforward, in my lab I trialled it between my internet connection and my edge servers as a test and it worked great. In the real world remember that only having a single instance of the product means that in theory it becomes a single point of failure BUT as this is a lab it is not a problem just something to keep in mind when taking the product out in to the real world.

Ease of Use

The product was very easy to use, I got mine up and running in about an hour and using the step by step documentation made this an even easier job, whilst the Kemp web GUI itself is not the prettiest of GUI’s it gets the job done and does not feel clunky which is great, lets face it eye candy is not exactly on the priority list when it comes to configuring and using load balancers (we are engineers here after all and not Apple users)!

Summary

From the time I have spent with the product in my test lab the virtual load balancer has been great, no issues with it and it has done everything I have thrown at it and carried on working flawlessly. I would highly recommend this product for any UC implementation where you require a load balancer.

More Information

To see the setup guide for the product click here

For more information on the product I used click here

Advertisements

Lync & Active Directory Time when in a Virtual Environment (Hyper-V or VMWare)

I had a problem recently whereby the domains AD time was out of sync across various domain controllers which wreaked havoc across the Lync installation, the biggest issue it caused was that response group calls were getting stuck in the queue and were not routing to agents. I saw plenty of blog posts about time in a virtual environment but none of them seemed to definitively fix the problem offering a myriad of registry key changes so I have documented how I fixed it below.

The problem

AD servers synchronise with there PDC time server (nothing new there) but once they get what it believes is an accurate time from it this moves to being checked every 8 hours. This is fine in a traditional hardware based environment where your domain controllers are running on dedicated pieces of kit but in a virtualisation environment this becomes an issue as you are effectively time sharing the CPU, once your AD server has finished with its rush hour traffic of logons and people opening up file shares at 9 o clock in the morning it will most likely require a lot less resource so your virtualisation platform will start taking CPU cycles from it and your clock will start to drift.

On a normal virtual server drifting time doesn’t normally occur because you will use either Hyper-V or VMWare’s built in tools to synchronise the clock with the physical machine, but on a domain controller this feature MUST be turned off to prevent anomalies in the clock.

Stopping time synchronisation between your guest virtual machine and the host machine.

Hyper V

Select the Hyper V guest server from the Hyper-V management console, select integration services and ensure your “Time Synchronisation” flag is set to unchecked. Press OK and you should be good to go.

image

VMWare

VMWare controls the time synchronisation from within the virtual machine, to change the setting find the Vmware tools icon normally located in the system tray and double click it as per below.

image

Once VMWare tools opens un-tick “Time Synchronisation between the virtual machine and the ESX Server” which will disable the synchronisation.

image

Correcting the first Domain Controller (the PDC Emulator)

Now that the time synchronisation between guest and host has been stopped it is time to sort out the first domain controller, this needs to be your PDC emulator.

The easiest way to find which of your domain controllers is the PDC is to open up Active Directory Users and Computers, right click your domain name i.e. mydomain.com and then select “Operations Masters” from the drop down box.

Once the operations master window appears as per below, select PDC from the tabs and you will see the current operations masters as well as the option to move it to a new server which we don’t want to do so click cancel .

image

Now that we know the operations master server (in my case myserver1.mydomain.com) it is time to take control over its desktop and change some registry settings.

Warning – You are about to change the settings of your domain controllers registry, although these settings should not harm your server operationally it is recommended that you backup your registry prior to making any changes to it.

Open registry editor and navigate to

HKEY_LOCAL_MACHINE | SYSTEM | CurrentControlSet | services | W32Time | Parameters

You should see a window with similar options as below.

The important registry settings are as follows:

Key Name Type Purpose
NTPServer String Value Specify the NTP server you wish the PDC to use, I use the closest public NTP server to my site (in this case Manchester University in the UK), this can be a default one such as time.windows.com. Ensure you follow up the NTP server with the prefix 0x9.

Your NTP server should look something like, “time.windows.com,0x9”

Period DWORD This is the period of time in seconds that the server checks with its time source (in the case of the PDC Emulator it is the public NTP server).
ReliableTimeSource DWORD This needs to be set to the decimal value “1”, this forces your other servers to implicitly trust this server as a reliable source for the time across your domain.

If you see a registry key missing from the above list on your PDC Emulator simply create it with the above type and name.

Once complete your registry should look something like this.

clip_image001

Now that your PDC Emulator is set up and running your will need to restart the “Windows Time” service on your server to ensure the new settings take effect.

Configure Non PDC Domain Controllers

Next we need to go on each domain controller and make a registry change to each of the servers, I recommend looking in “Active Directory Sites and Services” to ensure you don’t miss off a domain controller off as in a large site this can lead to continuing issues with the time.

On each server you will need to create and set the period value in the registry

Again navigate to the registry key

HKEY_LOCAL_MACHINE | SYSTEM | CurrentControlSet | services | W32Time | Parameters

The registry key for this will most likely not exist so you will need to create it as per the table below.

Key Name Type Purpose
Period DWORD This is the period of time in seconds that the server checks with its time source (in the case of the PDC Emulator it is the public NTP server).

Set the value of the period registry key to 300 again so that this server requests a time update every 5 minutes.

image

Once you have completed these changes simply restart the “Windows Time” service as you did on the PDC server and your work on this server is complete. Repeat the above on each non PDC server.

Please note, although there is an NTP Server set on these servers this value is simply ignored as your server is joined to a domain so your PDC overrides this.

Troubleshooting

If your time is out of sync and you wish to force a synchronisation with the PDC emulator, open the command prompt and type the following command

net time \\Server1 /set

Replace \\server1 with the name of your PDC server as found above, this will force it to synchronise with your PDC emulator and from then on it should synchronise