Exchange 2010 HAProxy Virtual Load Balancer

An extra added cost to Exchange 2010 deployments is often a hardware load balancer, or even virtual load balancer appliances. These start at over £1000 for some of the cheaper ones and can cost tens of thousands, however there’s open source software out there that can do the same thing, just as well.

HAProxy is a widely used, reliable and stable Load Balancer for Linux and a few weeks ago I began looking at it as an alternative for Exchange 2010 load balancing and whilst having a look to see if anyone had done it before, I found a good article here. The one problem for many Exchange administrators is that they don’t have time to learn about Linux just to try it out, so I began to think that it would be great if someone made a virtual appliance (just like many of the HLB vendors sell) with an easy to use management interface aimed squarely at Exchange 2010 environments.

The Exchange 2010 HAProxy VLB Appliance is a free Layer 4 based virtual load balancer that runs in VMware or Hyper-V environments. It doesn’t require Linux knowledge to get up and running and is managed using a simple, easy to use, web-based management interface (screenshots below). For the initial release it’s not aimed at your production environment yet but as more people test it out and help refine it, future versions will be (and will be free, naturally).


Before you start, you need to have an understanding of how the load balancer fits in your environment. Typically clients will connect to it for web services, like OWA, and also through Outlook via MAPI, using a Client Access Array as illustrated by this simplified diagram:


In addition to planning your environment, you’ll also need some other information for the load balancer setup:

  • IP address for management
  • IP address for the virtual load balancer interface, in the same subnet
  • DNS and NTP server addresses
  • Client Access Server IP addresses
  • Network Access from the virtual load balancer interface to the following TCP ports on the Client Access Servers:
    • 80 and 443 for HTTP/HTTPS
    • 135,139,6001-6004,60000 and 60001 for RPC Client Access

Note that if you’re testing this in a perimeter network, you only need ports 80 and 443 open for external access to Exchange servers.


The process for installation is fairly straightforward:


  • Download and import the appliance
  • Boot it up and set the management IP address via the console
  • Visit the web-based management interface and set a password, load balanced virtual IP address, set a few details like time zone and DNS server and finally add your first client access server.
  • Log in and add your other client access servers and follow instructions within the management interface as to how to set up static RPC TCP/IP ports on your client access servers.

The following videos show the installation and initial setup procedure both for VMware and Hyper-V environments:

VMware vSphere 

Hyper-V 2008 R2


The management interface is intended to be fairly simple. After initial setup and login, you should (after the settings have taken effect) basic statistics for the underlying HAProxy load balancer, showing the number of sessions and state of the Client Access Servers:


The initial version uses Layer 4 load balancing, and uses the client source IP address for client affinity and doesn’t have intelligent application-level monitoring and SSL offload (yet). Therefore you just need to correctly configure static RPC ports (RPC Client Access, port 60000 and Address Book Service, port 60001) on the client access servers and add the IP addresses of each client access server to load balance:


On the remaining tabs, you have access to change the management and load balancer IP addressing, set the time zone and NTP servers, update the management interface password and check the logs for the management interface and underlying software that propagates changes made through the UI:



Should you wish, you can also log in at the console using the root password credentials you’ll set on initial startup. From here, it’s a standard minimal Ubuntu installation though any changes to settings that are usually managed through the UI will be overwritten the next time they are changed through the UI:


To actually send traffic to the load balancer, you need to consider the configuration of your environment and have setup your Client Access Array then the associated DNS names for web and RPC Client Access.


Version 0.1 (initial release) is available for download here:

VMware vSphere Compatible OVF file, zipped (md5sum: b60388c5aa1012abe71f5864e79a6828)

VMware vSphere 5.1 Compatible OVF 3.1 file, zipped (md5sum: 7643cee75ae87fa0ca281bafc281abad)

Hyper-V compatible VHD, zipped (md5sum a9ae7f9b498f96a4d6d1bb58c4c542ee)

To check md5sum values, use Microsoft File Checksum Integrity Verifier


This is the first version, so just to repeat it’s only aimed at use in your lab environment.

It’s intended that with subsequent versions it will be production ready, as this is totally aimed at being an easy to use free alternative to paid-for hardware and virtual load balancers for Exchange 2010. It needs a few extra features but most importantly it needs your feedback and testing in the wild to ensure the management interface is good enough, and to get some ideas back from the field on what sort of load it can handle in it’s current form.

One thing I can’t guarantee is support for this – comments and reports of bugs are always appreciated, but the downside of free is it doesn’t come with a support contract. However the intention is to keep developing this and add other features to the so it can compete with the expensive equivalents.


Currently, the downloadable registry file for setup of static RPC ports does not work as expected. I recommend using Bhargav Shukla’s script for configuring static ports available here:

Script to configure static ports on Exchange Server 2010

229 thoughts on “Exchange 2010 HAProxy Virtual Load Balancer

  1. Pingback: Impressions: Book: “iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment”

  2. “The one problem for many Exchange administrators is that they don’t have time to learn about Linux”

    But they will have to learn how to maintain it – at least to understand how to patch the vulnerabilities on the platform (OS + Product).

    “Cool it free” … but the next question is “do/will we have the resource to take care of it”.
    On the other way the appliance are outrageously expensive but the manufacturer is taking care of the regular updates.

  3. Pingback: A free Exchange load balancer | IT PRO Demos

  4. links are broken please fix or email me new links. i tried looking up the zip file names on google to no avail. Or if anyone else has them an could post a link to them that would be great. I’m trying to create a generic GUI for hap cuz most of my staff here is allergic to linux. i will post my creation if i’m successful.

  5. My question is regarding article
    I am going to just include what another user asked because I am having the same exact problem

    MattP75 — 26 Jun 2014 8:21 AM

    Excellent article Steve. Just wanted to a line in the haproxy.cfg file “option httpchk /owa/healthcheck.htm”. When I include this in my config the stats page of HAProxy shows the CAS servers as “down” yet the health check url is resolvable from any server. Is there anything behind the scenes I’m missing – something to do with SSL or certificates that is stopping the loadbalancer accessing the page?

    Could the article please be amended to include instructions regarding this?

    • I am not sure what version you are using, but I am on 1.5 and the following works for me.

      option httpchk GET /owa/healthcheck.htm HTTP/1.0
      http-check expect string CONTOSO.COM
      http-check disable-on-404

      Replace CONTOSO.COM with whatever string you want to check for.

  6. Having some issues with setting this up on Hyper-v running on Windows 8.1. The VM has a kernel panic if the standard network adapter is used. If the legacy network adapter is used, the VM starts up and the IP can be set. After reboot it works for about one minute after start up the network drops off. At every reboot it works for a minute after start up and then drops.
    Something is loaded that interferes but not knowing enough about Ubuntu I can’t figure out what. Any ideas or suggestions are welcome. Thanks /M

    • Got it working in the end by setting the standard adapter to “not connected” whilst booting the first time, then enabling and setting the IP. Then setting it to “not connected” and rebooting the VM. Then again, when VM is up. changing adapter to connected and running ifup.

  7. Steve,

    Sweet package. You should develop it. IT works for me and I’m going live with it. I’m sitting it betweeen my CAS servers and some Apache reverse proxies and it resolves all of the RPC OA/EAS problems in a heartbeat. [geddit?]

  8. Pingback: HAProxy for Exchange 2013 – How to roll your own protocol-aware load balancer | Steve Goodman's Exchange Blog

  9. Hello,

    Seems like a great product. I am having a few problems. I have set the IP via the console. I am able to ping the HA proxy server but i am unable to access it via the web interface!!! any idea of what i am doing wrong

    • I have the same problem. When the haproxy service tries to start, it says “Starting proxy Exchange2010: cannot bind socket”. I can ping the vm just fine. Tried re-deploying the OVF template and starting from scratch and get the same result. Running VMware ESXi 5.5 using the 5.1 compatible OVF.

      • Nevermind, when I ran through the initial setup the first time, I didn’t notice the message about going to “http://manageip:8080” to finish after the reboot. Working now.

  10. Hi,

    Thank you for this article, I’m investigating HAproxy too at the moment and it looks very stable and widely used indeed.

    I also have seen that Zen Loadbalancers looks promising but I’m not sure if it’s better than HAproxy, here is it’s link:

    I like a lot of features like you can set the pages you want to show when something isn’t avalable, and all other settings are very detailed too.

    I’m also figuring out if it’s ideal to use HAproxy in Pfsense as this are my routers and the package is available in it.

    Hope to see some more posts here.


This site uses Akismet to reduce spam. Learn how your comment data is processed.