One-Armed Kemp LoadMaster Configurations & Separate Client Networks

Thought I would share a little tidbit revolving around running Kemp LoadMaster devices in one-armed configurations and having Outlook clients on dedicated client subnets (different subnets than those the Exchange Client Access server and KEMP Load Master devices are located on).

I’ve seen customers and peers in the different communities running into an issue where the Outlook client was capable of reaching the Kemp LoadMaster on port 135 (TCP endpoint mapper) but the LoadMaster never responded back to the client resulting in Outlook not being able to connect to the mailbox.

So when using the above mentioned scenario, it’s important to disable “L7 Transparency” on the respective virtual services since this isn’t supported with one armed configurations where clients are located on a separate subnet than the LoadMasters and Exchange servers.


In Microsoft terms this scenario is also known as SNAT (thanks to Dave Stork for mentioning this. I was in the load balancer world when I wrote this Smile).


Until later,

Henrik Walther
Technology Architect/Writer/MS Vendor
MCM: Exchange Server | MVP: Exchange Architecture

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top