Hyper-V: Configure VLAN Trunk on Kemp LoadMaster

One of the Load Balancers that we have in our lab is LoadMaster from Kemp Technologies. We already published an article on how to deploy it:

UC Lobby: Deploying Kemp Technologies Free LoadMaster as Lab Load Balancer/Reverse Proxy

Why do we need to enable VLAN Trunk? The reason for this is that our lab “router” reached the maximum number of Virtual network adapters that we can add in Hyper-V (8 network adapters + 4 legacy network adapters):

Hyper-V scalability in Windows Server 2012 and Windows Server 2012 R2

By enabling VLAN Trunk on the Network Adapter we can bypass that limitation.

In this post, we show you how to enable VLAN Trunk in Hyper-V and configure Kemp LoadMaster. Note that the steps in Hyper-V can also be used for other types of Virtual Machines.

To change the adapter mode to Trunk we need to use PowerShell on the Physical Host. The Network Adapters associated to a Virtual Machine can be listed by running:

Get-VMNetworkAdapter -VMname “LB01” | Select VMName, SwitchName | ft -AutoSize

So, we know that we want to change the mode to Trunk on the Network Adapter connected to “Gears”. Also, we specifically want to leave VLAN 0 as default and enable two VLANs in the Trunk:

Get-VMNetworkAdapter -VMname “LB01” | ?{$_.switchname -eq “Gears”} | Set-VMNetworkAdapterVlan -Trunk -NativeVlanId 0 -AllowedVlanIdList “1301,1302”

Note: The Default VLAN will be automatically added to the allowed list.


Now that we have enabled VLAN Trunk, the next step takes us to the Kemp LoadMaster Web Management interface. In System Configuration > Network Setup > Interfaces > eth1 — this being the interface in which we want to configure the different VLANs —, we need to click on VLAN Configuration:

In the next screen, we specify the VLAN ID:

After adding the VLAN, a new drop-down list will be added to System Configuration > Interfaces:


By selecting the VLAN we can configure the IP address:

We can now ping the above-mentioned interface:

Finally, the Virtual Services status will show as “Up”:

Lync/SfB: How to configure Internal Web Services Override FQDN

A common question while planning/deploying Lync Server and Skype for Business Server is:

When do we need to configure Internal Web Services Override FQDN?

The answer to this is quite simple — we only need it if we have to split SIP traffic from HTTP/HTTPS.

We know that this answer will raise more questions, so first we should start with a little story. The Internal Web Services Override FQDN settings was introduced in Lync Server 2010. This was also the first version to support DNS Load Balancing in an Enterprise Pool.

If we just use Lync/SfB Clients, they are aware of DNS Load Balancing. But what about a web browser? A web browser will try only the first IP Address returned by the DNS and, if this server is down, we will get a “This page can’t be displayed”. Supposing we configure Round Robin in the DNS Server, we will eventually have a different IP Address as the first result.

The Internal Web Services Override FQDN setting only makes sense in an Enterprise Pool. In addition, we can configure it in Topology Builder > Pool Properties:


However, in a Standard Pool this option is disabled:


In order to configure the Internal Web Services Override FQDN in a Enterprise Pool we need to follow a few steps. As some of them can cause service disruption, we should plan these changes accordantly:

Step 1 – Enable override

In the Topology Builder, we select the Enterprise Pool that we want to change and enable:


Note: This FQDN must be unique, we cannot use an existing pool FQDN or web services external FQDN.

We publish the new Topology and wait for all servers to receive the new change:


Next Steps


Get-CsManagementStoreReplicationStatus |ft


Step 2 – Configure the Front End Servers

On each Front End that belongs to the pool we configured, we need to re-run Deployment Wizard Step 2:


Request and assign certificates so as to include the new FQDN in the  SAN certificate of Front End:


After restarting the Services, the Front Ends will be ready.

Step 3 – Configure Load Balancer

For this we need to follow the vendor guidelines. A complete list of supported Load Balancers is available here:

Load balancer partner qualification requirements for Lync Server

Skype for Business Server – Load Balancers

Note: A common misconfiguration is to use port 443 to check if the server is able to handle requests, even though we should always use port 5061 to know if the server is working. Each Front End will only listen on port 5061 if the Front End Service is up and running.

Step 4 – Change the DNS Records

The final step is to make sure that the clients will use the newly configured Load Balancer. In order to achieve this, we need to create/modify the DNS Records as the examples in the following table:

FQDN Type IP/Destination
lyncwebint.gears.lab A Load Balancer IP Address assigned to the virtual service
lyncdiscoverinternal.gears.lab CNAME lyncwebint.gears.lab
meet.gears.lab CNAME lyncwebint.gears.lab
dialin.gears.lab CNAME lyncwebint.gears.lab
lyncadmin.gears.lab CNAME lyncwebint.gears.lab


We now have the HTTP/HTTPS configured to use the Load Balancer and the pool using DNS Load Balancing.

As a final note, we want to point out that in a full “balanced” pool the IP Address will be the Load Balancer. In this way, we don’t need to have a FQDN for SIP and another for HTTP/HTTPS.

Deploying Kemp Technologies Free LoadMaster as Load Balancer and Reverse Proxy

Update 2017/06/07 – Updated the screenshots with the new Kemp LoadMaster UI.

In a recent Lync deployment, we were installing a new Kemp Technologies LoadMaster and a new license type was shown:

This is great news since we can use it for test/lab environments without having the previous 30 days limitation. Also, in the End User Licence Agreement terms, the 18-i) states that we can deploy it in a production environment if we don’t get direct revenue from it:

18. ONLY APPLICABLE TO FREE LOADMASTER – The Free LoadMaster is a derivative of the LoadMaster product line with unique end user requirements.

i) The Free LoadMaster may be deployed in a production environment exclusively under the condition that no direct revenue is derived from its use.

ii) The Free LoadMaster will only continue to operate when able to Call Home to an internet-located KEMP server to provide non-personally identifiable data about the appliance configuration including usage statistics, enabled features and general configuration. KEMP expressly disclaims any liability for non-performance in the event that Call Home communication is disrupted. For more information on Call Home visit http://www.kemptechnologies.com/callhome

Although it’s free, there’s no such thing as a free lunch, and in this case to get a full core feature LoadMaster we must agree and enable the CallHome feature.

The CallHome requires internet access and it will send statistics and config information back to Kemp Technologies. In spite of that, it won’t send any personal or network traffic information.

Here is a summarized list of the limitations that we consider relevant:

  1. No Commercial use – It makes sense; if we want to use it for commercial purposes it’s only fair to buy a license;
  2. CallHome – A really “small price” for the features we get in return;
  3. 20Mbps throughput – It’s a good limit; if we need more we can upgrade it, for instance, to a Virtual LoadMaster VLM-200. This one allows up to 200 Mbps throughput;
  4. No in-place Upgrade – We can export the configuration and import it in an updated version;
  5. No High Availability – Lync deployments without any HA requirements; this would be more than enough.

For a complete list, please check the following links:

Free LoadMaster – About

Free LoadMaster – Key Load Balancer Features and Frequently Asked Questions

It’s also good to know that LoadMaster is qualified for Lync Server 2013:

October 13th, 2014 – KEMP LoadMaster Is Now Fully Validated for Microsoft Lync 2013

Infrastructure qualified for Microsoft Lync – Load Balancers

So let’s configure LoadMaster.

Step 1 – Download and Install

To download it, we need to create a Kemp ID (or use an existing one).

Download the Free LoadMaster

Then select the hypervisor, read the End User Licence Agreement terms and check the box if we agree with the terms:

After downloading, import the Virtual Machine. Alternatively, we can configure a new one (2x Virtual processors and 2GB RAM) and attach the VHD:


Note: The first network adapter will be the eth0 for LoadMaster. If we use a dual homed, this will be the interface with the default gateway.

Step 2 – LoadMaster Basic Configuration

When the LoadMaster boots, we will get the following screen:


The default login is:

Username: bal
Password: 1fourall

We need to configure eth0 IP address – in our Lab it’s


Then, the default gateway configuration:


Finally, the DNS server. Please use a valid DNS, since the CallHome feature will require DNS:


Now we can use the web interface to continue with the deployment. Simply click Yes:


Step 3 – Free LoadMaster Activation

Open the web browser and access (replace this with the IP address that was configured on LoadMaster eth0 network interface).

In the first page, we will need to sign in with the KEMP ID:

Now we select Free LoadMaster:

We also need to allow the Call Home:

And after a successful activation:

Now we need to change the password:


The next steps are also described in the Deployment Guides provided by Kemp Technologies:

Microsoft Lync 2010 – Deployment Guide

Microsoft Lync 2013 – Deployment Guide

Microsoft Skype For Business – Deployment Guide

Step 4 – Configuring the remaining settings

Internal Network eth1

To configure eth1, we need to access System Configuration > Interfaces > eth1:


In our Lab, the IP address is After that, click Set Address:

Now we need to connect to the internal IP and then go to System Configuration > Miscellaneous Options > Network Options:

There are some differences in the deployment guide, but the following settings are valid for most of the environments:

Subnet Originating Requests is really important when using dual homed configuration and the subnets aren’t routable between each other.
Additionally, we could enable Enable Non-Local Real Servers option. This will allow to add Real Servers that don’t belong to any of the subnets present in the LoadMaster network interfaces.

We also need to change the L7 Configuration (System Configuration > Miscellaneous Options > L7 Configuration):

Step 5 – Adding Lync 2013 Template

Kemp Technology also provides a complete set of templates. In this particular case, we are going to use the Lync/SfB Server Template because it will simplify the deployment. We can download the template here:

LoadMaster Load Balancer Documentation

To import a template, select Virtual Services > Manage Templates:

Then, select the downloaded file from Kemp Technologies website and use the Add New Template button:

In this example, even though 12 templates were loaded for Reverse Proxy and HTTP/HTTPS Load Balancer, we will need only Lync/SfB Reverse Proxy and Lync/SfB Internal DNS:

Step 6 – Adding the Virtual Services

To add a Virtual Service, go to Virtual Services > Add New:

For the Reverse Proxy, we will use the external IP address and select the Lync/SfB Reverse Proxy template:

And for the internal load balancing, and this time Lync/SfB Internal DNS template:

After adding both Lync/SfB Templates, we will have 4 Virtual Services:

The first two services are related to the Reverse Proxy and the other two to the internal Load Balancing.

Step 7 – Configuring Virtual Services

#1 Reverse Proxy HTTP

Modify the first Virtual Service and then expand the Real Servers:

The port 5061 is used for checking if the Real Servers are running, because if the Lync/SfB Front End Service is down, it doesn’t make sense to forward any request to it.

Click Add New… and then add the Front End servers, changing the port to 8080:

After adding all servers, they will be listed in the Virtual Service settings:

#2 Reverse Proxy HTTPS

Select the second Virtual Service, add new Real Servers and don’t forget to change the port to 4443:

#3 Internal LB HTTP

In the third Virtual Service make sure that 8080 is configured as additional port:

Now, as before, add the Real Servers but with the port 80, used for the internal load balancing:

#4 Internal LB HTTPS

In this Virtual Service, the certificate will be on the Real Servers and not on the LoadMaster:

Please make sure that an additional port (4443) is configured:

Add the Real Servers and use the port 443:

Step 8 – Adding Certificates

In order to manage certificates, we need to access Certificates & Security > SSL Certificates:

Then click Import Certificate:

Select the proper certificate, type the password and friendly name (without spaces or special characters):

After adding the certificate, select the Virtual Service and assign it with the >:

To submit, use the Save Changes and the certificate will be assigned:

Also, we need to make sure to install all Intermediate CA certificates – otherwise we will get this message:ge:


To install an Intermediate CA certificate, go to Certificates > Intermediate Certs:

Select the Intermediate CA certificate file and a friendly name:

All certificates will be listed:

Now the certificate chain will be displayed correctly:


Final notes

After all these steps, we should get this in the Virtual Service:

Using LoadMaster – or other Load Balancer as Reverse Proxy – is a good TMG/ARR alternative, especially because we need less resources to achieve the same. The LoadMaster disk, for instance, is configured to 16GB max.

In this case, we use the same LoadMaster for Reverse Proxy and the internal load balancing. However, since Kemp Technologies doesn’t limit the number of Free LoadMaster that we can activate, we can use 2 LoadMaster and split the roles.