Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Trying to remove single point of failure in our exchange topology

Posted on 2008-10-13
Medium Priority
Last Modified: 2013-11-30
We currently have 3 Exchange servers on an MPLS network.

All email comes into the NY server, and is routed through a Smart Host on the DC server (required for TLS encryption mandated by a couple of our clients).  Each physical server has it's own routing group and routing group connector.

So, if I mail comes in for a user with a mailbox stored on NY server, the MX record points to NY server, the NY server then sends the mail to a smart host on the DC server, after which, the mail is sent back to the NY server for delivery to the users mail box.  This works fine, and is only necessary due to some clients requiring TLS encryption for both sending and receiving mails.

The problem arises that our DC office will be having a scheduled power outtage over the weekend.  Therefore, even if a mail was destined for delivery in NY, it will not be sent to the NY mailbox, but will instead be queued until the DC server comes back up.

Can someone recommend a full mesh scenario where such service interruptions like the DC server going down, would still facilitate mail delivery to other offices?
Question by:zejoka
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 32

Expert Comment

ID: 22705681
First things first..mails do not goto DC. DC is just used for AD Lookups .
Now coming back to your scenario.....
  • NY Exchange Server  Redundancy:
    • This is the first palce of failure as it receives all mails
    • Well in your case if this Exchange server goes down then there will be no incoming mails at all.
    • To overcome this if you have Budget then, point your MX Secondary to any of the Exchange Server in other Location (needless to say you will require Internet Connection there)
    • Now if NY Exchange server fails, incoming to other locations would also work.
  • DC Redundancy: Well where ever we have Exchange servers for DC Redundancy it is always recommended to have 2 Domain Controllers in that location. As Exchange will not work at all without a DC.
I am not sure whether I covered the very basic part, well there can be many scenarios that can be designed for your network, but for that you will have to give a lot of information.
If you can give me this info:
  • Number of Servers per Location (including DC/Exchange)
  • Number of Internet Connections (does every site has one or only NY)

Author Comment

ID: 22706319
I should have clarified DC = Washington DC.

And actually, some further pertinent information.

Email goes through Postini (Spam & AV)
Postini then forwards to NYC Server
All mail has to go through NYC server first as we have a server called NYRelay (this is because certain mails have to be BCCd to a distribution list automatically for reasons I won't go in to)
So, once in NY all mail is forwarded to a smart host on the DC server (washington DC, not domain controller), and then it will be distributed to either, NY, DC or Miami mailbox servers.
I think the reason why the smart host is located on the Washington DC server is because of the 100Mbit pipe to the internet.
To answer your question, all offices have their own internet connection, as well as being on the MPLS.
LVL 32

Expert Comment

ID: 22710160
I see I see ;-) !!! It happens !!! Ok getting back to the question....
You need to clarify a few questions...
  • Is this the flow.....If I understood corectly......
    • Postini receives Internet Mails and forwards to New York Relay Server (for confidential compliance reasons) --> From the Relay Server to NY Exchange Server --> From NY Exchange Server to SMart Host @ DC --> From SH @ DC to other Exchange servers..........!!!
  • Now let me talk about some points here, that I understood....
    • NY Server has to receive all mails and you do not want to change that (due to compliance)....right?
    • DC Server is very very important as it is required as a client requirement for Encryption.
For me these 2 are going to be bottlenecks, if any one of them goes down then it would be an issue. I would recommend (assuming WAN link 100% availability)  the best solution would be to go for High Availability Solution for both of your servers (clustering or sth)
  • DC Server used for Encryption
  • NY Relay Server [This is until and unless your organization agrees to have a secondary MX pointing to another location like DC and having another Relay Server (for compliance).]
Hope this helps, let me know if you think I misunderstood sth or you need clarifications.
The top UI technologies you need to be aware of

An important part of the job as a front-end developer is to stay up to date and in contact with new tools, trends and workflows. That’s why you cannot miss this upcoming webinar to explore the latest trends in UI technologies!


Author Comment

ID: 22713055
Your interpretation of Mailflow is correct.

a) NY Server has to receive all mails and you do not want to change that (due to compliance)....right?

Yes and no, we need to retain this feature somehow.  Currently a 3rd party software called eXclaimer sits on a server called NYRelay (NYRelay is NOT an exchange server, just server 2k box with eXclaimer resident) with a rule that all email relating to a certain issue being cc'd to a compliance department.  However, we would like to remove the 3rd party software and deal with this on an exchange level - maybe with the introduction of an Exchange 2007 we can achieve this? The main premise appears to be all incoming / outgonig mail relating to this issue needs to be processed by this relay / or rule before any transport to mailbox / external recipient

b) DC Server used for Encryption

Again, we need a smart host that looks at all incoming / outgoing mail, and anything to and MUST be sent / received using TLS.  It doesn't have to reside on the DC server, if we can do this more efficiently that would be great.

At the moment, I am thinking of introducing a Front End server for iPhone connections, OWA, Activesyn, which will have SSL and communicate to all the back end servers via HTTP.  Now if possible, I'd like to handle the above using this solution too, I'm just not sure how feasible this would be.
LVL 32

Expert Comment

ID: 22713809
Since you are already thinking of Exchange 2007, yes Transport Rules will take carfe of option a) and I would recommend rather than investing money in 2k3 now, it would be better to wait and deploy Exch 2k7. Else it will be an investment in terms of redundancy unncessarily
Let me know in case you need clarification.

Author Comment

ID: 22713969
could you give me a little more information on the "Transport rules".  Like how this situation could be configured.  I've read a little about Exch 2007 and have it running on a virtual server for testing, and would love to try and implement a "proof of concept"
LVL 32

Accepted Solution

gupnit earned 1500 total points
ID: 22714033
Transport rules are pretty much going to help you create Rules/Conditions/Filters for Compliance as the word goes.
Here are few links to guide you, as for Proof of Concept, I will have to sit in front of Server and guide you step by step:
Also try these Virtual Labs (free) to guide you on usage, they will guide you step by step:
Hope this helps

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
An overview on how to enroll an hourly employee into the employee database and how to give them access into the clock in terminal.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question