Solved

Exchange 2010 - Database Availability Group - 2 Physical Locations

Posted on 2010-08-13
202
3,662 Views
Last Modified: 2012-05-10
I have 2 servers that will be running exchange 2010 standard, on server 2008 r2 enterprise.

I am having a hard time figuring out how to configure both of the servers to join a DAG if they are in two different physical locations.  Do i create a site to site vpn? if so that wont work if one site goes down. So my option is a sepearte domain? Not to sure can someone add some insight to this for me.
0
Comment
Question by:mnevoso
  • 116
  • 83
  • 2
  • +1
202 Comments
 
LVL 15

Accepted Solution

by:
GreatVargas earned 500 total points
ID: 33434279
You can create a DAG on servers on different sites, as long as they are on internal subnets that can connect to each other. Both servers need to have routes to each other. You can, for example, design Exchange like this:
Site A - DAG1, HUB1 CAS1
Site B - DAG2, HUB2 CAS2
DAG1 and DAG2 are mailbox servers, and if DAG1 fails mailboxes with failover to DAG2.
Why do you need HUB2 in site B? Because Exchange 2010 uses AD Sites and services to route mail, and for the mailboxes that are on DAG2 (all for example, when DAG1 fails) you need at least one HUB transport server on Site B or else mail will be stuck on the "outbox"
For CAS1 and CAS2, if DAG1 fails and the mailboxes failover to DAG2, they will continue to use CAS1 (if avaiable) as client access server. now your question is, and if CAS1 also fails? then you need to change a mailbox database property called rpcclientaccessserver, for each of your mailbox databases, to point them to CAS2. the EMS command is set-mailboxdatabase "Database name" -rpcclientaccessserver CAS2
So resuming all this you need at leats DAG1, CAS1 and HUB1 on site A, and DAG2 and HUB2 on site B. And yes they need to be connected "internally".
hope it helps
0
 

Author Comment

by:mnevoso
ID: 33434347
Internally as far as replication or mapi networks?
0
 
LVL 7

Expert Comment

by:Illusionist
ID: 33434829
Here is a good article you can go through
Deploying High Availability and Site Resilience - http://technet.microsoft.com/en-us/library/dd638129.aspx
It has a good example of DAG deployment in Two Physical Sites
0
 

Author Comment

by:mnevoso
ID: 33434845
I took a look.
The only thing I don't get is do they need to be part of the same domain?  That is a little unclear to me.
0
 
LVL 7

Expert Comment

by:Illusionist
ID: 33435828
Yes part of the same domain.
0
 

Author Comment

by:mnevoso
ID: 33436501
So for the mapi portion I need a site to site vpn. Correct? And then static routes for replication between the servers?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33436543
For replicstion means that both servers must comunnicate internally to replicate the content of the mailbox database. MAPI networks are for clients to connect to the database. You can use only one subnet in each server to do replication and MAPI. But yes, both servers need to be on the same domain and both servers can be on different subnets but you need routes from one subnet to the other so that they can communicate.
Giving you more information about my first post, you can also think in installing one HUB/CAS NLB, but doing that with one node in each site is not good and recommendable, at least as far as i'm concern thaty not a scenario that i would implement. So if you think NLB for HUB/CAS think with 2 nodes on same site.
0
 
LVL 6

Expert Comment

by:Shack-Daddy
ID: 33437884
Let's back up a bit: what are your goals? What would you like to happen if the VPN link goes down? What would you like to happen if if your active database has an issue? You may find that this is actually not a good solution, based on your answers.
0
 

Author Comment

by:mnevoso
ID: 33438393
If vpn link goes down I want both servers in dag to be active. If my active database has an issue I would Luke it to switch to the other. Basically 1 site will have active copy of internal users, and second site will have active copy of external user database to split the load but also have the security of it being in a dag
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33438676
If you want both databases to be active if vpn fails, thats possible, the only thing that will be putted "on hold" will be the replication between dag servers. Also you need that both sites dont depend on each other for the email functions. I will explain this by roles:
Mailbox role (DAG) - one mailbox database can only be active on one server, and as you said if the link fails internal users will be active on site 1 and external on site 2. as far as the mailbox role is concerned everything is perfect except for the replication that will be on hold... but.. other roles
HUB Transport role - Users from site 2 will not be able to send mail to users on site 1 while link is down, and vice versa.and for external mail, if you want users on site 2 to send it, you will need to have 2 send connectors on your org, each one associated with one hub transport server on each site and that server needs to have direct access to the internet (port 25) or to a mail relay server that can access the internel, without depending on the vpn link, or else mail will not go out. for example, if site 2 only gets to the Internet trough site 1 than mail will only function between site 2 users when link is down.
CAS role - the same applies to client access server. If users with outlook, outlook anywhere, active sync and webmail access only a CAS server in site 1, or depend on the link to get to a CAS server on site 2, service will be down.

hope it helps
0
 

Author Comment

by:mnevoso
ID: 33438773
What do I do if I always want service up? How do I configure the dag without a vpn?
0
 

Author Comment

by:mnevoso
ID: 33438784
Regardless if either site goes down I want any of the users to always send/receive mail.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33438925
question 1: you cant configure DAG in two servers that cant connect internally, so if they are in different sites and you dont have a vpn site to site, you cant configure DAG. But when you have to sites, to have exchange on both, to users login on site 2, you need a domain controller (global catalog also) on site 2, and if you dont have vpn site to site that domain controller cant replicate to site 1.. so you always need internal routes from site to site.. for many reasons.
question 2: if you want both sites to send and receive mail, to the Internet, site 2 must have a way to go out to the Internet without depending on site 1.. the rest is exchange configuration.. Mail between internal users in different sites will never work with the link down.
0
 

Author Comment

by:mnevoso
ID: 33438941
As far as the dc can the exchange server be a dc at site 2
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33438951
Yes it can. It's not recommendable though. I have already installed exchange 2010on a DC and the experience was not the best. It's working and it's supported by MSFT but it's not recommended by msft. My opinion is that you should have a server (or virtual machine) doing the DC role alone. But the final answer is YES. Exchange can be a DC
0
 

Author Comment

by:mnevoso
ID: 33438999
Ok for things like owa how will it know what server to go to? Do I create multiple dns entries or will 1 and it goes to available server. Same with incoming mail how do I get it to know where to food too...
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33439773
for owa it will go to the CAS server you publish on your ISA or on your router. For high avaiability you can do one of the next choices:
- install two CAS per site and create a NLB, this will give you high avaiability if one of the servers fail
- install one CAS per site, create a client access array with only one member and point it to a DNS record created by you with for example the name CASARRAY. Point your ISA or router to the name CASARRAY. Associate the name CASARRAY to the ip of CAS1 in site 1. If cas1 fails you have to run 3 commands:
1- change the dns record to the ip of CAS2 in site 2
2- run a shell command to associate the client access array to site 2
3- run a shell command to change the rpcclientaccessserver attribute on all mailbox databases to the CAS2 on site2

Note that, if one mailbox database has CAS2 as rpcclientaccessserver you wont be able to open owa for a user on that database pointing to CAS1, so thats the reason of step 3. these steps are only to run when you have a cas failure on one server.

For incoming e-mail if your hub on site 1 fails you have to point your mail relay system or your router to point port 25 traffic to the other one, on site 2. On a normal basis with everything functioning mail will be delivered on one HUB server and if the mailbox is on site 2 HUB1 will deliver on HUB2 that delivers to DAG2. If site 1 fails along with HUB1 you need to point port 25 traffic to site 2 hub server
0
 

Author Comment

by:mnevoso
ID: 33441479
My understanding of dag was everything pointed to the dag ip and it did the load balancing automatically
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33442514
And thats the correct understanding. DAG as a Name and one IP, that is used be the cluster services installed on both machines to replicate the content of the mailbox databases. As far as clients is concern, they will always point to a client access server and never to a mailbox server role. So if you want clients to be pointed to a virtual name with two servers behind it you must create a NLB of the CAS role or do one of the workarounds i told you before.
0
 

Author Comment

by:mnevoso
ID: 33442637
ok makes sense then.
sorry for being a pain i am trying to fully understand DAGs.
so my first step is to install exchange on both servers correct? do i configure or do i go ahead and create the dag,
second step configure site to site with a dc and exchange server at one site and the same in another.
then create the CAS array?

i am just trying to get the network all set before rmoving into setting up the dag as i am trying to fully understand how the DAG works and functions.

i have 2 fresh servers no static ips configured yet and exchange on standby install.
what would be the first steps to get the network setup for installing?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33442733
If you have 2 servers ready, one per site. Be sure that they have 2008 R2 installed and fully updated. After that be sure that you have at least one DC with global catalog on each site. If you are using one of those servers for dc in site 2 start by promoting the server to dc and adding it to your domain.
After having dc's on both sites start installing exchange. my question here is. are you going to have one exchange server per site or the roles are going to be separated in several servers? if it's all in one then install exchange and select 3 roles. HUB, CAS and Mailbox.only after having both exchange mailbox servers installed and communicating internally you can start thinking in creating a DAG and advancing w~ith the process. But first things first.. start y the DC's. one per site and sites well created and configured in ad sites and services.
0
 

Author Comment

by:mnevoso
ID: 33442759
Both will have full roles. As far as configuring I need to set them up fully with databases and mail coming in?
0
 

Author Comment

by:mnevoso
ID: 33445958
ok this is where i am currently at
both server have server 2008 r2 enterprise installed and fully updated
both servers have exchange installed nothing configured except the product key and fully updated.

here are the network schemas

exchange01
2 nics teamed - MAPI
ip: 192.168.1.30
subnet: 255.255.255.0
gateway: 192.168.1.4
dns: 192.168.1.20
dns: 192.168.1.27
2 nics teamed - replication
ip: 10.10.1.30
subnet: 255.255.255.0
gateway:
dns:
dns:

exchange02
2 nics teamed - MAPI
ip: 192.168.1.31
subnet: 255.255.255.0
gateway: 192.168.1.4
dns: 192.168.1.20
dns: 192.168.1.27
2 nics teamed - replication
ip: 10.10.1.31
subnet: 255.255.255.0
gateway:
dns:
dns:

both servers are at the same site at the moment, should i move one to the second physical site before creating the dag? is the network configured properly to move forward. i followed documentation off of msexchange.org to do the network setup.

what is the next step in order to do this correctly?
0
 

Author Comment

by:mnevoso
ID: 33446855
i setup the dag by following the prompts, is this correct?
dag.jpg
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33448103
First question: Yes you need to create the databases you want to, setup Hub transport and client access roles for mail flow and owas, active sync,etc
second question: the config is correct but after moving to the second site that server will have different ip addresses that has now.. so yes it's better for you to put the final network configurations before continue the setup, and Yes for better knowing if all network is well configured is better to move server to site 2 before continuing.
question 3: the config looks ok, but you will need to disable replcation on one of the networks, replication only remains enabled on the replication network, not on the MAPI
0
 

Author Comment

by:mnevoso
ID: 33448598
ok databases are all setup already, can i use public folders in dag or should it be removed completely?
for Hub Transport send connector i created a new one called To Internet as normal, do i apply to both exchange01 and exchange02? as of now it is applied to both, i will be adding a smart host in once i get our MX Logic configured.
For the Hub Transport Receive Connector, do i just go to default both exchnage01 and exchange02 and check off anonymous? as of now that is what i have.
for Client access for server configuration example OWA
i have the following as being setup for the 2 servers

https://exchange01.afr.local/owa
https://mail.domain.com/owa

https://exchange02.afr.local/owa
https://mail.domain.com/owa

how will it know where to go? is this where the CAS array comes into play? for CAS Array can it be used with failover clustering (dag) like i mentioned i only have 2 sites and 2 physical servers.

i am going to move the other server to the other site once our new DC/GC comes in which should be in a few days.

for DAG1 netoworks i named them both MAPI and Replication, do i remove the MAPI network from there completely or just remove 'replication enabled' from it?

Is the dag assigned an IP and Host name to itself?
0
 

Author Comment

by:mnevoso
ID: 33449399
also i have been reading a lot, is it even possible to use a CAS Array and DAG on same boxes?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33449993
answers to questions:
1-ok databases are all setup already, can i use public folders in dag or should it be removed completely?
A- No, public folders cannot be added to DAG.. if this is a clean install of exchange (no previous versions) and you dont need public folders then dont create a PF database on the second server and dont associate your mailbox databases to any public folder.. basiccly dont use public folder if you dont need to. If you are going to need public folders create a PF database for each site and add al *F replicas to both databases.
2- for Hub Transport send connector i created a new one called To Internet as normal, do i apply to both exchange01 and exchange02?
A- My advice is to create one send connector per site. If you already had both servers in different sites and you try to add then to the same send connector you will get a warning.. reason? because in site 2 hub2 should be able to get to Internet without needing site1.. does it work like this? yes but it will depend on site 1 always.. if your site 2 doesnt have a direct connection to the web it's your only option
3- For the Hub Transport Receive Connector, do i just go to default both exchnage01 and exchange02 and check off anonymous?
A- Yes. and you can limit, for security purposes, the IP addresses and ranges that can relay there. Allowing only internal servers that send e-mails, and the anty spam appliance that delivers external mail its allways a good and recommendable option

For CAS, internally users with mailbox on server1 user server1 url and users with mailbox in server2 use server2 URL. Externally, whats publishing your CAS url? ISA server? Is it on site 1? if so just point it yo CAS1 and if mailbox is in CAS2 he will automattivly redirect it to CAS2. Do it, test, and post the result.
If CAS1 fails you need to point it to CAS2. With NLB you will point it to the NLB name but NLB between sites is not recommendable and... you cannot have NLB and Clustering on the same box so.. no CASARRAY and DAG...

Q-for DAG1 netoworks i named them both MAPI and Replication, do i remove the MAPI network from there completely or just remove 'replication enabled' from it?
A- just remove the replication enabled.

Q- Is the dag assigned an IP and Host name to itself?
Yes, in your case its called DAG1. and you should assign one ip address to the DAG (if you dont it will catch dhcp, if you have) with the command set-databaseavaiabilitygroup
Asing one ip from the main site...

One issue that you will have, when moving the server. Both replication and MAPI networks will change on server 2, and must be different from server1.. so for MAPI network, the default gateway will lead you to MAPI network on server1.. but what about the replication network? you cant have 2 default gateways on one box so what you need is... a static route.. be aware of that..
0
 

Author Comment

by:mnevoso
ID: 33450396
1. ok we do have some 2003 clients, that requires public folders if i remember correctly, if not i will remove public folders.

2. i created 2 send connectors now they are they same except for the source servers, one is exchange01 and the other is exchange02 - correct? I dont see why they couldnt use the same send connector since the source server listed was both servers. But if you say it will not work i believe you.

3. i did not remove the replication, i just disabled it on MAPI Network - correct? that was the only option

4. i assigned the DAG1 an ip address part of the MAPI network of 192.168.1.32

5. how do i create the static route between the two replication networks?

6. I dont have anything publishing my CAS URL, what are my options as far as that goes? Can i install NLB on a third server and do it that way? must i use a hardware appliance for load balancing?

7. Just to confirm CASARRAY and DAG cannot be on same boxes correct?

8. Where do i open the firewall port 25? for example normally i open it on the mail server, this is my first attempt at a DAG so would i point it to exchange01? exchange02? DAG1? CASARRAY?
normally my public IP points to private ip of mail server...what would the case be here? public ip to private ip of DAG1?
0
 

Author Comment

by:mnevoso
ID: 33450431
9. if i purchase a load balancer appliance such as barracuda load balancer how will it load balance between the 2 physical sites? i am assuming through the site to site vpn MAPI network correct?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33450565
1- yes you will need to migrate public folders to 2010 and decomission 2003
2- it will work and like i said when they are in different sites it makes a difference. site 1 uses they´re internet connection and site 2 also.
3- correct
4- correct
5- for example:
SITE A:
2 nics teamed - MAPI
ip: 192.168.1.30
subnet: 255.255.255.0
gateway: 192.168.1.4
dns: 192.168.1.20
dns: 192.168.1.27
2 nics teamed - replication
ip: 10.10.1.30
subnet: 255.255.255.0
SITE B:
2 nics teamed - MAPI
ip: 192.168.2.30 (notice i changed to 10.20 because if they are in different sites it cannot be the same subnet)
subnet: 255.255.255.0
gateway: 192.168.1.4
dns: 192.168.1.20
dns: 192.168.1.27
2 nics teamed - replication
ip: 10.20.1.30 (notice i changed to 10.20 because if they are in different sites it cannot be the same subnet)
subnet: 255.255.255.0

the static route you need to add can be for example:
on server in site B
route add -p 10.10.1.0 MASK 255.255.255.0 <GATEWAY IP>
on server in site A
route add -p 10.20.1.0 MASK 255.255.255.0 <GATEWAY IP>
the gateway ip is the ip of the router that has the vpn site to site configured
6- you need 2 more servers because server 1 and 2 cannot have nlb. you can do a direct NAT of port 443, on the router, pointing to the CAS server. and yes.. you can use one appliance to load balance
7- correct
8- public ip to private ip of hub transport server, that also is the dag1 server.
9- the load balancer only makes sense if you have the outside urls pointing to it. in that case you configure barracuda to load balance between the two ips and names of server 1 and 2. the replication ips are only for replication, so yes, all clients will connect to the MAPI netowork ip and name, that is also the IP and name used to HUB and CAS services.
0
 

Author Comment

by:mnevoso
ID: 33450814
6. i cannot get 2 more servers, that is out of the question. what i want to do is have all outside users connect to the server in site 2. all internal users connect to the server in site 1. all owa/ecp/activesync/etc will use site 2. only users connecting with outlook internal will use site 1.

would i need a CASarray to do any of that? or only if i wanted outside urls and use a load balancer applicance? what would you reccomend?

8 just to confirm the hub transport server is the DAG1 ip address correct? thats what i point the public ip too? so for owa i would point public ip to private ip at site2 along with activesync and ecp and rcp over http. this elimantes the need for a CAS array correct?

10. if i was to do NLB could i use a 3rd windows server enable nlb and add the 2 cas servers to the NLB or it wont work because i need NLB installed on the 2 cas servers?

i am just trying to do the best HA i can with what i have. if i need a load balancer of some sort to do the CASARRAY i can get one, but if it is just for public urls to private there is no need im assuming, but i would like your opinion.

i know a lot is repetative but i am just trying to fully understand the way i am setting this up and making sure it will be sufficient for my company.
0
 

Author Comment

by:mnevoso
ID: 33455675
"No, public folders cannot be added to DAG.. if this is a clean install of exchange (no previous versions) and you dont need public folders then dont create a PF database on the second server and dont associate your mailbox databases to any public folder.. basiccly dont use public folder if you dont need to. If you are going to need public folders create a PF database for each site and add al *F replicas to both databases."

1. This is a clean install first time exchange at this company. We need public folders because we still have some Outlook 2003 clients. I have both databases setup, one on each site. how do i add the replicas to both databases?

2. when i move the other server to the other site, and i change the ip address on the teamed adapters, what will happen to the current dag? do i need to edit the Replication and MAPI DAG1 settings? add the new subnets im assuming to each? then will dag fully function again by itself?
0
 

Author Comment

by:mnevoso
ID: 33455700
more on publick folder under offline address book do i need to create a new one or add exchange02 to the "distribution from the following servers' list?
0
 

Author Comment

by:mnevoso
ID: 33458951
could this scenario work?

It appears as though the DAG IP address is set up as an IP Address Resource in the Failover Cluster Manager. As a result, that IP address is always either assigned to EXCH1 (my first Exchange box) or EXCH2. As a test, I created a DNS record to point to the IP address set up by DAG, set up the CAS array and assigned that array to my mailbox. Using that new DNS hostname, clients are able to access all services (OWA, Outlook Anywhere, SMTP, etc.) and in the event I disconnect EXCH1, EXCH2 takes over and clients can still access all services. Since I'm just looking for EXCH2 to take over when EXCH1 fails, it seems like a solid setup. I imagine this is how the IP Address Resource was designed to be used in Failover Clustering, so even though it was set up by DAG I don't see why it cannot also be used as the address in which clients access mail services.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33459870
6. i cannot get 2 more servers, that is out of the question. what i want to do is have all outside users connect to the server in site 2. all internal users connect to the server in site 1. all owa/ecp/activesync/etc will use site 2. only users connecting with outlook internal will use site 1.

would i need a CASarray to do any of that? or only if i wanted outside urls and use a load balancer applicance? what would you reccomend?

Answer - If you dont have possibility of building one array dont do it. Just point all external URL to the CAS server on site 2, if site 2 fails and mailboxes bounce to site 1, you have to do 2 things:
1- point external urls to cas on site 1
2- change the rpcclientaccessserver of site 2 users mailbox database to cas1, running EMS command
0
 

Author Comment

by:mnevoso
ID: 33459881
what if site 1 fails for the internal outlook users will it automatically switch to the other site? or is that what casarray is for?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33459896
8 just to confirm the hub transport server is the DAG1 ip address correct? thats what i point the public ip too?
answer- No. The DAG IP address is one ip of the clustered services, not present in any of the two servers. If you want mail to enter trough site 1 you point the mail to be delivered in the ip of server 1 (not the replication ip, the one with default gateway), and the same for site 2 if you want site 2.

10. if i was to do NLB could i use a 3rd windows server enable nlb and add the 2 cas servers to the NLB or it wont work because i need NLB installed on the 2 cas servers?
answer- doesnt work

i am just trying to do the best HA i can with what i have. if i need a load balancer of some sort to do the CASARRAY i can get one, but if it is just for public urls to private there is no need im assuming, but i would like your opinion
answer- Yes, it's just for external, because clients can only point internally to CAS servers, they cannot point to a name and ip that is not a cas server.
0
 

Author Comment

by:mnevoso
ID: 33459908
http://www.kemptechnologies.com/us/loadbalancingresource/ms-exchange-2010.html

this device seems to be both internal and external i will confirm with the tomorrow.

so does the mail get delivered to both sites or 1? that is what i am trying to figure out.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33459927
1. This is a clean install first time exchange at this company. We need public folders because we still have some Outlook 2003 clients. I have both databases setup, one on each site. how do i add the replicas to both databases?
answer- after installing the first mailbox server in the org, he will create a PF database. When you install the second mailbox of the org, you need also to create a PF database. You add replicas to both by management shell or on the public folder management console (in the tools menu of the management console), basiccly you nedd to go to the default folders and the system folders, select properties and add the second server on the replication tab. or you can use the addreplicatopfrecursive script. do a google to check how or see this link:
http://social.technet.microsoft.com/Forums/en-US/exchangesvrmigration/thread/538f85d9-986b-48f5-bd8f-67bd2091dc5e
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33459933
2. when i move the other server to the other site, and i change the ip address on the teamed adapters, what will happen to the current dag? do i need to edit the Replication and MAPI DAG1 settings? add the new subnets im assuming to each? then will dag fully function again by itself?
answer- thats a good question. i always install with final configs made to avoy surprises :) my advice is move it, change the IP and reboot the server. Then if necessary we can troubleshoot from there
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33459949
more on publick folder under offline address book do i need to create a new one or add exchange02 to the "distribution from the following servers' list?
answer- on offline address book properties? after both PF's databases created and replicated add server2 to the distribution list. You can add CAS servers to that distribution list and is to distribute OAB and not public folders.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33459968
what if site 1 fails for the internal outlook users will it automatically switch to the other site? or is that what casarray is for?
answer- If site 1 fails.. i will explain to you by role because all 3 roles on site 1 will fail:
mailbox - DAG will failover and mailboxes you get online on site 2
CAS - mailbox database is pointing to CAS1 so you have to run this command - set-mailboxdatabase -identity databasesite1 -rpcclientaccessserver exchange2
HUB - If you are pointing the email to exchange1 then you need to go to your router/mail relay appliance and change it to deliver mail on site 2 server
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33459981
so does the mail get delivered to both sites or 1? that is what i am trying to figure out.
answer- if site 1 exchange server fails, after the changes i told you to do on that case, mail gets delivered to site 2 only, which is good because site 1 will have 0 mailboxes when exchange1 is down.
CASARRAY or HUBARRAY is to prevent single server failure.. not entire site failure... for intire site failure will always have to do same changes.. those changes take only 5min to be done
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33460022
AS for your scenario. when DAG is created he should create one computer object in AD and a dns record with that name and IP. you dont need to created yourself. you created a CASARRAY with the same name and added the rpcclientaccessserver to that CASARRAY, is that it? well for your scenario as is, thats a tricky scenario but it can work, the problem is when you change server 2 to site 2. try running get-clientaccessarray |fl and see the site propertie of the array. is pointing to site 1. When you change the server to site 2 it should disassociate server2 from casarray because you cannot have servers from differente sites in the same casarray. like i said you dont need to create casarray. just point to one or other CAS server as you need to.. or.. if you want to create a casarray do it like this:
1- create a casarray named for example array1 associated to site1
2- create a DNS record for array1 POINTING TO server1 ip and you a low tombstone
3- add all mailbox databases rpcclientaccessserver to array1
 in case of failure
3- run set-casaarray to associate the array to site2
4- change the dns record to the IP of server2
and that done.. all you need maybe to do is ipconfig /flushdns on the exchange servers
0
 

Author Comment

by:mnevoso
ID: 33460536
based on what you are saying i cannot use a casarray regardless because there will be 2 physical sites?  i thought you could span casarray across multiple sites? in theory they are internal just on different subnets. correct? i believe i am going to purchase the load balancer i posted a link of i just need to confirm it will do what i want internal and external.

and to clarify i will point my incoming mail to exchange01 if exchange01 goes down i will point it over to exchange02 correct? my mx logic allows me to add multiple public ips in case one is down it will go to the other. so that should work in my case correct?
0
 

Author Comment

by:mnevoso
ID: 33460539
already did public folders figured that out on my own after i posted it, but it was a good confirmation to know i did it right. not sure how to add casarray to oab though..
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33462906
based on what you are saying i cannot use a casarray regardless because there will be 2 physical sites?  i thought you could span casarray across multiple sites? in theory they are internal just on different subnets. correct? i believe i am going to purchase the load balancer i posted a link of i just need to confirm it will do what i want internal and external.
answer- CASArray cannot be on multiple sites. although they are internal and only on different subnets, the reason you create sites is because there is a line linking them that does not has the same bandwith as the internal switched network. Microsoft recomends that the CAS server needs to be fastly connected to the mailbox server of the mailbox databases he server. and also you have dag on the boxes so you can never have cas nlb on that same boxes. The link you sent me shows your load balancer, and as i said, you can confirm in the picture that he only load balances client request coming from the Internet and not internal client requests. It's a good solution but it will only serve you for external requests.

and to clarify i will point my incoming mail to exchange01 if exchange01 goes down i will point it over to exchange02 correct? my mx logic allows me to add multiple public ips in case one is down it will go to the other. so that should work in my case correct?
amswer- thats correct. it allows you to add multiple public ip's, and thats a good solution, but a public ip it's one ip associated with your mx record. does it allow you to add multiple internal exchange servers to deliver the mail internally? anyway i dont think thats an issue. you just have to change it or in case of rebooting only exchange1 your mx logic will wait for him to go up and continue delivering the email.

You dont add casarray to oab... in oab distributiuon you add all cas servers you want. internally you only add casarray to rpcclientaccessserver of the databases.
0
 

Author Comment

by:mnevoso
ID: 33464771
You can add CAS servers to that distribution list and is to distribute OAB and not public folders.

does this mean just uncheck public folder option in the distribution tab?
0
 

Author Comment

by:mnevoso
ID: 33465493
ok i think i have my config narrowed down.

without cas and site 1 fails i run the emc command and it will automatically point the clients over to exchnage02?

if that is the case how do i remove the casarray i created? and put databases back to the way they were.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33465603
You can add CAS servers to that distribution list and is to distribute OAB and not public folders.

does this mean just uncheck public folder option in the distribution tab?

answer- No. Maintain public folders checked and add all cas servers to the list.

without cas and site 1 fails i run the emc command and it will automatically point the clients over to exchnage02?
answer- clients will have to restart outlook. if you want it more clean create the CAS ARRAY but the way i told you some posts before. casarray in the final scenario will have only 1 server because they are in diferent sites.
if you dont want to create cas array the answer is yes. you run the command, clients will be noticed to restart outlook, and problem solved.

if that is the case how do i remove the casarray i created? and put databases back to the way they were.
answer- remove-clientaccessarray
set-mailboxdatavase -identity xtpo -rpcclientaccessserver servername
0
 

Author Comment

by:mnevoso
ID: 33468963
would you reccomend a cloudbased load balancing solution? for owa urls or do you know of any solution that has a failover for 2 urls if we have the physical load balancer in 1 site and the isp goes down everything is down for outside users, that could be a problem.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33471227
Yes that could be a problem. But if the ISP goes down mail will also stop flowing. I think thats one issue that you shouldnt worry. I only recommend internal load balancing solutions. Worrying about server failures is in my opinion your main job...
0
 

Author Comment

by:mnevoso
ID: 33471954
can you let me know if this is letting the dag replicate correctly?

VERBOSE: Connecting to EXCHANGE02.afr.local
VERBOSE: Connected to EXCHANGE02.afr.local.
[PS] C:\Users\administrator.AFR\Desktop>Get-MailboxDatabaseCopyStatus MDB01 -ConnectionStatus | fl name, outgoingconnect
ions,incomminglogcopyingnetwork


Name                : MDB01\EXCHANGE02
OutgoingConnections :

Name                : MDB01\EXCHANGE01
OutgoingConnections : {{EXCHANGE02,MAPI}}



[PS] C:\Users\administrator.AFR\Desktop>Get-MailboxDatabaseCopyStatus MDB02 -ConnectionStatus | fl name, outgoingconnect
ions,incomminglogcopyingnetwork


Name                : MDB02\EXCHANGE02
OutgoingConnections :

Name                : MDB02\EXCHANGE01
OutgoingConnections : {{EXCHANGE02,MAPI}}
0
 

Author Comment

by:mnevoso
ID: 33471958
that is the dag at 2 physical sites now and ips changed as in previous posts.
0
 

Author Comment

by:mnevoso
ID: 33471964
do you know if the following article can apply to 2 domains?
for example we have https://mail.domain1.com/owa and https://mail.domain2.com/owa
i want http to relay to https automatically depending on which domain they specify and go to the appropriate domain but https.

http://briandesmond.com/blog/redirecting-owa-urls-in-exchange-2010/
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33474867
can you let me know if this is letting the dag replicate correctly?

answer- yes both databases seem to be active in exchange01. you can test by manually on EMC failingover to exchange02. you can also see if one database copy is healthy (standby) and the other is active.

do you know if the following article can apply to 2 domains?
answer- you cannot have 2 domains on one IIS responding to the same thing. you only have one external URL per CAS server and is to that url that CAS is responding. So redirection has to be done to that URL. example: you type http://mail.domain.com from the outside world. you router sees one http (port 80) request coming and NAT's it to your CAS server. Your cas server IIS root directory sees a http://mail.domain.com coming and as you configured redirects it to https://mail.domain.com/owa.
my question is... why two domains??
0
 

Author Comment

by:mnevoso
ID: 33475135
the reason for two domains is we have 2 divisions of the company, which is in place before i started so half the company is domain1.com and other half is domain2.com, if i need to point to just 1 url that is no big deal.

the ony things i need to do now is make everything as seemless to the user when something fails.

externally i think i am going to use a cloud based failover system for owa so if one site is down it goes to the other site for owa/ecp/etc...

internally im not sure what to do if CASARRAY wont work...my boss doesnt want to have to make manual changes, is there anyway i can create some Virtual IP to a host name similar to a casarray that fails over to the other site so the outlook clients dont need to restart? the users will not know and since we have 300 internal i do not want to call them and take time away from resolving the issue.  what are your thoughts on that situation? im assuming the casarray may work as just a failover. what do you suggest?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33476380
You wont need to call the users. They will receive a message poping up in outlook saying that one administrative change as been made and that they need to restart outlook. As far as having full high avaiabilty without making changes, it's impossible to even think that when you have 1 server per site. Hugh avaiability scenarios with 2 sites include:
site 1 - 2 servers for DAG, 2 servers for HUB/CAS - total 4 servers
seite 2- same thing
Thats the only way you can get real high avaiability. The changes i've told you take 5min to make and are the best recommendable scenario when you cannot have more servers. resuming what you'll have is:
Mailbox role: DAG in site 1 and site 2. server failure causes failover with no downtime
HUB role: If server1 fails (the server where external mail is beeing delivered) then you ALWAYS need to change your mail relay to deliver in server2. How to avoid changes? have a scenario you HUB array (like i said in beggining of the post, hub/cas array) and have mail relay deliver to hub array. not possible in your number of servers.
CAS Role: with a external load balancer you can balance the external url to both cas servers. Internally you have two options with your number of servers:
option 1: point mailboxdatabase of users in site 1 to site 1 CAS and point mailbox database of users in site 2 to site 2 CAS. If site 1 server fails, point the users pointing to the failed server to the server in site 2. MANUALLY. users pointing to the failed server need to restart outllok. 1 command-2min. user impact
option 2: create 2 casarrays. one associated with site 1 and the other with site 2. Create 2 dns records pointing to casarray names. and ips in case of failure change the respective dns record to point to the other server ip. change the casarray association to point to the other site.do ipconfig /flushdns on exchange servers  3 commands-5min- no user impact

need to tell your boos that there is no other option with tthis number of servers. this is already a state of art solution
0
 

Author Comment

by:mnevoso
ID: 33476911
option 1: that makes complete sense, where can i get the commands for what you explained so i can keep them readily available.

option 2: for the casarray each site i wont need nlb correct just create the cas array and do as you mentioned. changed the ip and flushing dns on exchange server. what are the commands for this process?

for example is this what needs to be done:
exchange01 ip: 192.168.1.30
exchange02 ip: 192.168.6.30

casarray1 host name: site1
casarray2 host name: site2
casarray1 ip: 192.168.1.30
casarray2 ip: 192.168.6.30

DNS A Record: outlook point to 192.168.1.30
DNS A Record: outlook point to 192.168.6.30

or

DNS CNAME Record: outlook points to site1
DNS CNAME Record: outlook points to site2

or am i off on what you are explaining. this option seems best if i can configure everthing beforehand and just need to change the ips of some records and do a flushdns that will be much better in my opinion.

thanks again.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33480828
option 1: that makes complete sense, where can i get the commands for what you explained so i can keep them readily available

for example: site1 has server named exchange01  and site 2 has server named exchange02. mailbox database where site 1 users are is named MBX1 and for site 2 is MBX2.
site1 fails--> Mailboxes hosted in exchange01 do a DAG failover to exchange02
the command for CAS role is:
set-mailboxdatabase -identity MBX1 -rpcclientaccessserver exchange02
for HUB role you need to go into mail relay appliance and point it to ip of exchange02.
Thats done for option1
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33480881
option 2: for the casarray each site i wont need nlb correct just create the cas array and do as you mentioned. changed the ip and flushing dns on exchange server. what are the commands for this process?

for option 2 as example, same server names:
first create 2 client access arrays:
New-ClientAccessArray -FQDN casarray1.contoso.com -Site "Site 1" -Name "casarray1.contoso.com"
NOTE: the FQDN needs to match the record you are going to create on DNS. one A RECORD, not a CNAME
Also the site name must match your site name on ad sites and services.
do this for both sites.
Now.. site 1 fails:
Mailboxes hosted in exchange01 do a DAG failover to exchange02
for HUB role you need to go into mail relay appliance and point it to ip of exchange02
the command for CAS role is:
on EMS: set-clientaccessarray -FQDN casarray1.contoso.com -Site "Site 2" -name "casarray1.contoso.com" <<This will change the association of casaray1 to site 2. you can check what servers are associated doing a get-clientaccessarray |fl. before the command it should be asociated with exchange01 and after with exchange02>>
on DNS console change the A record to point to exchange02 ip
on both exchange servers (if 01 is down just on 02) do ipconfig /flushdns
thats done for site2

Please test both options and post the result. It's allways best to test business continuity and disater recovery statergies.
0
 

Author Comment

by:mnevoso
ID: 33480883
mail relay appliance? my firewall you mean? i already have our mxlogic pointing to both public ips in case one cannot be reached it will send mail to the other site.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33480986
Yes.. something that receives on a first instance to port 25 traffic from outside and redirects it to thje internal network..
0
 

Author Comment

by:mnevoso
ID: 33486785
for option 2 make the same casaaray on each site? or should it be casarray 1 and 2?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33489696
casarray1 and casarray2... casrray1 associated with site1 and casarray2 with site2.. after creating them do a get-casarray |fl and see which servers are associated with each casarray.. exchange01 should appear in casarray1 and exchange02 in casarray2
0
 

Author Comment

by:mnevoso
ID: 33500869
just create an a record which points to each cassaray and use the command line to change that way?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33500936
yes... create the two dns records with a tombstone value low...
in case of crash use the command line i gave you to change the site on the crashed casarray and change the record in dns to point to the other exchange server ip
0
 

Author Comment

by:mnevoso
ID: 33500999
ok, i will try that this week and let you know the results of both scenarios. it may not be towards the end of the week, but i will post the results with the failovers.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33501084
Ok. Test everything like we talked here and let me know the results when you finish.
0
 

Author Comment

by:mnevoso
ID: 33503697
for option 1 stated below, when site 1 comes back up do i need to re run any commands?

option 1: that makes complete sense, where can i get the commands for what you explained so i can keep them readily available

for example: site1 has server named exchange01  and site 2 has server named exchange02. mailbox database where site 1 users are is named MBX1 and for site 2 is MBX2.
site1 fails--> Mailboxes hosted in exchange01 do a DAG failover to exchange02
the command for CAS role is:
set-mailboxdatabase -identity MBX1 -rpcclientaccessserver exchange02
for HUB role you need to go into mail relay appliance and point it to ip of exchange02.
Thats done for option1
0
 

Author Comment

by:mnevoso
ID: 33504501
here is my test scenario

1 exchange server in each physical site
site1: exchange01
mailbox: MDB01

site2: exchange02
mailbox: MDB02

1 xp machine with outlook 2007 installed in site1
1 outside user (OWA from my house)

i pulled all the ethernet cables from the server in Site1 cannot access server now.
went on exchange02 and ran the following command from the exchange management shell

set-mailboxdatabase -identity MDB01 -rpcclientaccessserver exchange02

the output is as follows:

[PS] C:\Users\administrator.AFR\Desktop>set-mailboxdatabase -identity MDB01 -rpcclientaccessserver exchange02
WARNING: The task was successful, but Active Directory may not reflect the current results until replication occurs.
Error: "The Microsoft Exchange Active Directory Topology service on server EXCHANGE01.afr.local can't be contacted via
RPC. Error 0x6BA.".

I connected to site2 OWA address and the following is displayed when logging in:

 Your mailbox appears to be unavailable. Try to access it again in 10 seconds. If you see this error again, contact your helpdesk.

On the XP machine nothing has popped up yet.

i am not sure what is going on now, the dag didnt seem to work nor the CAS role switch...
if i go to mailboxes this is what is says

MDB01     EXCHANGE01     SERVICEDOWN
MDB01     EXCHANGE02     DISCONNECTING AND RESYNCHRONIZING

MDB02     EXCHANGE02     HEALTHY
MDB02     EXCHANGE01     SERVICEDOWN
0
 

Author Comment

by:mnevoso
ID: 33504648
i plugged the nics back in, everthing is ok except MDB01 on EXCHANGE02 says Disconnected and Resynchronising and MDB02 on Exchange01 sasy Disconnected and Resynchronizing.

what are the commands to put them back to their original state?
0
 

Author Comment

by:mnevoso
ID: 33504911
once i rebooted exchange01
and ran get-mailboxdatabase both MDB01 and MDB02 came up as EXCHANGE02

i ran the command

[PS] C:\Windows\system32>get-mailboxdatabase

Name                           Server          Recovery        ReplicationType
----                           ------          --------        ---------------
MDB01                          EXCHANGE02      False           Remote
MDB02                          EXCHANGE02      False           Remote


[PS] C:\Windows\system32>set-mailboxdatabase -identity MDB01 -rpcclientaccessserver exchange01
WARNING: The command completed successfully but no settings of 'MDB01' have been modified.


but nothing has changed. any insight?
0
 

Author Comment

by:mnevoso
ID: 33504997
believe i am figuring it out, but how do i make MDB01 be the database on exchange01 and MDB02 primary on exchange02 that seemed to be my issue in what happened.  not sure what to do when the servers reboot because that is what is changed them.
0
 

Author Comment

by:mnevoso
ID: 33505070
believe i fixed it now:

[PS] C:\Windows\system32>get-mailboxdatabase

Name                           Server          Recovery        ReplicationType
----                           ------          --------        ---------------
MDB01                          EXCHANGE01      False           Remote
MDB02                          EXCHANGE02      False           Remote

what does Recovery and ReplicationType refer too?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33505809
for option 1 stated below, when site 1 comes back up do i need to re run any commands?

Yes you need to re run the commands, not for things to get functional because when site1 goes up again mailboxes will all be on site2 and using site2 CAS. But assuming that when site1 becomes avaiable, you will force the DAG to active MBX1 on site1 again (it doesnt failback automaticly) you will also want to have MBX1 using exchange01 again as client access server, and for that, YES.. rerun the command
0
 

Author Comment

by:mnevoso
ID: 33505832
were you able to see where i went wrong with that? i will try it again now. possibly because both DB were on one server and i didnt notice.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33505862

[PS] C:\Users\administrator.AFR\Desktop>set-mailboxdatabase -identity MDB01 -rpcclientaccessserver exchange02
WARNING: The task was successful, but Active Directory may not reflect the current results until replication occurs.
Error: "The Microsoft Exchange Active Directory Topology service on server EXCHANGE01.afr.local can't be contacted via
RPC. Error 0x6BA.".
 this means that, because exchange servers are on different sites and also the domain controllers, active directory on site1 (assuming that command is run on site2) will only be informed of the location of MDB01 client access server when replication occurs, typically every 15min. It's on active directory thats users (outllok) will see what client access to consult.. so if users are on site1 and using site1 dc you may need to wait 15min or force replication on ad sites and services console.

MDB01     EXCHANGE01     SERVICEDOWN
MDB01     EXCHANGE02     DISCONNECTING AND RESYNCHRONIZING

MDB02     EXCHANGE02     HEALTHY
MDB02     EXCHANGE01     SERVICEDOWN
removing network cables does not stop the exchange services, like a server crash stops.. so what you need to do in this case is go to exchange02 and on MDB01 right click and choose activate (on the dag section of the management console).. if your test was removing the power cables the failover was imediate..
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33505898
once i rebooted exchange01
and ran get-mailboxdatabase both MDB01 and MDB02 came up as EXCHANGE02

like i said on previous post.. the reboot forced the failover and now both mailboxes are active in exchange02


[PS] C:\Windows\system32>set-mailboxdatabase -identity MDB01 -rpcclientaccessserver exchange01
WARNING: The command completed successfully but no settings of 'MDB01' have been modified.


but nothing has changed. any insight?

nothing changed because this was the second time you ran the command.. and rpcclientaccessserver was already exchange02

believe i am figuring it out, but how do i make MDB01 be the database on exchange01 and MDB02 primary on exchange02 that seemed to be my issue in what happened.

like i said.. rebooting exchange01 changed mdb01 to exchange02.. tu put it back go to management console and in the database copies right click the healthy (exchange01) and choose activate..
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33505912
believe i fixed it now:

[PS] C:\Windows\system32>get-mailboxdatabase

Name                           Server          Recovery        ReplicationType
----                           ------          --------        ---------------
MDB01                          EXCHANGE01      False           Remote
MDB02                          EXCHANGE02      False           Remote

what does Recovery and ReplicationType refer too?

recovery means that this are not recovery databases (created to get restores of backups and recover individual mailboxes or mails).. and replication means that is beeing replicated
0
 

Author Comment

by:mnevoso
ID: 33505914
ok, that is what i did thanks for confirming. i will try my fail over method again. before i do with my test scenario of option 1 that should work the way i did it correct?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33505938
were you able to see where i went wrong with that? i will try it again now. possibly because both DB were on one server and i didnt notice.

No.. i think that, what went wrong was that you unplugged the cables but services where still up.. explaining better is.. exchange01 lost communications with exchange02 but that doesnt mean that exchange01 had problems.. he had all its services working so "he thinks".. ok.. i'm not communicating with exchange02 but i'm ok.. probably exchange services will start crashing but the result is not so immeadiate has removing power cable...

do the following..

first a remove power cable test..

second a remove network cable test.. and to speed things up try and activate mdb01 on exchange02 direcctly after cables are removed.,.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33505948
ok, that is what i did thanks for confirming. i will try my fail over method again. before i do with my test scenario of option 1 that should work the way i did it correct?

correct.. dont forget.. different sites so 15minutes or force replication until site1 users know that their client access server changed.. averything else is 5*

test and post results
0
 

Author Comment

by:mnevoso
ID: 33505975
so once i pull the ethernet cables out, how long do i wait until i run the command on site 2? or can i do it instantly and then need to wait 15 minutes for it to take affect?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33505989
do instantly and wait 15min to take effect... and also instantly try and activate MDB01 on exchange02 using the exchange02 management console
0
 

Author Comment

by:mnevoso
ID: 33506188
The failover worked perfectly with option 1. Took about 5 min or so for it to replicate. i am in the process now of bringing exchange01 back online, the steps for that is run the reverse command then wait until they DB is in healthy state and then activate that correct?
0
 

Author Comment

by:mnevoso
ID: 33506229
about how long should the copy statue be at disconnected and resynchronizing?
0
 

Author Comment

by:mnevoso
ID: 33506673
for some reason i cannot get the mdb01 database to come online. any ideas why?

[PS] C:\Windows\system32>get-mailboxdatabasecopystatus -identity mdb01 | format-list


RunspaceId                       : 352ecb0c-8e91-4b60-a7e0-1fa08770a4bf
Identity                         : MDB01\EXCHANGE02
Name                             : MDB01\EXCHANGE02
DatabaseName                     : MDB01
Status                           : Mounted
MailboxServer                    : EXCHANGE02
ActiveDatabaseCopy               : exchange02
ActivationSuspended              : False
ActionInitiator                  : Service
ErrorMessage                     :
ErrorEventId                     :
ExtendedErrorInfo                :
SuspendComment                   :
SinglePageRestore                : 0
ContentIndexState                : Healthy
CopyQueueLength                  : 0
ReplayQueueLength                : 0
LatestAvailableLogTime           :
LastCopyNotificationedLogTime    :
LastCopiedLogTime                :
LastInspectedLogTime             :
LastReplayedLogTime              :
LastLogGenerated                 : 0
LastLogCopyNotified              : 0
LastLogCopied                    : 0
LastLogInspected                 : 0
LastLogReplayed                  : 0
LatestFullBackupTime             :
LatestIncrementalBackupTime      :
LatestDifferentialBackupTime     :
LatestCopyBackupTime             :
SnapshotBackup                   :
SnapshotLatestFullBackup         :
SnapshotLatestIncrementalBackup  :
SnapshotLatestDifferentialBackup :
SnapshotLatestCopyBackup         :
LogReplayQueueIncreasing         : False
LogCopyQueueIncreasing           : False
OutstandingDumpsterRequests      : {}
OutgoingConnections              :
IncomingLogCopyingNetwork        :
SeedingNetwork                   :
ActiveCopy                       : True

RunspaceId                       : 352ecb0c-8e91-4b60-a7e0-1fa08770a4bf
Identity                         : MDB01\EXCHANGE01
Name                             : MDB01\EXCHANGE01
DatabaseName                     : MDB01
Status                           : DisconnectedAndResynchronizing
MailboxServer                    : EXCHANGE01
ActiveDatabaseCopy               : exchange02
ActivationSuspended              : False
ActionInitiator                  : Unknown
ErrorMessage                     : The Microsoft Exchange Replication service was unable to perform an incremental rese
                                   ed of database copy 'MDB01\EXCHANGE01' due to a network error. The database copy sta
                                   tus will be set to Disconnected. Error An error occurred while attempting to access
                                   remote resources. Error: An error occurred while communicating with server 'EXCHANGE
                                   02'. Apparent network timeouts may also be caused by unresponsive servers or storage
                                   . Error: A socket operation was attempted to an unreachable network 10.20.1.30:64327

ErrorEventId                     : 2058
ExtendedErrorInfo                :
SuspendComment                   :
SinglePageRestore                : 0
ContentIndexState                : Healthy
CopyQueueLength                  : 3
ReplayQueueLength                : 0
LatestAvailableLogTime           : 8/23/2010 4:01:20 PM
LastCopyNotificationedLogTime    : 8/23/2010 4:01:20 PM
LastCopiedLogTime                : 8/23/2010 7:21:33 PM
LastInspectedLogTime             : 8/23/2010 7:21:33 PM
LastReplayedLogTime              : 8/23/2010 7:21:33 PM
LastLogGenerated                 : 58
LastLogCopyNotified              : 50
LastLogCopied                    : 55
LastLogInspected                 : 55
LastLogReplayed                  : 55
LatestFullBackupTime             :
LatestIncrementalBackupTime      :
LatestDifferentialBackupTime     :
LatestCopyBackupTime             :
SnapshotBackup                   :
SnapshotLatestFullBackup         :
SnapshotLatestIncrementalBackup  :
SnapshotLatestDifferentialBackup :
SnapshotLatestCopyBackup         :
LogReplayQueueIncreasing         : False
LogCopyQueueIncreasing           : False
OutstandingDumpsterRequests      : {}
OutgoingConnections              :
IncomingLogCopyingNetwork        :
SeedingNetwork                   :
ActiveCopy                       : False
0
 

Author Comment

by:mnevoso
ID: 33506681
in my active directory sites ans services do i need to add the replication subnets under the subnets folder?
0
 

Author Comment

by:mnevoso
ID: 33506981
quick questions on the static routes this is what i have in site 1
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
        10.20.1.0    255.255.255.0      192.168.1.1       1
          0.0.0.0          0.0.0.0      192.168.1.4  Default
===========================================================================

is that correct? or do i need to create a site to site that includes the 10.20.1.0 and 10.10.1.0 networks as address objects?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507033
The failover worked perfectly with option 1. Took about 5 min or so for it to replicate. i am in the process now of bringing exchange01 back online, the steps for that is run the reverse command then wait until they DB is in healthy state and then activate that correct?

first move the database to exchange01... wait for healthy and active.. then move the CAS running the command..
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507038
about how long should the copy statue be at disconnected and resynchronizing?

disconnected until both servers communicate by replication network.. resync depends on number of changes while exchange01 was down
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507066
ErrorMessage                     : The Microsoft Exchange Replication service was unable to perform an incremental rese
                                   ed of database copy 'MDB01\EXCHANGE01' due to a network error. The database copy sta
                                   tus will be set to Disconnected. Error An error occurred while attempting to access
                                   remote resources. Error: An error occurred while communicating with server 'EXCHANGE
                                   02'. Apparent network timeouts may also be caused by unresponsive servers or storage
                                   . Error: A socket operation was attempted to an unreachable network 10.20.1.30:64327
replication networks are not communicating.. can you ping from replication networks between exchange01 and 02?

in my active directory sites ans services do i need to add the replication subnets under the subnets folder?
nop

quick questions on the static routes this is what i have in site 1
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
        10.20.1.0    255.255.255.0      192.168.1.1       1
          0.0.0.0          0.0.0.0      192.168.1.4  Default
===========================================================================

is that correct? or do i need to create a site to site that includes the 10.20.1.0 and 10.10.1.0 networks as address objects?

you can add the networks but you should not need that.. thats only to replicate ad info and not the DAG info.. are you beeing able to ping between servers in repl network?

is 192.168.1.1 the gateway for the site to site vpn?

0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507073
10.20.1.30:64327 also try and reach this port.. if ping is successfull.. this is clearly a communications problem.. check firewall also..
0
 

Author Comment

by:mnevoso
ID: 33507116
i am unable to ping between networks in site to site.
now this may have occurred because i forgot to create the new site in ad sites and services and i did that today.

i did not install the new DC/GC server yet that will be tomorrow or wednesday..this could be the reason also not sure.

192.168.1.1 is the router ip which does the site to site yes.

how can i be sure im pinging 10.20.1.30 from the 10.10.1.0 network?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507135
try and ping the default gateway 192.168.1.1
in ping he will use the route table,.. shown in route print.. also you can try traceroute
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507148
you should be able to ping... even with sites not build.. did you used the -p option when creating the static routes? to be persistent

i think that replication networks were communicating before the reboot.. right??
0
 

Author Comment

by:mnevoso
ID: 33507161
may have figure it out

for the routes the network address, network mask and gateway should all be of the OTHER site correct? right now i have the network address and mask of the other site and the gateway is the site that it is at not the other
0
 

Author Comment

by:mnevoso
ID: 33507165
i never tried to ping the networks but they worked before i did ad sites and services.
0
 

Author Comment

by:mnevoso
ID: 33507182
it seems i can ping the gateway on site 1 from both sites, but the gateway on site 2 only from site 2. so that might be the issue.
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 

Author Comment

by:mnevoso
ID: 33507197
really starting to lean towards the other dc/gc is not in site 2 yet.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507246
so site 2 can reach site 1.. right.. exchange02 can reach exchange01 on repl network.. right?
0
 

Author Comment

by:mnevoso
ID: 33507249
yea i am going to have to wait and see once i get the other dc/gc installed. this all happened once i created the sites and added subnets in AD sites and Srvices. i could try removing it but, i can wait the day or so to see it wont harm anything its only in test phases anyway.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507254
post the repl network configs and the route print output from both servers
0
 

Author Comment

by:mnevoso
ID: 33507261
im assuming the replication network, not sure how to specify which network to send ping from.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507264
if exchange02 can ping exchange01 on repl network than exchange02 has routes ok.. exchange01 doesnt..
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507271
what are the ip addresses of the replication network on both servers? and the subnetmask also..
0
 

Author Comment

by:mnevoso
ID: 33507276
how do i know if it is using the replication network? just ping 10.10.1.30 from exchange02?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507278
for the routes the network address, network mask and gateway should all be of the OTHER site correct?
nop... network address and network mask should be from the other site..gateway should be from destination site...
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507285
10.10.1.30 is the repl address of exchange01? yes just ping it..
0
 

Author Comment

by:mnevoso
ID: 33507289
ok yea that is how i have it setup
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507301
lets assume that:

site1:
default gateway for vpn site to site 192.168.1.1
repl network add 10.10.1.30 subnetmask 255.255.255.0
site2:
default gateway for vpn site to site 192.168.6.1
repl network add 10.20.1.30 subnetmask 255.255.255.0

route on site 1:
route add -p 10.20.1.0 255.255.255.0 gateway 192.168.1.1
route on site 2:
route add -p 10.10.1.0 255.255.255.0 gateway 192.168.6.1
0
 

Author Comment

by:mnevoso
ID: 33507316
that is exactly how i have it now. still think the new site without the global catalog is causing an issue.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33507335
maybe.. anyway.. for testing purposes you should have everything as it will be in production... we continue this after you have it set.. for troubleshoot netowrking you can also see how is mapi network communicating between servers.. ping gateway from each server (is own).. because i think if exchange02 can reach exchange01 on repl network and not the other way around this should be a simple thing that is missing.. put everything as it should be and then we continue.
0
 

Author Comment

by:mnevoso
ID: 33507350
ok sounds good. but how can i ping replicaiton to replication network?
0
 

Author Comment

by:mnevoso
ID: 33511037
can you just explain how to ping the other site through the replication network?
i tried a regular ping to no avail.
0
 

Author Comment

by:mnevoso
ID: 33511151
also i double checked the port is open on both servers for all network types especially since the replication networks are designated as public.

it was all working, it just stopped working once i created the sites and subnets in ad sites and services. i really think it has something to do without it having a gc at the other site.
0
 

Author Comment

by:mnevoso
ID: 33511491
for a test i enabled replication on the MAPI network and the DBS initialized right away...what do you think caused the isssue?
0
 

Author Comment

by:mnevoso
ID: 33511504
i then disbaled replication and the databases are still up...
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33511526
ok sounds good. but how can i ping replicaiton to replication network?
when you try and ping the other site repl network, he would consult the routing table and go for the route he needs.. anyway you can, for testing purposes, disable the mapi network adapter and try and ping with only one adapter enabled.. also check the binding order.. repl network should be on second place in the order..  also do a traceroute to see where does the packages get lost.. if on his own default gateway or on the gateway from the other site... just confirm me.. exchange02 can ping exchange01 on repl network? exchange01 cannot ping exchange02 on repl network? is this right?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33511562
enabling replication on mapi network solved the issue because your problem is that repl network is not working... and if you use mapi network everything works fine... disabling it seems to have everything working fine because he is still using mapi network to replicate.. only on the first failover he will change and fail
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33511583
we need to put repl network working fine... communicating.. use traceroute for debug the issue.. thats a network issue for sure and we wont break at this point :)
0
 

Author Comment

by:mnevoso
ID: 33511586
checked network connections
MAPI is first Then Replication
Bindings for Replication there is nothing checked do i need anything checked?

this is on both servers also.

repl network site a 10.10.1.0
repl network site b 10.20.1.0

if i ping 10.10.1.30 from site b (exchange02) i get nothing
if i ping 10.20.1.30 from site a (exchange01) i get nothing.
0
 

Author Comment

by:mnevoso
ID: 33511637
im running a tracert 10.20.1.30 from site a
everything is timing out from the get go.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33511641
traceroute instead of ping and tell me what results do you have
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33511686
0
 

Author Comment

by:mnevoso
ID: 33511703
not sure if this has anything to do with it on site a

the router that does site to site is 192.168.1.1
the actual gateway the servers use is 192.168.1.4 (managed l3 switch)

thee route on site a used gateway of 192.168.1.1
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33511741
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33511792
i found the issue (i think)... the default gateway of site to site is 192.168.1.1... not the same network as 10.10.1.0.. so they will never be able to reach the default gateway.. you need to have one ip on the site to site router on the same network as the repl on both sites... when it's not on same network he needs to use a gateway that is... try it.. be back later
0
 

Author Comment

by:mnevoso
ID: 33512709
lets step back a bit this is what i have done with no avail:

tested on my firewall what is trying to get to either of the repl netoworks and the source is coming from MAPI. need to find out why that is.

second no matter what i do i cannot ping either way i thought that is why we added static routes on each server? if that is the case i am unable to create another gateway on my firewalls unless i create a new network completely with a seperate switch and connec to the repl networks that way.

maybe that is what i need to do? right now the mapi and repl networks are plugged into the same switch, could that be causing it?
0
 

Author Comment

by:mnevoso
ID: 33512832
also just found out that exchange02 cannot get access to file share witness. this can be caused by not haveing  GC?
0
 

Author Comment

by:mnevoso
ID: 33512921
File share witness resource 'File Share Witness (\\DMDSQL.AFR.LOCAL\DAG1.AFR.LOCAL)' failed to arbitrate for the file share '\\DMDSQL.AFR.LOCAL\DAG1.AFR.LOCAL'. Please ensure that file share '\\DMDSQL.AFR.LOCAL\DAG1.AFR.LOCAL' exists and is accessible by the cluster.

what permissions does this share need? i havent changed anything, but when i go to that server through network i cannot open the share says it is inaccessible
0
 

Author Comment

by:mnevoso
ID: 33513069
nevermind that the errors were from yesterday. there are none for today it says connected.
0
 

Author Comment

by:mnevoso
ID: 33513692
EXCHANGE01

[PS] C:\Windows\system32>get-databaseavailabilitygroupnetwork

Identity                                ReplicationEnabled                      Subnets
--------                                ------------------                      -------
DAG1\MAPI                               False                                   {{192.168.1.0/24,Up}, {192.168.6.0/2...
DAG1\Replication                        True                                    {{10.10.1.0/24,Up}, {10.20.1.0/24,Up}}

[PS] C:\Windows\system32>Test-ReplicationHealth

Server          Check                      Result     Error
------          -----                      ------     -----
EXCHANGE01      ClusterService             Passed
EXCHANGE01      ReplayService              Passed
EXCHANGE01      ActiveManager              Passed
EXCHANGE01      TasksRpcListener           Passed
EXCHANGE01      TcpListener                Passed
EXCHANGE01      DagMembersUp               Passed
EXCHANGE01      ClusterNetwork             Passed
EXCHANGE01      QuorumGroup                Passed
EXCHANGE01      FileShareQuorum            Passed
EXCHANGE01      DBCopySuspended            Passed
EXCHANGE01      DBCopyFailed               Passed
EXCHANGE01      DBInitializing             Passed
EXCHANGE01      DBDisconnected             Passed
EXCHANGE01      DBLogCopyKeepingUp         Passed
EXCHANGE01      DBLogReplayKeepingUp       Passed
0
 

Author Comment

by:mnevoso
ID: 33513730
EXCHANGE02

[PS] C:\Users\administrator.AFR\Desktop>get-databaseavailabilitygroupnetwork

Identity                                ReplicationEnabled                      Subnets
--------                                ------------------                      -------
DAG1\MAPI                               False                                   {{192.168.1.0/24,Up}, {192.168.6.0/2...
DAG1\Replication                        True                                    {{10.10.1.0/24,Up}, {10.20.1.0/24,Up}}


[PS] C:\Users\administrator.AFR\Desktop>Test-ReplicationHealth

Server          Check                      Result     Error
------          -----                      ------     -----
EXCHANGE02      ClusterService             Passed
EXCHANGE02      ReplayService              Passed
EXCHANGE02      ActiveManager              Passed
EXCHANGE02      TasksRpcListener           Passed
EXCHANGE02      TcpListener                Passed
EXCHANGE02      DagMembersUp               Passed
EXCHANGE02      ClusterNetwork             Passed
EXCHANGE02      QuorumGroup                Passed
EXCHANGE02      FileShareQuorum            Passed
EXCHANGE02      DBCopySuspended            Passed
EXCHANGE02      DBCopyFailed               Passed
EXCHANGE02      DBInitializing             Passed
EXCHANGE02      DBDisconnected             Passed
EXCHANGE02      DBLogCopyKeepingUp         Passed
EXCHANGE02      DBLogReplayKeepingUp       Passed
0
 

Author Comment

by:mnevoso
ID: 33513749
[PS] C:\Users\administrator.AFR\Desktop>Get-MailboxDatabaseCopyStatus mdb01 -ConnectionStatus | fl name, outgoingconnect
ions,incomminglogcopyingnetwork


Name                : MDB01\EXCHANGE02
OutgoingConnections :

Name                : MDB01\EXCHANGE01
OutgoingConnections : {{EXCHANGE02,MAPI}}
0
 

Author Comment

by:mnevoso
ID: 33513758
shouldnt outgoing connections say REPLICATION and not MAPI?

if everything looks good, why cant i ping the 10.10.1.0 / 10.20.1.0 networks
0
 

Author Comment

by:mnevoso
ID: 33513867
any other commands you want me to run or settings you need?
0
 

Author Comment

by:mnevoso
ID: 33515432
http://technet.microsoft.com/en-us/library/dd638104.aspx

based on that article it looks like i need to create 2 networks 1 in site 1 and 1 in site 2 and connect the repl nics to those networks and add that into the site to site vpn...any thoughts?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33516532
lets step back a bit this is what i have done with no avail:

tested on my firewall what is trying to get to either of the repl netoworks and the source is coming from MAPI. need to find out why that is.

answer: I know why the source is comming from MAPI.. because the default gateway you have configured on the static route is 192.168.1.1.. which is from the MAPI subnet.. like i said you need to have on both routers on ip from the repl network

second no matter what i do i cannot ping either way i thought that is why we added static routes on each server? if that is the case i am unable to create another gateway on my firewalls unless i create a new network completely with a seperate switch and connec to the repl networks that way.

maybe that is what i need to do? right now the mapi and repl networks are plugged into the same switch, could that be causing it?

answer: yes, thats what you need to do.. you can have 2 subnets on the same switch as long as the router that is connected to that switch has one ip for each subnet to work as default gateway.. thats for sure what you need to do. if you want to isolate the subnets you can create vlans...
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33516549
also just found out that exchange02 cannot get access to file share witness. this can be caused by not haveing  GC?

answer: yes it can. and also can be caused by the lack of communication on the repl network.. whatever you do we must make repl network working and the only option is the one i told you on the last posts..
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33516557
File share witness resource 'File Share Witness (\\DMDSQL.AFR.LOCAL\DAG1.AFR.LOCAL)' failed to arbitrate for the file share '\\DMDSQL.AFR.LOCAL\DAG1.AFR.LOCAL'. Please ensure that file share '\\DMDSQL.AFR.LOCAL\DAG1.AFR.LOCAL' exists and is accessible by the cluster.

what permissions does this share need? i havent changed anything, but when i go to that server through network i cannot open the share says it is inaccessible

answer: you dont need to change anything
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33516559
nevermind that the errors were from yesterday. there are none for today it says connected.

excelent
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33516585
shouldnt outgoing connections say REPLICATION and not MAPI?

if everything looks good, why cant i ping the 10.10.1.0 / 10.20.1.0 networks

answer: everything looks good because you enabled replication on MAPI network and probably havent rebooted since.. he is using mapi network to replicate still.. everythimg looks good but it isnt good.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33516625
http://technet.microsoft.com/en-us/library/dd638104.aspx

based on that article it looks like i need to create 2 networks 1 in site 1 and 1 in site 2 and connect the repl nics to those networks and add that into the site to site vpn...any thoughts

answer: let me try and explain. if both servers where on the same site, and on the same subnet (because they are on different sites is impossible to be on the same subnet).. we wont be having this problems, because repl network wont need no default gateway to communicate.. because they are in different sites, you NEED to create both replication networks on both vpn site to site routers.. those routers need one ip from that subnet to communicate. for example:
site1:
repl network ip- 10.10.1.30
repl network netmask: 255.255.255.0
vpn site to site router: 10.10.1.254
and on the static route: route add -p 10.20.1.0 mask 255.255.255.0 10.10.1.254
site 2:
repl network ip- 10.20.1.30
repl network netmask: 255.255.255.0
vpn site to site router: 10.20.1.254
and on the static route: route add -p 10.10.1.0 mask 255.255.255.0 10.20.1.254

this is the only scenario that can be done to solve the issue.. with 192.168.1.1 as gateway for 10.20.10.0 network he will always use the mapi network
0
 

Author Comment

by:mnevoso
ID: 33516821
so you are saying i can assign a port on my firewall to be 10.10.1.254 network plug that into the same switch as  everything else and that will not cause any conflicts correct? then at that point i am able to ping back and forth by using the static routes? or do i need a different switch all together to handle that?

once that is up i need to add those networks into the site to site vpn as well correct?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33517436
so you are saying i can assign a port on my firewall to be 10.10.1.254 network plug that into the same switch as  everything else and that will not cause any conflicts correct? then at that point i am able to ping back and forth by using the static routes? or do i need a different switch all together to handle that?

once that is up i need to add those networks into the site to site vpn as well correct?

answer: yes. in that case you need to networks on your firewall.. the 192.168 and the 10.x

and yes those networks need to be both on the site to site
0
 

Author Comment

by:mnevoso
ID: 33517716
do i need to do anything in the site to site to keep the mapi and replication from being able to ping each other or connect? or does it not matter
0
 

Author Comment

by:mnevoso
ID: 33517737
also would i still need to add the routes on each server?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33519883
do i need to do anything in the site to site to keep the mapi and replication from being able to ping each other or connect? or does it not matter

answer: it's not necessary

also would i still need to add the routes on each server?

answer: yes.. the servers default gateway is 192.168.1.4 and 192.168.6.4 (i think) and the gateway for the repl network needs to be another one.. on the 10 network.. so yes you need static routes
0
 

Author Comment

by:mnevoso
ID: 33521220
ok everything is all done except the second network which i need to plug the network into the switch at the second site. the only thing is i cant ping 10.10.1.30 from internal im assuming i cant 1 because they are different networks and 2 because there is no dns or gateway setup and that is why i need the static routes configured as well.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33521515
yes.. thats why you need static routes... if 10.10.1.30 is the exchange01 repl network and the 10.10.1.254 is the ip you configured on the firewall start by pinging 10.10.1.254 from exchange.. their are on the same subnet and theres no need for gateway to ping internally (be sure that subnetmasks are the same)... after that successfull ping create the static route
0
 

Author Comment

by:mnevoso
ID: 33521535
ok cool i will let you know later this afternoon. i am waiting for the second server to arrive them i am bringing it over to the second site and installing it.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33521557
ok.. keep me posted..
0
 

Author Comment

by:mnevoso
ID: 33524250
ok still cannot ping, even with static routes in.

i can however get it to ping if i add the gateway into the properties of the replication nic and wait for the network to combine with my domain.local, then it works. what i think i need to do is somehow change my replication network from public and unidentified to work and the same as my domain.local.
0
 

Author Comment

by:mnevoso
ID: 33524410
ok i rebooted both servers, both say unidentified network and public.

it takes a few times to ping but eventually gets through and looks like all outgoing connections are over replication network. is there a way to force it to keep the connection? even though it is persistent it is intermittent on the ping and i need to run it 2 or 3 times.
0
 

Author Comment

by:mnevoso
ID: 33524447
when doing a ping it gets request times out 6 times before connecting...do i need to change the metric or is this normal? and i verified with this command

Get-MailboxDatabaseCopyStatus mdb01 -ConnectionStatus | fl name, outgoingconnections,incomminglogcopyingnetwork

it is going through replication network now. just need to get it to have a constant connection.
0
 

Author Comment

by:mnevoso
ID: 33526468
im also having an issue now with emails stuck on exchange01 they are not sending over to the other site since it is not the primary incoming mail server at the moment

i am getitng error 451 4.4.0 primary target ip address responded with 421 4.3.2 service not available.

just to let you know from default on recieve connectors i removed "receive mail from remote servers" the defaults and put in IP range from my antispam solution. i tried adding in the ips of the other exchange servers on each and still nothing, i also cannot telnet to each one comes up with same error.
0
 

Author Comment

by:mnevoso
ID: 33526710
here are some other erros i found after running some tests if you can shed some light how to fix:

1. The HostRecordTTL property for network name 'Name: DAG1' is set to 1200 ( 20 minutes). For multi-site clusters the suggested value is 300 (5 minutes).

2. Validating cluster resource Name: DAG1.
This resource is marked with a state of 'Offline'. The functionality that this resource provides is not available while it is in the offline state. The resource may be put in this state by an administrator or program. It may also be a newly created resource which has not been put in the online state or the resource may be dependent on a resource that is not online. Resources can be brought online by choosing the 'Bring this resource online' action in Failover Cluster Manager.
Validating cluster resource File Share Witness (\\DMDSQL.AFR.LOCAL\DAG1.AFR.LOCAL) (\\DMDSQL.AFR.LOCAL\DAG1.AFR.LOCAL).
Validating cluster resource IP Address: 192.168.1.32.
This resource is marked with a state of 'Offline'. The functionality that this resource provides is not available while it is in the offline state. The resource may be put in this state by an administrator or program. It may also be a newly created resource which has not been put in the online state or the resource may be dependent on a resource that is not online. Resources can be brought online by choosing the 'Bring this resource online' action in Failover Cluster Manager.

2. Analyzing connectivity results ...
Node EXCHANGE02.afr.local is reachable from Node EXCHANGE01.afr.local by only one pair of interfaces. It is possible
that this network path is a single point of failure for communication within the cluster. Please verify that
this single path is highly available or consider adding additional networks to the cluster.
The following are all pings attempted from network interfaces on node EXCHANGE01.afr.local to network interfaces on node EXCHANGE02.afr.local.

Result  Source Network Interface  Destination Network Interface  Same Cluster Network  Maximum Allowed Round-Trip Latency  
Success  EXCHANGE01.afr.local - MAPI  EXCHANGE02.afr.local - MAPI  False  2000  
Failure  EXCHANGE01.afr.local - MAPI  EXCHANGE02.afr.local - Replication  False  2000  
Failure  EXCHANGE01.afr.local - Replication  EXCHANGE02.afr.local - MAPI  False  2000  
Failure  EXCHANGE01.afr.local - Replication  EXCHANGE02.afr.local - Replication  False  2000  

Result  Source IP Address  Destination IP Address  
Success  192.168.1.30  192.168.6.30  

Result  Source IP Address  Destination IP Address  
Failure  192.168.1.30  10.20.1.30  

Result  Source IP Address  Destination IP Address  
Failure  10.10.1.30  192.168.6.30  

Result  Source IP Address  Destination IP Address  
Failure  10.10.1.30  10.20.1.30  


Node EXCHANGE01.afr.local is reachable from Node EXCHANGE02.afr.local by only one pair of interfaces. It is possible
that this network path is a single point of failure for communication within the cluster. Please verify that
this single path is highly available or consider adding additional networks to the cluster.
The following are all pings attempted from network interfaces on node EXCHANGE02.afr.local to network interfaces on node EXCHANGE01.afr.local.

Result  Source Network Interface  Destination Network Interface  Same Cluster Network  Maximum Allowed Round-Trip Latency  
Success  EXCHANGE02.afr.local - MAPI  EXCHANGE01.afr.local - MAPI  False  2000  
Failure  EXCHANGE02.afr.local - MAPI  EXCHANGE01.afr.local - Replication  False  2000  
Failure  EXCHANGE02.afr.local - Replication  EXCHANGE01.afr.local - MAPI  False  2000  
Failure  EXCHANGE02.afr.local - Replication  EXCHANGE01.afr.local - Replication  False  2000  

Result  Source IP Address  Destination IP Address  
Success  192.168.6.30  192.168.1.30  

Result  Source IP Address  Destination IP Address  
Failure  192.168.6.30  10.10.1.30  

Result  Source IP Address  Destination IP Address  
Failure  10.20.1.30  192.168.1.30  

Result  Source IP Address  Destination IP Address  
Failure  10.20.1.30  10.10.1.30  

4. Unrecognized Exchange Signature
Active Directory domain 'AFR' has an unrecognized Exchange signature. Current DomainPrep version: 12639.

5. The public folder store where the site offline address book is hosted was not detected. The hosting server may be unreachable or the public folder store does not exist. Public folder store: CN=PFDB01,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=afr,DC=local.

6. The 'MaxQuorumLogSize' value on Exchange cluster EXCHANGE01 is too small and may cause fail-over problems. The recommended value is 4194304 (4096 KB). Current value: 1024.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33526927
when doing a ping it gets request times out 6 times before connecting...do i need to change the metric or is this normal? and i verified with this command

Get-MailboxDatabaseCopyStatus mdb01 -ConnectionStatus | fl name, outgoingconnections,incomminglogcopyingnetwork

it is going through replication network now. just need to get it to have a constant connection

answer: its normal because he uses first the default gateway.. you can change metrics but i dont think this will harm your dag beeing as is.. try and rebbot to see if dag comes up with repl network working.. try the failover test again..
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33526943
im also having an issue now with emails stuck on exchange01 they are not sending over to the other site since it is not the primary incoming mail server at the moment

i am getitng error 451 4.4.0 primary target ip address responded with 421 4.3.2 service not available.

just to let you know from default on recieve connectors i removed "receive mail from remote servers" the defaults and put in IP range from my antispam solution. i tried adding in the ips of the other exchange servers on each and still nothing, i also cannot telnet to each one comes up with same error.
answer: you need to add on both receive connectors (default):
-ip of the other exchange server
-ip of the anti spam gateway

try telnet exchangexx 25 from one server to another.. also as test add the repl network ip to the receive connector.. as last resort test.. reboot transport service after each change..
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33527006
1. The HostRecordTTL property for network name 'Name: DAG1' is set to 1200 ( 20 minutes). For multi-site clusters the suggested value is 300 (5 minutes).

answer: you can change it but theres no problem with that..

2. Validating cluster resource Name: DAG1.
This resource is marked with a state of 'Offline'. The functionality that this resource provides is not available while it is in the offline state. The resource may be put in this state by an administrator or program. It may also be a newly created resource which has not been put in the online state or the resource may be dependent on a resource that is not online. Resources can be brought online by choosing the 'Bring this resource online' action in Failover Cluster Manager.
Validating cluster resource File Share Witness (\\DMDSQL.AFR.LOCAL\DAG1.AFR.LOCAL) (\\DMDSQL.AFR.LOCAL\DAG1.AFR.LOCAL).
Validating cluster resource IP Address: 192.168.1.32.
This resource is marked with a state of 'Offline'. The functionality that this resource provides is not available while it is in the offline state. The resource may be put in this state by an administrator or program. It may also be a newly created resource which has not been put in the online state or the resource may be dependent on a resource that is not online. Resources can be brought online by choosing the 'Bring this resource online' action in Failover Cluster Manager.
 answer: this offline state may be related with your network problems.


2. Analyzing connectivity results ...
answer: also network problems

4. Unrecognized Exchange Signature
Active Directory domain 'AFR' has an unrecognized Exchange signature. Current DomainPrep version: 12639.
answer: its "normal"... ignore

5. The public folder store where the site offline address book is hosted was not detected. The hosting server may be unreachable or the public folder store does not exist. Public folder store: CN=PFDB01,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=afr,DC=local.
answer: PFDB01 is your public folder store on exchange02, right? is it mounted? once again it can just be network problems..

6. The 'MaxQuorumLogSize' value on Exchange cluster EXCHANGE01 is too small and may cause fail-over problems. The recommended value is 4194304 (4096 KB). Current value: 1024.
answer: that warning only applies to windows 2000 and 2003:

http://technet.microsoft.com/en-us/library/aa995830(EXCHG.80).aspx

not the case and shouldnt be appearing on exchange 2010 BPA as it only functions on 2008 :)
dont worry.. ignore.. and YES.. DONT change the quorum size
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33527018
as far as i'm concerned you're getting lots of network problems.. i'm not a network giuy and noit beeing on site does also help on the issue.. if you want to isolate the problem and be sure that network is the only thing in the way, use only mapi network for both functions in the tests.. sincerely i always use only one network in DAG in different sites.. thats why we are getting more problems on these stage..
0
 

Author Comment

by:mnevoso
ID: 33527137
should i discard the repl netowork completely and just use MAPI?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33527693
that would for sure solve the problem.. regarding the fact that you are experiencing difficulties creating static routes and putting repl network communicating maybe thats better to discard it
0
 

Author Comment

by:mnevoso
ID: 33527780
or should i just put gateways in repl networks?
0
 

Author Comment

by:mnevoso
ID: 33527912
also i forgot to restart hub transport earlier thats why i couldnt get it to work...i feel like an idiot. too many hours on this project, but i need it to be right.
0
 

Author Comment

by:mnevoso
ID: 33527930
also if i did discard it, would it really cause any issues? makes things much much slower?
0
 

Author Comment

by:mnevoso
ID: 33528180
ive got the network stuff figured out, so thats no big deal anymore. i needed to assign the ports on the switches for the subnets only

now back to exchange, do you reccomend all rpcclientaccess for both DB are exchange01? or mdb01 on exchange01 and mdb02 on exchange02 and whichever fails swap it over.  i want to get into the testing of fail over tomorrow.
0
 

Author Comment

by:mnevoso
ID: 33536564
can you verify these are the standard settings

set-mailboxdatabase -identity MDB01 -rpcclientaccessserver exchange01
set-mailboxdatabase -identity MDB02 -rpcclientaccessserver exchange02

correct?
0
 

Author Comment

by:mnevoso
ID: 33536825
and can you confirm the order and time frame to perform the tasks to bring the other server back online? using option 1 from previous posts.

i brought it back but it never switch the cas server back to exchange01 still shows as connected to exchange02.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33538521
or should i just put gateways in repl networks?

answer: you shouldnt.. gateways are only for mapi

also i forgot to restart hub transport earlier thats why i couldnt get it to work...i feel like an idiot. too many hours on this project, but i need it to be right.

answer: it happens

also if i did discard it, would it really cause any issues? makes things much much slower?

answer: nop. how many users? i have scenarios with 2000 users and only mapi for repl to..

ive got the network stuff figured out, so thats no big deal anymore. i needed to assign the ports on the switches for the subnets only

now back to exchange, do you reccomend all rpcclientaccess for both DB are exchange01? or mdb01 on exchange01 and mdb02 on exchange02 and whichever fails swap it over.  i want to get into the testing of fail over tomorrow.

answer: fantastic. client access of one db should always be on database site.. it works on different sites but its not recommended,.. so rpcclientaccess for mdb01 is exchange01 and for mdb02 exchange02

can you verify these are the standard settings

set-mailboxdatabase -identity MDB01 -rpcclientaccessserver exchange01
set-mailboxdatabase -identity MDB02 -rpcclientaccessserver exchange02

correct

answer: yes. correct

and can you confirm the order and time frame to perform the tasks to bring the other server back online? using option 1 from previous posts.

i brought it back but it never switch the cas server back to exchange01 still shows as connected to exchange02.

answer:
1- exchange01 fails
2- dag failsover mdb01 to exchange02
3- you run the command: set-mailboxdatabase -identity MDB01 -rpcclientaccessserver exchange02
4- you assure that mail is flowing in to exchange02.. in and out the org (hub)
5- outllook tells users to restart.. admin changes where made
6- users back online
7- failback.. exchange01 is up again
8- you wait for server to go up.. go to emc on exchange01.. and after dag copy of mdb01 on exchange01 is healthy.. you choose activate
9- dag failsover
10- you run the command: set-mailboxdatabase -identity MDB01 -rpcclientaccessserver exchange01
11- assure that mail is flowing in and out exchange01 and going from exchange01 to 02 (mdb01 to mdb02 mailboxes)
12- same as step 5
13- same as 6
14- done

please test and confirm

0
 

Author Comment

by:mnevoso
ID: 33538674
I will test again tomorrow but nothing prompted Outlook users. I even waited 15 minutes but I will test again
0
 

Author Comment

by:mnevoso
ID: 33542988
u tested everthing, but it does not prompt users in outlook 2007 to restart.

how can i force it to come up quicker for them? just go into sites and services and force replication from one dc to the other?
0
 

Author Comment

by:mnevoso
ID: 33543279
i just waited 30 minutes and never asked the outlook clients to restart. also they are still connecting to the other server exchange02...but i am getting emails coming in. is this something i need to worry about? if i shutdown exchange02 will they fail over to exchange01 automatically since i ran the cas command?
0
 

Author Comment

by:mnevoso
ID: 33544850
i am going to try option 2 now it may be better, what should i set the TTL to be for casarray1 and casarray2?
0
 

Author Comment

by:mnevoso
ID: 33545281
option 2 when changed the casrray i get this error

[PS] C:\Users\administrator.AFR\Desktop>set-clientaccessarray -FQDN casarray1.afr.local -Site "Denville"

cmdlet Set-ClientAccessArray at command pipeline position 1
Supply values for the following parameters:
Identity: casarray1.afr.local
The Client Access array already exists in site Denville. At most, one Client Access array can exist per site.
    + CategoryInfo          : InvalidOperation: (afr.local/Configuration/Sites/Denville:ADObjectId) [Set-ClientAccessA
   rray], InvalidOperationException
    + FullyQualifiedErrorId : 787AD023,Microsoft.Exchange.Management.SystemConfigurationTasks.SetClientAccessArray
0
 

Author Comment

by:mnevoso
ID: 33546323
ok can you let me know if this option is viable?

i created a casarray at each site
created casarray1 and casarray2 with ttl of 30 seconds
assogned casarray to each site

if site 1 fails all i do is change the ip of casarray1 to the ip of exchange02 tested and everything switched over successfully.

will this work can i implement this as a production solution? or not reccomended.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33547307
u tested everthing, but it does not prompt users in outlook 2007 to restart.

how can i force it to come up quicker for them? just go into sites and services and force replication from one dc to the other?

answer: yes.. to force the prompt on users use sites and services.. the info for the users, thay says were are their CAS server, is on AD. do you have two domain controllers/global catalogs, one in each site, right?

i just waited 30 minutes and never asked the outlook clients to restart. also they are still connecting to the other server exchange02...but i am getting emails coming in. is this something i need to worry about? if i shutdown exchange02 will they fail over to exchange01 automatically since i ran the cas command?

answer: please go to the exchange account configuration, in outllok, after you have exchange01 down (i assume that you have it on your tests, and after you have rpcclientaccessserver on that database changed to exchange02.. see if the server name that is on the outllok account properties is exchange01 or exchange02.. it should be exchange02, because you changed the rpcclientaccessserver.. if its exchange01 and the server is down, then outllok must say disconnected.. please check and post...


Was this comment helpful? Yes No
mnevoso:
option 2 when changed the casrray i get this error

[PS] C:\Users\administrator.AFR\Desktop>set-clientaccessarray -FQDN casarray1.afr.local -Site "Denville"

cmdlet Set-ClientAccessArray at command pipeline position 1
Supply values for the following parameters:
Identity: casarray1.afr.local
The Client Access array already exists in site Denville. At most, one Client Access array can exist per site.
    + CategoryInfo          : InvalidOperation: (afr.local/Configuration/Sites/Denville:ADObjectId) [Set-ClientAccessA
   rray], InvalidOperationException
    + FullyQualifiedErrorId : 787AD023,Microsoft.Exchange.Management.SystemConfigurationTasks.SetClientAccessArray

answer: when thinking about your scenario a couple of days ago.. i already predicted this error.. you cannot have more than one casarray per site/server.. so in your case you have two options:
1- have by dafault both databases, mdb01 and mdb02 on site 1.. and both associated with casarray1.. and in case of failure change casarray1 membership to site 2... so having only one casarray but for that you need both mdb in site 1 by dafault..
2- use only the option 1 i gave in on other posts.. no casarrays and changing rpcclientaccessserver

ok can you let me know if this option is viable?

i created a casarray at each site
created casarray1 and casarray2 with ttl of 30 seconds
assogned casarray to each site

if site 1 fails all i do is change the ip of casarray1 to the ip of exchange02 tested and everything switched over successfully.

will this work can i implement this as a production solution? or not reccomended.

answer: maybe works but not reccomended.. for just one reason.. a CAS array beeing associated to a site is also associated to servers... do a get-casarray |fl to check what i'm saying.. you are doing half the job.. changing the ip.. but casarray1 is still associated with exchange01 and if exchange01 is down it may give you problems... do a get-casarray |fl and post the result for us to check it..
0
 

Author Comment

by:mnevoso
ID: 33547586
What if put both dbs on site 1 with cas then fail them over to site 2 and move cas to site 2 and change ip to other server will that work and be acceptable failover?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33547893
What if put both dbs on site 1 with cas then fail them over to site 2 and move cas to site 2 and change ip to other server will that work and be acceptable failover?

answer: that will work... both dbs on site1.. one casarray pointing to site1.. then change ip and site of the casarray... anyway also test option1 and post the result
0
 

Author Comment

by:mnevoso
ID: 33558414
ok i will be doing this today.
0
 

Author Comment

by:mnevoso
ID: 33560132
Where on AD Sites and Service? I forced replication to the other DC at the other site but did not work...
I have 3 DC, 2 in Site 1 and 1 in Site 2. Also 2 GC 1 in Site 1 and 1 in Site 2.

After exchange01 was down i went to exchange02 and ran the CAS command. server name for outlook client is still exchange01 and does say disconnected. This method will be sufficient for production if i can get it to come online a lot quicker again 30 minutes and nothing has happened.
0
 

Author Comment

by:mnevoso
ID: 33560292
It finally switched over to exchange02 and is connected but it took way too long for it to happen. It also did not prompt say administrator made a change and you need to restart outlook.
0
 

Author Comment

by:mnevoso
ID: 33561124
i brought exchange01 on line moved the database over and pointed the rpcclientaccessserver to exchange01 and it still says exchange02...need to figure this out before i can go live with this.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33565198
i brought exchange01 on line moved the database over and pointed the rpcclientaccessserver to exchange01 and it still says exchange02...need to figure this out before i can go live with this.

answer: so what you are saying is that is taking to long to make the switch from exchange01 to 02? but does it switch after a while? or it doesnt? whats the outlook client version?
0
 

Author Comment

by:mnevoso
ID: 33567074
yes it is taking to long to swtich from exchange01 to exchange02.
it does switch but never prompts the user a switch was made
it is outlook 2007 SP2
it never switches back from exchange02 to exchange01 once i move the db back to exchange01 and do the rpcclientaccessserver command.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 33568242
yes it is taking to long to swtich from exchange01 to exchange02.
it does switch but never prompts the user a switch was made
it is outlook 2007 SP2
it never switches back from exchange02 to exchange01 once i move the db back to exchange01 and do the rpcclientaccessserver command.

answer: after doing the set-mailboxdatabase -identity mdb01 -rpcclientaccessserver exchange02 ... when exchange01 fails.. do a get-mailboxdatabase |fl name,rpcclientaccessserver to see if the property is changed... after that.. and for testing purposes.. connect exchange01 and run the get command on the exchange01 box.. to see when the property is updated.. with both boxes up, when you run a get command.. you can see different results on both server.. is normal? not its not.. it should get updated when ad replicates.. lets test and see when he updates the attribute in exchange01 and see if its really updating.

it should be relativly fast (as fast as ad replication).. and it should prompt the user..

one last question.. is your ad replicating well? check with replmon... the replication connectors between sites should be with IP and not RPC.. because now servers are in different sites.. (i think in the installation fase they were fisically on same place
0
 

Author Comment

by:mnevoso
ID: 33568839
the property did change to exchange02
i connected exchange01 back and the property was changed on there as well
for outlook it still says exchange01

it is very instant and ad replication is fine.
do i need to change anything for replication by default the sites use the DEFAULTIPSITELINK
also all 3 DCs are also GCs now. do i need to change the way my ntds connections are? currently they are:

Site 1
DC01 - From DC02 To DC02 & DC03
DC02 - From DC03 & DC01 To DC01

Site 2
DC03 From DC01 To DC02

should the from and to be both of the other servers?