Solved

Forefront TMG, Exchange 2007 published

Posted on 2010-08-31
14
827 Views
Last Modified: 2012-05-10
I'm setting up a Forefront TMG 2 node NLB integrated array with Exchange 2007 published.  Are Exchange services supposed to be uninterrupted if one of the servers is rebooted?  What about if the firewall services is restarted on one of the nodes?
0
Comment
Question by:mbromb
  • 7
  • 5
  • 2
14 Comments
 
LVL 32

Expert Comment

by:endital1097
ID: 33570673
if you restart the firewall service on one node service will be interrupted
you should use the wlbs utility to suspend the node while you perform maintenance

you'll want to make sure you use server farms for the exchange cas servers
0
 

Author Comment

by:mbromb
ID: 33570721
To be clear, if I restart the firewall service on one node, service will be interrupted for services being used on that node only, correct (i.e. owa, ActiveSync)?  I need to look into the difference between drain stop and suspend. What about rebooting a node that OWA users are connected to?  Does this fall under your maintenance comment?  Should the steps be, Suspend, perform an update or other maintenance, reboot and then start the NLB service again?



All rules are using the Exchange CAS farm.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33570789
yes, you got it
0
 

Author Comment

by:mbromb
ID: 33570827
What about an OWA user that gets disconnected when one of the servers goes down for an extended time?  shouldn't they be able to connect back to OWA, on the other node, by logging back in or restarting their browser?
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33570951
as long as the node is down, the key here is the state of the NLB cluster
services on the server can go down, but as long as the node is a member of the NLB array there could be an outage
0
 

Author Comment

by:mbromb
ID: 33571054
I'm a little confused by your answer.  So, If I need to take a node down for an extended time, what do I have to do to allow an OWA user that was or is connected to that node, to be able to connect using the sevices on the node that's still up, or will be going down?  It seems that NLB should recocgnize a downed node and redirect the client to the node that is available, even if they have to log back in.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33571107
NLB will recognize a downed node if you use the wlbs query to suspend it

i was just adding that if the firewall service went down your users could hit that node and experience an outage
0
Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

 
LVL 32

Expert Comment

by:endital1097
ID: 33571114
that is the firewall service goes down while the node is still a member of the nlb cluster
0
 

Author Comment

by:mbromb
ID: 33571171
Gotcha.  When I suspend, or do a drain/stop on the node an OWA session is connected to, the OWA session stops working until I bring the NLB service back up.  It seems like the manager node is not taking on OWA sessions.  So it seems like something is wrong.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33571189
You need to be clear on your terminology.

No Exchange services will be lost by rebooting one of the firewall nodes - why would it? You are not rebooting the Exchange server.

Connected clients through the rebooted FTMG server will get disconnected requiring users to reconnect and to restablish their end-to end connections.
0
 

Author Comment

by:mbromb
ID: 33571352
I was always talking about the services provided by the TMG array.  I'm speaking of the published exchange services that the TMG is providing.   Correct, I'm not touching the Exchange servers.  This only has to do with the client and the TMG servers.  All clients are using TMG to get to Exchange except MAPI/POP/IMAP clients.

So, what I'm saying is that when I do a drain/stop or suspend on the TMG integrated NLB service while a client is connected using OWA, the client is disconnected and cannot reconnect untill the TMG integrated NLB service is set back to Running.  I also notice that when the client logs out of OWA the TMG server continues to show the session.  If I disconnect all sessions from the client computer, then drain/stop the TMG server it was previously connected to the client can't connect back with OWA at all.  It seems that the other TMG node is not taking on OWA sessions, or that client computer is somehow forever locked into using a particular node.  i hope some of this makes sense. I'm trying to be clear.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33571416
You are defeating the object of the drain or I am missing the thrust of your comments. The purpose of the drain is to let current sessions complete whatever they are doing (regardless of how long it may be) and then terminate - termination will not be immediately after the user disconnects but is based on timeouts - and to block any new connections from being made. If you forcibly disconnect users first then there is no point running the drain/stop afterwards.

Conversely a suspend is exactly that - you have suspended the service.
0
 

Author Comment

by:mbromb
ID: 33571503
I'm finding that other computers that have not previously connected to OWA on the TMG servers are not able to connect to OWA if the TMG managed node is in drain/stop, suspended or stopped.  This fact and the fact that previously OWA connected clients that have been removed forcibly or just logged off cannot reconnect until the managed node is available again, indicates to me that something is wrong with the Manager node, or I just don't understand how this is supposed to work.  the manager node does not seem to be taking on OWA connections.  

I've upped the points.  Thank you for sticking with me.
0
 

Accepted Solution

by:
mbromb earned 0 total points
ID: 33618621
The issue:  A drain stop on the NLB  service for a node did not allow the OWA connected clients to bounce to the other TMG array node.  Other clients may not have been able to connect as well, possibly until the firewall service was restarted, or until the original server was accepting NLB connections again.

The resolution:  Adding the server specific IP addresses to the listener, along with the already in place cluster IPs, fixed it completely.  After making that change, an OWA client is asked for credentials when the array member it's connected to is put into drain stop.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now