Solved

Forefront TMG, Exchange 2007 published

Posted on 2010-08-31
14
840 Views
Last Modified: 2012-05-10
I'm setting up a Forefront TMG 2 node NLB integrated array with Exchange 2007 published.  Are Exchange services supposed to be uninterrupted if one of the servers is rebooted?  What about if the firewall services is restarted on one of the nodes?
0
Comment
Question by:mbromb
  • 7
  • 5
  • 2
14 Comments
 
LVL 32

Expert Comment

by:endital1097
ID: 33570673
if you restart the firewall service on one node service will be interrupted
you should use the wlbs utility to suspend the node while you perform maintenance

you'll want to make sure you use server farms for the exchange cas servers
0
 

Author Comment

by:mbromb
ID: 33570721
To be clear, if I restart the firewall service on one node, service will be interrupted for services being used on that node only, correct (i.e. owa, ActiveSync)?  I need to look into the difference between drain stop and suspend. What about rebooting a node that OWA users are connected to?  Does this fall under your maintenance comment?  Should the steps be, Suspend, perform an update or other maintenance, reboot and then start the NLB service again?



All rules are using the Exchange CAS farm.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33570789
yes, you got it
0
 

Author Comment

by:mbromb
ID: 33570827
What about an OWA user that gets disconnected when one of the servers goes down for an extended time?  shouldn't they be able to connect back to OWA, on the other node, by logging back in or restarting their browser?
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33570951
as long as the node is down, the key here is the state of the NLB cluster
services on the server can go down, but as long as the node is a member of the NLB array there could be an outage
0
 

Author Comment

by:mbromb
ID: 33571054
I'm a little confused by your answer.  So, If I need to take a node down for an extended time, what do I have to do to allow an OWA user that was or is connected to that node, to be able to connect using the sevices on the node that's still up, or will be going down?  It seems that NLB should recocgnize a downed node and redirect the client to the node that is available, even if they have to log back in.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33571107
NLB will recognize a downed node if you use the wlbs query to suspend it

i was just adding that if the firewall service went down your users could hit that node and experience an outage
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 32

Expert Comment

by:endital1097
ID: 33571114
that is the firewall service goes down while the node is still a member of the nlb cluster
0
 

Author Comment

by:mbromb
ID: 33571171
Gotcha.  When I suspend, or do a drain/stop on the node an OWA session is connected to, the OWA session stops working until I bring the NLB service back up.  It seems like the manager node is not taking on OWA sessions.  So it seems like something is wrong.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33571189
You need to be clear on your terminology.

No Exchange services will be lost by rebooting one of the firewall nodes - why would it? You are not rebooting the Exchange server.

Connected clients through the rebooted FTMG server will get disconnected requiring users to reconnect and to restablish their end-to end connections.
0
 

Author Comment

by:mbromb
ID: 33571352
I was always talking about the services provided by the TMG array.  I'm speaking of the published exchange services that the TMG is providing.   Correct, I'm not touching the Exchange servers.  This only has to do with the client and the TMG servers.  All clients are using TMG to get to Exchange except MAPI/POP/IMAP clients.

So, what I'm saying is that when I do a drain/stop or suspend on the TMG integrated NLB service while a client is connected using OWA, the client is disconnected and cannot reconnect untill the TMG integrated NLB service is set back to Running.  I also notice that when the client logs out of OWA the TMG server continues to show the session.  If I disconnect all sessions from the client computer, then drain/stop the TMG server it was previously connected to the client can't connect back with OWA at all.  It seems that the other TMG node is not taking on OWA sessions, or that client computer is somehow forever locked into using a particular node.  i hope some of this makes sense. I'm trying to be clear.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33571416
You are defeating the object of the drain or I am missing the thrust of your comments. The purpose of the drain is to let current sessions complete whatever they are doing (regardless of how long it may be) and then terminate - termination will not be immediately after the user disconnects but is based on timeouts - and to block any new connections from being made. If you forcibly disconnect users first then there is no point running the drain/stop afterwards.

Conversely a suspend is exactly that - you have suspended the service.
0
 

Author Comment

by:mbromb
ID: 33571503
I'm finding that other computers that have not previously connected to OWA on the TMG servers are not able to connect to OWA if the TMG managed node is in drain/stop, suspended or stopped.  This fact and the fact that previously OWA connected clients that have been removed forcibly or just logged off cannot reconnect until the managed node is available again, indicates to me that something is wrong with the Manager node, or I just don't understand how this is supposed to work.  the manager node does not seem to be taking on OWA connections.  

I've upped the points.  Thank you for sticking with me.
0
 

Accepted Solution

by:
mbromb earned 0 total points
ID: 33618621
The issue:  A drain stop on the NLB  service for a node did not allow the OWA connected clients to bounce to the other TMG array node.  Other clients may not have been able to connect as well, possibly until the firewall service was restarted, or until the original server was accepting NLB connections again.

The resolution:  Adding the server specific IP addresses to the listener, along with the already in place cluster IPs, fixed it completely.  After making that change, an OWA client is asked for credentials when the array member it's connected to is put into drain stop.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Find out what you should include to make the best professional email signature for your organization.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now