Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1180
  • Last Modified:

Questions about Exchange 2007 Site Affinity / Site Scope

I am studying Exchange 2007 by reading a article from MS - "Technical Architecture of Exchange Server 2007", here is an article listed example talking about "Site Affinity" that I am having question about:

Consider a topology that includes one forest with three sites that have the following names:
•      US-contoso   A contoso site that is located in North America
•      Europe-contoso   A contoso site that is located in Europe
•      APAC-contoso   A contoso site that is located in Asia

3 AD Site links connect each other.
* EU to US by high speed connection
* EU to APAC by high speed connection
* US to APAC by low-speed connection

Following are the site scope cmdlets for setting up site affinity according to the site link condition
1): Set-ClientAccessServer -Identity "us-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "us-contoso”,”europe-contoso”

2): Set-ClientAccessServer -Identity "europe-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml"

3): Set-ClientAccessServer -Identity "apac-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "apac-contoso”,”europe-contoso”

What I don't understand is why the AutodiscoverServiceInternalURL are all the same: AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml"?

and second question is that when I build a new CAS server, I run a cmdlet: get-clientaccessserver, it shows site name: Default-First-Site-Name", which is where the CAS server reside. Why shouldn't we just leave the default sitescope alone(let every CAS server use it's own local site as site scope), and let the autodiscover service to locate Exchange features in their local AD site to serve it's clients more efficently, why should we grab some remote ones from either EU or US to form a bigger sitescope? what is the point?

Thanks,
Jerry
0
JerryJay
Asked:
JerryJay
  • 8
  • 5
  • 3
2 Solutions
 
sunnyc7Commented:
Jerry
I think the issue here is all your autodiscoverinternalURI's point to the same cas server. (where is internal.contoso.com located ?)
Instead of that, you can separate DNS entries in each location (usinternal.contoso / euinternal.contoso / apacinternal.contoso) and round-robin the client requests.

Please take a look at this article here.
http://www.shudnow.net/2008/08/24/configuring-exchange2007-autodiscover-site-affinity/

thanks
0
 
JerryJayAuthor Commented:
many thanks for your quick replay, the article doesn't mention where the autodiscoverinternalURL points to, which is very confused.

you mention round-robin, if clients in US want to access their local resources, for example, why should they go the europe site for autodiscover service through round robin? shouldn't it get service from local quicker than cross the ocean? my quesion is : why we should have a bigger site scope than it's own?

Thanks,
Jerry
0
 
JerryJayAuthor Commented:
Sorry for this long, this is the complete paragraph talking about Site Affinity I mentioned above. just in case I missed something. I was trying to summarize this one.

Configuring the Autodiscover Service to Use Site Affinity for Internal Communication

If you manage a large, distributed organization that has Active Directory sites that are separated by low-bandwidth network connectivity, we recommend that you use site affinity for the Autodiscover service for intranet-based traffic. To use site affinity, you specify which Active Directory sites are preferred for clients to connect to a particular Autodiscover service instance. Specifying which Active Directory sites are preferred is also known as configuring site scope.

You configure site affinity by using the Set-ClientAccessServer cmdlet. This cmdlet lets you specify the preferred Active Directory sites for connecting to the Autodiscover service on a specific Client Access server. After you configure site affinity for the Autodiscover service, the client will connect to the Autodiscover service as you specified. For information on the Set-ClientAccessServer cmdlet, see Set-ClientAccessServer.

Consider a topology that includes one forest with three sites that have the following names:
•      US-contoso   A contoso site that is located in North America
•      Europe-contoso   A contoso site that is located in Europe
•      APAC-contoso   A contoso site that is located in Asia

In this example, the Autodiscover service is enabled on each site and each site includes user mailboxes. The US-contoso site is connected to the Europe-contoso site by using a high-speed connection. The US-contoso site is connected to the APAC-contoso site by using a low-speed connection. The APAC-contoso site is connected to the Europe-contoso site by using a high-speed connection.

Based on these connectivity factors, you might want to allow users in the US-contoso and Europe-contoso sites to use either the US-contoso or the Europe-contoso site, users in Europe-contoso site to use any site to access the Autodiscover service, and users in the APAC-contoso site to use the APAC-contoso or the Europe-contoso site. Finally, the Client Access servers can be reached by using a common internal namespace across all sites.

You can configure site scope for Client Access servers in the US-contoso site, setting them to prefer to use the US-contoso and Europe-contoso Active Directory sites to access the Autodiscover service by using the following command.

Set-ClientAccessServer -Identity "us-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "us-contoso”,”europe-contoso”

You do not have to specify the Active Directory sites to which your users should connect to access the Autodiscover service on Client Access servers in the Europe-contoso site because it connects well to other sites. The following command enables all users in the Europe-Contoso site to access any Client Access server to use the Autodiscover service:

Set-ClientAccessServer -Identity "europe-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml"


Finally, you can configure site scope for the Autodiscover service on Client Access servers in the APAC-contoso site, setting them to prefer to use the APAC-contoso and Europe-contoso sites because they connect well to these sites. To do this, use the following command:

Set-ClientAccessServer -Identity "apac-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "apac-contoso”,”europe-contoso”

Therefore, if a client in the US-contoso site has a mailbox located in the Europe-contoso site and tries to locate the Autodiscover service, the client can select the service instance that has site=US-contoso or site=Europe-contoso.
If you do not specify site scope for the Autodiscover service, the client might return the autodiscoverInternalUri parameter for the APAC-contoso site because of the slow connection to the US-contoso site.

 Note:
If you do not configure a specific set of Active Directory sites for clients to use, Outlook 2007 will randomly select Client Access servers to use to access the Autodiscover service.

For more information about site affinity, see How to Configure Autodiscover to Use Site Affinity.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
sunnyc7Commented:
My bad @ confusion.

I meant Site Affinity is used to configure SCP's to restricts Outlook Users to get their autodiscoverURI's from *within* their country and not go out of site.

usinternal is supposed to round robin the CAS servers *within* US - not round robin US and EU sites.
0
 
sunnyc7Commented:
Based on these connectivity factors, you might want to allow users in the US-contoso and Europe-contoso sites to use either the US-contoso or the Europe-contoso site, users in Europe-contoso site to use any site to access the Autodiscover service, and users in the APAC-contoso site to use the APAC-contoso or the Europe-contoso site. Finally, the Client Access servers can be reached by using a common internal namespace across all sites.

>> I dont think this will work practically.
What that effectively says is - your US Outlook clients should get their autodiscover SCP's from EU CAS servers.
I was talking about round-robin'ing (That's a word ??) the CAS servers *within* US - not go out of the country.


Therefore, if a client in the US-contoso site has a mailbox located in the Europe-contoso site and tries to locate the Autodiscover service, the client can select the service instance that has site=US-contoso or site=Europe-contoso.
>> Fat Chance.
And again this depends on your Exchange design.
Unless someone is moving within the org from Germany to US - I dont see any sense in having the DE user sitting in US and getting their mailbox data from Europe.

This doesnt make sense to me.

Let me go through the document again. I hope you are referring to this:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B34FA7CC-8F13-4E21-AE87-EB824728DDD1&displaylang=en
0
 
sunnyc7Commented:
Jerry
Let me know what you think.

you can also click on request attention button and have this question relayed to other experts.

thanks
0
 
JerryJayAuthor Commented:
Thanks again Sunny,

">> I dont think this will work practically."

I agree with your point to limit the site scope to be within a same country, and setup a Internal dns to round robin the CAS servers to share the workload .

">>Fat chance"

In the above case, a user in US has a mailbox in EU, I agree with you that this can only be rare cases. by setting up sitescope to include us and eu in US CAS servers may cause, if i understand correctly, a large amount of SCP queries for autodiscover service to cross the border. and my understanding is that if the site selection that a user makes to query SCP for autodiscover is random, then 50% of chance that us mailbox users will go EU site for SCP query. am I correct?
0
 
sunnyc7Commented:
Jerry
the reason I havent responded yet on this is, I havent been able to verify this from any other documentation yet.
I have also relayed this question to some other experts and hoping that they will drop in and assist.

---------
by setting up sitescope to include us and eu in US CAS servers may cause, if i understand correctly, a large amount of SCP queries for autodiscover service to cross the border.

>> This is correct. And this is the assumption for the thesis of round-robining CAS within the country -- and not US-
EU-APAC.

---------
if the site selection that a user makes to query SCP for autodiscover is random, then 50% of chance that us mailbox users will go EU site for SCP query.
>> Usually you should restrict site selection to the CAS in the geography. Otherwise everyone will be looking up everywhere else for site selection.

Like they mentioned below @ MSFT: I just disagree that Eurpope-Contoso should be in the site selection.

Set-ClientAccessServer -Identity "apac-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "apac-contoso”,”europe-contoso”

>> This should be
Set-ClientAccessServer -Identity "apac-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "apac-contoso”

thanks
0
 
endital1097Commented:
when the outlook client queries for the autodiscover scp it will randomly select one to use
what you want to do is minimize the randomness (is that a word?)
by setting the AutodiscoverServiceSiteScope value you limit what clients connect to based on the AD Site where the machine is currently located

sorry @sunnyc7 i am going to disagree with you now
i would use three unique AutodiscoverServiceInternalURI values and here's why
while DNS should return results based on subnet (why @sunnyc7 is correct) someone could or may change the DNS server settings to prevent this
in that instance the AutodiscoverServiceInternalURI value that is returned could return a record from another site

if you use a unique AutodiscoverServiceInternalURI value for all CAS servers in an AD site and use the AutodiscoverServiceSiteScope you now limited the results of the scp query to only CAS servers in the correct site and now your DNS query results don't matter as much

you can use the same AutodiscoverServiceInternalURI value for all CAS servers but then you don't need to use the AutodiscoverServiceSiteScope because at that point you are relying on DNS
0
 
sunnyc7Commented:
Dude, thanks for bringing dns into the equation and clarifying this.

Jerry let us know if you will be able to test this and also let us know your thoughts
0
 
endital1097Commented:
sorry, it's just that you know how important dns is. microsoft always says you must ensure your dns is working. :)

let us know if you have any other questions jerry
0
 
endital1097Commented:
sorry again, but i think it is important to throw one last comment out there just to make sure everything is clear

if you do use the AutodiscoverServiceSiteScope for any CAS server, you must use it on all
otherwise you lose control of the randomness (i'm making it an official word if it isn't already)
0
 
sunnyc7Commented:
0
 
JerryJayAuthor Commented:
thanks endital1097 and sunnyc7 for bringing so many fresh ideas into the topic. very helpful. appreicate everything. I don't have any furtuer questions now.

Cheers,
Jerry
0
 
sunnyc7Commented:
glad to be of help Jerry.
If you dont have any more questions, you can close the case and allocate points.

thanks
0
 
JerryJayAuthor Commented:
thank you of you, very helpful.

Jerry
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 8
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now