Solved

Questions about Exchange 2007 Site Affinity / Site Scope

Posted on 2010-09-01
16
1,149 Views
Last Modified: 2012-05-10
I am studying Exchange 2007 by reading a article from MS - "Technical Architecture of Exchange Server 2007", here is an article listed example talking about "Site Affinity" that I am having question about:

Consider a topology that includes one forest with three sites that have the following names:
•      US-contoso   A contoso site that is located in North America
•      Europe-contoso   A contoso site that is located in Europe
•      APAC-contoso   A contoso site that is located in Asia

3 AD Site links connect each other.
* EU to US by high speed connection
* EU to APAC by high speed connection
* US to APAC by low-speed connection

Following are the site scope cmdlets for setting up site affinity according to the site link condition
1): Set-ClientAccessServer -Identity "us-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "us-contoso”,”europe-contoso”

2): Set-ClientAccessServer -Identity "europe-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml"

3): Set-ClientAccessServer -Identity "apac-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "apac-contoso”,”europe-contoso”

What I don't understand is why the AutodiscoverServiceInternalURL are all the same: AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml"?

and second question is that when I build a new CAS server, I run a cmdlet: get-clientaccessserver, it shows site name: Default-First-Site-Name", which is where the CAS server reside. Why shouldn't we just leave the default sitescope alone(let every CAS server use it's own local site as site scope), and let the autodiscover service to locate Exchange features in their local AD site to serve it's clients more efficently, why should we grab some remote ones from either EU or US to form a bigger sitescope? what is the point?

Thanks,
Jerry
0
Comment
Question by:JerryJay
  • 8
  • 5
  • 3
16 Comments
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33576527
Jerry
I think the issue here is all your autodiscoverinternalURI's point to the same cas server. (where is internal.contoso.com located ?)
Instead of that, you can separate DNS entries in each location (usinternal.contoso / euinternal.contoso / apacinternal.contoso) and round-robin the client requests.

Please take a look at this article here.
http://www.shudnow.net/2008/08/24/configuring-exchange2007-autodiscover-site-affinity/

thanks
0
 

Author Comment

by:JerryJay
ID: 33576686
many thanks for your quick replay, the article doesn't mention where the autodiscoverinternalURL points to, which is very confused.

you mention round-robin, if clients in US want to access their local resources, for example, why should they go the europe site for autodiscover service through round robin? shouldn't it get service from local quicker than cross the ocean? my quesion is : why we should have a bigger site scope than it's own?

Thanks,
Jerry
0
 

Author Comment

by:JerryJay
ID: 33576770
Sorry for this long, this is the complete paragraph talking about Site Affinity I mentioned above. just in case I missed something. I was trying to summarize this one.

Configuring the Autodiscover Service to Use Site Affinity for Internal Communication

If you manage a large, distributed organization that has Active Directory sites that are separated by low-bandwidth network connectivity, we recommend that you use site affinity for the Autodiscover service for intranet-based traffic. To use site affinity, you specify which Active Directory sites are preferred for clients to connect to a particular Autodiscover service instance. Specifying which Active Directory sites are preferred is also known as configuring site scope.

You configure site affinity by using the Set-ClientAccessServer cmdlet. This cmdlet lets you specify the preferred Active Directory sites for connecting to the Autodiscover service on a specific Client Access server. After you configure site affinity for the Autodiscover service, the client will connect to the Autodiscover service as you specified. For information on the Set-ClientAccessServer cmdlet, see Set-ClientAccessServer.

Consider a topology that includes one forest with three sites that have the following names:
•      US-contoso   A contoso site that is located in North America
•      Europe-contoso   A contoso site that is located in Europe
•      APAC-contoso   A contoso site that is located in Asia

In this example, the Autodiscover service is enabled on each site and each site includes user mailboxes. The US-contoso site is connected to the Europe-contoso site by using a high-speed connection. The US-contoso site is connected to the APAC-contoso site by using a low-speed connection. The APAC-contoso site is connected to the Europe-contoso site by using a high-speed connection.

Based on these connectivity factors, you might want to allow users in the US-contoso and Europe-contoso sites to use either the US-contoso or the Europe-contoso site, users in Europe-contoso site to use any site to access the Autodiscover service, and users in the APAC-contoso site to use the APAC-contoso or the Europe-contoso site. Finally, the Client Access servers can be reached by using a common internal namespace across all sites.

You can configure site scope for Client Access servers in the US-contoso site, setting them to prefer to use the US-contoso and Europe-contoso Active Directory sites to access the Autodiscover service by using the following command.

Set-ClientAccessServer -Identity "us-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "us-contoso”,”europe-contoso”

You do not have to specify the Active Directory sites to which your users should connect to access the Autodiscover service on Client Access servers in the Europe-contoso site because it connects well to other sites. The following command enables all users in the Europe-Contoso site to access any Client Access server to use the Autodiscover service:

Set-ClientAccessServer -Identity "europe-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml"


Finally, you can configure site scope for the Autodiscover service on Client Access servers in the APAC-contoso site, setting them to prefer to use the APAC-contoso and Europe-contoso sites because they connect well to these sites. To do this, use the following command:

Set-ClientAccessServer -Identity "apac-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "apac-contoso”,”europe-contoso”

Therefore, if a client in the US-contoso site has a mailbox located in the Europe-contoso site and tries to locate the Autodiscover service, the client can select the service instance that has site=US-contoso or site=Europe-contoso.
If you do not specify site scope for the Autodiscover service, the client might return the autodiscoverInternalUri parameter for the APAC-contoso site because of the slow connection to the US-contoso site.

 Note:
If you do not configure a specific set of Active Directory sites for clients to use, Outlook 2007 will randomly select Client Access servers to use to access the Autodiscover service.

For more information about site affinity, see How to Configure Autodiscover to Use Site Affinity.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33576814
My bad @ confusion.

I meant Site Affinity is used to configure SCP's to restricts Outlook Users to get their autodiscoverURI's from *within* their country and not go out of site.

usinternal is supposed to round robin the CAS servers *within* US - not round robin US and EU sites.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33576888
Based on these connectivity factors, you might want to allow users in the US-contoso and Europe-contoso sites to use either the US-contoso or the Europe-contoso site, users in Europe-contoso site to use any site to access the Autodiscover service, and users in the APAC-contoso site to use the APAC-contoso or the Europe-contoso site. Finally, the Client Access servers can be reached by using a common internal namespace across all sites.

>> I dont think this will work practically.
What that effectively says is - your US Outlook clients should get their autodiscover SCP's from EU CAS servers.
I was talking about round-robin'ing (That's a word ??) the CAS servers *within* US - not go out of the country.


Therefore, if a client in the US-contoso site has a mailbox located in the Europe-contoso site and tries to locate the Autodiscover service, the client can select the service instance that has site=US-contoso or site=Europe-contoso.
>> Fat Chance.
And again this depends on your Exchange design.
Unless someone is moving within the org from Germany to US - I dont see any sense in having the DE user sitting in US and getting their mailbox data from Europe.

This doesnt make sense to me.

Let me go through the document again. I hope you are referring to this:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B34FA7CC-8F13-4E21-AE87-EB824728DDD1&displaylang=en
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33577215
Jerry
Let me know what you think.

you can also click on request attention button and have this question relayed to other experts.

thanks
0
 

Author Comment

by:JerryJay
ID: 33585128
Thanks again Sunny,

">> I dont think this will work practically."

I agree with your point to limit the site scope to be within a same country, and setup a Internal dns to round robin the CAS servers to share the workload .

">>Fat chance"

In the above case, a user in US has a mailbox in EU, I agree with you that this can only be rare cases. by setting up sitescope to include us and eu in US CAS servers may cause, if i understand correctly, a large amount of SCP queries for autodiscover service to cross the border. and my understanding is that if the site selection that a user makes to query SCP for autodiscover is random, then 50% of chance that us mailbox users will go EU site for SCP query. am I correct?
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 250 total points
ID: 33588779
Jerry
the reason I havent responded yet on this is, I havent been able to verify this from any other documentation yet.
I have also relayed this question to some other experts and hoping that they will drop in and assist.

---------
by setting up sitescope to include us and eu in US CAS servers may cause, if i understand correctly, a large amount of SCP queries for autodiscover service to cross the border.

>> This is correct. And this is the assumption for the thesis of round-robining CAS within the country -- and not US-
EU-APAC.

---------
if the site selection that a user makes to query SCP for autodiscover is random, then 50% of chance that us mailbox users will go EU site for SCP query.
>> Usually you should restrict site selection to the CAS in the geography. Otherwise everyone will be looking up everywhere else for site selection.

Like they mentioned below @ MSFT: I just disagree that Eurpope-Contoso should be in the site selection.

Set-ClientAccessServer -Identity "apac-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "apac-contoso”,”europe-contoso”

>> This should be
Set-ClientAccessServer -Identity "apac-cas" -AutodiscoverServiceInternalURI "https://internal.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "apac-contoso”

thanks
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 32

Assisted Solution

by:endital1097
endital1097 earned 250 total points
ID: 33589183
when the outlook client queries for the autodiscover scp it will randomly select one to use
what you want to do is minimize the randomness (is that a word?)
by setting the AutodiscoverServiceSiteScope value you limit what clients connect to based on the AD Site where the machine is currently located

sorry @sunnyc7 i am going to disagree with you now
i would use three unique AutodiscoverServiceInternalURI values and here's why
while DNS should return results based on subnet (why @sunnyc7 is correct) someone could or may change the DNS server settings to prevent this
in that instance the AutodiscoverServiceInternalURI value that is returned could return a record from another site

if you use a unique AutodiscoverServiceInternalURI value for all CAS servers in an AD site and use the AutodiscoverServiceSiteScope you now limited the results of the scp query to only CAS servers in the correct site and now your DNS query results don't matter as much

you can use the same AutodiscoverServiceInternalURI value for all CAS servers but then you don't need to use the AutodiscoverServiceSiteScope because at that point you are relying on DNS
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33589346
Dude, thanks for bringing dns into the equation and clarifying this.

Jerry let us know if you will be able to test this and also let us know your thoughts
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33589465
sorry, it's just that you know how important dns is. microsoft always says you must ensure your dns is working. :)

let us know if you have any other questions jerry
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33589511
sorry again, but i think it is important to throw one last comment out there just to make sure everything is clear

if you do use the AutodiscoverServiceSiteScope for any CAS server, you must use it on all
otherwise you lose control of the randomness (i'm making it an official word if it isn't already)
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33590486
0
 

Author Comment

by:JerryJay
ID: 33594203
thanks endital1097 and sunnyc7 for bringing so many fresh ideas into the topic. very helpful. appreicate everything. I don't have any furtuer questions now.

Cheers,
Jerry
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33596176
glad to be of help Jerry.
If you dont have any more questions, you can close the case and allocate points.

thanks
0
 

Author Closing Comment

by:JerryJay
ID: 33601915
thank you of you, very helpful.

Jerry
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now