Solved

DAG Cross-site with 2 DAG Members

Posted on 2011-09-07
12
1,384 Views
Last Modified: 2012-05-12
Hello,
We are working in a DAG-Crossite Scenario with 2 DAG Members, here is our configuration:
Same Domain
Two AD sites
Stretched DAG
No CAS Array
OWA Internet  Url: owa.test.org
Site A RpcClientAccessServer:owa.test.org
Site B:RpcClientAccessServer:casb.testad.org

Site A
1 CAS
1 Mailbox/HT server
1 FWS

Site B
1 CAS/HT/Mailbox
1 AFWS

Testing some scenarios:
* CAS Site A failed, we change our host file poitning to the CAS Site B, when we try to login OWA to access a Mailbox in Site A, we are reciving this message:

OWA CAS Site B Mailbox Site A
* CAS Site B, move Active Copy to DAG Member Site B, when we try to login through OWA pointing to CAS Site B, the login apparently start a loop and never open the mailbox.
OWA CAS Site B Mailbox Site B
Is there a way to resolve this issue? without to perform a Datacenter switchover manually, because in this scenario only the CAS server at Site A is failing.

In addition, if you have a detailed procedure for this kind of DAG Cross-site configuration and switchover, would be very welcome.

Thanks,
CGNET-TE  
0
Comment
Question by:CGNET-TE
  • 6
  • 6
12 Comments
 
LVL 15

Expert Comment

by:GreatVargas
ID: 36502707
Hi,

the issue here is that you have 2 sites, with a DAG with one member in each site, but the database as a parameter called rpcclientaccessserver. Originally and for example if you have for example 2 mailbox databases both active on site A you should point rpcclientaccesserver to casa.domain.internal (never to the external name or url). When site A fails, mailbox 1 and 2 will failover to DAg node on site B but the rpcclientaccessserver will still be casa.domain.internal. What do you need to do?

get-mailboxdatabase |set-mailboxdatabase -rpcclientaccessserver casB.domain.internal (to change on all databases)
get-mailboxdatabase -identity "databaseA" |set-mailboxdatabase -rpcclientaccessserver casB.domain.internal  (to change on one database only)

is there a way to go over this? NO
how can tou prevent this from happening when one CAS fails? well get one cas array and point the rpcclientaccessserver to the cas array name, BUT, you cannot have one cas array cross site.

the first print screen is just saying that he cannot contact the rpcclientaccessserver of the mailbox database of that mailbox.
On this type of scenarios you should speciffy, is site B disaster recovery site or will it have active mailbox databases?
you MUST have one HT per site. and you must have one CAS per site. If the DAG has one copy on each site then you MUST run that command i have posted to get things working.
0
 

Author Comment

by:CGNET-TE
ID: 36503783
Hi GreatVargas,
Thanks for your response, I will try this change and let you know the results, in the other hand we don't have in mid to use CAS Array because is an small organization and yes, site B should be our disater recovery site, so Mailbox server site B will have just mailbox database copies. In addition if you have a decent procedure how to perform a swicthover  to a disaster recovery site in this kind of scenario would be good!, as I understand in this case DAG can't work automatically, all the process is manual.

Thanks again,
CGNET-TE
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 36503964
Hi,

if site B is your disaster recovery site, then what you need is Mailbox/HT/CAS on site B. Sites are well defined on AD Sites and Services, right?

HT is needed for you to have mailflow when mailbox is active on MailboxB
Mailbox is needed to have a copy of mailboxdatabase, that becomes active when Mailbox on site A fails.
CAS is needed to have redundancy if CAS A fails and because it's recommended by Microsoft to have at least one CAS per site with Mailbox server.

The procedure is simples as far as internal mail is concerned, you just need to run those commands i gave you.

The next things you need to be aware is:
Mail to and from the Internet: you need to configure your mail relay/NAT to point to HT server on site B if site A HT fails (this is also manual)
Services access from Internet (OWA, ActiveSync,OA,etc): you need to change the publishing rules (on TMG or ISA for example) or NAT rules to point to CASB, and configure external url's on CASB if CASA fails. External url's should be configured on CASB only if CAS A fails and it's not expected for CAS A to be back online soon, because when CAS A is up CASB should not have external url's.
0
 

Author Comment

by:CGNET-TE
ID: 36504909
Hi,
Thanks for the update.
Here are the results after my test:
Using OWA CAS Site B and try to access a Mailbox SiteA after change RpcClientAccessServer poitnting to our CAS Site B and force AD replication (they are in different AD sites) I'm still receiving this error Message

 OWA CAS B & Mailbox Site A
When I move Activate Maibox Database to our Mailbox server Site B, Using OWA CAS Site B and RpcClientAccesServer pointing to CAS Site B, I can login but now i'm receiving this error message

 OWA CAS b & Mailbox Site B
I hope you can help me to resolve this issue.

Thanks,
CGNET-TE
0
 
LVL 15

Accepted Solution

by:
GreatVargas earned 250 total points
ID: 36509667
Did you changed the rpcclientaccessserver to point to cas site B on a server on site A?

to make sure that changes are replicated run get-mailboxdatabase |ft name, rpcclientaccessserver on both sites, for example, on cas site A and on cas site B, and make sure that results are the same.

also the scenario on the first print screen should work but it's not supported because you are using a mailbox server on one site and the cas on the other.
do you have firewall between sites? be aware that cas makes a mapi tunnel to mailbox servers and not only gives the end user the mailbox server reference like in exchange 2007.

also do a get-owavirtualdirectory |fl and post the internal and externalurl values for us to check.
0
 

Author Comment

by:CGNET-TE
ID: 36511943
Hi,
Yes, I changed the rpcclientaccessserver pointing to cas site B, then I forced the AD replication, both site show me the same information under the mailbox database.
We are using firewalls between sites over the wan and they are connected through a VPN. About owavirtual directory, both CAS site A and CAS site B are using the same intenal and external url pointing to our internet url:

InternalUrl                             : https://owa.test.org/owa
ExternalUrl                            :https://owa.test.org/owa

0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 15

Expert Comment

by:GreatVargas
ID: 36514924
well you shouldn't... internal url should not be the same on CAS A and B. this will mess up all the process.
What you should have is, for example:

CAS A:
Internalurl: https://casA.domain.internal/owa
externalurl: https://owa.test.org/owa

CAS B:
Internalurl: https://casB.domain.internal/owa
externalurl: NULL

that's the ideal scenario. now you tell me: "but i want to user the same url, external and internal, for owa".. ok you can do it but only on these scenario:

CAS A:
Internalurl: https://owa.test.org/owa
externalurl: https://owa.test.org/owa

CAS B:
Internalurl: https://casB.domain.internal/owa
externalurl: NULL

and yes you need a split dns zone test.org on your internal dns to do this.. when disaster occours you need to adjust url's on CAS.

try this configuration and test for us to see the results. for sure they will be better :)
0
 

Author Comment

by:CGNET-TE
ID: 36525596
Hello,
After try this, we are still reciving same error message, we are using CAS Site B to access Mailbox Site A, rpclientaccessserver under Mailbox A pointing to CAS B,

CAS A:
Internalurl: https://owa.test.org/owa
externalurl: https://owa.test.org/owa

CAS B:
Internalurl: https://casB.domain.internal/owa
externalurl: NULL

Under our test client we are using Host file to point our OWA CAS Site B.

 CAS Site B & Mailbox Site A
Any other suggestion.

Thanks,
CGNET-TE
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 36535344
What is the address you are typing to access owa? it MUST be CASB internal url. is it?
0
 

Author Comment

by:CGNET-TE
ID: 36538017
Hi,
No we are typing Internet url http://owa.test.org, for this reason we set under our client host file poinintg this dns to our CAS B.
In the other hand we don't want to make CAS Proxying, we would like to use our CAS B as internet ans internal facing. Means we have to use our CAS B in case we lost CAS A or we need to run a maintenance under CAS A.

Thanks,
CGNET-TE
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 36539286
ok then cas B internal url should be:

Internalurl: https://owa.test.org/owa

and not:

Internalurl: https://casB.domain.internal/owa

also you must have the external url on cas B pointing to owa.test.org, and make sure that in your tests owa.test.org solves the internal IP of cas B and not of CAS A.

The problem is that you have the internalurl misconfigured. we will never accept requests on one url that he does not have configured.
make sure to change ecpvirtualdirectory as well... and other web services like EWS, activesync, oab, etc
0
 

Author Comment

by:CGNET-TE
ID: 37008693
It was resolved by miselft
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
outlook, calendar 21 41
exchange, outlook 6 29
Daily Outlook Calendar Meeting Reminder 5 29
Exchange 2003 Message retrieval 3 11
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now