[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

DAG Cross-site with 2 DAG Members

Posted on 2011-09-07
12
Medium Priority
?
1,420 Views
Last Modified: 2012-05-12
Hello,
We are working in a DAG-Crossite Scenario with 2 DAG Members, here is our configuration:
Same Domain
Two AD sites
Stretched DAG
No CAS Array
OWA Internet  Url: owa.test.org
Site A RpcClientAccessServer:owa.test.org
Site B:RpcClientAccessServer:casb.testad.org

Site A
1 CAS
1 Mailbox/HT server
1 FWS

Site B
1 CAS/HT/Mailbox
1 AFWS

Testing some scenarios:
* CAS Site A failed, we change our host file poitning to the CAS Site B, when we try to login OWA to access a Mailbox in Site A, we are reciving this message:

OWA CAS Site B Mailbox Site A
* CAS Site B, move Active Copy to DAG Member Site B, when we try to login through OWA pointing to CAS Site B, the login apparently start a loop and never open the mailbox.
OWA CAS Site B Mailbox Site B
Is there a way to resolve this issue? without to perform a Datacenter switchover manually, because in this scenario only the CAS server at Site A is failing.

In addition, if you have a detailed procedure for this kind of DAG Cross-site configuration and switchover, would be very welcome.

Thanks,
CGNET-TE  
0
Comment
Question by:CGNET-TE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 15

Expert Comment

by:GreatVargas
ID: 36502707
Hi,

the issue here is that you have 2 sites, with a DAG with one member in each site, but the database as a parameter called rpcclientaccessserver. Originally and for example if you have for example 2 mailbox databases both active on site A you should point rpcclientaccesserver to casa.domain.internal (never to the external name or url). When site A fails, mailbox 1 and 2 will failover to DAg node on site B but the rpcclientaccessserver will still be casa.domain.internal. What do you need to do?

get-mailboxdatabase |set-mailboxdatabase -rpcclientaccessserver casB.domain.internal (to change on all databases)
get-mailboxdatabase -identity "databaseA" |set-mailboxdatabase -rpcclientaccessserver casB.domain.internal  (to change on one database only)

is there a way to go over this? NO
how can tou prevent this from happening when one CAS fails? well get one cas array and point the rpcclientaccessserver to the cas array name, BUT, you cannot have one cas array cross site.

the first print screen is just saying that he cannot contact the rpcclientaccessserver of the mailbox database of that mailbox.
On this type of scenarios you should speciffy, is site B disaster recovery site or will it have active mailbox databases?
you MUST have one HT per site. and you must have one CAS per site. If the DAG has one copy on each site then you MUST run that command i have posted to get things working.
0
 

Author Comment

by:CGNET-TE
ID: 36503783
Hi GreatVargas,
Thanks for your response, I will try this change and let you know the results, in the other hand we don't have in mid to use CAS Array because is an small organization and yes, site B should be our disater recovery site, so Mailbox server site B will have just mailbox database copies. In addition if you have a decent procedure how to perform a swicthover  to a disaster recovery site in this kind of scenario would be good!, as I understand in this case DAG can't work automatically, all the process is manual.

Thanks again,
CGNET-TE
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 36503964
Hi,

if site B is your disaster recovery site, then what you need is Mailbox/HT/CAS on site B. Sites are well defined on AD Sites and Services, right?

HT is needed for you to have mailflow when mailbox is active on MailboxB
Mailbox is needed to have a copy of mailboxdatabase, that becomes active when Mailbox on site A fails.
CAS is needed to have redundancy if CAS A fails and because it's recommended by Microsoft to have at least one CAS per site with Mailbox server.

The procedure is simples as far as internal mail is concerned, you just need to run those commands i gave you.

The next things you need to be aware is:
Mail to and from the Internet: you need to configure your mail relay/NAT to point to HT server on site B if site A HT fails (this is also manual)
Services access from Internet (OWA, ActiveSync,OA,etc): you need to change the publishing rules (on TMG or ISA for example) or NAT rules to point to CASB, and configure external url's on CASB if CASA fails. External url's should be configured on CASB only if CAS A fails and it's not expected for CAS A to be back online soon, because when CAS A is up CASB should not have external url's.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:CGNET-TE
ID: 36504909
Hi,
Thanks for the update.
Here are the results after my test:
Using OWA CAS Site B and try to access a Mailbox SiteA after change RpcClientAccessServer poitnting to our CAS Site B and force AD replication (they are in different AD sites) I'm still receiving this error Message

 OWA CAS B & Mailbox Site A
When I move Activate Maibox Database to our Mailbox server Site B, Using OWA CAS Site B and RpcClientAccesServer pointing to CAS Site B, I can login but now i'm receiving this error message

 OWA CAS b & Mailbox Site B
I hope you can help me to resolve this issue.

Thanks,
CGNET-TE
0
 
LVL 15

Accepted Solution

by:
GreatVargas earned 750 total points
ID: 36509667
Did you changed the rpcclientaccessserver to point to cas site B on a server on site A?

to make sure that changes are replicated run get-mailboxdatabase |ft name, rpcclientaccessserver on both sites, for example, on cas site A and on cas site B, and make sure that results are the same.

also the scenario on the first print screen should work but it's not supported because you are using a mailbox server on one site and the cas on the other.
do you have firewall between sites? be aware that cas makes a mapi tunnel to mailbox servers and not only gives the end user the mailbox server reference like in exchange 2007.

also do a get-owavirtualdirectory |fl and post the internal and externalurl values for us to check.
0
 

Author Comment

by:CGNET-TE
ID: 36511943
Hi,
Yes, I changed the rpcclientaccessserver pointing to cas site B, then I forced the AD replication, both site show me the same information under the mailbox database.
We are using firewalls between sites over the wan and they are connected through a VPN. About owavirtual directory, both CAS site A and CAS site B are using the same intenal and external url pointing to our internet url:

InternalUrl                             : https://owa.test.org/owa
ExternalUrl                            :https://owa.test.org/owa

0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 36514924
well you shouldn't... internal url should not be the same on CAS A and B. this will mess up all the process.
What you should have is, for example:

CAS A:
Internalurl: https://casA.domain.internal/owa
externalurl: https://owa.test.org/owa

CAS B:
Internalurl: https://casB.domain.internal/owa
externalurl: NULL

that's the ideal scenario. now you tell me: "but i want to user the same url, external and internal, for owa".. ok you can do it but only on these scenario:

CAS A:
Internalurl: https://owa.test.org/owa
externalurl: https://owa.test.org/owa

CAS B:
Internalurl: https://casB.domain.internal/owa
externalurl: NULL

and yes you need a split dns zone test.org on your internal dns to do this.. when disaster occours you need to adjust url's on CAS.

try this configuration and test for us to see the results. for sure they will be better :)
0
 

Author Comment

by:CGNET-TE
ID: 36525596
Hello,
After try this, we are still reciving same error message, we are using CAS Site B to access Mailbox Site A, rpclientaccessserver under Mailbox A pointing to CAS B,

CAS A:
Internalurl: https://owa.test.org/owa
externalurl: https://owa.test.org/owa

CAS B:
Internalurl: https://casB.domain.internal/owa
externalurl: NULL

Under our test client we are using Host file to point our OWA CAS Site B.

 CAS Site B & Mailbox Site A
Any other suggestion.

Thanks,
CGNET-TE
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 36535344
What is the address you are typing to access owa? it MUST be CASB internal url. is it?
0
 

Author Comment

by:CGNET-TE
ID: 36538017
Hi,
No we are typing Internet url http://owa.test.org, for this reason we set under our client host file poinintg this dns to our CAS B.
In the other hand we don't want to make CAS Proxying, we would like to use our CAS B as internet ans internal facing. Means we have to use our CAS B in case we lost CAS A or we need to run a maintenance under CAS A.

Thanks,
CGNET-TE
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 36539286
ok then cas B internal url should be:

Internalurl: https://owa.test.org/owa

and not:

Internalurl: https://casB.domain.internal/owa

also you must have the external url on cas B pointing to owa.test.org, and make sure that in your tests owa.test.org solves the internal IP of cas B and not of CAS A.

The problem is that you have the internalurl misconfigured. we will never accept requests on one url that he does not have configured.
make sure to change ecpvirtualdirectory as well... and other web services like EWS, activesync, oab, etc
0
 

Author Comment

by:CGNET-TE
ID: 37008693
It was resolved by miselft
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question