Link to home
Start Free TrialLog in
Avatar of aarontheyoung1
aarontheyoung1

asked on

How do I set the primary exchange server in a exchange cluster?

I have built a three-node exchange 2012 setup and it's working pretty well.  Messages are replicating through all the servers/the DAG.

My servers are all Win2K8 SP2 and are named as follows:

Franklin0 (bare metal server using local disk)
Franklin1 (Virtual server using stored on the VM server)
Franklin2 (Virtual server tide to NAS)


I started with a virtual server (Franklin2) that was tied to my NAS.  It wasn't very reliable and that's why I built the Exchange cluster and started using a DAG.  

I also have a Linux box for my outside edge that forwards e-mail to the Exchange setup.  Originally, when I only had 1 Exchange server, it was relaying all e-mail to Franklin2.  I now want the primary Exchange server to be Franklin0 as it is the most reliable of all three of my Exchange servers (IMHO).

When I try to change my Outlook clients to Franklin0 or to the Franklin-DAG, it defaults back to Franklin2.

I also can't forward e-mail to Franklin0 or Franklin1.  I get the following error:

franklin0.mydomain.com #<franklin0.mydomain.com #5.7.1 smtp; 530 5.7.1 Client was not authenticated> #SMTP#

I'm not Exchange expert and would appreciate any help at all.

Aaron
  ~
Avatar of Delphineous Silverwing
Delphineous Silverwing
Flag of United States of America image

In Failover Cluster Management, go into the properties of the Exchange service instance.  Within the General tab you can define the preferred owner order for the nodes that can run the instance - the top most being the preferred.

In the Failover tab, you can "Allow failback" so that the Exchange instance will automatically move back to the preferred server after it becomes available.

Personally, I "Prevent failback" so that I can make sure the preferred server is healthy and I can move the instance back off-hours to reduce user impact.
Exchange 2010 .... Outlook users dont speak to Mailbox server directly it all happens through CAS ......

Dont think there is any preference which server would always remain Primary DAG server for Database.

How can you send an email to Server ? franklin0.mydomain.com

- Rancy
If you are using Exchange Cluster, then you should have a Hub Transport server (or more) configured to handle SMTP communications between the mailbox servers and systems.

The "530 5.7.1 Client was not authenticated" is occurring because the system generating the e-mail is not authenticating to Exchange before sending the message.  That system needs to be configured to authenticate or you need to disable the authentication requirement on the SMTP connector.
Servers dont have a mailbox nor location to store emails .... so will never happen.

- Rancy
Avatar of aarontheyoung1
aarontheyoung1

ASKER

I'm using /etc/aliases to send mail from the Linux server to the Exchange Server.

For example:

user1:  user1@franklin2.mydomain.com   <this works fine>

but if I try to send it this way:

user1:  user1@franklin0.mydomain.com  < I get the authentication error>

Even if I forward to franklin-dag.mydomain.com it still gives an error:

user1:  user1@franklin-dag.mydomain.com  <I get unable to relay>
Do you have all the domains "franklin2.mydomain.com" "franklin1.mydomain.com" and "franklin0.mydomain.com" as Accepted domains ? .... if not will never work.

- Rancy
Also does user "User1" has all the 3 emails address assigned to it ..... i mean do they show up on his Email address tab ?

- Rancy
The user does have all 3 e-mail addresses assigned.

Where do I check to make sure all three are accepted domains?  Aren't the "hosts" not "domains" ?
Why is it working for Franklin2 only?
Aren't the "hosts" not "domains" ? - Nopes

Go to Organization configuration -> HUB -> Accepted Domains.

- Rancy
Do you have a functional reason to have the mailboxes defined to the server/sub-org level?  If you were to use user@domain.com rather than user@franklin1.domain.com you wouldn't need to have each registered on every mailbox.
I don't have a functional reason to have the mailboxes defined any particular way.  We are a very small operation here and I've basically been learning as I go.  I have the following in my accepted domains tab:

mydomain.com
mydomain01.com
zeems.com <---my old Exchange 2007 server
franklin2.mydomain.com

So this is probably why Franklin2 is working.  

Also, I have an inside and outside DNS setup.  mydomain.com is on the Internet for web and e-mail, but it's also my internal domain behind our firewall.  I don't know if that matters to this setup.

So should I just add the two others mail servers/domains to the accepted domains tab?  Why is it considered a domain?  I created servers, not domains.  Is this the way MS does things as compared to the Unix world?
mydomain.com is set as authoritative and TRUE (the Default)
Franklin0.mydomain.com is set as authoritative and False
Franklin1.mydomain.com is set as authoritative and False
Franklin2.mydomain.com is set as authoritative and False

zeems.mydomain.com is set as authoritative and False  (Can I delete this?  The server has been long gone.)
I still get "Client was not authenticated".
It seems to work now that I've turned on anonymous users in my hub transport recieve connectors permissions group.

Is there a danger to doing this?  My exchange setup is not on the outside edge of my network (not on the Internet.)
zeems.mydomain.com - This is a domain and not Server I guess and if your sure that its gone you can remove it.

Also is the "Franklin0.mydomain.com" added to Email address policy and applied to all users or how is it done ?

Ideally Authoritative Domain should be something like "Mydomain.com" and not server FQDN's

- Rancy
I am using the Default E-mail policy, so there is basically nothing defined in that part of my setup.
It seems to work now that I've turned on anonymous users in my hub transport recieve connectors permissions group.

Is there a danger to doing this?

For the most part - not really.  If the server is externally accessible, you risk spammer abuse.
Having the server name defined within the users mailbox properties is an unnecessary task.  If you send to just user@domain.com (without the server in the address) can you send to the user regardless of what server they reside?  This is a "normal" configuration.
Unfortunately, because I have an outside edge Linux based mail server, it is mydomain.com and I have to specifically send mail to one of the servers since my Windows domain is ALSO mydomain.com.

So, I guess I do have a special need from the franklin.mydomain.com subdomains.  Because I have the inside outside domain issue, is this the best way to configure this?

Thanks for all your help.  It's working just fine now, I just have to send it to specific subdomain.
I've requested that this question be closed as follows:

Accepted answer: 0 points for aarontheyoung1's comment #a38364788

for the following reason:

Rancy knew what he was talking about.
ASKER CERTIFIED SOLUTION
Avatar of Manpreet SIngh Khatra
Manpreet SIngh Khatra
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Rancy was a great help.
Aaron is there still something pending ?
Not really.  I kinda wish I knew if I could set things up better, but the problem of getting e-mail through to the Exchange Server of choice is solved.

Do I have to do something to close this?  It looks like you got awarded the points.