Solved

Problem with Exchange 2010 using two Client Access Servers

Posted on 2013-01-16
9
523 Views
Last Modified: 2013-01-24
I'm having some exchange problems on a new install and was wondering about the client access role.  I'm setting up a second server at a different site to make a DAG.  Whenever I power on the other server within a few minutes clients can no longer send email and it gets stuck in the outbox.  Shutting down the second server and restarting the primary eventually resolves the issue.  I can't really troubleshoot this effectively since when I turn the other server on it kills email.

While researching this I came across the get-clientaccessserver command.  When I run it I see both servers listed when I'd only expect to see one.  I don't want the users to connect to the other exchange server yet, especially when it hasn't been fully configured with the DAG.

I suspect this is at least part of my problem and would very much appreciate any feedback.
0
Comment
Question by:First Last
  • 4
  • 3
  • 2
9 Comments
 
LVL 5

Expert Comment

by:kpoineal
ID: 38783383
Check your send/receive connectors. Sounds like one is configured improperly and isn't letting outbound mail go. Might also check your firewall to make sure it's allowing traffic to and from both ip addresses.
0
 
LVL 1

Author Comment

by:First Last
ID: 38783527
The second server has the same send/receive connector configured, it automatically filled in all the details when I installed it.

There is no firewall between the two servers but they are connected via a point-to-point Cisco VPN.  I don't see any traffic being stopped there but its possible.

I was wondering if there is a command I can run that would restrict the users to only one of the two servers.
0
 
LVL 5

Expert Comment

by:kpoineal
ID: 38783557
Does your MX record point to both IPs, or does it just point to one and then replicate to the other?

Also, why are you running 2 exchange servers?
0
 
LVL 1

Author Comment

by:First Last
ID: 38783703
MX record points only to the original server at the moment.  I am running two exchange servers so I can setup basic database redundancy using a DAG.  Unfortunately I can't actually add the other server to the DAG for two reasons.  The first is the problem described above.  The second is an error I get when I attempt to add the second member:

An Active Manager operation failed. Error An error occurred while attempting a cluster operation. Error: Cluster API '"AddClusterNode() (MaxPercentage=12) failed with 0x800706d3. Error: The authentication service is unknown"' failed.. ---> System.ComponentModel.Win32Exception: The authentication service is unknown

For now I need to know why mail stops sending when I turn on the second server.  Then I would like to move on to the second issue.  Who knows, maybe solving the first issue will also resolve the second.  :)
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 5

Expert Comment

by:kpoineal
ID: 38783769
What roles are both servers doing? Are they both DC's? DNS? DHCP?

Also: Since DAGs rely on Windows failover clustering, they can only be created on Exchange 2010 Mailbox servers running the Windows Server 2008 Enterprise operating system or Windows Server 2008 R2 Enterprise operating system.
0
 
LVL 1

Author Comment

by:First Last
ID: 38783779
They are just Exchange 2010 servers with the CAS/MB/HT roles installed.  They do not provide any other network services.  The primary server is working fine and is currently the only member of the DAG.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 38784652
Install a server with the Client Access Role and clients will use it immediately.
There is nothing you can do to stop that. They will get the information about the second server from Autodiscover.

However if you have an RPC CAS Array that would allow you to force traffic to just a single server, and when you have multiple servers in place you can then point the RPC CAS Array at a load balancer.
If you don't have an RPC CAS Array then you have some work ahead of you.

The DAG only protects the mailbox data, it does nothing for the clients. If you failover the clients will continue to point at the existing client access server. Only an RPC CAS Array is going to get your clients to another server.

Do all of the Exchange services start without error on the second server? Is it patched to the same level as the existing server?

Simon.
0
 
LVL 1

Author Comment

by:First Last
ID: 38787021
Hi Simon, good to hear from you!  I see what you are saying and understand that I'll need to setup a CAS array then hit all the clients to reconfigure their profile.  I didn't understand that going in otherwise I would have set that up from the beginning.  :)  After doing a great deal of research I think I actually have two problems here.

The first is likely a communications issue with the VPN...I think some of the ports are being blocked for exchange.  This would explain the emails getting stuck in the outbox and that I can't join it to the DAG.  I'm working on that today with our Cisco guy.  In order to troubleshoot this I need to force the clients to use the primary server for now so I can bring the other one online.  To do that I found this command:

Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://LocationOfCAS/Autodiscover/Autodiscover.xml

This shoudl force the clients all onto the working server and also allow me to work on the problem.  Does that look right to you?

We're mostly on Outlook 2010 and I've read that when properly patched the autodiscover feature can update the profile automatically.  Has this been your experience?

Thank you everyone for your help on this one, its been a challenge.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38788894
With multiple servers you would usually configure the AutodiscoverServiceInternalURI to be the same, as it would need to match the SSL certificate. If you deploy a load balancer then the URL would be generic and point there instead of directly to the server.

Autodiscover will not pick up the implementation of the RPC CAS Array, because the CAS role server currently being used is still valid - it requires manual intervention.

Simon.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now