Problem with Exchange 2010 using two Client Access Servers
I'm having some exchange problems on a new install and was wondering about the client access role. I'm setting up a second server at a different site to make a DAG. Whenever I power on the other server within a few minutes clients can no longer send email and it gets stuck in the outbox. Shutting down the second server and restarting the primary eventually resolves the issue. I can't really troubleshoot this effectively since when I turn the other server on it kills email.
While researching this I came across the get-clientaccessserver command. When I run it I see both servers listed when I'd only expect to see one. I don't want the users to connect to the other exchange server yet, especially when it hasn't been fully configured with the DAG.
I suspect this is at least part of my problem and would very much appreciate any feedback.
While researching this I came across the get-clientaccessserver command. When I run it I see both servers listed when I'd only expect to see one. I don't want the users to connect to the other exchange server yet, especially when it hasn't been fully configured with the DAG.
I suspect this is at least part of my problem and would very much appreciate any feedback.
Check your send/receive connectors. Sounds like one is configured improperly and isn't letting outbound mail go. Might also check your firewall to make sure it's allowing traffic to and from both ip addresses.
ASKER
The second server has the same send/receive connector configured, it automatically filled in all the details when I installed it.
There is no firewall between the two servers but they are connected via a point-to-point Cisco VPN. I don't see any traffic being stopped there but its possible.
I was wondering if there is a command I can run that would restrict the users to only one of the two servers.
There is no firewall between the two servers but they are connected via a point-to-point Cisco VPN. I don't see any traffic being stopped there but its possible.
I was wondering if there is a command I can run that would restrict the users to only one of the two servers.
Does your MX record point to both IPs, or does it just point to one and then replicate to the other?
Also, why are you running 2 exchange servers?
Also, why are you running 2 exchange servers?
ASKER
MX record points only to the original server at the moment. I am running two exchange servers so I can setup basic database redundancy using a DAG. Unfortunately I can't actually add the other server to the DAG for two reasons. The first is the problem described above. The second is an error I get when I attempt to add the second member:
An Active Manager operation failed. Error An error occurred while attempting a cluster operation. Error: Cluster API '"AddClusterNode() (MaxPercentage=12) failed with 0x800706d3. Error: The authentication service is unknown"' failed.. ---> System.ComponentModel.Win3
For now I need to know why mail stops sending when I turn on the second server. Then I would like to move on to the second issue. Who knows, maybe solving the first issue will also resolve the second. :)
An Active Manager operation failed. Error An error occurred while attempting a cluster operation. Error: Cluster API '"AddClusterNode() (MaxPercentage=12) failed with 0x800706d3. Error: The authentication service is unknown"' failed.. ---> System.ComponentModel.Win3
For now I need to know why mail stops sending when I turn on the second server. Then I would like to move on to the second issue. Who knows, maybe solving the first issue will also resolve the second. :)
What roles are both servers doing? Are they both DC's? DNS? DHCP?
Also: Since DAGs rely on Windows failover clustering, they can only be created on Exchange 2010 Mailbox servers running the Windows Server 2008 Enterprise operating system or Windows Server 2008 R2 Enterprise operating system.
Also: Since DAGs rely on Windows failover clustering, they can only be created on Exchange 2010 Mailbox servers running the Windows Server 2008 Enterprise operating system or Windows Server 2008 R2 Enterprise operating system.
ASKER
They are just Exchange 2010 servers with the CAS/MB/HT roles installed. They do not provide any other network services. The primary server is working fine and is currently the only member of the DAG.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Simon, good to hear from you! I see what you are saying and understand that I'll need to setup a CAS array then hit all the clients to reconfigure their profile. I didn't understand that going in otherwise I would have set that up from the beginning. :) After doing a great deal of research I think I actually have two problems here.
The first is likely a communications issue with the VPN...I think some of the ports are being blocked for exchange. This would explain the emails getting stuck in the outbox and that I can't join it to the DAG. I'm working on that today with our Cisco guy. In order to troubleshoot this I need to force the clients to use the primary server for now so I can bring the other one online. To do that I found this command:
Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceIntern
This shoudl force the clients all onto the working server and also allow me to work on the problem. Does that look right to you?
We're mostly on Outlook 2010 and I've read that when properly patched the autodiscover feature can update the profile automatically. Has this been your experience?
Thank you everyone for your help on this one, its been a challenge.
The first is likely a communications issue with the VPN...I think some of the ports are being blocked for exchange. This would explain the emails getting stuck in the outbox and that I can't join it to the DAG. I'm working on that today with our Cisco guy. In order to troubleshoot this I need to force the clients to use the primary server for now so I can bring the other one online. To do that I found this command:
Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceIntern
This shoudl force the clients all onto the working server and also allow me to work on the problem. Does that look right to you?
We're mostly on Outlook 2010 and I've read that when properly patched the autodiscover feature can update the profile automatically. Has this been your experience?
Thank you everyone for your help on this one, its been a challenge.
With multiple servers you would usually configure the AutodiscoverServiceInterna
Autodiscover will not pick up the implementation of the RPC CAS Array, because the CAS role server currently being used is still valid - it requires manual intervention.
Simon.
Autodiscover will not pick up the implementation of the RPC CAS Array, because the CAS role server currently being used is still valid - it requires manual intervention.
Simon.