Solved

Exchange 2010 simple setup idea

Posted on 2013-06-07
20
263 Views
Last Modified: 2013-06-21
Greetings,

I've asked a few questions about exchange 2010; still working out how to set it up. I only have about 100 mailboxes, but my store is about 450 GB. I recently read quite a few articles and based on this one:

http://blogs.technet.com/b/exchange/archive/2011/04/08/robert-s-rules-of-exchange-multi-role-servers.aspx

I am certain I am over-complicating my set up in such a small environment. I already have two licenses (std though, not ent). I was thinking of spreading CAS/HT and mbx across 4 servers (two each) and getting two more licenses. However, I don't really need load balancing with only 100 mailboxes, and am not certain I would get the funding. That said, and in light of the info I've been reading, I'm thinking of setting up one multi-role server with a second in a DAG with all roles that can be failed over to (much like comment #3 by GoodThings2Life in the article I referenced above). I guess I'd need a FSW set up on local storage on my other host to spread it out across storage.

This is a VMware environment and I have enough resources to accommodate this. I was thinking of putting the active server on the vnxe and the other on my new host on local storage, just in case something happened with the SAN environment.

I also read this

http://technet.microsoft.com/en-us/library/dd979781.aspx#Two

But don't need load balancing but would like the benefit of high availability.

I guess my question is whether or not I can / should have two multi-role exchange servers, one active and one passive so-to-speak, and if so, how would I set this up?

Any thoughts very much appreciated.
0
Comment
Question by:rpliner
20 Comments
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 100 total points
ID: 39230773
You can do a couple things with your environment. You can set up 4 servers with 2 CAS/HUB and 2 MBX with a DAG for the mailbox databases and use Windows NLB to do load balancing on the CAS/HUB servers (no additional cost for that) or you can install all the roles on two servers with a DAG that is on each. If you do that, you would have to have one server be completely passive and only mount databases on it in the event of a failure. If the first server failed you would have to manually switch the DNS on your Client Access Host Records to point to the passive server before mail services would be fully up.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39230800
Thanks acbrown2010. Won't I need two additional exchange licenses for the 2/2 setup? Trying to avoid that and not sure I'd getting funded. not sure I really need load balancing at this point either.

Thanks for the DNS info. Hate to have to manually configure if the first one failed, but may not have a choice based on what I'm working with. How would that affect a users connection once DNS is altered? How would a CAS array configured in DNS affect having to manually switch DNS, if at all?

Thanks again
0
 
LVL 41

Expert Comment

by:Amit
ID: 39230862
For 100 users office365 is better, or use ex2013 for which u don't need window ent lic.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39230884
365 not approved and 2013 isn't approved yet for our doc mgt system. I thought of going to 2013 until they told me.

Any thoughts on what I posted as far as two Multi-role servers? Thx
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 400 total points
ID: 39231514
For 100 users I would just deploy two multi-role servers.
Split the databases up, you can have four plus the public folders.

You should ensure that you configure an RPC CAS Array as well. You probably didn't have that so to use it you will have to "Repair" the Outlook profile on each client. The RPC CAS Array address should resolve internally only.
If you fail over, then you will need to change the DNS entry for the CAS Array to point to the other server, so cut the TTL time down.

As you are in VMWARE, if you can think ahead and get the budget for a laod balancer it would help. Zemp do a virtual load balancer, but you can also run an open source one called Zen.

No idea why Office365 was suggested when you already own the licences.

Simon.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39231839
Thanks Simon. While load balancing would be ideal, there is no way I'm getting money this year for a kemp, or two. I will budget it for the beginning of next year though. I'm going to check out zen, but right now my main goal is to get this up and running next Thursday and Friday, with the foundation to add load balancing either with zen soon or kemp early next year. I'm trying to keep this as simple as possible, but have high availability even if that means some manual intervention for failover. I am going to configure a CAS array in DNS.

At this point I'd like to finally just move forward and at least have one server up and deal with the failover server after everyone is moved off the 2003 box, or whenever is optimal.

Can you explain what you mean by "repair" the outlook profile on each client? That sounds cumbersome, if it means actually touching each client.

I'd read somewhere about round robin for the CAS and if the server didn't respond within a set TTL, it would redirect to the other server. However, I'm not sure about that and as long as I have an Internet connection to the datacenter manual intervention, while not preferable, is acceptable. In a failover situation, we can tolerate a small amount of downtime.

Also, will the services activate and databases mount on the passive / DAG server when the active is down, or would I need to manually do that as well?

Thanks again.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39231857
There is no high availability in DNS, so what you have read about round robin is incorrect.

What I mean by repairing the Outlook profile means exactly that - in Accounts, select your Outlook account and choose Repair. That will force a full Autodiscover and the "correction" of the Exchange server name to your RPC CAS Array address. Yes it is cumbersome to visit every client - I have a client currently visiting 300 machines across three continents before we can continue the migration. If you had created the CAS Array right at the start this wouldn't be an issue.

As long as the FSQ is available, then failover of the databases doesn't require manual intervention. Of course the client change will require intervention - even if this is just changing the DNS entry.

Simon.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39231889
Ok, so goes that regarding round robin. What do you recommend for TTL? Does the failover to the other server happen as quickly as I change DNS? Also, I thought with a CAS array I had multiple exchange servers configured for failover, essentially. But I guess I need load balancing for that. Starting to get confused again... Need a simple setup. Definitely stressing to much over this.

Oh, I haven't started anything yet. The install is scheduled for next week. I only have the 2008 R2 servers patched and ready. No exchange 2010 install has yet begun. I planned on creating the CAS array first. So, how does that change the outlook profile "repair"?

Thanks again. Three continents?? They must've originated in the UK since your website states you don't work outside the UK for liability reasons, much to my disappointment. ;-)
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 400 total points
ID: 39234546
Yes, the sites I am working on at the moment are in the UK. I did the design for the foreign locations, but they are doing the work. Most of my time is done on design - many people are able to do the work themselves once the design is done and explained exactly how.

If you haven't done anything with the Exchange 2010 installation, then that is good.
As soon as you have the databases configured, setup the CAS Array. Then as you move the mailboxes on to the new platform they will be updated to the new address, which will be the CAS Array.

For TTL time, I usually set it at 10 minutes. (600 seconds). Then any change is effective within 10 - 15 minutes. Anything less and the clients are constantly polling the server increasing its load. You only want to change that one DNS entry TTL, not the entire zone.

Simon.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39235004
Thanks. I may contact you through your company for a design.

Ok, so set up the CAS array after I configure both exchange servers and set up the DAG? When I do CAS array, without load balancing, what IP do I give it? Then, when I setup a load balancer, I'd point the CAS array to the load balancer, correct? if I needed to failover to the passive server and didn't have a load balancer, I would point the CAS array to the passive server and clients would redirect to it based on the TTL I set on the DNS CAS array entry, correct? I don't need to do anything since the DAG will mount the databases on the passive server as needed, correct? Whew, I guess this is last: I'd point the firewall to the CAS array, which points to the active server, then I'd point the firewall to the load balancer when that's in, right?

Any further questions will be posted as new questions.

I looked into the zen load balancer then found the article on your website explaining the setup. I will likely try that out.

Thanks again.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39235067
Initially just give the CAS array the IP address of one of the servers with the CAS role.
When you introduce a load balancer, you can test it by modifying hosts files to get the DNS entry to resolve and then when you are ready to go in to production, undo the hosts file change and adjust the DNS entry.

If they failover, just change the DNS entry as you have said.

The CAS array is an INTERNAL only address, that isn't used for anything but MAPI TCP traffic.
However if you have a load balancer there is nothing to stop you from using the same virtual IP address on the load balancer for other services, just with a different host name.

Simon.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39245007
thanks again Simon. Going to start this tonight. I ran the pre-install analyzer and need to change to native mode and also apply some permissions to AD. Any caveats to that?

Everything else looked good except for a notification about connectors. I don't think that will prevent an install and is more of something to deal with during the actual transition.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39245016
Shouldn't be any probelms making thos changes - other than replication delays.

Simon.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39246443
so this shows up in the report but I don't know where to find the security settings to edit them. any ideas? so aggravating and preventing me from moving forward.

Access control list (ACL) inheritance is blocked for the Exchange server object (CN=EXCH1,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=local). This may cause mail flow problems, store mounting issues and other service outages. Follow Microsoft Knowledge Base article 264733 and use the Exchange System Manager to re-enable inheritance on this object.

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39247268
What have you got at the moment? 2003 or 2007?
If 2003 then you need to use the KB article mentioned and ESM to enable inheritance on the Admin group. If you have 2007 then you will have to use ADSIEDIT to enable inheritance.

Simon.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39247542
2003. The KB article is about displaying the security tab but it's already shown in ESM. I just don't know where I'm supposed to find this. I don't understand the path I guess. Does this literally mean my administration database?

Thx
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 400 total points
ID: 39248334
In ESM you should have Admin Groups. Check each step from the Admin Group down (so Servers, Server name etc) on the security tab, ensure that inheritance is enabled.

Simon.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39250759
Figured this out and now the only thing is the link state suppression warning.

We got hit with a virus Thursday late afternoon that affected 3 shares and about 10 workstations, so been cleaning that up and just finished. plan on getting back to this Monday morning.

Thanks for the help.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39257458
0
 
LVL 7

Author Closing Comment

by:rpliner
ID: 39267484
Thanks all.
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Teach the user how to edit .vmx files to add advanced configuration options Open vSphere Web Client: Edit Settings for a VM: Choose VM Options -> Advanced: Add Configuration Parameters:
how to add IIS SMTP to handle application/Scanner relays into office 365.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now