Exchange 2010 Failover at HUB/CAS level


We are testing our exchange 2010 system and a failover problem has come up and I wondered if there is a solution to it?


2 sites each have 1xedge, 1xhub/cas, 1xmail.

I intend to subscribe the edge servers to both sites so that it can deliver to both hub servers so that there is failover at this level.

The mailbox servers are linked via DAG so failover is ok there.

I now know that I cannot create an Array over the 2 sites, but what I wanted to do is setup an array name anyway at DNS level.

So all clients would go through the primary hub server on site 1. Then if this server failed I could use the array DNS name to transfer to site 2 ip address?

Is this viable?

I have tried it but the error I receive when I switch off site 1 hub server and point the DNS entry to site 2 is:

Cannot open your default e-mail folders, Your profile is not configured. (points to array name in servers)

If this isnt viable what other solution could I implement?

Would an option be to add the 2x hub server names to the office MSP installation so that it can see both?

Many Thanks!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

To answer this, you need to know more about how your DNS serves out results to clients.  Assuming you use Microsoft DNS, there is absolutely NO intelligence behind the result it gives to the clients.

For example:

You have 2 servers supplying the same service, and  In DNS, you put in an entry for and put in 2 IP addresses, and  Your thought behind this is the users should get one of the 2 IPs in a response correct?  Yes that is correct.

Now lets say fails and is still online.  DNS does NOT check for the status of any services or connectivity when making it's decision for what IP to respond back to the client with.  What you'd need is a smart DNS/network load balancing piece of software.  Basically something that would receive a request, then look at it's database to see what services it needs to check on the servers, then check those services, and send the appropriate response back to the clients.

Microsoft DNS (to my knowledge) CANNOT do this.  One thing you could check out is ZenLoadBalancer (

This is free, but as all free products, setup can sometimes be very obscure/complex.  The scripting engine behind the product is a bit confusing, but you may be able to pay for initial setup or support.
One last note to make about using DNS as the failover:

Clients cache DNS results for the duration indicated in the TTL value for your DNS record.  If you set a high TTL value, the cache will consider the value valid for a longer period of time.  If you set a really low TTL value, the client will have to query for a new DNS result more frequently.

If you plan on using this as a load balancing/failover, you'll want to ensure you set a low TTL value, otherwise a client may be offline for a few minutes before the cached value becomes invalid and requires a call out to DNS for resolution again.  The only way this wouldn't be true is if the load balancing solution actually handled all communication to/from the server and the client, the client doesn't actually access the server directly, it always goes to the load balancer and the load balancer handles everything else (I can't remember if that's actually what ZenLoadBalancer does).

Also keep in mind that using a load balancer assumes that you can have a client go to either server and still function fully.  With CAS, I would imagine any CAS would be able to handle the MAPI calls to a mailbox, but I also haven't setup a HA CAS solution.
Will SzymkowskiSenior Solution ArchitectCommented:
Are you using Site 2 only has a failover Site or do you currently have active mailboxes in Site 2 as well?

What I would do...

Site 1 Edge Server = internet facing
Site 2 Edge Server = secondary

Site 1 Mailbox DAG x2 primary
Site 2 Mailbox DAG streched DAG from Site 1 = standby

Site 1 CAS x2 = hardware load balancer (this will distribute the load for Site 1 only)
Site 2 CAS = You need at least 1 CAS server in each site for mail to flow

Site 1 HUB x2 = Adding additional HUB servers to a site add site resiliancy (no config needed, just install the role)
Site 2 HUB = install a HUB transport role in this site for DR purposes to route mail

If you are only using Site2 as a DR site I am not sure what your requirements are for HA. If you do require HA for the DR site then i would recommend adding 2x HUB/CAS servers as well. If not then you can just add a single server for CAS/HUB.

As for the Edge server it is a good idea to only use 1 internet facing Edge and have an external IP/MX record point to your edge in site 2.


Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Colchester_InstituteAuthor Commented:

Cheers for the quick & excellent replies!

Thanks piattnd for the DNS info thats helped loads!

Spec01: Site 2 will be for DR only.

This is where we are at so far, I am trying to get my head around it all:

1x server which has the MAIL role at each site.
If the mailbox server goes off line on site 1 the site 2 mailbox server comes online fine, users need to restart outlook and all is ok. So from a mailbox resilience is this is enough??

1x server which has the HUB & CAS (HC) roles at each site.
If the mailbox fails over to site 2 the site 1 HC server can still connect clients fine and vice versa.
If the HC goes down on site 1 clients cannot access mail anymore, due to DNS as mentioned above.
If I fail over the mailboxes to site 2, the site 2 HC will kick in and clients can connect again.

For resillience I should add another hub server at site 1, so that it is in an array and load balanced at the primary site. Then the DR site 2 is if we lose site one completely, which would fail over mail and HC.

So from the mailflow and high availability route should be:

Mail will be load balanced coming into edge servers at site 1 and 2. Mail will flow to the 2x hub servers at site 1. edge server at site 2 will also be subscribed to HC at site 2.

Hub servers
Setup an array at site 1 for  high availability.

Mail servers
primary mailserver can failover to DR site server via DAG

would this setup be classed as a high availability system?

I dont think I could push the system as far as having separate CAS servers and another mailbox server due to costs.

Its impressive going from an 2003 environment with 1 or 2 servers to this monster setup!

Cheers so far and hope this makes sense!
Will SzymkowskiSenior Solution ArchitectCommented:
You can do a streached DAG but I would recommend having 2 Mailbox servers Active in Site 1 and a Mailbox server standby in Site 2. I say this because you dont want to be failing over to your DR site when you are doing general maintenance etc.

Also with CAS/HUB you will want to load balance your CAS servers at the main site becuase if you failover to the DR site this site now has to act as the "internet facing" site. Which involves re-pointing your MX records to the external IP of your DR site. This procedure is a manual process.

Double up your CAS/HUB in site 1 with a hardware load balancer for CAS. For HUB you don't have to do anything just add another HUB role and your done.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Colchester_InstituteAuthor Commented:
Cheers for the reply Will.

I forgot to mention on the MX records side of thing we have a 3rd party company that all our mail goes through for spam and another level of DR if we loose both sites.

So our MX records point to them, we then plan to point from the 3rd party to both edge servers in site 1 and 2, so that the NLB can go through either edge server to site 1, and then in a DR scenario it would automatically feed the DR site 2. Does that sound viable?

So on the mailbox side on site 1 it should be an active - active setup? then site 2 is passive?

So if i introduce a 2nd mailbox server on site 1, I could have current mailboxes hosted on mailbox server A - then dag to mailbox server B. And have Archive Mailboxes on Server B and dag to server A to share the load on the servers?

The mailbox servers I have spec'd are:
Win2008 R2 Enterprise
AMD Opteron 6174 2.20GHZ x2
36Gb Mem

HUB/CAS servers are basically the same spec with 16Gb Mem each

What amount of users could I goto on a spec like this please? (these servers are all in VM but have dedicated CPU and memory)

Cheers for your help so far, really helping this project come along nicely!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.