Hi,

I'm running an Exchange 2013 installation:

Office1

MBX1

CAS1

AD (Site 1)

Office2

MBX2

CAS2

AD (Site 2)

Both offices are connected via L2L VPN.

MBXes have DAG spread over both offices, however, file witness is in Office1 (primary office).

We implemented a simple DNS failover for client access:

Public DNS:

mail.company.com

A PublicIPofCAS1

A PublicIPofCAS2

Internal DNS (AD integrated):

mail.company.com

A PrivateIPofCAS1

A PrivateIPofCAS2

In this scenario, all internal users hit Private IPs of the CAS servers, and users outside company LAN the public IPs.

So far so good, I think this architecture can survive pretty much any server failure except, and that's the problem, the failure of the VPN connection (that unfortunately happened recently a few times).

So in case the inter-office VPN fails, users in Office1 are OK, since quorum stays in Office1, but users in Office2 cannot connect since they're resolving private IPs of either CAS1 (vpn down, so no connect), or CAS2 (can connect locally, but vpn down-no connection to MBX in primary site).

My question is:

Is there any scenario that could help users in Office2 connect to publicIP of CAS1 automatically ?

Since the vpn to Office1 is down, but Internet connection in both offices is working this is possible (Tested during last vpn failure), but users need to enter PublicIPofCAS1 in browser to get to OWA on the working node over Internet.

Would simply adding A records of PublicIPs of both CAS servers to internal DNS mail.company.com work ? I'm aware that this means that users would resolve public/private IPs at random and it might be a security concern, but it should work in case the vpn goes down (again)...

Thanks

I know there is not Exchange 2010 forum but I hope someone can assist.

We are moving our corporate office and need to shutdown exchange 2010. Here is the environment.

1. Corporate Site
   1. Exchange 2010 CAS (total 3 servers)
   2. Exchange 2010 HUB (total 3 servers, #1 is the File Share Witness)
   3. Exchange 2010 Mailbox (total 3 servers)
   4. External SPAM Filter Appliance is Edge for all other domains
   5. External Appliance is the CAS Array for this site.
2. DR Site
   1. Exchange 2010 CAS (total 3 servers)
   2. Exchange 2010 HUB (total 3 servers)
   3. Exchange 2010 Mailbox (total 3 servers
   4. External SPAM Filter Appliance is Edge for all other domains
   5. External Appliance is the CAS Array for this site.
3. Mailbox Databases
   1. Total Databases (17 including Public Folder)
   2. MB1 = 6 Active Databases, some passive (public folder database resides here)
   3. MB2 = 6 Active Databases, some passive
   4. MB3 = 5 Active Databases, some passive
   5. DR Site has pretty much same spread of databases.
4. DAG
   1. Split between two sites. All 6 Mailbox Servers are part of the DAG.  Corporate site has Active and many passive copies. DR site only has Passive Copies, split across the three MB servers.

Question, we are going to shut down Corporate on Friday at 5pm to move all servers (Virtual by the way) to the new Corporate Office. What is the proper procedure? I do not want Databases to fail over to DR site. I do not want DR site to operate while we are moving servers. New Corporate office will have same IP Address ranges for the Servers.  

I have read a bunch of posts on this site as well as others, but not everyone has such a robust Exchange Environment as we do and I am afraid that once systems are moved to the new Corporate site, the databases will not mount or become corrupted.

Any advice is appreciated.

Thanks in advance!

I would like some clarification on the behaviour of Shadow Redundancy/Safety Net in Exchange 2013 when a message is sent and received between mailboxesthat are in the same Transport HA Boundary. I would effectively like to know whether the Shadow Safety Net is utilized in this scenario.

My understanding is that shadow redundancy is utilized when a mail comes into a Transport HA boundary that originated from outside of it. e.g. a message from the internet that is accepted by a MB server, that simultaneously sends a shadow message to a MB server in the same Transport HA Boundary. Once successfully processed the Primary and Shadow safety nets are utilized. This provides protection for the message when it is in transit and from lossy failover.

What I would like to know is whether the same thing happens for a message that is sent and received between mailboxes that are in the same Transport HA Boundary???- the research I've done so far leads me to believe this may not be the case, because when a message is sent between MB servers in the same Transport Boundary, only 1 Hop will be required once the relevant Transport service receives the message, which means the message cannot effectively be lost "in-transit"; it is either delivered or the Transport service would hold it in its active queue and attempt re-submission.

So this would seemingly explain why Shadow Redundancy wouldn't be utilized in this scenario. However, it was my understanding that the Shadow Safety Net relies on shadow redundancy, by moving mail from the shadow queue on the shadow server to the Shadow Safety Net queue on the same server... And if I am correct about this, and Shadow redundancy wasn't used here, then this would mean only the Primary Safety Net is used, which would be a single point of failure for messages transmitted in the same Transport HA boundary.

Consider the following example:
Exchange 2013 Org in 1 site with 2 MB Servers in DAG 1 - MBX1 and MBX2
MBX1 has DB1 (active copy) and DB2 (passive copy)
MBX2 has DB1 (passive copy) and DB2 (active copy)
User 1 has mailbox on DB1   /   User 2 has mailbox on DB2

User 1 sends email to user 2 (staying in the same Transport HA boundary... the DAG) and the following takes place:
- MBX1 Mailbox Transport Submission Service retrieves message and sends message to Transport Service on MBX2
- MBX2's Transport service transmits message to Mailbox Transport Delivery Service on local server, which delivers the message and the log is played into DB2
- Transport Service on MBX2 places mail in its Safety Net
- Before the log containing this transaction is successfully shipped to MBX1, MBX2 fails
- DB2 becomes active on MBX1, but is missing the transaction.... and it cannot get it from the safety net of MBX2, because the server has failed.

I suppose this scenario isn't the end of the world as it is between users in the same org and I guess the message could be
re-sent, so I suppose my questions from here are:
- Am I mistaken and messages to and from the same Transport HA boundary are protected using shadow safety net? OR  
- Are messages to and from the same Transport HA boundary not deemed mission critical and so message loss is tolerated? OR
- Am I completely missing something!? :) 

Any guidance on this would be much appreciated.

Many thanks, Barry

Hi

i have exchange 2010 environment with 2 mailbox & 2 hub/cas server role.

when outlook client connects with exchange server he got certificate prompt. when i saw the certificate he got exchange mailbox certificate.

why he got certificate which is installed on mailbox server

this certificate is a certificate which is generated automatically during installation.

please help. its urgent & critical

thanks in advanced

Anuj Gupta

I had 2 Mailbox servers in my Organization, both mailboxes have been deleted from Active Directory as well as all the Exchange Attributes for all the users? I really have no Idea what is the best plan to recover from this situation? any one has any tested solution for this?

We want to implement Exchange 2013 DAG in two different sites Site A and Site B, both sites are geographically different and running on MPLs and Satellite link. But MPLs link on Site-B is very inconsistent and it goes down every day for 3-4 hours. The response time is 45ms  TTL=120 only. So whenever link goes down we switch link to Satellite link which is worst than MPLs. Response time on Satellite link is 800ms. 

We had created test lab and configure DAG between two sites, but whenever MPLs link goes down or switch to Satellite link, we had to reseed database copy to remote sites, and total database size is 4TB. Our ultimate target is to run Exchange 2013 high availability between each local site and site resilience between two different sites.

Morning,

We have an issue where members of DAG are unable to communiate if they are on different Hyper-V hosts. This means if i put all 3 DAG members on the same host they will all be in the "up" state in the failover cluster manager. If i move them so that they are running on different hosts then only one of them will report as "up" with the other two in "down". If i live migrate the machine back to the same host as the "up" server after about 15-30sec both will come "up".

Hopefully someone has some suggestions?

Backgound Info:
We are running a 5 host Server 2012 Hyper-v Cluster. It is fully patched.
Storage is 8gb FC presented as CSV's. There are 8 CSV's presented to all the hosts.
All the hosts have 6x 1gb NIC's (Broadcom BCM5709's). They are built into three active-active switch independent Teams.
The first team has three VLANs (Cluster, Live Migration, Management). The next two are vSwitches that the machines are assigned to. All are connected to stacked Cisco switchs.

The Exchange servers are Windows Server 2012 servers running Exchange 2013 SP1.
They have two interfaces a MAPI and a Replication network. (Two sperate VLANs).
There seems to be full comms between all three DAG servers (ping and SMB) with no loss that I can detect.

Thanks
-Laurence

Hi all,

Can someone share your experience about Exchange 2013 DAG implementation/Design?

I have two AD in different countries, but the physical line is ADSL not leased line. We use site to site VPN.

One side bandwidth is 60M/15M, the other side bandwidth is 20M/20M.

But the line is not only for Exchange DAG, but also for all the traffic are on that.

I know MS document recommend that use individual line for mailbox replication.

But what happened if I implement by this architecture? 
Or what shall I do if mailbox replication don't make consistency?

Thanks,

Ian

Hi,

I have installed and configured two EX2013 sp1 on WS2012 r2, we don’t have any load balancer and configured DAG with two exchange server named EX-01 and EX-02 DAG name is DAG, without RRDNS and WNLB can we make cname record to DAG (mail to dag) for accessing email as mail.domain.local then for the exchange publishing NAT will be like public ip to private ip (DAG IP) the name will be mail.domain.com  It is working for all kinds also is there any issue?

Regards

Nisam

We have a small set up - 2 servers in a single DAG.   (Server 2012 and Exchange 2013)

I'm getting ready to go live in 2 weeks and though the system is relatively stable, it will sometimes change the active database to our secondary server, for no good reason that I can see.    Sometimes, there seems to be a reason - like the last time it happened, it was during the full system backup that runs weekly in the wee hours.  I suppose things slowed down enough to trigger the change over.

I'm happy for the resiliency, but is there a way to make it change back to the primary server automatically after a problem is resolved?

Is that what DAC would allow?  I'm just reading up on that now.

Thanks,

Vicki

Hi

I am running Exchange 2013 CU3 (coexistence with 2007) with Outlook 2010 clients

There is a BigIP with 4 E2013 CAS Servers in the pool. I can create a profile to 3 different E2013 mailboxes on 3 different PCs.

When performing a switchover, it takes seconds and the database is mounted successfully

However, the Outlook clients all disconnect and wont reconnect. OWA works fine.

Rebooting the PC allowed Outlook to reconnect on one, even recreating a new profile on another did not. It has been 2 hours and still I cannot get Outlook to reconnect on 2 PCs.

Advanced Outlook logging warns "Network problems are preventing connection to Microsoft Exchange."

Outlook Connection Status shows "Established" (!)

This issue works whether I *over from E2013 Mailbox Server A to B or B to A - I cannot successfully *over!

Output from CAS Pool:

Resolve-DnsName mail.mydomain.co.uk

Name                                          Type   TTL   Section   IPAddress

----                                          ----  ---   -------    ---------

mail.mydomain.co.uk                           A      3600  Answer    nn.nnn.nnn.nnn

I must be missing something, can anyone help?

Thanks

shapi

Ahmed Zidan Network Administrator

Can some body help me.....how can i import my EDB file into Outlook file format

Please help me....

Hi,

I have a 4 member DAG configured. The Database Copy status is fine but, the Content Index State is failed on one of the DAG member.

[PS] C:\Windows\system32>Get-MailboxDatabaseCopyStatus | fl name, contentindexstate

Name              : MailboxDB\MBXSRV0201
ContentIndexState : Failed

I tried to reseed the Mailbox Database ContalogOnly using the below cmdlet.

[PS] C:\Windows\system32>Update-MailboxDatabaseCopy –identity "Mailbox 2013\MBX0201" –CatalogOnly –SourceServer MBXSRV0101

The Server MBXSRV0101 has a passive copy of the DAG as well. The reseeding has completed, and no errors were shown.

After completing the reseeding the status is as given below.

[PS] C:\Windows\system32>Get-MailboxDatabaseCopyStatus | FL Name,*Index*

Name                         : MailboxDB\MBXSRV0201
ContentIndexState            : Failed
ContentIndexErrorMessage     : The Microsoft Exchange Search Host Controller Service is not running on server EXMB0201.
ContentIndexVersion          :
ContentIndexBacklog          :
ContentIndexRetryQueueSize   :
ContentIndexMailboxesToCrawl :
ContentIndexSeedingPercent   :
ContentIndexSeedingSource    :

After this, I tried the following on the mailbox server hosting the failed content index.

1. Stopped the services Microsoft Exchange Search & Microsoft Exchange Search Host Controller

2. Renamed the Catalog file to 8A8F978A-98F8-453C-801F-A4B66159EB6E12.1.Single_old (it was 8A8F978A-98F8-453C-801F-A4B66159EB6E12.1.Single earler)

3. Restarted the above services, mentioned in item 1.

A new folder with the same name (8A8F978A-98F8-453C-801F-A4B66159EB6E12.1.Single) was again re-created.

What confuses me is, the member servers of the DAG, who have a healthy Content Index State all have a catalog folder with a different name (8A8F978A-98F8-453C-801F-A4B66159EB6E12.2.Single). This might be the reason why it is still showing as Failed State.

Any one has any thoughts about this? I would really appreciate it at this time.

Thanks

Hi Guys

I have EMC Enterprise class storage with SAN - SAN replication. One SAN is in production site and other SAN is in DR Site.

Question 1:

Can I implement Exchange 2013 DAG using the SANs as storage for my databases?

Question 2:

Can I implement Exchange 2013 in a DR scenario using my existing SAN infrastructure???

jk

I was reading the wonderful article http://technet.microsoft.com/en-us/library/dd638129.aspxand I see this netsh command netsh interface ipv4 add route 10.0.2.0/24 <NetworkName> 10.0.1.254

my question is, does <NetworkName> refer to the network card name or the name the DAG Network name?

the netsh commands from here http://technet.microsoft.com/en-us/library/cc731521(v=WS.10).aspx#BKMK_addroute refer to the word interfacename found in the Network Connections

so if my nic is call yellow should the command be netsh interface ipv4 add route 10.0.2.0/24 yellow 10.0.1.254

or should I use the DAG network name?

I want to reseed an exchange database as the Content index state is FailedAndSuspended, as searches in OWA are not available.

So I run: Update-MailboxDatabaseCopy "Mailbox Database 1434301284" -CatalogOnly

But then I get the error: This task is supported only for databases that have more than one copy.

How can I fix this issue?

Thanks,
Kris

server 1

MAPI 10.201.1.195

Replication 10.201.4.195

ran command netsh interface ipv4 add route 10.200.4.0/24 Replication 10.201.4.254

server 2

MAPI 10.200.1.195

Replication 10.200.4.195

ran command netsh interface ipv4 add route 10.201.4.0/24 Replication 10.200.4.254

I see the routes and addresses in the DAGNetwork but the status is FAILED

I see the new routes in a route print command

I've rebootedd each server

I can not ping to the other

everything is going across MAPI, would like to get dedicated Replication working, what am I doing wrong?

Whenever my DAG fails over to the other server, users get prompted for credentials in Outlook with the standard Windows Security credentials screen.

If I cancel it, Outlook tries to connect, comes up with the "Need Password" instead of "Connected to exchange" if I click this, it tries to connect again and now it does so and Outlook connects without me entering credentials. Sometimes Outlook has to be restarted.

How do I get it so that it just fails over from one active server to the other seamlessly for the end users?

I'm on Exchange 2013 SP1 hosted on Windows 2012 R2 in a 2 node DAG, witness is also on 2012 R2.

DC:windows 2008 r2,  exchange 2010 DAG. and the dag had two members   ex10a andex10b

when uesed the command   "get-mailbox   -identity  user1“          the user1 get the servername is  ex10b  and  others users

get the servername is  ex10a .     so how to change the   user1's servername to be ex10b?

thanks