<updated and removed the "just blow it up" comments. When a tanker has a rudder problem, you don't blow up the tanker and the oil and build a new tanker.>
Hi all, here’s a mystery:
The setup:
2 Exchange 2013 (CU12) Servers (let’s call them EX1 and EX2), and a witness server (called DC). All are Windows Server 2012R2, all are DCs, Exchange in both environs has GFI MailEssentials installed for anti-spam. EX1 has a Database we need to duplicate on EX2 for resilience and failover (the usual reasons to do this).
All servers can see [ping/NSLookup], talk, and DNS sync with each other. EX1 and EX2 can route mail, see each other’s queues, and move mailboxes between each other.
Witness server (DC) has ETS in the permissions for the Share, just in case…
DAG CNO object created and given appropriate permissions (calling it EXDAG2). Creation has no problems and does not throw an error.
The problem:
Adding a server to the DAG runs, then throws the following Error: Cluster API failed: “CreateCluster() failed with 0x5b4. Error: This operation returned because the timeout period expired.”. [Server: EX2.ad.**.***]
What we’ve tried:
Theory: Network issue (though why adding a server from EAS or Command Shell on the same server would be a problem is not clear)
- Can both servers ping the other server by both name and IP? NSLOOKUP can resolve both names to the proper IP? Answer:YES
- tried disabling firewall on all three servers just to see if it works... it does not.
Theory: ensuring the failover-clustering module is installed on both Exchange servers via powershell:
- Add-WindowsFeature Failover-Clustering answers “TRUE” on both exchange Servers.
Theory: wse missed something in the setup. We should pre-configure the Cluster object, or make sure (if it exists in AD) that ETS has full control.
- Deleted DAG in EAS, Deleted object EXDAG2 from AD, cleared cluster, reboot, rebuild via instructions at http://www.mustbegeek.com/configure-dag-in-exchange-2013/
Theory: It may think its part of a virtual network.
- take a look at the NIC properties for TCP/UDP Checksum Offload for IPv4 and IPv6. Not checked on any servers.
Theory: Exchange servers as domain controllers can sometimes be tricky
- The KB at https://technet.microsoft.com/en-us/library/aa996719(v=exchg.150).aspx specifically notes the only issues are “For security and performance reasons”.
- This is the environment we’ve got, and can’t change it.
Some other Notes:
The servers are real, physical boxes in a co-location facility. They are on a single primary net, but different subnets. Everything else (network, AD, DNS, Exchange) is working and communicating.
GFI seems flaky – sometimes it will hang onto emails destined for the other server, sometimes it won’t. no issues with mail transport with GFI disabled.
Any thoughts??? I’m at a loss here.
-Umbie