Tuesday, April 20, 2010

Understanding DAG & Automatic Failover On Complete Server shutdown PART#1

Now you decided to give less impact to MAPI clients when One of the Exchange Server goes down in DAG group. Remember MAPI clients are still able to connect if both servers are up and running.

Things to remember

  • Each MailboxDatabase has attribute called RpcClientAccessServer
  • This is the end point that MAPI clients ( outlook users ) mailboxes  use to connect to the  their corresponding database.
  • MAPI Clients connecting trough this EndPoint

MAPI Clients ---------->Looks for mail database to connect too--------> They read the attribute ( RpcClientAccessServer ) this Attribute tells the MAPI client & clients which DB to connect too.

  • My user name is Dedealoc My mailbox is located on server called mail1.smtp25.local , my mailbox resides on database called DB1

image

image

  • Now we want to control this by creating CAS array here is the link
  • We want MAPI ( outlook Clients to connect to) look for to connect DNS entry we will create

**** Remember if DAG member wont shut down ( Exchange server) you are safe no need to update DNS at all, if Server shuts down you will have to update below record to make the client successfully connect to remaining server & DAG member*****

image

image

  • After creating this A record for your CAS configuration fallow the steps to change the TTL
  • Connect to your AD/DNS click View and chose “advance”

image

  • Find the A record you have created for the
  • Outlook.smtp25.org

clip_image002

  • Now we will modify the TTL to 3 minutes

clip_image003

Summary

  • In in a two server Multi-role environment (MB,CAS,HTS) for automatic failover, if one of the DAG members shuts down you will need to have a load balancer.
  • You need to purchase to load balance the load balancer if you wish not to operate on one leg, so double the $$$$$
  • You can make manual DNS updates , IF DAG member shuts down, it takes seconds ( with lowering TTL on DNS) you will save $$$ and achieve same results. 

I have been keep taking about same things over and over again last couple articles as many similar questions I was asked in this subject. If you get your hands on settings up DAG and see how outlook clients freaks out when Server has the active database shuts down, I am sure you will understand more and start seeing the process very simple.

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog
Http://telnet25.spaces.live.com (Blog)
Http://telnet25.wordpress.com (Blog

Monday, April 19, 2010

Understanding DAG & Automatic Failover On Complete Server shutdown PART#1

Couple little updates on the previous posts. I am going to talk about again some of the real basic concept try to help you understand how failover works and what are the limitations if you implement two server with all roles installed on them and expecting to see redundancy in case mail server1 completely shuts down.
Keep reading if you want to implement exchange 2010 with two nodes all roles installed on them ( MB,CAS,HTS) and will want to take advantage from DAG.
  • You don't have $$$$ to purchase load balancer,
  • You come up with $$$ will purchase load balancer and figured out load balancer is now “single point of failure” and you need to purchase another load balancer to make the load balancer redundant and now you gave up the idea of spending $$$ on load balancer (-:
  • Remember Exchange 2010 supports DAG on standard version , but fail over clustering is only available on Enterprise version of Windows (-:
You decided to implement Exchange 2010 and excited about taking advantage of DAG ( data availability group).
You have finished setting up DAG with two servers and you load all the roles on them.
Server names and Roles fallows as
mail1.smtp25.org   =10.0.0.12 MBX,CAS,HTS
mai2.smtp25.org    =10.0.0.13 MBX,CAS,HTS
Now you will test the failover scenario and see how it will work. Two type of fail over will occur in this environment.
  • DB (Database fail over)
  • Complete server fail over
Get-Mailbox odedea* | FL
image

image


image
image

image
As you can see the mounted DB has changed and now on second server, MAPI ( outlook ) clients still happy they wont see any impact. The simple reason for this explained as fallows.
  • Each Exchange DB does contain attribute called “RpcClientAccessServer
  • RpcClientAccessServer=Server Name this is where outlook clients will connect.
  • When first CAS server installed and there has not been CAS array configured the attribute set to first CAS server in the AD site.
  • Now in the example above , when DB switch over occurred from Server1 to Server2, outlook clients were already connected to Server1 and the mounted DB change from Server1 to Server2 ,
  • image
  • MAPI clients still connecting to Server1, because RpcClientAccessServer=Server1 (remember this is the first CAS server and we did not set CAS array yet.  ( since it is still up and running) they are able to locate the “mounted” database on Server2, hence your outlook clients are happy.
  • Note. You need to think about mail flow, mail going out and coming in, and update your sent and receive connectors with both server names, and on your firewall pay attention to SMTP traffic as well as HTTPS ( OWA )……
So when will MAPI outlook clients will disconnect and see the outage, by the time Server1 shuts down. In this scenario ]
  • MAPI  clients ------------Locates----->RpcClientAccessServer=Server1
  • Server1 is down
  • MAPI Clients see outage
More Coming on part 2
Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog
Http://telnet25.spaces.live.com (Blog)
Http://telnet25.wordpress.com (Blog

Wednesday, April 7, 2010

Exchange 2010 and SP1

Finally Exchange 2010 SP1 will be available sometime soon, here is article talking about SP1 and what will be the changes in SP1, the separation of archived database from primary is one of the noticeable improvements in SP1. Lack of not having SP1 also effected some of the migration scenarios as far as I can tell.

image

  • Separate archived database
  • Support for importing PST
  • New tools helping to create retention policies
  • Multi mailbox search futures improvements
  • New management UI

Read more what will be offered in Exchange 2010 SP1

 http://msexchangeteam.com/archive/2010/04/07/454533.aspx

Best regards,

Oz Casey , Dedeal

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.wordpress.com (Blog

Monday, April 5, 2010

RPCClientAccessServer attribute

In small networks where Exchange 2010 needs to be configured with redundancy , there is manual DNS works needs to be done in order MAPI clients to connect to “mounted database” in case of database fail over.

Of course if you can purchase two more servers and dedicate resources you can set CAS Array and make the outlook users MAPI experience completely automated if anything happens to “mounted” database and “healthy” database becomes “mounted” database. We are talking about small environment there are no Load balancers and no other resources, all we  have is two Exchange Server and we will make our messaging environment “redundant”

Summary:

  • When you introduce first CAS server ( where CAS Array has not been created) The attribute called “RpcClientAccessServer” will be set to first CAS server in the AD site.
  • Each Exchange Database does contain this attribute  “RpcClientAccessServer” = Server Name
  • If you cannot afford to have CAS array still create the CAS array with common name and give IP address as one of your mail servers.
  • This will allow you tagging common name to RpcClientAccessServer attribute and you will control this with modifying DNS (A record) entry.
  • In small environment you don’t have to worry about messing with TTL when you make changes to this A records

here is what I put together to make this bit clear

image

If database fail over occurs , all you have to do it to change the A record in DNS and pint the exiting A record to second server IP address.

Normal Operations DNS Entry will look like this

Outlook.smtp25.org = 10.0.0.12 (mail1)

If database fail over occurs , the DNS will look like this

Outlook.smtp25.org = 10.0.0.13 (mail2)

image image

Outlook clients are connecting to = Outlook.smtp25.org

Exchange databases pointing to =Outlook.smtp25.org

Best regards,

Oz Casey , Dedeal

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.wordpress.com (Blog

Friday, April 2, 2010

Planning and Designing Exchange 2010

One of the most frequent asked questions is defining storage configuration for Exchange 2010, what type of disk to go with and what type of RAID should be used. In reality most of these will depend upon your IT spending at the time when you plan or purchase this equipment.

If you are looking for advice or justification as what to purchase or perhaps doing design you might want to start reading links I am providing. Most of these generic questions have been answered in great details. Pay attention to “Best Practices” section the most (- :

Most of the best practices familiar but including DAG and redundancy less to worry if you go with redundant logs and databases.

Database size Supported up to 16 TB as best practice is less than 2 TB and provision 120% calculated maximum database size. In reality the major changes in ESE database and huge reduction on I/O requirements made Exchange more to give when it comes to databases. This is one of the primary reason Exchange even added “Archived database” out the box, since there is no longer I/O fear exist in a way in Exchange 2010 if you compare to previous versions. Still selecting fast disk should be preferred and give as much memory and CPU power to Exchange servers in reasonable measures and fallowing MS best practices as guidelines for each role and capacity.

Cheers,

Best regards,

Oz Casey , Dedeal

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.wordpress.com (Blog

Thursday, April 1, 2010

RPC Client Access and how Exchange 2010 Utilize this Service.

In order to understand how Exchange 2010 is redundant when setting up with DAG we need to see couple key changes build into Exchange 2010. For detailed information I recommend start reading from Henrik Walter great blog series

Uncovering the new RPC Client Access Service in Exchange 2010 (Part 1)”

There is part2, part3 and part4 it pretty much talks about everything.

RPC Client Access Service & Understanding RPC Client Access

http://technet.microsoft.com/en-us/library/ee332317.aspx

In Exchange 2010 RPC Client access handles the processing from MAPI clients (outlook). This wasn’t the case with Exchange 2007, Outlook clients connected directly to MB server in Exchange 2007.

Imagine MAPI client connecting directly your server called mail1 (exchange 2007) what happens when or if mail1 goes down? Where will outlook users connect now?

In Exchange 2010 MAPI clients wont connect to mailbox servers directly to get to their mailboxes, instead they connect to RPC Client access service Which talks to AD and Mailbox Server=Mailbox Database.

If you read Henrik Articles you will see fallowing statement

  • MAPI Clients (Outlook Users)-------------Connect to--------NSPI endpoint on the CAS Server
  • NSPI endpoint -------------------talks to Active Directory via AD Driver.

So you got the picture, MAPI client no longer connecting to MAILBOX server instead they connect to NSPI endpoint on the CAS server, which talk to Active directory.

  • Remember DSProxy so the NSPI endpoint ended up replacing it.

Exchange 2010 mailbox database has an attribute called RpcClientAccessServer. When creating a new mailbox database in an Active Directory site where a CAS array has not been created, this attribute will be set to the first CAS server installed in the AD site.

Get-MailboxDatabase <DB name> | fl RpcClientAccessServer

image

image

Now let’s get started go to your DNS server Create A record called outlook.yourdomain.Internal

clip_image002

I used same IP address as my First Exchange Server called mail2 ( CAS,MB,HTS) I have another server called mail3. Both Servers are member of DAG and they have fallowing databases

image

 

clip_image004

So users mailboxes are in one of these databases and as you can see both servers do have healthy copy of database one is active other one is Health meaning waiting to be active if needed.

Now let’s take a look at one of our client outlook properties

clip_image006

So this user is connecting to outlook.smtp25.local which is A record we created in DNS pointing to server called mail2 ( CAS,HTS,MB) server. Remember what we are seeing here is MAPI user is connecting to NSPI endpoint on the CAS server called Mail2 and Mail2 has database called MB1 where this user mailbox reside.

MAPI user (dedealoc)---------Connects to---àAlias name=outlook.smtp25.local=CAS server=Mail2 which has active database called MB1

clip_image008

You can see closely the serve has the mounted database for MB1 is Mail2

clip_image010

Now what happens if MAIL2 goes down? So I am going to shutdown mail2.

Mail2 IP address = 10.10.10.31 which is same as Alias we created outlook.smtp25.local=10.10.10.31

clip_image011

Outlook client is no longer happy because Outlook client is trying to connect to outlook.smtp25.org=10.10.10.31-------à=mail2.smtp25.local=10.10.10.31

As you can see there is not more MAPI traffic among MAPI client and its database.

clip_image012

What happen to MB1 where the user dedealoc mailbox reside, remember the database had two copies mounted copy on mail2 and healthy copy on mail3? Let’s take a quick look, the healthy database become “mounted” automatically on Exchange server called mail3

clip_image014

The problem we have our MAPI client does not know how to get there ?????? we need to help him a little bit. So I connect to DC/DNS server, found the A record called outlook.smtp25.local ,opened properties and I saw the A record we created is pointing to 10.10.10.31 which is Mail2, which is the server we shut down, no wonder the MAPI clients are not getting “mounted copy of “ database called MB1 on another server, which is Mail3

If you remember mail3 IP address is 10.10.10.33 so I am going to simply change this A record as fallows outlook.smtp25.local=10.10.10.33=Mail3=Mounted DataBase MB1 at this time.

From unhappy client workstation let’s see what DNS is showing us

clip_image015

Nice pretty quick isn’t it.

clip_image016

image

 

Now you start asking yourself wait a second why we have to do manual work to make MAPI client work in this example. Now you have learned good enough to understand the entire picture and again Henrik has everything in his blog series with great detailed explanations.

From my notes, pay attention we used only two server and load them with CAS,HTS and MB roles and created DAG.

There are limitation if you setup two server and load them with ( CAS,HTS and MB ) roles.

Summary of limitations

image

So what is the solution to make all automated? you will need load balancer the cheapest ones runs around 2K to 3K and up, as you can see the single point of failure not is the load Balancer itself and you need to double the $$$$ and make the load balancer redundant (-:

image

or use what I have done update the DNS manually or build script can do this for you, remember we just talked about internal MAPI client and you need to think about mail flow coming from outside and how it will flow when one of your server is down? Manual changed on your firewall ( not bad if you consider saving $$$$$ (-: 

Or you can deploy exchange servers similar to this table (-: and yes it will cost more $$$$$

image

Remember good things in life always brings extra cost (-:, beside joke maybe hard block for WNLB maybe will disappear and more improvement will make small deployments happier, but again Cloud needs to get crowded (-: ……….. so how is that going to be possible (-:

Exchange 2010 literally the *BEST* messaging application and so many smart futures , easy deployment  and etc. We truly thankful  to entire Exchange team for their hard work and providing us next generation messaging application.

Cheers,

Best regards,

Oz Casey , Dedeal

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.wordpress.com (Blog