DAG configuration in DR site
Planning for Exchange 2013 DR. I have some queries on configuring DAG in my DR site.
Current setup:-
Primary site:- (2MB,2 CAS)
DR Planning:-
One Mailbox,One CAS Server
In primary mailbox server, two nic card is there. One is for MAPI and other one is for DAG replication. In DAG replication NIC card there is no gateway. Primary site DAG working without
any issues. In DR mailbox server two nic is there(One for Mapi and other for DAG replication). Problem iam facing is Primary site DAG NIC card not able to communicate with DR MBX server, since there is no gateway in replication NIC card. If I add the gateway
in replication NIC, then it is communicating with DR MBX. But iam getting mutiple gateways warning message.
MY Query is:-
1) Is there any problem having multiple gateways in MBX server.
2) If there is no problem with multiple gateway, how to restrict the users traffic hitting DAG replication NIC card.
3) Is there any configuration required in failover cluster manger menu for DR.
4) Is there any way to check DAG(replication) traffic hitting which NIC card..
Thanks for your support...
Hi vino,
Thank you for your question.
Replication networks typically do not have default gateways, and if the MAPI network has a default gateway, then no other networks should have default gateways. Routing of network traffic on a Replication network can be configured by using persistent, static
routes to the corresponding network on other DAG members using gateway addresses that have the ability to route between the Replication networks. All other traffic not matching this route will be handled by the default gateway that's configured on the adapter
for the MAPI network.
So we should check configuration which is DAG cross site, we could refer to the following link:
https://social.technet.microsoft.com/Forums/exchange/en-US/bc260c97-a5aa-484d-bc8a-e7660ef4554f/setup-exchange-2010-dag-across-sites?forum=exchange2010
Issue 1: NO
Issue 2: In a general, user network was separated with replication network.
Issue 3:NO
Issue 4:it is pre-defined by yourselves, we could defined which NIC is charged for replication.
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support
Similar Messages
-
How to get the number of decimal places configured for a site column
Hi,
I have a column 'SampleNumCol' of type Number, the number of decimal places to be displayed is configured as 2.
The column conatins a value, but when retrieved programatically is displayed as 5.00000000 instead of 5.00.
I am retrieving this column using listitem.Properties[field.InternalName].
I need to trim the decimals based on number of decimal places configured for the site column.
How to get the number of decimal places configured for a site column?
Thanks in advance,
dhijitGet the field as SPFieldNumber and then check DisplayFormat which returns
SPNumberFormatTypes
SPFieldNumber numberField = list.Fields.GetFieldByInternalName("YourNumberFieldName") as SPFieldNumber;
SPNumberFormatTypes numFormatType = numberField.DisplayFormat; -
Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
The following is the Layout:
There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
I have been able to configure Client to Site IPSec VPN
1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
But I have not been able to make tradiotional Hairpinng model work in this scenario.
I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
running-conf --- Working normal Client to Site VPN without internet access/split tunnel
ASA Version 8.2(1)
hostname ciscoasa
domain-name cisco.campus.com
enable password xxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names
interface GigabitEthernet0/0
nameif internet1-outside
security-level 0
ip address 1.1.1.1 255.255.255.240
interface GigabitEthernet0/1
nameif internet2-outside
security-level 0
ip address 2.2.2.2 255.255.255.224
interface GigabitEthernet0/2
nameif dmz-interface
security-level 0
ip address 10.0.1.1 255.255.255.0
interface GigabitEthernet0/3
nameif campus-lan
security-level 0
ip address 172.16.0.1 255.255.0.0
interface Management0/0
nameif CSC-MGMT
security-level 100
ip address 10.0.0.4 255.255.255.0
boot system disk0:/asa821-k8.bin
boot system disk0:/asa843-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.campus.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network cmps-lan
object-group network csc-ip
object-group network www-inside
object-group network www-outside
object-group service tcp-80
object-group service udp-53
object-group service https
object-group service pop3
object-group service smtp
object-group service tcp80
object-group service http-s
object-group service pop3-110
object-group service smtp25
object-group service udp53
object-group service ssh
object-group service tcp-port
object-group service udp-port
object-group service ftp
object-group service ftp-data
object-group network csc1-ip
object-group service all-tcp-udp
access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
access-list CSC-OUT extended permit ip host 10.0.0.5 any
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
access-list CAMPUS-LAN extended permit ip any any
access-list csc-acl remark scan web and mail traffic
access-list csc-acl extended permit tcp any any eq smtp
access-list csc-acl extended permit tcp any any eq pop3
access-list csc-acl remark scan web and mail traffic
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
access-list INTERNET2-IN extended permit ip any host 1.1.1.2
access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list DNS-inspect extended permit tcp any any eq domain
access-list DNS-inspect extended permit udp any any eq domain
access-list capin extended permit ip host 172.16.1.234 any
access-list capin extended permit ip host 172.16.1.52 any
access-list capin extended permit ip any host 172.16.1.52
access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
access-list capout extended permit ip host 2.2.2.2 any
access-list capout extended permit ip any host 2.2.2.2
access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu internet1-outside 1500
mtu internet2-outside 1500
mtu dmz-interface 1500
mtu campus-lan 1500
mtu CSC-MGMT 1500
ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
ip verify reverse-path interface internet2-outside
ip verify reverse-path interface dmz-interface
ip verify reverse-path interface campus-lan
ip verify reverse-path interface CSC-MGMT
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (internet1-outside) 1 interface
global (internet2-outside) 1 interface
nat (campus-lan) 0 access-list campus-lan_nat0_outbound
nat (campus-lan) 1 0.0.0.0 0.0.0.0
nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
access-group INTERNET2-IN in interface internet1-outside
access-group INTERNET1-IN in interface internet2-outside
access-group CAMPUS-LAN in interface campus-lan
access-group CSC-OUT in interface CSC-MGMT
route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 10.0.0.2 255.255.255.255 CSC-MGMT
http 10.0.0.8 255.255.255.255 CSC-MGMT
http 1.2.2.2 255.255.255.255 internet2-outside
http 1.2.2.2 255.255.255.255 internet1-outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map internet2-outside_map interface internet2-outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as
quit
crypto isakmp enable internet2-outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash md5
group 2
lifetime 86400
telnet 10.0.0.2 255.255.255.255 CSC-MGMT
telnet 10.0.0.8 255.255.255.255 CSC-MGMT
telnet timeout 5
ssh 1.2.3.3 255.255.255.240 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet2-outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy VPN_TG_1 internal
group-policy VPN_TG_1 attributes
vpn-tunnel-protocol IPSec
username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
username administrator password xxxxxxxxxxxxxx encrypted privilege 15
username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
username vpnuser1 attributes
vpn-group-policy VPN_TG_1
tunnel-group VPN_TG_1 type remote-access
tunnel-group VPN_TG_1 general-attributes
address-pool vpnpool1
default-group-policy VPN_TG_1
tunnel-group VPN_TG_1 ipsec-attributes
pre-shared-key *
class-map cmap-DNS
match access-list DNS-inspect
class-map csc-class
match access-list csc-acl
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class csc-class
csc fail-open
class cmap-DNS
inspect dns preset_dns_map
service-policy global_policy global
prompt hostname context
Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
: end
Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
Thanks & Regards
maxsHi Jouni,
Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
But my problem is not solved fully here.
Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
Here the packet tracer output for the traffic:
packet-tracer output
asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.0.0 campus-lan
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.150.1 255.255.255.255 internet2-outside
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group internnet1-in in interface internet2-outside
access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: CP-PUNT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: NAT
Subtype:
Result: DROP
Config:
nat (internet2-outside) 1 192.168.150.0 255.255.255.0
match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
dynamic translation to pool 1 (No matching global)
translate_hits = 14, untranslate_hits = 0
Additional Information:
Result:
input-interface: internet2-outside
input-status: up
input-line-status: up
output-interface: internet2-outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
dynamic nat
asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
Is it possible to access both
1)LAN behind ASA
2)INTERNET via HAIRPINNING
simultaneously via a single tunnel-group?
If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
Thanks & Regards
Abhijit -
How do I configure a VPN Site and Subnets in Lync when clients have /32 Addresses?
Hello,
I've found a few people asking this question out in the "interwebs" but no one seems to quite answer their question (Those poor souls).
In most occasions that I've seen, my customers have configured their VPN networks with a /24 (255.255.255.0) ip address. However, when those clients connect to the VPN they are actually getting a /32 (255.255.255.255) address.
This seems to pose an issue for Lync reporting when it comes to configuring a VPN site and VPN subnets.
(NOTE:You might ask why these customers are not going about best practice and using split-tunneling? In this case, they absolutely CANNOT institute split-tunneling so all traffic MUST flow through the VPN tunnel.)
For example sake, here is how I would imagine to setup a VPN site with subnets in Lync Network Configuration:
VPN (Site)
-172.16.33.0 /24 (Subnet)
-172.16.34.0 /24 (Subnet)
-172.16.35.0 /24 (Subnet)
The problem is that when I run a Location Report in Lync to look at call data to/from the VPN site, it's not there. Reason being, the VPN client was given a /32 address which doesn't match up to the /24 I configured in Lync.
So, in my mind my options are:
Create a /32 subnet for each single address corresponding to a VPN client and attach them to the VPN site (What a mess).
Change the subnet mask for the 3 subnets I've defined to /32 instead of /24 and see what happens even though putting an IP address of 172.16.33.0 /32 doesn't make much sense.
Remove the subnets and site from Lync because CAC and Bandwidth control are actually useless over VPN.
Any thoughts on this?
John K. Boslooper | Lync Technical Specialist | Project Leadership Associates
Phone: 312.448.2269 | www.projectleadership.netJin,
/32 addresses are a valid subnet mask, however that means that a host with a IP Address of 192.168.23.4 and a subnet mask of 255.255.255.255 (/32) is the ONLY host on that subnet.
The VPN configuration is correct. The /32 mask is common with a Juniper VPN (which is what they are using) and the DHCP server that is handing out the addresses is the Juniper VPN appliance.
They have already started working out a plan to use a different internal DHCP relay which should hand out the addresses correctly.
There has to be someone else out there with this issue or that can point out that i'm overlooking one key principal with VPN subnets.
Anyone?
John K. Boslooper | Lync Technical Specialist | Project Leadership Associates Phone: 312.448.2269 | www.projectleadership.net -
Configuring multiple web sites in a single OC4J instance with 10g OEM
Hi There,
there doesn't seem to be a way of configuring multiple web sites within a single OC4J instance using the 10g Enterprise Manager Website, so can i assume that there's some performance related issues with doing this, or is it just a case of if you want multiple web sites, configure it manually?
We currently use 9iAS release 1 (which has been configured to use multiple web sites - with normally 1 j2ee app in each website - in a single OC4J clustered instance, using mod_proxy to forward the http requests onto oc4j), but we are looking to migrate to 10g very soon...
The initial configuration was done by an external company, so i'm not entirely sure of the reasons why it was chosen (perhaps so that if there was a problem with a single website, it wouldn't impact all our applications)..
Does anybody else currently use multiple *-web-site.xml's in a 9iAS release 2 or 10g in a production environment, and if so did you encounter any problems with the OEM website (assuming you configured them manually)?
Thanks in advance,
AndyHello,
Something like this:
New-OWAVirtualDirectory -WebSiteName "FBA"
Enable the Basic authentication via running the following command:
Set-OWAVirtualDirectory -Identity "yourservername\owa (FBA)" -BasicAuthentication $true
Restart the IIS admin service in services.msc
Thanks,
Simon Wu
TechNet Community Support -
When i tried to login in inbrowserediting.adobe.com i see that:
The FTP server configured for this site doesn't seem to match the URL you entered. Make sure that you use the Upload to FTP Host feature in Muse to publish the site directly to the final location and that you are logging on to In-Browser Editing with the same user.
What does it mean? What is problem?Hi,
I have just created my First website using Muse and Its all been uploaded to my FTP server but i cant access the in browser editing which was the whole reason why i re-done the website for my client using muse
its saying the following
"The FTP server configured for this site doesn't seem to match the URL you entered. Make sure that you use the Upload to FTP Host feature in Muse to publish the site directly to the final location and that you are logging on to In-Browser Editing with the same user. server configured for this site doesn't seem to match the URL you entered. Make sure that you use the Upload to FTP Host feature in Muse to publish the site directly to the final location and that you are logging on to In-Browser Editing with the same user."
Yet i Can access my website fine "www.calmwood.com.au"
My ftp server responds to either the IP Address or the DNS Address www.calmwood.com.au
so i am not understanding how it thinks its different. when its fully referenced
any help would be appreciated.
thanks -
Hi All ,
Is there a way to configure nwds update site on sap netweaver 7.1 server that is not CE , for example on PI 7.1 server .
I have deployed the to SCAs of tupdate site to Pi 7.1 , but I can't synchronize my updates ,
Regards ,
OrenHi Oren,
I don't think that specifying the update site of the Developer Studio depends on the server. If I understand correctly your question, you have to go to Help -> Manage Update Sites to configure the URL of the update site. Was this your question?
Best regards,
Ekaterina -
CCW Configuration Group By Site capability
Hi,
Is there any plan to add support to do simple labeling and sections in order to be able to group items inside a large BoM?
ie,
I'm working on a multisite BoM configuration, and I want to be able to create sections inside the Configuration to put together all the items belonging to a site.
I'm pretty sure this was available on netformix, but would be nice to have it on CCW.
I'd like to see something like
SITE 1
Item 1
Item 2
Item n
SITE 2
Item 1
Item 2
Item n
SITE N
Can you share the CCW roadmap and if this feature will be available on a future release?
FBM.Hi FBM,
Good day!
Thank you for bringing this attention to us.
Please be advised that, above feature (CCW Configuration Group by Site Capability) is not yet available in CCW. If you wish to request for this feature, please send email to [email protected]
as an enhancement issue. However, you will need to fill out a template first and then send it to that alias.
To get the template, we suggest that you create a case with us online at http://www.cisco.com/cisco/psn/web/workspace or by calling 1-800-553-6387 options 2 and 3.
If this is your first time to open a case using Customer Service Central, you will need to sign in to your My Cisco Workspace (http://www.cisco.com/cisco/psn/web/workspace) and then add the Customer Service Central module to your Workspace to open and manage your cases online. Help and support documentation is available on Operations Exchange.
Thanks and Best Regards,
Jen C.
CCW Support -
Two node - Two site Active/Active DAG Configuration
Information
Both sites exist in a single AD domain
Site A
1 Exchange 2013 multi-role server (CAS + MBX)
Server will contain mailboxes for individuals who work in Site A
Server will contain database copies of databases in Site B
Site B
1 Exchange 2013 multi-role server (CAS + MBX)
Server will contain mailboxes for individuals who work in Site B
Server will contain database copies of databases in Site A
Goal
To create a configuration where users who work in Site A have their mailboxes active in Site A and users who work in Site B have their mailboxes active in Site B.
Questions
Since this DAG has an even number of members, where do I place the witness server? Do I need two witness servers, one in each site?
It seems to me as long as both sites can still communicate, I only need one witness server to maintain quorum.
To my current understanding, if Site A has a witness server, and Site A looses its WAN connection, Site B's databases are going to go offline because it has lost quorum.
I'm assuming if I placed a witness server in each site, and one of the sites lost its WAN connection, then I'd be placed in a split-brain scenario as both sites would still think it had quorum. Is this accurate?
The company has given me a limited budget hence the reason for only having two exchange servers in this setup. Is my only recourse to have four nodes (two nodes per DAG) in this active\active scenario? If the company says they absolutely cannot spend money
on two more servers, could I use the current setup in an active\passive configuration?
Thanks!You would need to place the File Share Witness in a 3rd datacenter for automatic failover, otherwise depending which DC the FSW is ( and you can only have one FSW per DAG active a time), then in case of a WAN or DC failure, the databases will be active in
the DC that has quorum.
If the FSW is in Site A and Site A goes down, then quorum is lost and Site B will need to be manually swithed over using this procedure:
http://technet.microsoft.com/en-us/library/dd351049(v=exchg.150).aspx
To be truly active/active in both DCs, then you would need to 2 DAGs with each respective FSW in each DC that has the preferred user base.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied. -
Hey guys
I have 3 Exchange 2013 servers in one site and 3 in another. I currently have them tied into one large DAG and keep a primary plus 2 copies of each database within my DAG. My question is, is this a valid configuration - to have a DAG that doesn't
necessarily hold a database copy?
Cheers,
JoeSo I have six nodes in the DAG but for each database only three copies (including my primary), therefore there are 3 remaining nodes that are participating in my DAG without a copy for that database. I suppose my question is: is this valid or should I be
creating a DAG specifically for each database and copy relationship (no idle nodes). I think the way I have it set up now is fine, I just wanted to make sure I wasn't going against best practice. -
Exchange server 2010 DAG configuration
Dear Boss,
I would like to configure Exchange server 2010 with DAG . I have test lab . i would like to tell my test LAB setup .
One domain controller win-2008 X 64 Ent
Two Exchange server 2010 ( Role - Client Access, Mailbox) Each Server Two Network Cards with Different Classes
IP 192.168.44.50 , 51
IP 10.0.0.10 , 20
One Exchange server 2010 ( Role - Hub Transport )
IP 192.168.44.53
Pls tell me how can i create DAG
Note:- i would like to test below steps
1. Exchange server1 may be down or network link down how server 2 to work automatically without any disturbance
2. Exchange server2 may be down or network link down down how server 1 to work automatically without any disturbance
3. Hub transport server maybe down how it can be work ?
Regards
SubashHi Suriya,
To create a DAG, simply use the below commands from Exchange Management Shell:
New-DatabaseAvailabilityGroup -Name "DAGNAME" -WitnessServer HUBSERVERNAME
Add-DatabaseAvailabilityGroupServer –Identity DAGNAME -MailboxServer ExchangeServer1
Add-DatabaseAvailabilityGroupServer –Identity DAGNAME -MailboxServer ExchangeServer2
New-MailboxDatabase -Name DB1 -Server
ExchangeServer1
Add-MailboxDatabaseCopy -Identity DB1 -MailboxServer
ExchangeServer2
You can run your tests now, by restarting any of the servers, and you should be able to see the DB1 will automatically failover & failback between the nodes with out any intervention.
for the HUB transport you must have another server to achieve high availability, so you can install the HUB role on a different server or add it to one of your existing servers.
Mohammad Saeed | MCSE 2003 | MCTS: Lync, OCS, Exchange -
An error occured in the claim providers configured from this site collection
Hi Team
I have farm Environment.I have Couple of Question
1)I have enabled web application from classic to claims mode.
Since than i have been getting error in sites in that Particular Webapplication.
I have configured CA,Webapplications Alternate acess Mapping.
In the farm i have 4 Servers
2) In one of the server i do not have Central Admin site in IIS.IS this causing error.
3) Also can anyone tell how to run services on Servers in details
can anyone throw light on my issueHi Prashanth,
Can you describe that error here ?
Also how did you create AAM by extending a web application from central admin or by just putting url into IIS ?
Let us know your results, thanks
Regards,
Pratik Vyas | SharePoint Consultant |
http://sharepointpratik.blogspot.com
Posting is provided AS IS with no warranties, and confers no rights
Please remember to click Mark As Answer if a post solves your problem or
Vote As Helpful if it was useful. -
Configure Business intelligence site and performance point services
Hi
i created a new Business intelligence site in my web application and after that how i configure performance point service.
and below Configuration is needed?
1- Configure the secure store service
2- Create service application
3- Start PerformancePoint Service
4- Configure Excel Services and SQL Server Reporting Services integration
adilHi,
According to your post, my understanding is that you wanted to configure PerformancePoint Services in SharePoint 2010.
In order to use PerformancePoint Services in Microsoft SharePoint Server 2010, you need to configure a PerformancePoint Services service application. Once you have created the service application, you need to provide data access to the users. This can be done
by using the unattended service account, or by configuring Kerberos delegation.
You can follow the steps as below to configure PerformancePoint Services.
1. Create and configure a PerformancePoint Services service application:
• Configure the PerformancePoint Services application pool account
• Start the PerformancePoint service
• Create a PerformancePoint Services service application
• Configure service application associations
2. Configure the unattended service account for PerformancePoint Services:
• Configure the secure store service
• Configure the unattended service account
• Grant that account access to your data sources
For more information, you can refer to:
http://technet.microsoft.com/library/ee748643(office.14).aspx
Best Regards,
Linda Li
Linda Li
TechNet Community Support -
Hi -
I've just installed a trial version of CS5.5 having been using CS3 for the last few years. It's very different and I was wondering if there were helpful tutorials/procedures specifically for configuring after installation.
In particular at the moment:
It takes around 5 minutes to load DW with my main site as the default site (it's a very large site), and this seems to mainly be taken up by 'loading site cache'. Should I expect it to take this much time, and are there options that I could change that would reduce this? When it is loaded, there is a general lag between clicking and typing and anything happening. Should I expect this as it is now linking several documents together (css/js/etc) or is this a configuration setting. My PC is new and pretty well specified.
I can't seem to work out the 'dynamic sites' function, which is new to this version (as far as I'm aware). Any setup documentation/tutorials that are useful here would be good.
CSS - the design view is pretty much useless at the moment - would this be helped if I had the dynamic sites function working properly.
And any other suggestions for getting set up and trying out this version without going back to scratch would be gratefully received!
Regards, Steve.Steve,
It sounds like you are working directly on a remote webserver. That isn't the normal way to work in DW. Normally you will set up a testing server on your local computer. If you are using PHP/MySQL, then you will also need to set up a webserver locally. I use the free ZEND Server community edition. Many people use XAMPP. You will also connect to a local copy of the database.
When using a testing server you upload files to the remove server only when you have finished working on them. DW has a "Maintain synchronization information" option in the site setup (advanced), but I prefer to maintain synchronization manually because often I work on one script for days whereas other scripts need to be updated right away.
Regarding Design View. Many users are disappointed by it. I have no use for it anyway, so it doesn't bother me.
I also don't use the dynamic sites function because I write my own code, so someone else may offer you suggestions there. -
How to configure routing on site to site VPN(RV215W)
Hi all
I have set up a VPN between a RV215W and SRP521 (site to site)
The VPN is up and connection is established on both side.
However I cannot connect from one network to another (No ping, no connection)
When I checked teh configuration, I noticed that route table on RV215W does not show any ipsec interface nor the route to the remote network
Any hint how to configure this route over the VPN? Should I do it manually or is it a paramater to be made automaticaly?
On the SRP215 the routing is as follow
Destination LAN IP
Subnet Mask
Gateway
Interface
192.168.100.0
255.255.255.0
VLAN100
192.168.15.0
255.255.255.0
VLAN1
192.168.25.0
255.255.255.0
141.48.36.1
ipsec0
41.0.0.0
255.0.0.0
WAN1
41.0.0.0
255.0.0.0
ipsec0
0.0.0.0
0.0.0.0
141.48.36.1
WAN1
On the SRP only local and WAN are displayedHi,
Don't worry about your English - it is good. I am not a native English speaker, either.
You are correct - Cisco's IS-IS has no internal support for optional metrics. The only metric value that is going to be used in best path selection is the default metric. Regarding considerations about metrics in IS-IS, the only consideration I find important is that all new IS-IS deployments should use wide metrics. These can be activated using the metric-style wide in the router isis configuration. Wide metrics allow you to use a significantly wider metric range than the original IS-IS standard: 24 bits for interface metric, and 32 bits for total path metric. It is important to say that all L1 routers within an area, or all L2 routers in the domain must use the same metric type, either the classic (also called narrow) or the new wide metrics.
Apart from that, there are no special considerations I am aware of. The choice of metric values for a particular interface is completely up to you. Of course you might want to configure lower metrics for faster interfaces (and vice versa), but what values you choose is up to you.
Best regards,
Peter
Maybe you are looking for
-
How do you transfer music from one i pod to another
I am going to be getting a new i pod touch and i want all the music and playlists from my old i pod to go onto my new one and im wondering how to do that?
-
Had to change Apple ID due to email address no longer valid. Trying to change id for icloud...saw direction online about signing out of icloud and signing back in...when it ask questions about contacts, photos, etc. being deleted how do I answer tho
-
Why are some of the new app free for some ppl and paid for some
why are some of the new app free for some ppl and paid for some?
-
Tolerance Key BR in subsequent credit
Hi All, Invoice has been posted for qty 0.022 kg for amount 210 USD. Now user wants to subsequent credit,for 135 USD as he has to recover the amount from the supplier. While posting subsequent credit, system raising an error message...TOLERANCE KEY B
-
Inserting WEBI into Live Office with Bex query
I have created a WEBI connected directly to a Bex query in BI 4.0. When I refresh the WEBI, I am prompted with the Bex variable and the data is refreshed correctly. I added that WEBI to Live Office, but it does not prompt me with the Bex variable.