Dupilcate secondary IP's on 2 Hub servers for the Cas Array on VM ware 5.5

Similar Messages

• Upgrading from Exchange 2003 Bridgehead servers to Exchange 2010 Transport Hub servers for routing SMTP only

  Our company moved from on-premises Exchange 2003 to Office365 and only have 4 Exchange 2003 servers on-prem that we use for Routing email from application servers to Office365. We need to migrate these servers to Exchange 2010 then to Exchange 2013 and
  only route email only. Is it possible to upgrade to Exchange 2010 by installing the transport Hub & Mailbox server options only? Our OAB and EWS services come from the CAS servers located on Office365 so we should not need a CAS server to set up Transport
  rules or route mail would we? Any assistance with this would be greatly appreciated! - Thanks, DWB
  Dave

  Since it is not internet facing we will not have to worry about configuring an Internet Domain Name when installing the first server, correct? in my planning I was going to
  install the Exchange 2010 CAS/Mailbox/Transport Hub roles on one server, then upgrade it to Exchange 2013. Once this is completed I'll then install the 2 mailbox role servers in one Datacenter, and 3 more in our DRP DC. If something happens to the
  primary Datacenter I would want it to fail over to the other site. For this I would have to install another CAS/mailbox server in the secondary DC. Would this plan sound about right? Since we moved to Office365 in 2010 I have not had a chance to deal with
  actual servers except for the Exchange 2003 servers we still have on-premises. Each of these are located in 4 Regional offices along with single Windows 2008 R2 servers using only the IIS SMTP service for routing mail from on-prem application servers
  and print/scanners which email back to the users. The plan is to move to a routing system which will provide both MTA and redundancy if one has an issue.
  Dave

• Logoff remote sessions to multiple servers for the same user

  Hi,
  I'm after some advice, I have a junior DBA working with me who has a tendancy to leave remote connections on various production servers, we have a large estate about 300 servers and trying to identify the servers is a difficult task.
  I was hoping to use SQL Server Management Studio / Registered servers and issue one simple command against all servers to logoff the account which has been left connected. I normally log into each server start Task Manager/Users and log off the account,
  this then stops the account locking but only when I have identified all servers he is still connected to. I have tried the comand prompt Logoff and session ID, this works great but the session ID on each server can be different.
  Any help or advice would be great! Thanks in advance.

  Hi
  I think it would be easier to enable session time out settings using GPO considering you work in a domain environment..
  Having session timeouts settings you could say... hey after 15 min of inactivity disconnect the user and then after 15 min of disconnected session log him off
  Take a look at this URL: http://technet.microsoft.com/en-us/library/cc754272.aspx
  Hope this helps
  Best regards
  Joaquin Camarero Muñoz

• How to Separate Management Servers for Ease of Administration?

  Hello,
  I am fairly new to SCOM, though have been charged with creating a monitoring solution for a particular group of customers and integrating it as far as possible into our existing corporate SCOM implementation, so any help, tips and so on would be greatly
  appreciated. 
  The customer monitoring requirements will be very different to those of our fairly standard corporate environment - we will need to monitor very different technologies, with some systems sat in different domains or a DMZ. Our central servicedesk will still
  need to monitor and action alerts and events for both environments as seamlessly as possible. 
  At the same time, I would like to separate the environments as the configuration of the management servers for the customer environment will be quite different from our corporate one, and I want to avoid having to make changes to all our corporate servers
  every time I need to change something on the customer environment - so things like management pack installs, certificate admin, static DNS config and so on. 
  How would I go about this please? Would it be better to create a separate management group, with servers dedicated to the customer environment, then connect this to the corporate management group so that the servicedesk can still monitor it, or is there
  another way of doing it? Perhaps using resource pools? Time will be a factor here, though ultimately the goal is ease of administration going forward. 
  Thanks

  Using resource pools will not allow you to separate configuration such as MP installs, security, etc. as they are all part of the same management group.  From Technet, "A resource pool is a collection of management servers used to distribute
  work amongst themselves and take over work from a failed member."  If configuration needs to be completely separate from the base configuration perspective, you could use separate connected management groups. 
  Another option is to separate the configuration within the management group.  For example, if you need to monitor SQL computers in your corp environment but not the customer environment, simply create a group containing customer computers and override
  the SQL discovery.  This applies to other technologies as well.  You can even group computers by environment (corp/customer) by using reg key attributes like Kevin Holman describes here: (While my account is being verified
  I can't post links but you can search "Creating custom dynamic computer groups based on registry keys on agents").  If you are familiar with MP authoring, you could create a new MP with a new Windows Computer based class instead of extending
  the Windows Computer class.  From a capabilities perspective, you can certainly monitor corporate, customer, DMZ, and other domains in the same management group.  If the domain is untrusted or in the case of the DMZ, workgroups computers, you can
  utilize gateway servers with certificate authentication which will be configured for each domain/dmz gateway.
  Ease of administration is a tricky concept here...if you utilize separate management groups, administration will have to be handled completely separate in 2 separate consoles.  If there are separate SCOM admins per management group, this is
  of no issue, but if 1 team/person is managing both, this can be difficult.  Alternatively, there will be some up front work to using groups to separate the environments using groups, discoveries, etc.
   

• Creating a cas array for exising prd mailbox servers

  Hi
  one of the production site in current environment , mbx databases  rpcclientaccess server  set as individual cas servers .
   we want to point these databases to a cas array ,NLB is already created now remaining is cas array and point the database to cassarry fqdn.
  I just want  to know when we do this change , any client re-configuration is required or automatically redirection will happen to cas arary from outlook client.
  Regards

  I just want  to know when we do this change , any client re-configuration is required or automatically redirection will happen to cas arary from outlook client.
  Hi,
  I'm afraid that you need to manual re-configuration from outlook client.
  I recommend you refer to the following article:
  Demystifying the CAS Array Object - Part 2
  5.A CAS array object should not be configured after creating Exchange Server 2010 databases
  The profile will not update itself because the client will not receive an
  ecWrongServer response from CAS. It will not receive this response because any CAS is a valid connection point for any mailbox database via RPC (over TCP) so clients can survive datacenter switchover/failover events without being reconfigured and all
  an admin has to do is flip the CAS array object DNS record to point to a surviving pool of CAS. Currently the only way to fix mailbox profiles would be a manual profile repair within Outlook, by publishing an Office PRF file via GPO (not going to work for
  non-domain joined machines), or by decommissioning the CAS server named in the users’ profiles so the endpoint is no longer available. This last option should (test test test!!) trigger a full profile repair by Autodiscover in Outlook 2007 or Outlook 2010.
  Outlook 2003 is only repairable with a profile repair or a PRF file. Autodiscover will not as of this article’s writing update a profile to a new server name as part of the normal Autodiscover process which updates the Outlook Anywhere configuration and discovers
  EWS URLs for other features such as OOF Management, Free/Busy, and Inbox Rules management.
  Hope this helps!
  Thanks.
  Niko Cheng
  TechNet Community Support

• How do I set a manual IP address and manual DNS servers for my HP Photosmart 7525 Printer?

  Cannot print.  Had difficulty when printer was initially set up.  Assstance from "happytohelp01" resolved the issue by advising me; a manual IP address andmanual DNS servers for the printer.  I did not write down the information and now my printer is not working (it did work for about a month), now nada.  I initially had problems connecting to the web server - now its doing the same thing, but I don't know what IP adderss and DNS to use.  Please help if you can.
  This question was solved.
  View Solution.

  Hi @LaceyNo1,
  Welcome to the HP Forums!
  I understand that you are wondering, how to set a manual IP address, and manual DNS servers for your HP Photosmart 7525 Printer. I am happy to look into this for you!
  After some searching, I believe I have found the post, that my colleague @happytohelp01, helped you with. Located at this post, Re: Photosmart 7525.
  Hope this is what you were looking for, and have a good day!  
  RnRMusicMan
  I work on behalf of HP
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" to say “Thanks” for helping!

• 2012 -- 2012 Migration: How to Reassign Distribution Points that Reside on Source Secondary Site Servers to the Target Site

  Source hierarchy AAA is at 2012 R2 CU3 and contains a primary site and 14 secondary sites (A01 through A14). The 14 secondary site servers hold the following roles:
  Site system
  Management Point
  State migration point
  Site server
  Site database server
  Component server
  Distribution Point
  Target hierarchy BBB is also at 2012 R2 CU3 and contains only a primary site.  The goal is to "downgrade" the severs at source secondary sites A01 through A14 to distribution points.
  AAA was added as a source site.  Data gathering was done.  A migration job was created an run, and distribution points from the source hierarchy were shared to allow a phased migration of the clients.
  We have reach the point where we are ready to reassign distribution points in sites A01 through A14 from AAA to BBB, but none of the shared distribution points are eligible for reassignment.  We surmise that since the DP role is not the only role on
  these servers (as you can see from the bullet list above), they are ineligible for reassignment.  We are unable to remove most of the roles.  In fact, the only 2 roles that can be removed are the DP role itself, and the State Migration
  Point. If we delete the secondary site, it removes ALL roles...not leaving any behind...including the one we need...DP.
  My question is 2-part:
  Is our assumption correct?  Must a DP role be the only one on the server for a DP to be eligible for reassignment?
  Is there any way we can reassign these DPs instead of deleting everything and building them from scratch?
  These secondary site servers are in branch offices and host a lot of distributed packages.  It would be very inconvenient to have to rebuild the DPs from scratch and redistribute all those packages over the WAN.

  Full Disclosure: I have never used this tool myself. I intend to, however the opportunity or time to do so has not yet arisen.
  You could use the techniques outlined in CloneDP (https://gallery.technet.microsoft.com/scriptcenter/CloneDP-for-SCCM-2012-SP1-825ce5b1) to create prestage media on each DP and rebuild. That at least would prevent redistributing over the WAN
  Ken provides a nice writeup too: http://blogs.technet.com/b/kensmith/archive/2013/08/01/migrating-the-content-library-between-distribution-points-in-sccm-2012-sp1.aspx

• Internal Mail Routing Between HUB servers Is Not Working Correctly

  Howdy, Been scratching my head on this one for a while. 
  First off, running Exchange 2010 Sp3 RU5 across the board. 
  I have attached a diagram of our environment for visual aid. Please take a look as it makes more sense. 
  I have drawn the correct mail flow in black and what is happening in red.
  Forest A Site A, has a dedicated edge, dedicated Hub and dedicated CAS 
  Forest A Site A child domain 1, has a multi-roled MBX,HUB,CAS
  Forest A Site B child domain 2, has a multi-roled MBX,HUB,CAS
  Forest B Site C, has a multi-roled MBX,HUB,CAS
  Mail flows TO child domain 2 just fine, but outgoing mail from that same domain keeps routing through HUB in child domain 1 instead of HUB in forest root domain. 
  The send connector for the organization in Forest A is configured to only send through the dedicated HUB server in Forest A. The Receive connector in Forest A's HUB is also configured correctly. But no matter what i do, mail outgoing from child domain
  2 continues to flow to child domain 1 instead of through the dedicated HUB server. 
  Mail needs to flow so for now i added the HUB in child domain 1 as a source server in the organization's send connector and set up the receive connector in child domain 1 to allow a work around for now. 
  I think this is an issue in the routing group connector but its just a guess. Any ideas? 

  Hi,
  Active Directory IP site links costs are based on relative network speed compared to all network connections in the WAN and are designed to produce a reliable and efficient replication topology. Therefore, in most cases, the existing IP site link costs should
  work well for Exchange 2010 message routing. However, if after documenting the existing Active Directory site and IP site link topology, you verify that the Active Directory IP site link costs and traffic flow patterns aren't optimal for Exchange 2010, you
  can make adjustments to the costs evaluated by Exchange.
  You can use the Set-AdSiteLink cmdlet to assign an Exchange-specific cost to an Active Directory IP site link.
  More details refer to the following articles:
  Controlling IP Site Link Costs
  Set-AdSiteLink
  Hope this helps!
  Thanks.
  Niko Cheng
  TechNet Community Support

• Can you authenticate users from 2 different AAA-servers for one specific tunnel-group?

  I need to authenticate users from two separate AD LDAP databases on the same tunnel-group. I would like them to use the same tunnel-group and thereby using the  same group-alias. I tried creating a new aaa-server group and putting both LDAP servers into group but apparently the ASA does not roll through the separate servers in the aaa-server group and will stop if the first server states that the authentication failed.
  I also tried assigning multiple aaa-server groups into the tunnel-group authentication-server-group but that also did not work. I finally tried to create a separate tunnel-group and assigning it the same group-alias but the ASA will not allow me to assign the same group-alias to different tunnel-group. What is the best way to accomplish this without having to create a new group-alias that will show up and possible confuse the dumb users requiring this access? Please help.

  If you don't want ANY drop down I believe you can do it in a kludgy sort of way.
  Eliminate all the group aliases (which are used to populate the dropdown) and make a local database of the users for the sole purpose of assigning / restricting them to a non-default tunnel-group which authenticates to the secondary LDAP server. 
  You can also send out a non-published URL that points to a second tunnel-group not in the dropdown.
  Of course, we can accomplish this if the AAA server is ISE. ISE 1.3 can authenticate users to multiple AD domains (with or without trust relationships) or a single domain with multiple join points in the Forest.
  The ISE answer makes me wonder - could you establish trust between the domains and authenticate users that way?

• Two CAS Servers on the same domain but different AD Sites

  I have a customer that has 1 EXCH MB server & 1 EXCH server running the Hub Transport and Client Access roles. These two servers are in the same domain and reside in AD site A. Now he wants AD Site B (also in the same domain) to have 1 EXCH MB server
  & 1 EXCH server running the HUB/CAS role. The problem is the CAS role in site A is the only one that is public interfacing. The CAS server in site B has not certificates at all, and I want all the mail to re-route to the CAS server in Site A. Does anyone
  know how I can do that???

  The CAS in the internet facing site will proxy to the CAS in the non-internet facing site. And you do have a cert on that CAS in Site B. The default built-in one. However, if you have clients in Site B, you should replace that built-in cert with one that
  is trusted by clients such as Outlook and Lync etc...It doesnt have to be a 3rd party cert, it could be on that is trusted internally.
  http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
  Understanding Proxying and Redirection
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Edge 2013 does not discover all Exchange servers in the org

  We have the following co-existence setup:
  Edge 2013 sitting on the DMZ.
  1 CAS 2013
  1 MBX 2013
  1 CAS/HUB 2010
  1 MBX 2010
  After creating a new edge subscription on the edge server and successfully completing it on the 2013 mbx server, when I run get-exchangeserver on the edgeserver I get only the 2010 CAS and the 2013 MBX. 2010 MBX and 2013 CAS are missing.
  All mailflow is working fine, yet if I shutdown the 2010 CAS, incoming mail flow stops, because for the edge server the 2010 CAS is the nexthopdomain, it doesn't find it and gives a 4.4.1 error in the SMTP receive protocol logs.
  I have tried re-creating the subscription several times, I tried forcefullsync, it syncs fine yet it does not discover all the servers.
  The firewall on the edge is disabled and in the internal servers as well, just to be sure that there is no communication error.
  When the edge server receives an email from the internet it sends it to the 2010 CAS/HUB server and then to the 2013 MBX server.
  Also the documentation from technet states the following for Edge and messages arriving from external senders.
  Mailbox server and Client Access server installed on different computers   In this configuration, the Client Access server is bypassed for inbound mail flow.
  Mail flows from the Transport service on the Edge Transport server to the Transport service on the Mailbox server.
  So in my config, the CAS should be bypassed, but yet that's not happening. The "proxy to a CAS server" option on the connectors is not enabled.
  I believe all the above would be resolved, If I could make the Edge server discover all of the servers in the org.
  Ideas?

  Hi Dimitris,
  Base on my knowledge, I think this is a normal behavior on Edge server. Since the computer that has the Edge Transport server role installed doesn't have access to Active Directory.
  We will create an Edge Subscription from mailbox server(Exchange 2013) or hub server(Exchange 2010). So the Edge server will only connect to these servers with transport role.
  According to the Edge Subscriptions document, it said:
  “The Edge Subscription process provisions the credentials used to establish a secure LDAP connection between Exchange 2013 Mailbox servers and a subscribed
  Edge Transport server.”
  Edge Subscriptions
  https://technet.microsoft.com/en-us/library/aa997438(v=exchg.150).aspx
  Best regards,
  Niko Cheng
  TechNet Community Support

• ADFS server in NLB cluster unable to reach all servers in the same subnet

  I have 2 ADFS (3.0) virtual servers (server 2012 R2 on VMware) in an NLB cluster (setup for Office 365 initially) and want to be able to use the SAML to connect to a couple of Linux servers in the same network to allow SSO to the Linux boxes.
  It was working then stopped and now the primary FS server (FS1) cannot ping either Linux box or one of our WS08R2 file and print servers. It can ping all other servers in the same network.
  I tried to get a packet capture with MS NetMon 3.4 but it only picked up the successful ping requests.
  Firewall is disabled but that made no difference.
  NLB cluster configured in Unicast mode as I found Office 365 and another outside service didn't want to work using Multicast or IGMP Multicast.
  The really bizarre thing is the secondary FS vm can ping the other boxes even with "ping server -S clusteraddress"
  Any suggestions as to where to look to track this down will be most welcome.
  Cheers
  David
  Cheers, David

  Hi,
  I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
  Thanks for your understanding and support.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Exchange 2010 CAS array with Exchange 2013 Mailbox Servers

  Here is our current scenario,
  Exchange 2007
  2 - Hub Transport Servers
  2 - CAS servers (cluster NLB)
  2 - Mailbox servers (clustered)
  Exchange 2010
  2 - Huib Transport Servers
  3 - CAS servers (array NLB)
  2 - Mailbox servers (1 DAG)
  We have not migrated any users to the Exchange 2010 environment yet. We're thinking that at this point we would rather go from 2007 to 2013. Does the 2013 mailbox server work with a 2010 CAS array?

  Hi,
  As far as I know, CAS array doesn' t exist in Exchange 2013. And OWA and other requests can be proxyed and redirected from Exchange 2013 to Exchange 2010.
  For more information, you can refer to the following article:
  http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• How can i configure Distributed cache servers and front-end servers for Streamlined topology in share point 2013??

  my question is regarding SharePoint 2013 Farm topology. if i want go with Streamlined topology and having (2 distribute cache and Rm servers+ 2 front-end servers+ 2 batch-processing servers+ cluster sql server) then how distributed servers will
  be connecting to front end servers? Can i use windows 2012 NLB feature? if i use NLB and then do i need to install NLB to all distributed servers and front-end servers and split-out services? What will be the configuration regarding my scenario.
  Thanks in Advanced!

  For the Distributed Cache servers, you simply make them farm members (like any other SharePoint servers) and turn on the Distributed Cache service (while making sure it is disabled on all other farm members). Then, validate no other services (except for
  the Foundation Web service due to ease of solution management) is enabled on the DC servers and no end user requests or crawl requests are being routed to the DC servers. You do not need/use NLB for DC.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• I do not see where to enter IP addresses in the Open VPN setup. Also, how can I set it up so that I can choose different servers in the same way as I can currently choose them with my VPN app but for PPTP?

  I think I have it working on my iPhone 5. But, I do not see how I can control the exit point that I would like for the VPN. Are all the exit points shown in the VPN setting now going to work with Open VPN, or do they remain PPTP? If I am reading correctly, they look like they remain PPTP. If I cannot control the exit point for open VPN, which exit point is the default in the profile you provided me?I note that Open VPN Connect does not work with any of the new 64 bit devices like the iPhone 5S, the iPad Air, and the new iPad MIni. Is there any chance that you guys will come up with an update for your app so that open VPN can be made to work on all iOS devices? That would be nice, particularly if the Open VPN Connect app does not give me a choice of exit points.Thanks,
  I do not see where to enter IP addresses in the Open VPN setup. Also, how can I set it up so that I can choose different servers in the same way as I can currently choose them with my VPN app but for PPTP?
  Just a quick note to tell you that Open VPN has updated their app so that it is compatible with 64 bit ARM devices like the iPhone 5S, the iPad Air, and the iPad Mini Retina.That does not resolve the problem of how to easily choose among the various possibilities for the exit server. We need to find an easy way to choose.

  Thank you for trying the new Firefox. I'm sorry that you’re unhappy with the new design.
  I understand your frustration and surprise at the removal of these features but I can't undo these changes. I'm just a support volunteer and I do not work for Mozilla. But you can send any feedback about these changes to http://input.mozilla.org/feedback. Firefox developers collect data submitted through there then present it at the weekly Firefox meeting
  I recommend you try to adjust to 29 and see if you can't make it work for you before you downgrade to a less secure and soon outdated version of Firefox.
  Here are a few suggestions for restoring the old design. I hope you’ll find one that works for you:
  *Use the [https://addons.mozilla.org/en-US/firefox/addon/classicthemerestorer/ Classic Theme Restorer] to bring back the old design. Learn more here: [[How to make the new Firefox look like the old Firefox]]
  *Use the [https://addons.mozilla.org/en-US/firefox/addon/the-addon-bar/ Add-on Bar Restored] to bring back the add-on bar. Learn more here: [[What happened to the Add-on Bar?]]