No client access on DAG switchover - Single site
Let’s summarize my environment:
I have 3 Exchange 2013 SP1 (cu4) server in one site. CAS01, only have cas role and MBX01&MBX02 have only mailbox. Both mailbox are in a DAG (DAG01).
The server mounting my database is MBX02. Whenever a switchover to MBX01 occur (or when I force it whith Move-ActiveMailboxDatabase –server MBX02 -ActivateOnServer MBX01), all my client get disconnected so no more outlook, active sync
and even owa. As soon as I roll them back on MBX02, everything returns to normal. However, every single email delivered while the DAG was mounted on MBX01 are getting delivered to the mailbox server so dag is working properly for the mail flow, minus the client
access HA.
Now I know that on Exchange 2010 and the issue could have been with the value of –rpcclientaccessserver on my database, but this value is not used anymore on 2013.
Any ideas?
Thanks
Hi S.Nithyanandham
1. No my servers are working pretty fine is I create a non dag DB on MBX01, Client access and mail flow is fine. Turning off both Windows firewall didn’t
change anything
2.
Server Check Result Error
MBX01 ClusterService Passed
MBX01 ReplayService Passed
MBX01 ActiveManager Passed
MBX01 TasksRpcListener Passed
MBX01 TcpListener Passed
MBX01 ServerLocatorService Passed
MBX01 DagMembersUp Passed
MBX01 ClusterNetwork Passed
MBX01 QuorumGroup Passed
MBX01 FileShareQuorum Passed
MBX01 DatabaseRedundancy Passed
MBX01 DatabaseAvailability Passed
Server Check Result Error
MBX02 ClusterService Passed
MBX02 ReplayService Passed
MBX02 ActiveManager Passed
MBX02 TasksRpcListener Passed
MBX02 TcpListener Passed
MBX02 ServerLocatorService Passed
MBX02 DagMembersUp Passed
MBX02 ClusterNetwork Passed
MBX02 QuorumGroup Passed
MBX02 FileShareQuorum Passed
MBX02 DatabaseRedundancy Passed
MBX02 DatabaseAvailability Passed
MBX02 DBCopySuspended Passed
MBX02 DBCopyFailed Passed
MBX02 DBInitializing Passed
MBX02 DBDisconnected Passed
MBX02 DBLogCopyKeepingUp Passed
MBX02 DBLogReplayKeepingUp Passed
3. I’ve double check that and recreated the dag binding multiple time with no luck.
4. yes they are
[PS] C:\Windows\system32>get-mailboxdatabasecopystatus | ft -au
Name Status CopyQueueLength ReplayQueueLength LastInspectedLogTime ContentIndexState
DB1\MBX01 Mounted 0 0
Healthy
DB2\MBX01 Mounted 0 0
Healthy
DB3\MBX01 Mounted 0 0
Healthy
DB4\MBX01 Mounted 0 0
Healthy
[PS] C:\Windows\system32>get-mailboxdatabasecopystatus -server mbx02 | ft -au
Name Status CopyQueueLength ReplayQueueLength LastInspectedLogTime ContentIndexState
DB1\MBX02 Healthy 0 0 2015-01-12 19:57:58 Healthy
DB2\MBX02 Healthy 0 0 2015-01-12 19:58:10 Healthy
DB3\MBX02 Healthy 0 0 2015-01-12 19:58:07 Healthy
DB4\MBX02 Healthy 0 0 2015-01-12 20:00:23 Healthy
5. None except those related to the failover if I bring MBX02 down
6. File share is fine and acessible.
Then please explain me what you are trying to say on the below mentioned line?
When I have a failover and database are mounted and healthy I can’t connect trougth any devices but email sent to my organization are devilered in databases correctly. I can see them with Get-MessageTrackingLog. In addition, my Wtachguard
in front of my cas is not reporting any bounce or error, everything is delivred and queue is empty inside it.
A big Thank you for your help
Alex
Alexandre Contant
Similar Messages
-
Hi,
I am using EWS Java APIs and passing OAuth tokens to fetch data from office 365 mailboxes.
Because I am developing Web APIs I preferred using "Application Permissions" defined in Azure active directory application for Office 365, and used "client credential flow" OAuth flow to fetch OAuth token specific to application which will
allow "Have full access via EWS to all mailboxes in the organisation".
After fetching token with the procedure specified in the document "http://blogs.msdn.com/b/exchangedev/archive/2015/01/21/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx"
I passed this token to EWS Java APIs,
it gave me error saying:
microsoft.exchange.webservices.data.ServiceResponseException: Exchange Web Services are not currently available for this request because none of the Client Access Servers in the destination site could process the request.
I tried similar thing with EWS managed APIs for .net. Got similar error.
Can anyone provide some help and direction to resolve this error.
Thanks & Best Regards,
PranjalI see you found an answer with the X-AnchorMailbox header on StackOverflow:
http://stackoverflow.com/questions/29554724/exchange-web-services-are-not-currently-available-for-this-request-because-none -
Hi,
I've got a lab with a domain controller and an Hyper-v with on it two multi-role exchange 2013 CU7 servers on W2K12 R2 OS, configured in DAG semplified (but the problem is the same also if I use the classical DAG configuration), a witness server, and a L7
load balancer for the exchange servers.
When I made the test to disable the OWA application pool where I've got the active mailbox database of the user, the balancer in correct manner redirect the session to the other exchange multi-role server, but the client in his OWA session is no more
able to send new mail with the error "Error your request can't be completed rigt now. Please try again later."
The only strange log that I see on the server in the MAPI client access directory where there is the following error message:
2015-01-21T08:00:45.132Z,956,1,/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt,,Microsoft.Exchange.RpcClientAccess.Monitoring.dll,15.0.0.0,Cached,,,,MapiHttp,Client=Microsoft.Exchange.RpcClientAccess.Monitoring,R:4ab7b6c8-54ee-4be3-aa9d-f8c856c4c47c:2,C:MAPIAAAAAOC4+7OCoZOjkqeKuoumlKSEtYO5ibyGs4bc/879z/vD9sX1zP28AwAAAAAAAA==|S:0-mGmHRQ==,OwnerLogon,0x6BB
(rpc::Exception),00:00:00.0310000,"Logon: Owner, /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt in database last mounted on Exch2.lab.net",RpcEndPoint: [ServerTooBusyException]
Client is being backed off -> [ClientBackoffException] Mailbox was moved to a different mailbox server. A client needs to retry. -> [IllegalCrossServerConnectionException] Cannot open mailbox /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt.
-> [MapiExceptionIllegalCrossServerConnection] Monitoring mailbox [] with application ID [Client=MSExchangeRPC] is not allowed to make cross-server calls from [Exch1.lab.net] to [Exch2.lab.net] [diag::AAAOAAAA/wAAAAAAAAAAAgAAAAA=],,,[email protected],
The CAS try to access the mailbox on the other server, but without success.
Someone have idea how to solve?
ThanksHi Hinte, sorry for the answer delay.
I've run the command you suggest to check the HealthMailbox status, but seems that all are fine:
[PS] C:\Windows\system32>get-Mailbox -Monitoring | ft name, servername
Name ServerName
HealthMailbox7021deb6ae104dadbf52feedfa7fa68b exch1
HealthMailboxb83c9040b32e4d1197f7f54f6709bb7f exch1
HealthMailboxb1c32037890b43fbb2af2efe7c36ba00 exch1
HealthMailbox8d174269b494458daf9ade5099e22845 exch1
HealthMailboxaa7d10f02d2d4cc588243b291ead3e3a exch1
HealthMailboxeb32c30a019f42968a7cbc49a6ac3e65 exch1
HealthMailboxc6ff1d36ba154c5db5411b44718edcbd exch1
HealthMailbox75dc7caa7e8c4a3b812a01b607536d48 exch1
HealthMailbox16c86e512f454e7890b80c180ce19c00 exch1
HealthMailboxc6e447f7dba24d9b913f1dfcabe9f927 exch1
HealthMailbox40fa5a3f2abc4accae6286cd98abc90a exch1
HealthMailbox2712b9544bad4e7b8b671be2cda8cfde exch2
HealthMailboxe2559124da20499386bf8103dcb21e9b exch2
HealthMailbox3264c6078dad45d4a78c56a3afe81df1 exch1
HealthMailboxacacc51eb8bc4717b295ddf0adccf77e exch2
HealthMailbox64c4dd8cddac4c4e8bb7314010e797b1 exch1
HealthMailbox4a92bfa14fdd47fbb27c19513f6d2beb exch2
HealthMailbox465d2a69de93430e84b4d699a88cb0c3 exch1
HealthMailbox97b578e57cd44204820fffa416b25633 exch2
HealthMailboxb411059771db4647bb775c665ec29440 exch1
HealthMailboxf981dde6f4134f839bf41eb0000434e4 exch2
HealthMailboxc33801c7c3b1474f8aa6065249bb4fca exch1
HealthMailbox2282128ed8d14937998212edd15adf20 exch2
HealthMailboxe3d12b756cf545239b38be4607904ae1 exch2
[PS] C:\Windows\system32>
Regarding the test sugested to diable instead the OWA App Pool only the OWA virtual directory, I've not found on IIS the possibility to stop the access to this virtual directory.
Also on exchnage Administration page there is no the possibility to switch off this virtual directory only (or I don't found where is this setting).
Regards -
Add Client access server with DR MBX to server clients from DR site.
Hello,
We have a medium size implementation at our company. It is as below,
- Two mail box servers (MBX1, MBX2) at production Site.
- One mail box server (MBXDR01 at DR site (Active))
- One DAG (name: IDKUDAG ) (MBX1,MBX2 and MBXDR01 are members)
- Two Client access servers at production site (with MBX1 and MBX2)
There is a high speed WAN connection between two sites.
What I need to do, I want to add additional CAS server at DR site as in case of production site maintenance or outage I want to migrate the DBs to DR MBX and the CAS server handle mail
client’s access.
Can I add a new server at the DR site with the same configuration as the production site???
Or there is another solution for this case.
Please advise.
Best regards,
Ahmed Salah
BR Ahmed AboutablHi Ahmed,
The CAS configuration for Exchange service in the second datacenter can be the same configuration as you mentioned. For example, the same internal&external namespaces for OWA, Autodiscover, EWS, OAB etc. in two datacenters.
Also make sure the certificate has included all needed namespace for the second site. For your reference, here is an article talked about the details of site resilients:
https://technet.microsoft.com/en-us/library/dd638129(v=exchg.150).aspx
http://www.msexchange.org/articles-tutorials/exchange-server-2010/high-availability-recovery/designing-site-resilient-exchange-2010-solution-part1.html
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
Regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Winnie Liang
TechNet Community Support -
Mailbox and Client Access on the same servers for CAS HA (L4 LB) and Mailbox DAG
Hi, I would like to ask this question.
I'm reading all sort of documentation that I'm finding on the internet, but I can't understand if what I'm thinking to do is possible.
I would like to setup a basic environment configuring only two Exchange 2013 on two Win 2012 R2 servers. Both servers will be Mailbox (MBX) and Client Access (CAS). I will create a two-member DAG using File Share Witness or Disk Witness for the Dynamic Quorum.
Then I will setup Outlook Anywhere with internal and external namespace for CAS redundancy and layer 4 load balancing.
In this scenario I will not need to install a third part load balancer.
Am I doing right or I watching a movie?
Thanks in advanceHi ,
You could need to have the HLB or virtual load balancers for redundancy.
Disadvantages of some load balancing methods :
If you use Windows NLB then it can provide redundancy on server level failure and not on application level.
In case if we use the windows round robin method for load balancing then it wouldn't provide server level and application level redundancy during the failures.At the Same time we need to manually adjust the DNS records during the server failure but on the
client end dns caches will create the issues.
Lets consider you are having the internal and external names for outlook anywhere like below .
internal and external outlook anywhere name :
mail.domain.com
For the above name just configure the HOST A record in windows DNS and map it to load balancer ip.Then the second step would be to configure your exchange servers in LB .So all the internal and external outlook client connectivity will happen via LB to exchange
servers.In that case if anyone of the server is down then LB will automatically make the outlook client to get connected to the server which is alive and at the same time none of the request from outlook client to LB will get forward to the server which is
in down state.
Note : Make sure you are having the redundancy for LB devices also otherwise it would be a single point of failure on the LB end .
Please reply me if anything is unclear.
Thanks & Regards S.Nithyanandham -
Client Access Server per AD Site?
In a single forest, single domain, multi AD site environment, can users in Site-B using Outlook 2010 clients connect to Client Access array /OWA, Hub, Maibox in Site-A without the need to install a Client Access server in Site-B? or Do I actually
have to install a Client Access server in Site-B?
I've read this thread, but I am still a little confused
http://social.technet.microsoft.com/Forums/exchange/en-US/03b835b4-7ecb-47ee-9b34-20cb2f70c3d4/client-access-server-active-directory-site?forum=exchangesvradminlegacy
Per MS.."You must install the Client Access server role in every Exchange organization and every Active Directory site that has the Mailbox server role installed"
http://technet.microsoft.com/en-us/library/bb124915(v=exchg.141).aspx. My Site-B does not have a Mailbox server, so I don't really need to have a Client Access in Site-B, if I understand this correctly.
Greatly appreciated if anyone can provide some clarification.
Thanks!
Note: Right now, there's only a single, default site in AD (Site-A). I am planning to add a Site-B in AD and add a domain controller in Site-B, but a little confused about the exchange. Just want to make sure that once I add Site-B to AD,
users would still be able to access Outlook/Exchange properly.yes you don't need to. Your site B users will connect directly to the CAS on the Site-A, make sure the link speed is good enough.
Where Technology Meets Talent -
RE: Accessing multiple Env from single Client-PC
Look in the "System Management Guide" under connected environments page
72. This will allow services in your primary environment to find
services in your connected environment. However, there is a bug
reported on this feature which is fixed in 2F4 for the HP and H1 for all
other servers. The following is from Forte:
The connected environments bug that was fixed in 2F4 is #24282. The
problem
was in the nodemgr/name server source code and caused the following to
occur:
Service1 is in connected envs A and B.
Client has env A as primary, B as secondary.
Envmgr A dies before the client has ever made a call to Service1.
Afer env A is gone, client makes a call to Service1 which causes Envmgr
B to
seg fault.
You should upgrade your node manager/env manager nodes to 2F4. The 2F2
development and runtime clients are fully compatible with 2F4 servers.
Kal Inman
Andersen Windows
From: Inho Choi[SMTP:[email protected]]
Sent: Monday, April 21, 1997 2:04 AM
To: [email protected]
Subject: Accessing multiple Env from single Client-PC
Hi, All!
Is there anybody has any idea to access multiple environments from
single client-PC? I have to have multiple environments because each
environment resides geographically remote node and network bandwidth,
reliability are not good enough to include all the systems into single
environment.
Using Control Panel for doing this is not easy for those who are not
familiar with Windows. The end-user tend to use just single application
to access all necessary services.
I could consider two option to doing this:
1. Make some DOS batch command file to switch different environment
like, copying back/forward between environment repositories and
set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
proper client partition(ftexec).
2. Duplicate necessary services among each environment.
But, these two options have many drawbacks in terms of system
management(option 1), performance(option 2) and others.
Has anybody good idea to implement this? Any suggestion would be
appreciated.
Inho Choi, Daou Tech., Inc.
email: [email protected]
phone: +82-2-3450-4696Look in the "System Management Guide" under connected environments page
72. This will allow services in your primary environment to find
services in your connected environment. However, there is a bug
reported on this feature which is fixed in 2F4 for the HP and H1 for all
other servers. The following is from Forte:
The connected environments bug that was fixed in 2F4 is #24282. The
problem
was in the nodemgr/name server source code and caused the following to
occur:
Service1 is in connected envs A and B.
Client has env A as primary, B as secondary.
Envmgr A dies before the client has ever made a call to Service1.
Afer env A is gone, client makes a call to Service1 which causes Envmgr
B to
seg fault.
You should upgrade your node manager/env manager nodes to 2F4. The 2F2
development and runtime clients are fully compatible with 2F4 servers.
Kal Inman
Andersen Windows
From: Inho Choi[SMTP:[email protected]]
Sent: Monday, April 21, 1997 2:04 AM
To: [email protected]
Subject: Accessing multiple Env from single Client-PC
Hi, All!
Is there anybody has any idea to access multiple environments from
single client-PC? I have to have multiple environments because each
environment resides geographically remote node and network bandwidth,
reliability are not good enough to include all the systems into single
environment.
Using Control Panel for doing this is not easy for those who are not
familiar with Windows. The end-user tend to use just single application
to access all necessary services.
I could consider two option to doing this:
1. Make some DOS batch command file to switch different environment
like, copying back/forward between environment repositories and
set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
proper client partition(ftexec).
2. Duplicate necessary services among each environment.
But, these two options have many drawbacks in terms of system
management(option 1), performance(option 2) and others.
Has anybody good idea to implement this? Any suggestion would be
appreciated.
Inho Choi, Daou Tech., Inc.
email: [email protected]
phone: +82-2-3450-4696 -
Accessing multiple Env from single Client-PC
Hi, All!
Is there anybody has any idea to access multiple environments from
single client-PC? I have to have multiple environments because each
environment resides geographically remote node and network bandwidth,
reliability are not good enough to include all the systems into single
environment.
Using Control Panel for doing this is not easy for those who are not
familiar with Windows. The end-user tend to use just single application
to access all necessary services.
I could consider two option to doing this:
1. Make some DOS batch command file to switch different environment
like, copying back/forward between environment repositories and
set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
proper client partition(ftexec).
2. Duplicate necessary services among each environment.
But, these two options have many drawbacks in terms of system
management(option 1), performance(option 2) and others.
Has anybody good idea to implement this? Any suggestion would be
appreciated.
Inho Choi, Daou Tech., Inc.
email: [email protected]
phone: +82-2-3450-4696Hi, All!
Is there anybody has any idea to access multiple environments from
single client-PC? I have to have multiple environments because each
environment resides geographically remote node and network bandwidth,
reliability are not good enough to include all the systems into single
environment.
Using Control Panel for doing this is not easy for those who are not
familiar with Windows. The end-user tend to use just single application
to access all necessary services.
I could consider two option to doing this:
1. Make some DOS batch command file to switch different environment
like, copying back/forward between environment repositories and
set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
proper client partition(ftexec).
2. Duplicate necessary services among each environment.
But, these two options have many drawbacks in terms of system
management(option 1), performance(option 2) and others.
Has anybody good idea to implement this? Any suggestion would be
appreciated.
Inho Choi, Daou Tech., Inc.
email: [email protected]
phone: +82-2-3450-4696 -
Single Client Access Name for Weblogic Forms and Reports.
I have a 2 node clustered system:
Windows 2008 R2 64-bit
Weblogic 10.3.3 (on each node)
Weblogic Forms and Reports 11.1.1.3 (on each node)
Database 11gR2 RAC 11.2.0.1 (on each node)
The forms and reports are clustered and I can connect to each from each of the two servers and the cluster is working well.
The database uses Single Client Access Name (SCAN) to present the database as if it were one server called dbserver1.
I was wondering if there was a similar thing for Weblogic and what everyone else uses to present their application as a single name to the user.
I tried using Windows Network Load Balancing, but this stops the database scan listeners from working.
Thanks.Dear,
Did you find an answer to your question back in 2009?
We are facing the same installation architecture, but we do not find any concrete information regarding SCAN with Oracle Forms 11g
Geert -
Exchange 2013 DAG / client access
Hello
I'm in the planning of a new Exchange 2013 infrastructure. The infrastructure will be located in a datacenter and should host about 1000 mailboxes. I have read many whitepapers and tutorials, but some things are still unclear to me.
- Microsoft suggests multi-role servers for this amount of users because client access is no more than a reverse proxy in EX2013. Is this correct? I've read that one users with 200 mails/day needs 8.5 MCycles with only DB and 10.63 MCycles with DB and CAS
on the same server. So I plan to start with 2 multi-role servers in a DAG. What's your oppinion on this?
- Client connections: I assume the clients connect to the cluster IP of the DAG. How do they get directed to the server on which their database is online? Does each server need to have the cluster IP and a public IP to which the clients connect?
- SMTP: As I understand the documentation, mails are sent from the server which the user is active on. (Which makes sense for high availability.) What is best practice regarding the protocol logs? Do the support employees need to search in the files on 2
servers?
Thank you very much for your input!Hi
I would use the firewall for load balancing unless there is a technical reason why this is not possible. NLB is not recommended as it is not service aware - you cannot configure a probe to test OWA is working for example - so if you already have something
better that would be my choice.
In the choice between IIS ARR and NLB or CAS and NLB I would go for IIS ARR as this reduces you license costs, but neither of these is better than the appliance/firewall option.
I've never used NLB for load balancing other than on TMGs so I cannot say what the performance is like behind a firewall, in theory your assumption would be correct.
The load balancer doesn't make this decision it just spreads the load between the active servers, the CAS role connects the use session to the correct mailbox server:
http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
Steve -
Difference bewteen Single Client Access Name (SCAN) & Grid Naming Service
Hi ,
Whats the difference bewteen Single Client Access Name (SCAN) & Grid Naming Service in 11g RAC R2?
Regards,
StephenHi Stephen,
There is a very good document about it (http://www.oracle.com/technetwork/products/clustering/overview/scan-129069.pdf).
Best regards,
Gennady -
Urgent Help / suggestion Needed - DAG in Differnt Site - Implementaion
Hi All
Current setup of my lab is below -
MAIN SITE - Named Head Office
Root Domain Controller : IP 172.29.154.1 / 255.255.0.0
Two node DAG : - Mailbox servers - DAG NAME - DAG1
Casarray (casaarray1 , and casarray2) servers
One hub transport server
Total 6 VM servers are running in the head office site
Created a new AD site for name Branch Office and installed a addition domain controller with IP of 10.10.10.1/255.0.0.0
Now i would like to implement the DAG between the sites .
how can i implement, i mean what are the best ways to implement the DAG between two sites
1. shall i go for typical installation of exchange (CAS, HUB , MAILBOX ) 2010 in main office and Branch office . will it support DAG between two sites for typical installation?
2. shall i install one more Mailbox server alone in MAIN SITE and install CAS and hub in one server and mailbox alone in the branch office site? i mean - two Mailbox servers in each site
any other best ways other than above two points , the main intention is to implementing, testing and learning the site resilience between the sites and want to know the stuffs in and around DAC
Thanks in advanceso, i was assuming that i will add one mbx server in main site and another mbx server in branch site and make it HA via DAG --- is it possible
Next option
i can go for typical installation of ( CAS , HUB MBX server (all three in in one server) in main site and another three server roles (aal in one server) of Branch office and make the mailbox for HA -- will it possible
how can i achieve the HA with my current setup between the sites
If your bandwidth and latency between sites you
can have HA for mailbox databases by adding a mailbox server as a member in the current DAG. DAG will
give you only HA for mailbox not HUB/CAS.
After you installed the Mailbox role on the branch server, You have to set autodiscover site affinity.
http://technet.microsoft.com/en-us/library/aa998575(v=exchg.141).aspx
It is little bit complicated if you want HA over 2 sites, It depends on the bandwidth and latency between sites. If
you install all the 3 roles and configure the branch site as part of the main branch ADsite you can have highly availability for CAS by a load balancer and this is not a small change. i.e. add the branch server to the Main office CAS
Array and load balance.
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/EXL401
If the branch site is not Internet facing, Please check this.
http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
adding an MBX/HUB/CAS in your branch office and buy a hardware load balancer of your budget. List
of MS supported HLBs here. Configure the load balancer to according to your bandwidth and latency
between sites.
Thanks, MAS
Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
Couple of comments please!
Autodiscover sitescope is a function of CAS not mailbox. This is written into AD when the CAS role is installed.
Why are you splitting all the roles out like this? The recommendation in 2010 and 2013 is to multirole whenever possible. There are valid reasons for splitting, I just want to know what's driving you to this.
The preferred DC switch is just for the current PowerShell session IIRC. I'll check up on that though.
I'd ask you to look at the design examples on TechNet
http://technet.microsoft.com/en-us/library/dd979781(v=exchg.141).aspx
In all of this, you have to consider what the impact of a failed WAN link(s) will do. If you have a single DAG spanning both locations, and the WAN goes down then in the case of a single DAG spanned between both of the sites some users will not have
access to a local mailbox server. The cluster service terminates and so does the Exchange store. That is by design.
Cheers,
Rhoderick
Microsoft Senior Exchange PFE
Blog:
http://blogs.technet.com/rmilne
Twitter: LinkedIn:
Facebook:
XING:
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
Fwd'ing to security newsgroup
-------- Original Message --------
Subject: Client accessing MBeanHome for more than one domain receives
SecurityException
Date: 4 Mar 2004 07:27:33 -0800
From: Dinesh Bhat <[email protected]>
Reply-To: Dinesh Bhat <[email protected]>
Organization: BEA NEWS SITE
Newsgroups: weblogic.developer.interest.management
Hi,
When a client accesses MBeans of more than one domains (Weblogic 8.1)
that have
different passwords, it receives a SecurityException. This occurs when
the MBeanHome
for each domain is looked up at initialization and reused for each
request ( to
access MBeans ). The security exception does not occur if the MBeanHome
for each
domain is looked up for each request. On initial review, this behavoir
seems inconsistent.
Looking up the MBeanHome for each request may introduce a significant
overhead.
I am not sure if concurrent lookups would also cause the same problem.
I have read on another post that we can work around this problem by
establishing
a trust relationship between the servers, but this may not be feasible
when one
is monitoring a lot of servers and the overhead of configuration may be
an issue.
I have attached code that can reproduce the problem.
Please advise on the correct approach.
Thanks
Dinesh Bhat
Panacya Inc.
import java.util.ArrayList;
import java.util.Set;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Hashtable;
import javax.management.MBeanServer;
import javax.naming.Context;
import weblogic.jndi.Environment;
import weblogic.management.MBeanHome;
* This class reproduces the Security Exception that is caused when a client tries to access
* MBeans of more than one domain with different weblogic passwords. Here is the stacktrace of the
* exception
* java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:138)
at weblogic.management.internal.AdminMBeanHomeImpl_811_WLStub.getDomainName(Unknown Source)
at WLSecurityTest.getWeblogicInfo(WLSecurityTest.java:140)
at WLSecurityTest.runTest(WLSecurityTest.java:75)
at WLSecurityTest.<init>(WLSecurityTest.java:66)
at WLSecurityTest.main(WLSecurityTest.java:51)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.intellij.rt.execution.application.AppMain.main(Unknown Source)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:181)
at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:814)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:299)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:920)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:841)
at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:222)
at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:794)
at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:570)
at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
* Note: the exception is caused only when the MBeanHome for each domain is cached and used for subsequent
* transactions. The exception does not occur if the MBeanHome for each domain is looked up for each transaction. This
* would significant overhead in practice. Also the transactions across the various domains occurs serially, hence
* the effect of concurrent lookups has to be tested.
* Usage:
* This class has been tested with weblogic 8.1
* The class needs weblogic.jar in its classpath
* One can specify the weblogic details as System properties. The properties need to be specified in
* the following format:
* wls.host.n, wls.userId.n, wls.password.n where n is the weblogix instance number. Also specify
* the boolean system property reconnect.each.iteration to toggle between reconnecting or not reconnecting
* for each iteration. When not reconnecting for each iteration, the MBeanHome is reused and the Security Exception
* occurs.
* Following is the example of system properties
* -Dwls.host.0=localhost:7001 -Dwls.userId.0=weblogic -Dwls.password.0=weblogic
* -Dwls.host.1=localhost:7011 -Dwls.userId.1=weblogic -Dwls.password.1=weblogic1
* -Dwls.host.2=localhost:7021 -Dwls.userId.2=weblogic -Dwls.password.2=weblogic2
* -Dreconnect.each.iteration=false
public class WLSecurityTest
ArrayList wlsDetailsList = new ArrayList();
HashMap connectionMap = new HashMap();
public static void main(String[] args)
try
WLSecurityTest wlSecurityTest = new WLSecurityTest();
catch (Exception e)
e.printStackTrace();
* Constructor
* @throws Exception
public WLSecurityTest() throws Exception
int noOfTries = 10;
getWLSDetails();
for( int i=0; i <= noOfTries; i++)
runTest();
* Runs the test
private void runTest()
for (int i = 0; i < wlsDetailsList.size(); i++)
WLSDetails wlsDetails = (WLSDetails) wlsDetailsList.get(i);
getWeblogicInfo(wlsDetails);
* Get Weblogic details from System properties
* @throws Exception
private void getWLSDetails() throws Exception
wlsDetailsList = new ArrayList();
String hostKeyTmpl = "wls.host";
String userIdKeyTmpl = "wls.userId";
String passwordKeyTmpl = "wls.password";
boolean done = false;
for (int i = 0; !done; i++)
WLSDetails wlsDetails = new WLSDetails();
String hostKey = hostKeyTmpl + "." + Integer.toString(i);
String userIdKey = userIdKeyTmpl + "." + Integer.toString(i);
String passwordKey = passwordKeyTmpl + "." + Integer.toString(i);
wlsDetails.hostName = System.getProperty(hostKey);
done = (wlsDetails.hostName == null) || (wlsDetails.hostName.length() == 0);
if (!done)
wlsDetails.userId = System.getProperty(userIdKey);
wlsDetails.password = System.getProperty(passwordKey);
connect(wlsDetails);
wlsDetailsList.add(wlsDetails);
* Lookup the MBeanHome for the specified weblogic server
* @param wlsDetails
* @throws Exception
public synchronized void connect(WLSecurityTest.WLSDetails wlsDetails) throws Exception
Context ctx = null;
MBeanHome mbHomeLocal = null;
try
Environment env = new Environment();
env.setProviderUrl("t3://" + wlsDetails.hostName);
env.setSecurityPrincipal(wlsDetails.userId);
env.setSecurityCredentials(wlsDetails.password);
Hashtable hashtable = env.getProperties();
System.out.println(hashtable.toString());
ctx = env.getInitialContext();
wlsDetails._mBeanHome = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
catch (Exception e)
e.printStackTrace();
* Gets weblogic information using MBeans
* @param wlsDetails
public synchronized void getWeblogicInfo(WLSDetails wlsDetails)
try
boolean reconnectEachIteration =
Boolean.getBoolean("reconnect.each.iteration");
if( (reconnectEachIteration) || ((wlsDetails._mBeanHome == null) && (!reconnectEachIteration) ))
connect(wlsDetails);
MBeanHome mbHomeLocal = wlsDetails._mBeanHome;
String domainName = mbHomeLocal.getDomainName();
Set allMBeans = mbHomeLocal.getAllMBeans();
System.out.println("Size: " + allMBeans.size());
Set clusterMBeans = mbHomeLocal.getMBeansByType("Cluster", domainName);
System.out.println(clusterMBeans);
MBeanServer mBeanServer = mbHomeLocal.getMBeanServer();
catch (Exception ex)
ex.printStackTrace();
* Class that holds weblogic server details
class WLSDetails
String hostName = "";
String userId = "";
String password = "";
MBeanHome _mBeanHome = null;If Server version is 61.
Make user "system" password of all weblogic servers same.
If Server version above 61(70,81)
In the Security Advanced Settings un check generated credential and specify a common credentail for all the weblogic servers(domains). -
No new mail notification in Outlook - CAS Exchange RPC Client Access problem
Hi, we're facing this problem:
Users start complaining they suddenly don’t receive new mail notifications in Outlook (2010/2013) anymore
Inbox does not show the new mail either
When the user changes folders in outlook, the new mail does show in the Inbox folder
Restarting Outlook shows the new mail as well.
The same new e-mail arrives instantly (with notifications) in Owa and on mobile devices
Sometimes the new mail notification pops up after a longer period of time (from 30 seconds to 10 minutes). But more often not at all.
This issue seems to occur at random. We’ve been problem free for a week, and sometimes it comes back three times a day.
Clients running Outlook 2010, 2013 cached or online, on site and off site. So it seems server related, not client.
It was seen first around January 8th. We did not make any changes around that time that we can link to this problem.
Only one CAS server (EXCH1-RTD) shows this issue. CAS servers on other sites are ok
EXCH1-RTD has CAS and HUB transport roles. The same site has two mailbox only servers. EXCH2-RTD (mailbox server for normal mailboxes). And EXCH3-RTD (mailbox server for archive mailboxes)
No entries in the event logs that seems to be related
As the problem only occurs with Outlook clients, I suspected RPC issues. We cannot gracefully stop the “Microsoft Exchange RPC Client Access” service on EXCH1-RTD while the issue occurs. We
can only kill the process and restart the service, solving the issue instantly.
What we’ve tried until now:
Updated all Exchange servers from Exchange 2010 SP3 RU6 to RU8-v2 (server OS=W2K8R2)
Updated all Exchange servers to latest critical Windows updates
Recalculated requirements using MS Sizing tool. Upgraded EXCH1-RTD VM from 8GB and 2 vCPU (1 core/cpu) to 16GB
and 4vCPU (1 core/cpu)
Ran various perfmon counters and compared them with other Exchange servers, not finding any obvious anomalies.
Any ideas would be greatly appreciated!
RonHi Ron,
From your description, OWA works well, the issue is related to Outlook side. In your case, I recommend you use Outlook safe mode to determine whether the issue is related to add-ins. If the issue persists, you can create a new profile to check the result.
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support -
Ask the Expert: Single-Site and Multisite FlexPod Infrastructure
With Haseeb Niazi and Chris O'Brien
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Single-Site and Multisite FlexPod Infrastructure with experts Haseeb Niazi and Chris O'Brien.
This is a continuation of the live webcast.
FlexPod is a predesigned and prevalidated base data center configuration built on Cisco Unified Computing System, Cisco Nexus data center switches, NetApp FAS storage components, and a number of software infrastructure options supporting a range of IT initiatives. FlexPod is the result of deep technology collaboration between Cisco and NetApp, leading to the creation of an integrated, tested, and validated data center platform that has been thoroughly documented in a best practices design guide. In many cases, the availability of Cisco Validated Design guides has reduced the time to deployment of mission-critical applications by 30 percent.
The FlexPod portfolio includes a number of validated design options that can be deployed in a single site to support both physical and virtual workloads or across metro sites for supporting high availability and disaster avoidance. This session covers various design options available to customers and partners, including the latest MetroCluster FlexPod design to support a VMware Metro Storage Cluster (vMSC) configuration.
Haseeb Niazi is a technical marketing engineer in the Data Center Group specializing in security and data center technologies. His areas of expertise also include VPN and security, the Cisco Nexus product line, and FlexPod. Prior to joining the Data Center Group, he worked as a technical leader in the Solution Development Unit and as a solutions architect in Advanced Services. Haseeb holds a master of science degree in computer engineering from the University of Southern California. He’s CCIE certified (number 7848) and has 14 years of industry experience.
Chris O'Brien is a technical marketing manager with Cisco’s Computing Systems Product Group. He is currently focused on developing infrastructure best practices and solutions that are designed, tested, and documented to facilitate and improve customer deployments. Previously, O'Brien was an application developer and has worked in the IT industry for more than 20 years.
Remember to use the rating system to let Haseeb and Chris know if you have received an adequate response.
Because of the volume expected during this event, Haseeb and Chris might not be able to answer every question. Remember that you can continue the conversation in the Data Center community, subcommunity Unified Computing shortly after the event. This event lasts through September 27, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
Webcast related links:
Single-Site and Multisite FlexPod Infrastructure - Slides from live webcast
Single-Site and Multisite FlexPod Infrastructure: FAQ from live webcast
Single-Site and Multisite FlexPod Infrastructure - Video from live webcastI would suggest you read this white paper which details the pros and cons of direct connect storage.
http://www.cisco.com/en/US/partner/prod/collateral/ps10265/ps10276/whitepaper_c11-702584.html This paper captures all the major design points for Ethernet and FC protocols.
I would only add that in FlexPod we are trying to create a highly available solution and "flexible" solution; Nexus switching helps us deliver on both with vPC and unified ports.
NPV equats to end-host mode which allows the system to present all of the servers as N ports to the external fabric. In this mode, the vHBAs are pinned to the egress interfaces of the fabric interconnects. This pinning removes the potential of loops in the SAN fabric. Host based multipathing of the vHBAs account for potential uplink failures. The NPV mode (end-host mode) simplifies the attachment of UCS into the SAN fabric and that is why it is in NPV mode by default.
So for your last question, I will have to put my Product Manager hat on so bear with me. First off there is no drawback to enabling the NPIV feature (none that I am aware of) the Nexus 5000 platform simply offers you a choice to design and support multiple FC initiators (N-Ports) per F-Port via NPIV. This allows for the integration of the FI end-host mode described above. I imagine being a unfied access layer switch, the Nexus team enabled standard Fibre Channel switching capability and features first. The implementatin of NPIV is a customer choice based on their specific access layer requirements.
/Chris
Maybe you are looking for
-
ITunes 64 Bits executa apenas a versão de 32 bits no Windows 7
Olá gente, Tenho um Windows 7 Professional com AMD Turion II e 8GB de RAM, o meu Windows é 64 Bits, porém quando baixo o iTunes, por mais que ele seja 64 bits, o iTunes é instalado na pasta Arquivos de Programas (x86) ao invés da pasta padrão de 64 b
-
Help! I downloaded a movie last night from iTunes and it downloaded to my laptop and my phone but for some reason it now won't play on my laptop. The album artwork on my laptop has gone and it exists perfectly on my phone. What do I do? I paid for it
-
ICloud password no recognized with new Apple ID
Yesterday I changed my apple ID to a new email address and updated my password. Now iCloud only shows my old Apple ID and will not recognize my new password that I updated.
-
Is it possible to select an anchored object in a text frame in InDesign in a script?
I would like to know if it is possible to write a script to select an anchored object in a text frame. All the scripts I have found so far do not work on anchored object.
-
Import video via firewire not allowed by Face Time
I am trying to import video to my harddrive via firewire. Every time I open iMovie and click on the video camera icon the only device seen is the Face Time camera. There's a little drop down window but it only has Face Time as the option not my Sony