NDDNS and Exchange 2007 CCR Clustering:
We would like to Deploy anExchange 2007 CCR cluster into our network with: 1 empty root domain, 12 child domains; non-dynamic BIND (on solaris). Testing it with AD-DNS was a doddle, but testing with NDDNS (non dynamic DNS) fails & we have not found out why:We assembled an Windows 2003 Forest on a test network (2003 native), with another 2003 forest to simulate the internet.
Our Test forest (AAA) has an empty root domain (AAA.gov), and two child domains (ABB.AAA.gov; sf.AAA.gov).
ABB has an Exchange 2003 Mailbox server, and a Front-end in 2003 native mode.
SF has one Exchange 2003 mailbox server.
We initially attempted to update the forest with a 32bit copy of exchange (per MS rep's recommendation), but as this did not work, we installed a 2008 server to the AAA.gov domain and updated the AD schema with 64 bit exchange tools.
This server was then moved into the ABB domain, and we installed Client Access and Hub Transport roles (in one go).
We then installed two Windows 2008x64 servers into the ABB domain for use as a mailbox cluster. To install these machines, we followed the directions in "Deploying an Exchange 2007 SP1 CCR Cluster on a Windows Server 2008 Failover Cluster. (
http://www.msexchange.org/articles_tutorials/exchange-server-2007/high-availability-recovery/deploying-exchange-2007-sp1-ccr-cluster-windows-server-2008-failover-cluster-part1.html) which was kindly forwarded by X.
-> This configuration requires 4 IP addresses to be used: NodeA, NodeB, Windows-Fail-Over-Cluster (file share majority node); Exchange Cluster.
-> The only deviation from the documentation guide noticed was a lack of a question asking us if we were going to use Outlook 2003 clients: It is assumed since a 2003 downlevel Exchange Org exists, the installer presumed that we would be using Outlook 2003 clients.
Initially, we had issues with installing the exchange cluster for several reasons including the windows firewall. On the second install, while the Mailbox cluster installed successfully, it was unable to create a mailbox store for the domain. (Error message suggesting that we run nslookup and verify that DNS information was correct.
After not finding useful information on this error on technet, or google: we initially removed and reinstalled Exchange; Windows clustering. (Removing the AD objects for all of the above in the process.) What documentation we did find for non-dynamic DNS only stated that it could be used, not what records were needed.
We then installed an exchange 2007 cluster (along with a hub transport and client access server roles) into our Internet Proxy domain so that we could examine the DNS entries created in the dynamic DNS system on that domain. After checking that the DNS entries matched those we had made in the ABB test domain, we reattempted the EXCHANGE 2007 cluster in the test PSB domain. The Windows and Exchange clusters created successfully, but we could not create the mailboxes.
At one level, the question is if there are non-obvious DNS entries required for the cluster. If not, we need a more extensive examination of why the cluster does not work.
January 4th, 2010 7:13pm
When creating the cluster the Clustering Service will attempt to create the cluster name in AD and in DNS. If the account running the operation doesn't have sufficent permission in AD or DNS the creation will not complete properly.I would start by checking your permissions. When dealing with a multiple domain environment you need to check how DNS is configured on all servers in your environment and how DNS information is replicated and to where. Also, your forest root should have the Exchange Security Objects created, verify those are there. They should be created when you prepare the schema. The other thought would be how are you deploying Exchange in your root and child? Are you doing that correctly? Again, make sure you have proper permissions. :)SF - MCITP:EMA, MCTS: Exchange 2010, Exchange 2007, MOSS 2007, OCS 2007 --
http://www.scottfeltmann.com
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2010 12:44am
The account used to create the cluster is domain admin, enterprise admin; exchange admin. The DNS is non dynamicially updateing; the 4 A records were added manually before creating the cluster: node1.abb.gov, node2.abb.gov, winclus.abb.gov; exclus.abb.gov. The Exchange object was created in AD, as was the windows cluster. I don't think I can get more permissions than those that I used.The Exchange security objects were created in the root domain; we have no problems with non-clustered Exchange mailbox-server, nor with the client-access/hub-transport server.I think if it were a permissions issue, one of the other exchange boxes would have a similar problem.Most DNS a records are held by an external Solarus box for the root and largest child domain. The AD DNS for those domains only holds the AD specific (SVC) bits of DNS, and are secondaries for the A records. (no, I would prefer DDNS - but it's not my choice to make.).
January 5th, 2010 7:40pm