Upgrading from Stand-alone exchange 2007 to DAG 2010
This subject has been discussed several times, I know... but I just need a few pointers to cover what I am doing, google is practicing very dark humor on me...
Current Scenario:
Mail.company.com is a stand-alone exchange server , DNS, DHCP and PDC (bad idea I know, but that's how I found this when I got the job) , it has the certificate for the mail.company.com name as well. Running on it is Exchange 2007 and Windows 2003 server.
Work done so far:
I Installed Windows 2008 R2 on 3 servers, installed Exchange 2010 (mailbox roles and hub transport) on the first 2 , and on the third installed the hub transport only to make it the witness server.
Now the DAG is made, I have 2 databases, cross mounted and seeded , healthy, sent test emails to find it directly duplicated on both OWAs ...
Questions:
I am trying to migrate everything from my 2007 exchange to the new setup DAG... but I need to keep the mail.company.com as the public name..
- Where do I configure the hub transport stuff? (like receiver connector, smtp connector and OWA settings?) , do I do it on all 3 servers? or just the witness server?
- How do I take the name mail.company.com to the new environment, and who will get it? the witness, one of the DAGs ... I imported the certificate to all 3 ... but not sure where this will get me..
- related to above questions: who gets the ip address that I have the mx record IP natted to?
I know I am almost done, but I really need your help on bringing it home here...
September 19th, 2011 5:20am
Hello,
where have you installed the 2010 Client Access servers?
Please be aware that load balancing with a CAS array on the DAG members is only supported in a scenario with a hardware load balancer. With Windows NLB you have to separate the CAS from the DAG.
Most of the Hub Transport configuration (send connectors for example) is stored in Active Directory and is replicated to the other HT servers automatically.
Greetings,
Toni
Hey Toni,
I have the client access installed on both DAG servers (not the witness), should i install it on only one? is it safe to simply uninstall this role from one of them now?
from your comment on seperating the CAS from DAG , does this mean I should have it on the witness server, or should I simply have it on the exchange 2007 maybe (this solves the naming issue for me) with it reading the DB from the DAG?
Cheers
Wassim
Free Windows Admin Tool Kit Click here and download it now
September 19th, 2011 8:29am
Hello,
for real high availability on Exchange side you should have 4 servers:
2x DAG
2x CAS/HT
The problem with 3 servers is: it's good to have a DAG for high availability but with only one CAS you'll get problems when this CAS goes down because your clients are connecting to the CAS so they won't be able to connect anymore.
Have you done any configuration on the new CAS? If no you can safely uninstall the CAS role from the server.
Greetings,
Toni
September 19th, 2011 8:53am
Hello,
for real high availability on Exchange side you should have 4 servers:
2x DAG
2x CAS/HT
The problem with 3 servers is: it's good to have a DAG for high availability but with only one CAS you'll get problems when this CAS goes down because your clients are connecting to the CAS so they won't be able to connect anymore.
Have you done any configuration on the new CAS? If no you can safely uninstall the CAS role from the server.
Greetings,
Toni
Well all the Exchange 2010 servers are in beta/test mode... so I can uninstall and reinstall anything I want, it will not affect my users, as they are still using the exchange 2007 I am trying to migrate from....
Once all is done I can maybe configure the old Exchange 2007 as the secondary CAS...
So the CAS is the same as the witness server? or does this have to be another CAS only server?
Free Windows Admin Tool Kit Click here and download it now
September 19th, 2011 9:08am
Hello,
place the FSW on one of your CAS/HT servers since the recommendation of Microsoft is to put the FSW on a HT server.
You can configure a CAS array with only one CAS server. The advantage is that you have the name of your array provided for your clients so you can just simply add the second CAS and you don't have to change anything on the clients.
Greetings,
Toni
September 19th, 2011 9:26am
Hello,
place the FSW on one of your CAS/HT servers since the recommendation of Microsoft is to put the FSW on a HT server.
You can configure a CAS array with only one CAS server. The advantage is that you have the name of your array provided for your clients so you can just simply add the second CAS and you don't have to change anything on the clients.
Greetings,
Toni
Hey Toni,
Ok I will uninstall the client access role from the 2 DAG servers, and install it on the HT/FSW server... this will make the DAG servers running the DB only, and one server acting as HT , FSW and CAS ...
This will take time as I am installing exchange 2010 SP1 on all of them (some of my clients use Outlook 2011 , it only supports 2010 with SP1).
But the main issue is the transition, how do I move the name from 2007 to FSW ? downtime and DB move (my DB size is around 300 GB)
Thanks by the way for your replies so far!
Cheers
Wassim
Free Windows Admin Tool Kit Click here and download it now
September 19th, 2011 9:34am
Ok sorry for being away but I had a terrible thing happening with a Terminal server (who happens to server 85% of my users) , it just won't have some things running on it, and there'S an exchange 2003 management tools installed that just won'T go away!
Anyway, back to our subject. I have finalized the DAG setup and below is the current status:
Witness server has the hub transport and all certificates from the exchange 2007 has been imported to it.
2 mail DB servers
When doing a test (at night or weekends), i just switch the static NAT from one server to the other, and when using the public name of the mail server (https://mail.company.com/owa) , the exchange 2010 page opens, and I can login to any user i have created
in the database of the DAG members.
I can send external mails (as in from exchange to gmail or hotmail), however I still cannot receive emails .... which is a big issue for me... and I cannot conect via Outlook (via internet , not intranet).
Any ideas what I could be missing here? we have a spam filtering company that forwards clean emails to our server, it did not block the messages I sent as a test, and did indeed try to forward the message to my new HT or witness server (it forwarded to the
real ip that was NATed to the new server), but I just could not get it...
October 21st, 2011 6:24am
What error or NDR do you get?
Cheecked that your receive connectors accetps email from that IP if locked down? Allow anonymous connection checked on the permission groups?
Turn up the logging on the receive connector to verboseSukh
Free Windows Admin Tool Kit Click here and download it now
October 23rd, 2011 7:15pm
Poject has been ut on hold for a while, andnow I have to finish it.
So the current weird situation is that I had to rename the CAS server, so I had to destroy and rebuild the dag (destroying the cluster nodes as well).
Now that I rebuilt it, it seems to be functioning, I receive emails and all's well... however there is no failover whtsoever, if one DB server goes down, the entire DAG stops working, it does not redirect between servers... when both were up, the Database
was healthy on one and Mounted on the other, all green ... what gives?
Note that before I destroyed and rebuilt, the failover functionality worked... real stuck at the last point here...
December 9th, 2011 5:58am
OK so I removed the servers from the dag and removed it...
creating a new DAG got me the error:
Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:00
test
Failed
Error:
The task was unable to create the default witness directory on server servername.domain.local. Please manually specify a witness directory.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.140).aspx?v=14.1.338.0&t=exchgf1&e=ms.exch.err.ExAE3A7C
Warning:
The operation wasn't successful because an error was encountered. You may find more details in log file "C:\ExchangeSetupLogs\DagTasks\dagtask_2011-12-09_15-50-40.315_new-databaseavailabiltygroup.log".
Exchange Management Shell command attempted:
New-DatabaseAvailabilityGroup -Name 'test'
Elapsed Time: 00:00:00
I added the WMI to the allowed traffic on the firewall , did not help
I turned off the firewall on all 3 sides (which is very bad) , did not help either
I added all groups realted to Exchange to the local Administrators group on the witness server, did not help
I added both Exchange DB servers computer accounts to the witness local administrators group , did not help
Please help?
Free Windows Admin Tool Kit Click here and download it now
December 9th, 2011 11:00am