Minimum HA Exchange 2010 configuration

There is some confusion on the minimum number of Exchange 2010 servers that are required for running a Exchange 2010 in a High Available configuration. This seems logical, because with Exchange 2007 you could not mix a clustered Mailbox role with one of the other Exchange roles. That meant for a minimum Exchange 2007 HA configuration you need 2 clustered Mailbox servers and 2 Exchange servers with the CAS en Hub role, where you load balanced the CAS role using Network Load Balancing (NLB).

With Exchange 2010 you can add CAS and HUB roles to a Mailbox server that is part of a Database Availability Group (DAG). So this might lead people to think you can suffice with 2 servers with Exchange 2010, each server holding the Mailbox, CAS and Hub role, part of a DAG and with load balancing configured for CAS (Hub roles are load balanced automatically within a site).

However, there’s a caveat: NLB and Failover Clustering (on which DAGs are build) are mutually exclusive. This means you can’t have both.

The solution is to install the CAS and Hub roles on DAG’ed Mailbox servers, but instead of load balancing client requests on the server, you use an external load balancer or ISA Server. When using a load balancer you need to configure the CAS servers in a CAS array, but I’ll devote another article to that at a later time.

So, when asked what’s the minimum number of Exchange 2010 servers required for a HA solution, the answer is 2½.

Update: The mentioned article on CAS Arrays is located here.

18 thoughts on “Minimum HA Exchange 2010 configuration

  1. In reference to your comment “When using a load balancer you need to configure the CAS servers in a CAS array, but I’ll devote another article to that at a later time.” Have you devoted this topic to another article yet? I am anxious to learn about how this is done.

    Thanks

  2. I work for a mid-size company (350 mailboxes with a 400G information store) facing Ex2003 to Ex2010 upgrade. Would you please tell me:
    1. what’s the minimum number of nodes (Ex2010 svr) in a DAG setup?
    2. Without external LB device, does 2-node-DAG setup work (without auto failover)?
    3. Can an Ex2010 work in a sigle server setup without DAG (will use a hot-standby)?

    Please help. Thanks.

    • 1. In a normal situation 2;
      2. The LB device is for load balancing CAS traffic since NLB and Clustering don’t go together;
      3. You can still use single server solutions.

  3. Dear mdrooij,

    I have mailbox servers on 2 sites(Simulated by vyatta). Will you please comment on this cofig. If possible can you write an article on DAG across WAN with commandline

    What is missing in this config ?

    Name
    IPv4 address
    Subnet mask
    Default gateway

    HOME-HO-MB-01 (MAPI)
    192.168.16.35
    255.255.255.0
    192.168.16.1

    HOME-HO-MB-01 (Replication)
    192.168.32.35
    255.255.0.0
    None

    HOME-DR-MB-01 (MAPI)
    192.168.15.35
    255.255.255.0
    192.168.15.4

    HOME-DR-MB-01 (Replication)
    192.168.31.35
    255.255.0.0
    None
    DAG1
    192.168.16.
    50To configure routing for the Replication network adapters on HOME-HO-MB-01 &
    HOME-DR-MB-01 the following command was run on the server.

    Route add 192.168.31.0 mask 255.255.0.0 192.168.32.4 -p

    To configure routing for the Replication network adapters on HOME-HO-MB-01 &
    HOME-DR-MB-01, the following command was run on the server.

    Route add 192.168.32.0 mask 255.255.0.0 192.168.31.4 -p

    No routing between 192.168.16.0, 192.168.32.0 and 192.168.15.0, 192.168.31.0

    Database Availability Group Creation and Configuration

    Step 1:
    The following command creates a DAG named DAG1, configures HOME-HO-HC-01 to act as the witness server, configures a specific witness directory (C:\DAGWitness\DAG1.home.com), and configures two IP addresses for the DAG (one for each subnet on the MAPI network).

    New-DatabaseAvailabilityGroup -Name DAG1 -WitnessServer HOME-HO-HC-01 -WitnessDirectory C:\DAGWitness\DAG1.home.com -DatabaseAvailabilityGroupIPAddresses 192.168.16.36, 192.168.15.36

    Step 2:

    The following command configures DAG1 to use an alternate witness server of HOME-DR-HC-01 and an alternate witness directory on HOME-DR-HC-01 that uses the same path that was configured on HOME-HO-HC-01.

    Set-DatabaseAvailabilityGroup -Identity DAG1 -AlternateWitnessDirectory C:\DAGWitness\DAG1.home.com -AlternateWitnessServer HOME-DR-HC-01

    Step 3:

    The following commands add each of the Mailbox servers, one at a time, to the DAG. The commands also install the Windows Failover Clustering component on each Mailbox server (if it isn’t already installed), create a failover cluster, and join each Mailbox server to the newly created cluster.

    Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer HOME-HO-MB-01
    Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer HOME-DR-MB-01

    After This step 2 databases will be visible in the Database Management Tab. EMC> Organization Configuration > Mailbox > Database Management.These databases contain some arbitration mailboxes. To see the arbitration mailboxes apply the commands as follows. We cannot delete these mailboxes.

    Get-Mailbox – Arbitration |FL Name, Database

    The following commands will create a New Database in HOME-HO-MB-01 and mount it.

    New-MailboxDatabase –Name HOMEDB1 –Server HOME-HO-MB-01
    Mount-Database –Identity HOMEDB1

    The following command create a passive copy (No Lag) in HOME-DR-MB-01

    Add-MailboxDatabaseCopy -Identity HOMEDB1 -MailboxServer HOME-DR-MB-01 – ActivationPreference ‘2”

    The ActivationPreference parameter is used to break ties when multiple database copies meet the activation criteria during Active Manager’s best copy selection process. During the selection process, if more than one database copy meets all of the criteria for activating, then the configured value for ActivationPreference is consulted, and the database with the lowest value is activated and mounted. The value for the ActivationPreference parameter is a number equal to or greater than 1, where 1 is at the top of the preference order. The position number cannot be larger than the number of database copies of the mailbox database plus 1.

    Checking the Health and Status of Server and Database

    This example returns information about the health and status of replication for a database named HOMEDB1 on a server named HOME-DR-MB-01. This provides the same information as the General tab on the Mailbox Database Properties page, except it does not display the activation preference number.

    Get-MailboxDatabaseCopyStatus HOMEDB1\ HOME-DR-MB-01
    Get-MailboxDatabaseCopyStatus HOMEDB1\ HOME-DR-MB-01 | Format-List

    This example returns status and Hub Transport shadow redundancy information for a database named HOMEDB1. The status results are displayed in a list format.

    Get-MailboxDatabaseCopyStatus -Identity HOMEDB1-DumpsterStatistics | Format-List

    Thanks
    Manu

  4. I made one excel file for this config where you fill in all the details of the domain and IP, it will create the list of commands for you.

    But its not complete
    MTT

  5. Pingback: Some 2010 Statistics « EighTwOne (821)

  6. Pingback: Thoughts on “Five things that annoy me about Exchange 2010″ « EighTwOne (821)

  7. Can you use DNS round robin to use as a “load balancer” for the CAS redundancy, so you only need 2 physical servers and 2 licenses of Exchange?

    • DNS Round Robin is not really a HA solution, but if you can live with the consequences and downsides, it may be an option. It all depends on your requirements and expectations.

  8. if your DAG /CAS servers where located on seperate subnets ie buildings how would the load balacing work when you would want your client to prefer a local resource first. Are there resonble priced load balance appliance or open source products…

    THanks

    • You can create a CAS array per site using site affinity. Clients will hit local CAS servers first. Depending on your requirements and budget, you can put a (HW)LB in front of each local array.

  9. If you are creating a CAS array with the FQDN of the cluster node name, your failover will works automatically without any other additional software or DNS changes ! The virtual cluster IP will stay the same, but will balance between the first and the second server (just be sure that the Windows clustering is configured with at least a witness network folder and a shared IP address as ressource).

    New-ClientAccessArray –Name “CAS Array” –Fqdn “exchange.domain.com” –Site “Default-First-Site-Name”

    Set-MailboxDatabase DatabaseName -RpcClientAccessServer “exchange.domain.com”

    Tested, it works !

    Regards,

    André

  10. Pingback: Load balancing Exchange 2010 using a KEMP Loadmaster | EighTwOne (821)

  11. Hello #821.
    From my understanding

    “but instead of load balancing client requests on the server, you use an external load balancer or ISA Server. When using a load balancer you need to configure the CAS servers in a CAS array, but I’ll devote another article to that at a later time.”

    You can have CAS/HUB/MAILBOX roles installed on 1 server with DAG/CAS ARRAY configured however the NLB has to be done by Hardware or Software.

    1. My Question is can you create an CAS Array with a Server which has a DAG? Will it allow it to create a CAS Array?

    2. Can you use a server (instead of hardware/software load balancer) win 2008 r2 as a NLB Server/Witness Folder Server? Is this design work? Therefore in total 3 servers. 1 x server (NLB/Witeness Server), 1 x CAS/HUB/MAILBOX01 & 1 x CAS/HUB/MAILBOX02

    3. Is there any configuration to be done on the 2nd CAS02 server for HA or does it automaticlly pick up the settings from CAS01 server like HUB servers?

    Thanks for your HELP!!!

    • 1) A CAS Array is a logical entity, and it’s not bound to a Exchange server but a FQDN in DNS. So yes, can use a CAS array, point that to outlook.contoso.com and have outlook.contoso.com point to the IP number of one of the CAS servers in DNS. In fact, create a CAS array is best practice because you’re making the RPC endpoint flexible.
      2) For Witness servers you can use any member server, preferably Hub Transports.
      3) You need to keep the configurations in sync for most part, i.e. registry settings (ports), virtual directories etc.

  12. Thanks for the reply!!!
    Another Question on my design #821

    I’m trying to setup a lab environment for a basic HA Exchange 2010 environment with a Single AD Site design. This is the equipment i have:

    1. VMware hypervisor esxi with: 1xDC, 1xCAS/HUB01 & 1xMAILBOX01 < – All Servers Win 2008 R2 ENT
    2. VMware hyperviso esxi with: 1xCAS/HUB02 & 1xMAILBOX02 < – All Servers Win 2008 R2 ENT
    3. Physical Server Win 2008 R2 ENT

    What i understand from all your replys & article is:
    1. CAS ARRAY & DAG Setup can't live together on the same box. Hence why min of 4 servers are required for HA/DR that is HA for 2 x CAS & 2 x Mailbox. Is this correct?
    2. Since CAS ARRAY & DAG Setup can't live together on the same box i have decided to put a physical server to act as a Load Balancer for CAS and Witness Folder Server for DAG is this correct? the reason i'm doing this is if 1 x VMware hypervisor fails we have another hypervisor as HA hence why i'm not putting witness folder/nlb in any of the hypervisors.
    3. Will a physical win 2008 r2 ent server handle NLB for about 15-20 staff in a company?
    4. How will this affect auto-discover will all the certs need to be install on NLB Server or NLB server is there just to forward requests to the next available server in a round robin fashion.

    thanks for your HELP!!!!!

    • 1) No, NLB and DAG can’t co-exist. CAS array is a logical entity.
      2) I’d add an addition DC in the picture as well.
      3) Yes. But you wanted HA, so why the single LB box making it a single point of failure?
      4) Certs only optional with layer 7 LBs; NLB isn’t so no worries there.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s