DAG in 2 datacenters Through WAN-IpSec.
Hello All..
I'm making tests on an Exchange Deployement in an active production dual Datacenter having following subnets specs..
Site A : 10.10.x.x (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251 (AD is on this Site)
Site B : 192.168.44.x (255.255.255.0) - GW : 192.168.44.254 - DNS : 192.168.44.253/254
Both Sites are linked via a VPN Ipsec Connection.
My two Dag nodes have following actual tests specs
DAG 1 :
LAN (MAPI) : 10.10.100.7 (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251
DAG (Replication) : 10.10.100.6 (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251 (yes i know, i'll have to change this)
DAG 2 :
LAN (MAPI) : 192.168.44.104 (255.255.255.0) - GW : 192.168.44.254 - DNS : 192.168.44.253/254
DAG (Replication) : 192.168.44.113 (255.255.255.0) - GW : 192.168.44.254 - DNS : 192.168.44.253/254 (yes i know, i'll have to change this)
Yet i think my cluster is not active correctly. I don't happen to see in Windows Clustering Failover Manager the Site B and DAG 2 network cards when setting up a DAG...
I am wishing to respect following documents for the dag setup i've found trough the forums :
http://technet.microsoft.com/en-us/library/dd638121.aspx
http://technet.microsoft.com/en-us/library/dd979781.aspx
http://technet.microsoft.com/en-us/library/dd638104.aspx
http://technet.microsoft.com/en-us/library/dd638129.aspx
If i understand well documentations, here are the modifications i'm going to make for a deployement :
DAG 1 :
LAN (MAPI) : 10.10.100.7 (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251
DAG (Replication) : 192.168.1.1 (255.255.255.0)
DAG 2 :
LAN (MAPI) : 192.168.44.104 (255.255.255.0) - GW : 192.168.44.254 - DNS : 192.168.44.253/254
DAG (Replication) : 192.168.2.1 (255.255.255.0)
In addition i'll add manually following routes :
DAG 1 : netsh interface ipv4 add route 192.168.2.0/24 "DAG" 192.168.1.254
DAG 1 : netsh interface ipv4 add route 192.168.1.0/24 "DAG" 192.168.2.254
Finally in EMS :
New-DatabaseAvailabilityGroup -Name DAG1 -WitnessServer ExchCas01 -WitnessDirectory C:\DAGWitness\ -DatabaseAvailabilityGroupIPAddresses 10.10.20.100,192.168.44.100
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer DAG1
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer DAG2
Is this the right configuration scheme ? Do you see anything wrong in planned tests ?
Thanks for your returns..
Tdldp
EDIT :
I have a weird personnal reflexion on the routing ...
My IPSec Network has following configuration on Site B :
left=SITEB_PUBLIC_IP
leftnexthop=SITEB_PUBLIC_GATEWAY
leftsubnet=192.168.44.0/24
right=SITEA_PUBLIC_IP
rightsubnet=10.10.10.0/16
rightnexthop=SITEA_PUBLIC_GATEWAY
rightsourceip=10.10.10.254
Is there not a problem with this tunneling ? It's on my opinion not capable to cope routing to a 192.168.1.X network on site A...
What should i add to make it cope this routing ?
Thanks for your help
March 5th, 2012 9:59am
Hi tdldp1,
I would suggest you rename mailbox servers' name to MBX1, MBX2(rather than use the same name as DAG's name).
The link(Deploying High Availability and Site Resilience:http://technet.microsoft.com/en-us/library/dd638129.aspx) is a good example to deploy DAG.
For IPSec issue, please seek the solution in the related forum to resolve it first.
Frank Wang
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2012 2:24am
Hi tdldp1,
I would suggest you rename mailbox servers' name to MBX1, MBX2(rather than use the same name as DAG's name).
The link(Deploying High Availability and Site Resilience:http://technet.microsoft.com/en-us/library/dd638129.aspx) is a good example to deploy DAG.
For IPSec issue, please seek the solution in the related forum to resolve it first.
Frank Wang
TechNet Community Support
March 6th, 2012 2:24am
Hello Franck
Thanks for your reply...
The link is the one i followed to setup Dag Configuration tests...
Yet As doubted, i have no communication between my two sites IP as it is not routed correctly..
Asking the question though i think i already know the answer : Is there a way in given IP Classes to setup a Dag configuration with IPsec compatible IP's, without modifying ipsec configuration ? (ex : Site A DAG1 : DAG
(Replication) : 10.10.21.1 (255.255.0.0) - Site B DAG2 : DAG (Replication) : 192.168.45.1
(255.255.255.0) for which i have an IPsec tunnel configuration set between the sites : It's a test purpose tunnel)
Thanks again by advance for returns..
Tdldp
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2012 3:24am
Hello Franck
Thanks for your reply...
The link is the one i followed to setup Dag Configuration tests...
Yet As doubted, i have no communication between my two sites IP as it is not routed correctly..
Asking the question though i think i already know the answer : Is there a way in given IP Classes to setup a Dag configuration with IPsec compatible IP's, without modifying ipsec configuration ? (ex : Site A DAG1 : DAG
(Replication) : 10.10.21.1 (255.255.0.0) - Site B DAG2 : DAG (Replication) : 192.168.45.1
(255.255.255.0) for which i have an IPsec tunnel configuration set between the sites : It's a test purpose tunnel)
Thanks again by advance for returns..
Tdldp
March 6th, 2012 3:24am
It should work .. If my understanding is correct.
Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2012 6:02pm
It should work .. If my understanding is correct.
Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
March 6th, 2012 6:02pm
Hi tdldp1,
If you deploy DAG cross two datacenters, please also see below link about
DAG Networks and Multiple Subnet Deployments:
Managing Database Availability Groups
http://technet.microsoft.com/en-us/library/dd298065.aspx#DatFrank Wang
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2012 10:28pm
Thanks for that link, i seem to see things a little better...
We are resolving our network issues today, and i'll undergo the tests after that... Will make follow up if solution works or not...
March 9th, 2012 4:36am
Thanks for that link, i seem to see things a little better...
We are resolving our network issues today, and i'll undergo the tests after that... Will make follow up if solution works or not...
Free Windows Admin Tool Kit Click here and download it now
March 9th, 2012 4:36am
Hi tdldp1,
Any updates?Frank Wang
TechNet Community Support
March 13th, 2012 9:57pm
Hi tdldp1,
Any updates?Frank Wang
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 13th, 2012 9:57pm
Hi Frank..
We resolved this morning our IPSec issues...
We have now :
DAG 1 :
LAN (MAPI) : 10.10.100.7 (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251
DAG (Replication) : 192.168.50.1 (255.255.255.0)
DAG 2 :
LAN (MAPI) : 192.168.44.104 (255.255.255.0) - GW : 192.168.44.254 - DNS : 192.168.44.253/254
DAG (Replication) : 192.168.49.1 (255.255.255.0)
DAG 1 : netsh interface ipv4 add route 192.168.49.0/24 "DAG" 192.168.50.254
DAG 2 : netsh interface ipv4 add route 192.168.50.0/24 "DAG" 192.168.49.254
pinging each network interfaces shows trafic passing in each DAG replication networks so they communicate correctly...
Next Step : Setup the Dag based on your documentation...
Through EMC (why but why did i not go trough EMS) i setup the DAG Group with following tests parameters
Name : ExchangeDag
Witness Server : ExchangeCas02
Folder : C:\DAGWitness\
I then add my two servers and went through an error :
Cluster service did not manage to bring up or take down service or cluster application "Cluster Group". Ressources are maybe in failed state (Translated from french, sorry if not exact).. In any case : Error 1205
I then tried to bring DAG back to empty state, by removing both servers, and there was a new error (not noted though).
I have in Event Manager : Cluster Node Dag1 has been removed...
Yet :
DagExchange declares it has only one active server node : DAG 1
On node 1 (Dag1), there is no more Cluster Service active. but DAG 1 server still appears in DAG management Group trough EMS/EMC.
On node2 (Dag2), Cluster service is still active, and node appears in Failover Clustering management for ExchangeDAG name, but not in EMS/EMC any more.
If i try to remove DAG1 node, though EMS or EMC on DAG1 or DAG2 i have following Error :
Can't connect to cluster Service on given computer, assure they have qorum or are configuration only
Shell Command attempted :
Remove-DatabaseAvailabilityGroupServer -MailboxServer "DAG1" -Identity ExchangeDAG
I don't seem able to remove anything on DAG2, even if it declares it's in a cluster that doesn't appear in exchange anymore..
Googling a lot on this crap, if you have any advice i'll take some...But i think i messed up something there ..
I LOVE EXCHANGE ;)
tdldp
EDIT : Technical informations as They come
DAG 1 Cluster Service Status : 18h15
c:\>sc query clussvc
SERVICE_NAME: clussvc
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1066 (0x42a)
SERVICE_EXIT_CODE : 2 (0x2)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
EMC : DAG group Properties throws error : 18h30
ActiveManager Operation Error : Cluster API 'OpenCluster (DAG1.domain)' failed with error 0x6d9 - There
are no more endpoints available from the endpoint
DAG 2 Cluster Service Cleanup : 9h05
Managed to remove Local DAG2 cluster node setup by destroying cluster in DAG2 Failover Clustering Management
Just need now to remove the exchange DAG setup and the lost node from EMC / EMS properties..
DAG CleanUP Done ! 9h30
For Personnal FollowUP : Remove DAG Server with configurationonly switch on lost cluster nodes, cleans up DAG membership.. Following removals done
Restarting My Configuration, and going a bit more slowly.. I think i found an AD latency issue that could have been responsable of faced problems... AD Team on the problem..
March 14th, 2012 1:36pm
Ok...
Through EMS all DAG primary setup and configuration went right this time...
I now have A DAG With my two nodes answering correctly...
Next Setup is normally http://technet.microsoft.com/en-us/library/dd298065.aspx#Dat
When i run the following command :
Set-DatabaseAvailabilityGroupNetwork -Identity DAG1\DAGNetwork01 -Subnets 10.10.0.0,192.168.44.0 -ReplicationEnabled:$false
to collapse DAGNetwork03 in DAGNetwork01 i get following error :
Subnet '10.10.0.0' definition error : it is in conflict with existing Subnet '10.10.0.0/16'
Googling through that but wondering if command does not need the /16,/24 mask ?
EDIT :
This Is Solved : As i thought adding the mask solves problem...
EDIT2 :
Last question before marking this topic SOLVED :
I have in my cluster Management console, Following information :
Cluster : DAG1 - Online
IP Adress : 10.10.20.100 - Online
IP Adress : 192.168.44.100 - Offline.
If i attempt to force it online i get following error message :
An error occured when attemtping to bring online following ressource : IPv4 Static Adress 1 (Cluster Group)
error Code : 0x80071397 : The cluster node is not the ressource owner or the node is not an owner possible of the ressource..
Does it tell you anything ? Is this normal ?
Thanks anyway by advance for all support given.. Really helped me get down to the right information...
I leave my edits for those searching documentation...
Free Windows Admin Tool Kit Click here and download it now
March 15th, 2012 6:45am
I'm closing this thread now.. It is solved for me regarding the DAG Configuration...
Please Franck i'll setup a new thread next monday regarding CAS Array in multiple Subnet.. If you do have some time to take a look at it i'll appreciate...
Tdldp
March 16th, 2012 1:29pm
I'm closing this thread now.. It is solved for me regarding the DAG Configuration...
Please Franck i'll setup a new thread next monday regarding CAS Array in multiple Subnet.. If you do have some time to take a look at it i'll appreciate...
Tdldp
Free Windows Admin Tool Kit Click here and download it now
March 16th, 2012 1:29pm