Hi, I was planning my Exchange 2010 (sp1) HA architecture, but I stumble in something unexpected (due to my ignorance) and I'm looking for advice.

Here is the situation now:

I have a virtual exchange server with HUB and CAS roles and another phisical exchange server with mailbox role installed. They are both in my primary site.

Now we have a remote site and a remote vmware hosts to use for HA and disaster recovery purposes. The internal network of the DR site is different from mine and it's natted too. More precisely my primary network is 192.168.100.0/24 and the DR network is 192.168.60.0/24 natted with 192.168.113.0/24.

The DR domain controller and the DR AD site are already in place.

My idea was:

- to use veeam replication to create a replica of the first exchange server, the virtual one of course, with CAS and HUB roles. I thought to use the veeam network remapping tool to change che server IP address in case of failover.

- to install a new exchange server in the DR site with mailbox role only and configure a DAG

I thought it was brilliant.

It was not..

Since i cannot create the veeam replica right now (long story) I tried to install the DAG and here we are with my problems.

Error:

Setup encountered a problem while validating the state of Active Directory. Could not find Active Directory site to which this server belongs.

This is weird, because I have no problems with site replications etc.

Warning:

Setup did not detect an existing Huh Transport Server role installed in Active Directory site 'DR'...
Setup did not detect an existing Client Access Server role installed in Active Directory site 'DR'...

And that's my real problem. I didn't remember that Exchange is site based.

What are my options now?
Could I install CAS and HUB just to complete the install and then ignore them or they will cause problems with my primary site?

In the end, what do you think should I do?

At this point I could re-think the all thing.

Thank you and sorry for the grammar

• Edited by David.Ferrari Tuesday, November 26, 2013 1:38 PM

Hi David,

I am not sure if I understood your situation completely and I dont know what is veeam anyway. You need to have a CAS and HUB server where ever you have a MB server.

If you want to use DAG for HA purposes, great!. Would your DR site host any mailboxes during normal operations? I assume not and proceed with my suggestion.

1. All you need to do is to setup or install a multirole (typical installation) of Exchange Server on the remote site.

2. Now, create a CAS array for the remote site (even for a single CAS server)

New-ClientAccessArray -Name DRCASArray -Site "DR-Site-Name" -FQDN casarrayname.domain.com

3. Make sure to create an alternate FSW server on the DR site (this needs to be configured when you do a DR)

4. Since you already have a MB server in the primary site, you need to setup a DAG with Primary MB server + DR MB Server + Primary FSW (Hub Server in the primary site)

Remember, Datacenter swtich overs are manual operations and NOT automatic.

Read this article on how to perform datacenter swtichovers -

http://technet.microsoft.com/en-us/library/dd351049(v=exchg.141).aspx

Datacenter Swtichover Tool -

http://blogs.technet.com/b/exchange/archive/2012/10/19/exchange-2010-datacenter-switchover-troubleshooter-now-available.aspx

Datacenter Switchover Troubleshooter -

http://gallery.technet.microsoft.com/office/Exchange-2010-Datacenter-09a81fc6

All the best!

Hi,

Siva's suggestion is pretty helpful. Besides, we should note that witness server can't be a member of DAG.

An article about managing DAG for your reference.

Managing Database Availability Groups
http://technet.microsoft.com/en-us/library/dd298065(v=exchg.141).aspx

If there are any problems, please feel free to post here for further research.

Best regards,
Be

Thank you guys, this is pretty useful.

My major dobut was about installing all the roles in the DR site. I was afraid that would cause problems in the primary site, but as far I can tell this is the only and right way to use exchange in a remote datacenter.

So, point 1 taken.

About point 2, the CAS array, why doing it for the DR cas only? I'm sorry for the question but I'm missing the point. What is the difference betweeen the single DR CAS and the DR CAS Array with a single CAS server?

About point 3 and 4, the file witness server. Let'see if I understood this correctly. For HA purposes I need a FWS in the primary site, configured in the primary HUB server. The alternate FWS will be configured when we switch in a failover state or it could be done right now? Can I use any windows server as FWS or do I need another exchange server?

In my first post I wrote we need mainly HA for the mailbox role, but that was just the beginning.

In the end we need to have a full DR site, even for client connectivity (intranet and internet). The DR cas should have the same URL of the primary site (webmail.domain.ext) and the same certificate, if it's possible.

EDIT: in many examples I see that usually the primary url and the DR url are different (ie mail.domain.ext and failover.domain.ext) and the certificate is created for both names, plus autodiscover. Is it the only way? I'd like to keep one url for both sites if possibile

Something like this, i presume: http://www.msexchange.org/img/upl/image0011285328856401.jpg

Does all above still applies? I'm thinking about che CAS array in particular.

Thank you again
I'll read all the docs you linked

• Edited by David.Ferrari Wednesday, November 27, 2013 7:50 AM

David & Belinda,

Sorry If my response was misleading. FSW cannot be a part of your DAG membership like a MBX server but just a voting member for the DAG Node Majority with File Share Witness.

Below example to create a witness server /directory for a DAG:

Set-DatabaseAvailabilityGroup "DAG NAME" -WitnessServer "HUB SERVER NAME" -WitnessDirectory "E:\DAGFSW"

Hi,

For the problem "About point 2, the CAS array, why doing it for the DR cas only?  I'm sorry for the question but I'm missing the point. What is the difference betweeen the single DR CAS and the DR CAS Array with a single CAS server?"

It's recommended to create a CAS array even if you only have a single Client Access server within your organization. No matter DR site or primary site, it's recommended to create a CAS array.

When a Client Access server array is created, clients connect through the virtual name of the Client Access server array rather than directly to the fully-qualified domain name (FQDN) of your single Client Access server. If a single Client Access server needs to be replaced within an Active Directory site or a second Client Access server is added, no profile updates are necessary on the clients.

For the problem "The alternate FWS will be configured when we switch in a failover state or it could be done right now? Can I use any windows server as FWS or do I need another exchange server?"

We had better configure an alternate FWS to prepare for site failover. It is recommended to use a Hub Transport Server as FSW. If needed you can use a non-Exchange Server to serve as an FSW, but you have to add the Exchange Trusted Subsystem Universal Security Group to the local Administrators Group on the FSW Server.

For the problem "Is it the only way? I'd like to keep one url for both sites if possibile?"

Here is a thread which can help you for your convenience:

Exchange Site Resilience Active/Passive, DAG stretched over different Active Directory Site
http://social.technet.microsoft.com/Forums/exchange/en-US/9c4d537e-dc3a-4934-9928-7840634b4eae/exchange-site-resilience-activepassive-dag-stretched-over-different-active-directory-site?forum=exchangesvravailabilityandisasterrecovery

More information for your reference.

Datacenter Switchovers
http://technet.microsoft.com/en-us/library/dd351049(v=exchg.141).aspx

Understanding RPC Client Access (Please refer to the "The Client Access Server Array" section.)
http://technet.microsoft.com/en-us/library/ee332317(v=exchg.141).aspx

Hope this helps.

Best regards,
B

Thank you very much Belinda and Siva.

I've got a bunch of docs to read, but I think I'll be ok.

It worked like a charm :)

Now I'm facing another little dilemma about the CAS servers.

Following your advices now I have 

1 HUB/CAS server in the primary site

1 MAILBOX server the primary site

1 HUB/CAS server in the DR site

1 MAILBOX server the DR site

I did some simulations and the DAG works great.
But what if fails the CAS in the primary site? 

The failover OWA usually pops up a message saying to use the primary OWA url. It works only if one or more databases are actually active in the DR site.

My first thought would be to create a new OWA in the DR CAS server (or a CAS array for the primary site with a "node" in the DR CAS) to serve the purpose, but since i was wrong before I'm here just to ask you one more advice :)

Thanks