Category Archives: Exchange 2007

Quick Bites – Best practices for installing Exchange Servers across different subnets/sites

In this article i have collected few information that we need to look into while we are  planning for Exchange Servers across different subnets.

Exchange servers will work perfectly fine on different subnets. As long as there is no firewall interruption between Exchange servers in the subnet you should be fine.Even if you have firewall it will work fine but ensure that you have DC and GC connectivity if you have firewall to these servers since exchange needs them to contact frequently.

But keep in mind the exchange servers need to talk to each other almost constantly and that would just make things extremely difficult and make troubleshooting harder if you run into any issues with Exchange and GC/DC connectivity.
Ensure that there is no Windows Firewall or A/V interfering perhaps between 2 subnets. Let’s have a look at few things that we need to consider during our planning.

 

For DAG –
If I’ve got servers on multiple subnets do I need to have a DAG IP in the range of each subnet ?

There needs to be a new Subnet added to the DAG before the node in a different subnet can join the DAG.The reason for this is so the DAG name can be switched and hosted in either of subnets.

MAPI network and Replication Network should not be on the same subnets. Having them on a different subnets will not be single point of failure. When a replication network fails, replication should automatically fail-over to the DAG’s MAPI network .Always, DAG member which communicates with other site requires each site with different Replication Network Subnet.

Probably you can perform the below tasks as a part of checking to ensure that the DAG configuration is correct

Run the below command to check the network settings of DAG :-

Get-DatabaseAvailabilityGroup -Identity DAGNAME | ft DatabaseAvailabilityGroupIpAddresses

To provide network connectivity between each of the replication subnet, a persistent static route must be entered into the Exchange member’s routing table.

To create a persistent static route run the below command :-

netsh interface ip add route (Example IP)10.3.0.0/ 24 “replication 1” 10.4.0.2
netsh interface ip add route (Example IP)10.4.0.0/ 24 “replication 2” 10.3.0.2
Validate through Failover Cluster Manager and ensure that DAG IP is Online.

 
For CAS Array –

CAS Array is site Specific

It is possible to add 2 CAS Servers belonging to different subnet in a CAS Array but they should be in same AD sites. Since they should be querying the same DC’s so we can have Exchange servers spanned across 2 datacenters in a single site if you are planning for adding cas servers in a array in 2 different subnets.

If it is going to be 2 different subnets and different sites then we need to create 2 different CAS array one in each site and probably need to do a DNS round robin which will not give a full HA even by setting the TTL values.

 
For HUB –

We need to have hub servers in each site and they are site specific.Hub servers can support HA for different subnets and help in mail routing only when they are spanned across  the same site in different datacenters.
If we are planning for HA for hub servers in different subnet and different site then we need to install hub servers on each site for HA.

The above points will be useful while we plan for Exchange server deployment in 2 sites and subnets.

Reference –

http://blogs.technet.com/b/timmcmic/archive/2014/05/06/exchange-2010-2013-what-constitutes-a-failure-of-the-replication-network.aspx

http://social.technet.microsoft.com/wiki/contents/articles/28362.best-practices-for-installing-exchange-servers-across-different-subnetssites.aspx

Thanks 

Sathish Veerapandian

MVP – Exchange Server 

OWA,EWS configuration in Exchange 2013/2007 coexistence

We need to consider few factors while planning for coexistence between Exchange 2013 and legacy exchange servers especially exchange 2007 .We might run into few confusions. In this article i will mention few key points which needs to be considered while planning Exchange 2007 and 2013 coexistence for owa,ews setup.

In coexistence with exchange 2013 and legacy version the request happens in 2 types.
For Exchange 2010 – Exchange 2013 does a Proxy for owa and ews requests for users in exchange 2010.
For Exchange 2007 – Exchange 2013 does redirection for owa and ews requests for users in Exchange 2007.

When a user with an Exchange 2007 mailbox logins externally from OWA the requests goes to Exchange 2013. Now the Exchange 2013 needs this connection to be redirected to exchange
2007 server.

In Order to do this Exchange 2013 requires a dedicated external host name configured on exchange
2007 server’s for the required services accessed from externally. So the external and internal hostnames of the Exchange 2007 server need to be different from the hostnames of the Exchange 2013 server and need to be pointed to the Exchange 2007 server.

Better use the Exchange Server Deployment Assistant which will give much clear information.If
you are still confused then you can remember the following key points.

First all the services URL’s needs to be pointed to Exchange 2013 CAS server from exchange
2007.Exchange 2013 CAS server will redirect the connections to Exchange 2007 server.

Legacy Names:
Configure following Legacy host names for the below services in exchange 2007

OwaVirtualDirectory – Create https://ExternalLegacyHostName/owa
WebServicesVirtualDirectory – Create https://ExternalLegacyHostName/EWS/Exchange.asmx
UMVirtualDirectory – Create https://ExternalLegacyHostName/UnifiedMessaging/Service.asmx
OABVirtualDirectory – Create  https://ExternalLegacyHostName/OAB
ActiveSyncVirtualDirectory – Create  https://InternalLegacyHostName/Microsoft-Server-ActiveSync

 

Planning Internal and External owa URL’s

For Exchange 2013 OWA URL: Use same old URL for OWA access to Exchange 2013 and change the IP address from exchange 2007 to E15 internally.
Change the external owa url and redirect the connections to exchange 2013 CAS.

For Exchange 2007 OWA URL:

Create Legacy. Domain.com for external owa users.
Create Legacy.Domain.com for internal owa users.

Below is an example to Modify the OWA url :

On Exchange 2013 point the ExternalUrl  ‘mail.contoso.com’ to Exchange internet facing CAS server.
On Exchange 2007 create the ExternalUrl as ‘legacy.contoso.com’

 

Certificates:

All the required SAN entries for UM,webservices and activesync should be created.
Add external owa legacy URL to the public certificate and install it on both Exchange 2007 and
Exchange 2013 only then owa redirection will work.
You need to Include internal Legacy. Domain.com on Exchange 2007 Certificate for OWA co-
Existence.
Following change needs to be done in Firewall

External OWA URL should be directed to exchange 2013 Internet Facing CAS.

External EWS URL should be directed to  exchange 2013 Internet Facing CAS.

External Autodiscover URL should should be directed to  Exchange 2013 CAS.
External ActivesyncVirtualDirectory should be directed to Exchange 2013 CAS.

External UMvirtualDirectory should be directed to  Exchange 2013 CAS.

Create new NAT rule on firewall for Legacy.domain.com to Exchange 2007 CAS. You can do this as well.By doing this users will be able to log on directly using the URL https://legacy.domain.com/owa with a mailbox on Exchange 2007.

 

External and Internal DNS settings

Public DNS – Map all of your external public DNS records (ews,owa,activesync etc.,) to your
exchange 2013 public IP if you have dedicated one for 2013 or FQDN of your internet facing CAS server.
Example:
Current external owa URL (contoso.domain.com) – point it to dedicated exchange 2013 public ip or internet facing exchange 2013 CAS FQDN.
Current External Autodiscover – point it to dedicated exchange 2013 public ip or internet
facing exchange 2013 CAS FQDN

Internal DNS – Configure the Exchange 2007 to point SCP AutoDiscoverURI to Exchange 2013 Client
Access FQDN by changing DNS entry for Autodiscover.domain.com to exchange 2013 CAS sever Ip
address

The internal DNS records should point to the internal host name and IP address of your Exchange
2013 Client Access server
Make sure that legacy.contoso.com resolves to CAS2007 in internal and external DNS.

Authentication Settings:

This part is little bit tricky. You need to plan according to your organization. If you have FBA configured in TMG or ISA server then you need to configure accordingly.
Set the owa virtual directory authentication only to  Basic in exchange 2007.
In exchange 2013 set owa virtual directory to only (Windows Authentication) or only (form-based authentication) or only (Basic, No redirection, SSL Enabled) depends according to your setup.

Things to check:

If you have redirection configured in IIS on the Exchange 2007 Server Make sure that the above
Virtual Directories doesn’t have it configured.

If you have FBA enabled on ISA or TMG then disable FBA on Exchange 2013 CAS else users will be prompted twice for authentication.

References:

http://technet.microsoft.com/en-us/library/jj898581(v=exchg.150).aspx

Checklist: Upgrade from Exchange 2007
http://technet.microsoft.com/en-us/library/ff805032(v=exchg.150).aspx

Install Exchange 2013 in an Existing Exchange 2007 Organization
http://technet.microsoft.com/en-us/library/jj898582(v=exchg.150).aspx

http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration.aspx

Thanks

Sathish Veerapandian

%d bloggers like this: