1

I'm in the process of setting up a 2nd Exchange server 2013 and then Create a DAG for disaster recovery purposes. At the moment we have one CAS/Mailbox Exchange 2013 Server installed on the main site and now they would like to have a second Exchange server on the DR site. The main site and DR site's LAN is extended bridged so they are on the same LAN.

My question is if it is possible to pass the Replication traffic over this same network that is being used to server Mailboxes/Domain etc.. ? and if so, Should the 2nd server be installed with the CAS/Mailbox roles as well?

StefanGrech
  • 154
  • 2
  • 10

1 Answers1

3

Yes you should make your failover exchange server into a CAS/Mailbox server.

Remember this is not specifially for DR, it's for failover. A DR event should also include possible corruption of the database (which in this case the DB will just be replicated and corrupted on two servers). DR is ONLY accomplished with offline backups, preferably stored offsite.

You will need to segment your Sites and Services so users will not try to connect to the failover CAS. The problem you will have is that exchange picks the CAS based on sites and services, so if your WAN link (that is bridged) is slower than your LAN (which is a good assumption) your users will complain that "Outlook is slow ...". This is because they are connecting over the WAN to the DR Exchange server, this is because they are both in the same Sites and Services Site.

The best thing to do is ensure that your DR Site is separated in Sites and Services. This can be done via subnet. Exchange will look at sites and services and then make a decision about which CAS to use for clients.

Also make sure that you have a single CAS URL for Autodiscover, you will probably need to regenerate any SSL/TLS certs used for the CAS if you already do not have a CAS entry in DNS that both servers can use. Otherwise, DR will not work the way you expect it will and neither will autodiscover.

Update

Based on your questions:

  1. Yes it is possible to seperate Sites and Services Sites via Subnet. Even if that Subnet is not specifically routed. For example:

    Routed Subnets:
Site 1: 10.0.1.0/24
DR Site Attched to Site 1 LAN: 10.0.1.0/24

Sites and Services Subnet Configuration:
Site 1: 10.0.1.0/24
DR Site Attached to Site 1 LAN: 10.0.1.128/25

See? Now everything from 10.0.1.128 - 255 is in the Second Site in Sites and Services. This has nothing to do with IP routing. Sites And Services filters Services based on Sites and creates Sites based on Subnets. Subnets in this case are only used as a filter, not as a route.

  1. You need to create a second DNS entry for the CAS Array. I would recommend looking this up and reading about "Exchange CAS Arrays". Your autodiscover and certificate will need to reflect the new CAS Array name. Otherwise your clients will not trust the server during a failover event. The best way to create this certificate is to generate a cert with multiple names. At the very least you should include the following names on your cert:

    1. Autodiscover
2. CAS Array Name
3. OWA FQDN
4. CAS Server Name(s) (add one entry for each)

This way you can generate a single cert for all of your needs.

These are just best practices, if I were you I would read, find a video, and test before doing this in production. I only say this because you seem unsure of Sites and Services, learn how this works first, Exchange Topology and routing will make a lot more sense after you understand Sites and Services.

Joseph Kern
  • 9,809
  • 3
  • 31
  • 55
  • At the moment we can't add additional networks, so strictly speaking the site-to-site is a dedicated connection and only the LAN is going through the sites. So I cant separate the Physical sites via the Sites and Services. My question is the autodiscover.X.com & mail.X.com where should I point it to the main Server or to the DR Server or can I set it to both on the Windows DNS ? – StefanGrech Jul 01 '15 at 15:59
  • Yes you can! Your sites and services gather their information from your subnets that are defined in sites and services. You just need to make sure your subnets are defined appropriately. I will update my response to explain in a bit more deatil. – Joseph Kern Jul 03 '15 at 10:40