Network Layout:

network


Working at DC

DC:Windows 2008 R2 with SP1

Domain Name: East.Com

DC will playDatabaseAvailability File Sharing Witness role.

MDDIR C:\Witness

Active Directoy Module for Windows PowerShell

$g1=Get-ADGroup "CN=Exchange Trusted SubSystem,OU=Microsoft Exchange Security Groups,DC=East,DC=Com"

$g2=Get-ADGroup "CN=Administrators,CN=Builtin,DC=EAST,DC=Com"

Add-ADGroupMember $g2 -Member $g1


Add Certificate Authority role

Cerficate Authority:Extensions

CDP:

http://mail.abbcanada.com/CertEnrol/<CaName><CRLNameSuffix><DeltaAllowed.crl

AIA:
http://mail.abbcanada.com/CertEnrol/<ServerDNSName>_<CaName><CertificateName>.crt

http://mail.abbcanada.com URL is publically accessible.

Duplicate template:Computer (Windows 2003 Enterprise)--Subject Name (Supply in request)

Issue "Copy of Computer" template

Default Domain Policy-Computer Configuration-Policies-Windows Settings-Security Settings-Public Key Policies-Trusted Root Certificate Authorities

Import "Certificate Authority Certificate"


Working at Queen

gpupdate /force

mmc

add "Certificate" snap-in for COMPUTER

East.com cannot be accessed through Internet.

Abbcanada.com is publically registered domain name and can be accessed globally.

cert1

02

03

04

Get-ExchangeCertificate | where-object {$_.Friendlyname -eq "Multiple Domain"} | Enable-ExchangeCertificate -Services "SMTP,IIS,IMAP,POP"

Exports a certificate specified by its thumbprint, along with the private key, to a file:exchange.pfx.

The exported certificate is DER-encoded. A password is required when exporting a certificate with its private key.

MKDIR C:\Certificate

$cert=Get-ExchangeCertificate | where-object {$_.Friendlyname -eq "Multiple Domain"}

$password=ConvertTo-SecureString "password" -AsPlainText -force

$file=Export-ExchangeCertificate -Thumbprint $cert.thumbprint -BinaryEncoded:$true -Password $password

Set-Content -Path "C:\Certificate\exchange.pfx" -Value $file.FileData -Encoding Byte


work at king

Exchange Management Shell

mkdir c:\certificate

copy \\queen\c$\certificate\exchange.pfx c:\certificate

$password=ConvertTo-SecureString "password" -AsPlainText -force
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path C:\certificate\exchange.pfx -Encoding byte -ReadCount 0)) -Password $password

Get-ExchangeCertificate | where-object {$_.Friendlyname -eq "Multiple Domain"} | Enable-ExchangeCertificate -Services "SMTP,IIS,IMAP,POP"

work at prince

Exchange Management Shell

mkdir c:\certificate

copy \\queen\c$\certificate\exchange.pfx c:\certificate

$password=ConvertTo-SecureString "password" -AsPlainText -force
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path C:\certificate\exchange.pfx -Encoding byte -ReadCount 0)) -Password $password

Get-ExchangeCertificate | where-object {$_.Friendlyname -eq "Multiple Domain"} | Enable-ExchangeCertificate -Services "SMTP,IIS,IMAP,POP"

 


The three exchange 2010 servers can send SMTP traffic over port 25.
new-SendConnector -Name 'ToInternet' -Usage 'Internet' -AddressSpaces 'SMTP:*;1' -DNSRoutingEnabled:$true -SourceTransportServers 'QUEEN','KING','PRINCE'


The automatically created mailbox databases for the three servers are:

"Mailbox Database 1141340760"---- QUEEN
"Mailbox Database 0554458669"---- KING
"Mailbox Database 2049028694"---- PRINCE

They are not descriptive and I don't want to rename them.

Get-MailboxDatabase -Server king | Remove-MailboxDatabase

Get-MailboxDatabase -Server prince | Remove-MailboxDatabase

Before removing the mailbox database at Queen server, I have to create a new mailbox database:Vanarts.

New-MailboxDatabase -Name "Shaw" -Server King

New-MailboxDatabase -Name "Telus" -Server Prince

Mount-Database Shaw

Mount-Database Telus

New-MailboxDatabase -Name "Vanarts" -Server Queen
Mount-Database Vanarts
Get-Mailbox -Server Queen | New-MoveRequest –TargetDatabase  Vanarts
Get-Mailbox -Arbitration -Server Queen | New-MoveRequest –TargetDatabase  Vanarts

05

Get-MoveRequest

06

Remove-MailboxDatabase -Identity "Mailbox Database 1141340760"


New-DatabaseAvailabilityGroup -Name "DAG1" -DatabaseAvailabilityGroupIpAddresses "191.121.6.1" -WitnessDirectory "c:\witness" -WitnessServer "V-Server.East.Com"

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer Queen
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer King
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer Prince


Get-OwaVirtualDirectory | fl *url

owa1

Get-EcpVirtualDirectory | fl *url

ecp1

Get-WebServicesVirtualDirectory | fl Identity,*url

EWS1


Work at V-Server:DC

Active Directory Module for Windows PowerShell

New-ADOrganizationalUnit -Name TestOU -Path "DC=East,DC=COM"

$password=ConvertTo-SecureString "P@ssword123" -AsPlainText -force

New-ADUser -Name "John" -Company "Vanarts" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Vanarts" -Path "OU=TestOU,DC=East,DC=COM"

New-ADUser -Name "Smith" -Company "Vanarts" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Vanarts" -Path "OU=TestOU,DC=East,DC=COM"

New-ADUser -Name "Julie" -Company "Shaw" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Shaw" -Path "OU=TestOU,DC=East,DC=COM"

New-ADUser -Name "Callie" -Company "Shaw" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Shaw" -Path "OU=TestOU,DC=East,DC=COM"

New-ADUser -Name "Scott" -Company "Telus" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Telus" -Path "OU=TestOU,DC=East,DC=COM"

New-ADUser -Name "Jeff" -Company "Telus" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Telus" -Path "OU=TestOU,DC=East,DC=COM"


work at queen

get-user -Filter {company -eq "vanarts"} | Enable-Mailbox -Database "vanarts"

get-user -Filter {company -eq "shaw"} | Enable-Mailbox -Database "shaw"

get-user -Filter {company -eq "telus"} | Enable-Mailbox -Database "telus"


RPCClientAccessServer of Mailbox Database

Get-MailboxDatabase | fl name,RPC*

RPC1

Run OUTLOOK 2010 from a domain member:Windows 7 as John

Because John's mailbox is inside vanarts mailbox database, its RpcClientAccessServer is queen.east.com.

RPC2

Callie's mailbox is hosted inside Mailbox Database:Shaw. Its RpcClientAccessServer is King.east.com.

RPC3

Scott's mailbox is hosted inside Mailbox Database:Telus. Its RpcClientAccessServer is Prince.east.com.

RPC4


Add-MailboxDatabaseCopy -Identity 'Vanarts' -MailboxServer 'King'

Add-MailboxDatabaseCopy -Identity 'Vanarts' -MailboxServer 'Prince'

Add-MailboxDatabaseCopy -Identity 'Shaw' -MailboxServer 'Queen'

Add-MailboxDatabaseCopy -Identity 'Shaw' -MailboxServer 'Prince'

Add-MailboxDatabaseCopy -Identity 'Telus' -MailboxServer 'King'

Add-MailboxDatabaseCopy -Identity 'Telus' -MailboxServer 'Queen'

Get-MailboxDatabase | fl name,activationPreference

activation1

RPC5

"Vanarts","Shaw","Telus" | Get-MailboxDatabase | FT Name,Rpc*

RPC6

When OUTLOOK 2010 internally connects to Exchange, the SERVER is automatically set to Queen.east.com.

Get-DatabaseAvailabilityGroup -Identity DAG1 -status | fl name,PrimaryActiveManager

PAM1

Move the Primary Active Manager from Queen to King

Cluster.exe DAG1.East.com Group

PAM2

Cluster.exe DAG1.East.com Group "cluster Group" /moveto:prince

After the move, the IP address 191.121.6.1 is bound to NIC of Prince computer. And the Primary Active Manager is Prince.

 


Test "Database Switchover"

Set-MailboxDatabase -Identity "vanarts" -RpcClientAccessServer "queen.east.com"
Set-MailboxDatabase -Identity "Shaw" -RpcClientAccessServer "King.east.com"
Set-MailboxDatabase -Identity "telus" -RpcClientAccessServer "Prince.east.com"

Disable-OutlookAnywhere –server 'Queen'
Disable-OutlookAnywhere –server 'King'
Disable-OutlookAnywhere –server 'Prince'

or,

Get-ExchangeServer | Disable-OutlookAnywhere

"vanarts","Shaw","Telus" | Get-MailboxDatabaseCopyStatus | ft Name,Status -AutoSize

Activation2

Jeff's mailbox and Sam's mailbox are hosted in Telus mailbox database. Its active copy is hosted on Prince computer. Because the RpcClientAccessServer of Telus is set to Prince.east.com, The Server setting of Outlook clients for both Jeff and Sam is set to Prince.east.com.

RPC9

RPC10

unplug network cable of "Prince" Computer

"vanarts","Shaw","Telus" | Get-MailboxDatabaseCopyStatus | ft Name,Status -AutoSize

activation3

TheTelus mailbox database is active and mounted on King because its ActivationPreference is 2. Because the RpcClientAccessServer is still set to Prince.east.com, Outlook client with Server set to Prince.easty.com will be trying to connect to mailbox through prince.east.com. It cannot connect to Exchange because the Prince is out of service.

Solution:

Set-MailboxDatabase -Identity "telus" -RpcClientAccessServer "Queen.east.com"

There is a switchover time, though.


OUTLOOK ANYWHERE

Reconnect Prince to the network

Move-ActiveMailboxDatabase -Identity 'Telus' -ActivateOnServer 'Prince' -MountDialOverride 'None'

RPC8

Set-MailboxDatabase -Identity "telus" -RpcClientAccessServer "Prince.east.com"

Enable-OutlookAnywhere –server 'Queen' –ExternalHostName "mail.east.com" –DefaultAuthenticationMethod "ntlm"
Enable-OutlookAnywhere –server 'King' –ExternalHostName "mail.east.com" –DefaultAuthenticationMethod "ntlm"
Enable-OutlookAnywhere –server 'Prince' –ExternalHostName "mail.east.com" –DefaultAuthenticationMethod "ntlm"

mail.east.com points to IP Address (191.121.6.1) of Database Availability Group: DAG1

Dnscmd v-server.east.com /recordadd east.com mail A 191.121.6.1

Create two new mailboxes:Carol and Christine

Work at v-server.east.com:DC

Active Directory Module for Windows PowerShell

$password=ConvertTo-SecureString "P@ssword123" -AsPlainText -force

New-ADUser -Name "Carol" -Company "Telus" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Telus" -Path "OU=TestOU,DC=East,DC=COM"

New-ADUser -Name "Christine" -Company "Telus" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Telus" -Path "OU=TestOU,DC=East,DC=COM"

Work at Queen.east.com:Exchange Server

"Carol","Christine"| Enable-Mailbox -Database 'Telus'

outlookAnywhere1

OutlookAnywhere2

As seen, the external hostname (mail.east.com) of Outlook Anywhere is automatically picked.

Disconnect PRINCE from the network

Christine cannot connect to Exchange server even though the mailbox database 'Telus' fails over to King.

Solution:

Set-MailboxDatabase -Identity 'Telus' -RpcClientAccessServer 'Queen.east.com'

Outlook 2007/2010 can automatically adapt to the change and connect to Exchange server.


Creating a Client Access Array

Connect Prince to the network

Move-ActiveMailboxDatabase -Identity 'Telus' -ActivateOnServer 'Prince' -MountDialOverride 'None'

Set-MailboxDatabase -Identity 'Telus' -RpcClientAccessServer 'Prince.east.com'

New-ClientAccessArray -Name EXServer -Site "Default-First-Site-Name" -Fqdn "Exserver.east.com"

After a Client Access server array is defined within an Active Directory site, all Client Access servers within that Active Directory site are automatically part of the Client Access server array.

array1

Add a (A) record in DNS server
Dnscmd v-server.east.com /recordadd east.com Exserver A 191.121.6.1

Get-MailboxDatabase | Set-MailboxDatabase -RpcClientAccessServer "Exserver.east.com"

New OUTLOOK Client will connect to Exserver.east.com--Virtual Name

array2

A outlook client with SERVER set to QUEEN.east.com will continue to work. But when restarting QUEEN computer, the vanarts mailbox database will be failed over to King computer. The Outlook client will automatically set its SERVER to Exserver.east.com.

array3

Disconnect Prince computer from network

After the Telus database fails over to King computer, the Outlook works fine. The outlook client is experiencing a less down time. The outlook SERVER setting is still EXSERVER.EAST.COM.

A Client Access server array doesn’t provide load balancing. 


Get-DatabaseAvailabilityGroup -Identity DAG1 -status | fl name,PrimaryActiveManager

Name : DAG1
PrimaryActiveManager : PRINCE

Shutdown -r /m \\PRINCE

Get-DatabaseAvailabilityGroup -Identity DAG1 -status | fl name,PrimaryActiveManager

Name : DAG1
PrimaryActiveManager : KING

All Mailbox Databases works except Telus mailbox database is mounted on King.


Shutdown -s -f /m \\prince

Shutdown -s -f /m \\king

With three member servers in a DAG group, the Witness server is not used because the Majority number is 2. If the Witness server is used, the Majority number is 3. With three members in a DAG group, if one server is lost, Majority 2 is maintained. The DAG works fine. If two servers are lost, the majority quorum will not be maintained. The DAG will be down.

quorum1


Configure the DAG1 with two members:Prince and Queen

Remove-MailboxDatabaseCopy -Identity 'vanarts\king' -Confirm:$false

Remove-MailboxDatabaseCopy -Identity 'Shaw\king' -Confirm:$false

Remove-MailboxDatabaseCopy -Identity 'telus\king' -Confirm:$false

Remove-DatabaseAvailabilityGroupServer -MailboxServer 'KING' -Identity 'DAG1'

array4

Restart Queen computer

array5

Move-ActiveMailboxDatabase -Identity 'Telus' -ActivateOnServer 'Prince' -MountDialOverride 'None'

Get-DatabaseAvailabilityGroup -Identity 'DAG1' -status | fl name,primaryActiveManager

Name : DAG1
PrimaryActiveManager : PRINCE

shutdown -s -f /m \\prince

Get-DatabaseAvailabilityGroup -Identity 'DAG1' -status | fl name,primaryActiveManager

Name : DAG1
PrimaryActiveManager : QUEEN

array6

The Witness server is used to maintain Majority quorum.


Client Access Server Array with Windows Network Load Balancing

Array7


With the above planning, install Client Access Server on Royal and King first.

Disable IPV6 on all servers.

The Client Access Server role will be Internet-facing:mail.east.com


Royal and King

Get-ExchangeCertificate | where-object {$_.Friendlyname -eq "Multiple Domain"} | Enable-ExchangeCertificate -Services "SMTP,IIS,IMAP,POP"

Queen and Prince


new-SendConnector -Name 'ToInternet' -Usage 'Internet' -AddressSpaces 'SMTP:*;1'  -DNSRoutingEnabled:$true  -SourceTransportServers 'King','Royal'


New-MailboxDatabase -Name "Shaw" -Server "Queen"

New-MailboxDatabase -Name "Telus" -Server "Prince"

Mount-Database "Shaw"

Mount-Database "Telus"

Get-Mailbox -Server Queen | New-MoveRequest –TargetDatabase 'Telus' 
Get-Mailbox -Arbitration -Server Queen | New-MoveRequest –TargetDatabase  'Telus'

Remove-MailboxDatabase "Mailbox Database 1825500486"


New-DatabaseAvailabilityGroup -Name "DAG1" -DatabaseAvailabilityGroupIpAddresses "191.121.6.1" -WitnessDirectory "c:\witness" -WitnessServer "V-Server.East.Com"

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer Queen

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer Prince


V-Server:DC

MDDIR C:\Witness

Active Directoy Module for Windows PowerShell

$g1=Get-ADGroup "CN=Exchange Trusted SubSystem,OU=Microsoft Exchange Security Groups,DC=East,DC=Com"

$g2=Get-ADGroup "CN=Administrators,CN=Builtin,DC=EAST,DC=Com"

Add-ADGroupMember -$g2 -Member $g1

New-ADOrganizationalUnit -Name TestOU -Path "DC=East,DC=COM"

$password=ConvertTo-SecureString "P@ssword123" -AsPlainText -force

New-ADUser -Name "Julie" -Company "Shaw" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Shaw" -Path "OU=TestOU,DC=East,DC=COM"

New-ADUser -Name "Callie" -Company "Shaw" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Shaw" -Path "OU=TestOU,DC=East,DC=COM"

New-ADUser -Name "Scott" -Company "Telus" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Telus" -Path "OU=TestOU,DC=East,DC=COM"

New-ADUser -Name "Jeff" -Company "Telus" -PasswordNeverExpires $true -Enabled $true -AccountPassword $password -Description "Telus" -Path "OU=TestOU,DC=East,DC=COM"


get-user -Filter {company -eq "shaw"} | Enable-Mailbox -Database "shaw"

get-user -Filter {company -eq "telus"} | Enable-Mailbox -Database "telus"


Get-MailboxDatabase -status | ft name,RpcClientAccessServer,MountedOnServer,Mounted

array8

Add-MailboxDatabaseCopy -Identity 'Shaw' -MailboxServer 'Prince'

Add-MailboxDatabaseCopy -Identity 'Telus' -MailboxServer 'Queen'

array9

 


New-ClientAccessArray -Name EXServer -Site "Default-First-Site-Name" -Fqdn "Exserver.east.com"

Array10

The two client access servers:Royal and King automatically belong the the array.

DNS record:

Exserver.east.com will point to the Network Load Balancing IP address instead of the IP Address of Failover Cluster.

Because Failover Cluster is installed on both Queen and Prince, you can not install Microsoft Network Load Balancing on them.


King and Royal have two network adapters.

In my network, all servers are behind firewall. Two adapters will be named Internal and Public. Public Adapter can communicate with all network devices. Internal adapter is only for communication between two NLB servers.

King:

Internal NIC: 192.168.1.2/255.255.255.0

Default Gateway:

DNS:

Public NIC

IP Address:191.121.6.3/17

Default Gateway:191.121.5.3/17

DNS:191.121.6.10 (v-server)

Royal:

Internal NIC:192.168.1.1/255.255.255.0

Default Gateway:

DNS:

Public NIC:

IP Address:191.121.6.6/17

Default Gateway:191.121.5.3/17

DNS:191.121.6.10 (v-server)

"Client for Microsoft Networks" and "File and Printer Sharing" are selected for both Internal and Public because the whole servers are protected behind firewall.

 

Windows PowerShell

Import-Module ServerManager

Add-WindowsFeature nlb


Network Load Balancing Manager

New Cluster

NLB1

"Next"

"Next"

NLB2

NLB3

Add a Host to Cluster

NLB4

"Next"

"Next"

"Next"

NLB5

Check

NLB6

The Network Load Balancing (NLB) only binds to Public NIC. It is unchecked on Internal NIC.

NLB Cluster IP Address 191.121.6.7 is added to Public NIC of both King and Royal computers. In Failover Cluster, the Cluster IP Address 191.121.6.1 is only added to the NIC on a computer that holds the Primary Active Manager role.


Create (A) records in DNS server


Dnscmd v-server.east.com /recordadd east.com Exserver A 191.121.6.7
Dnscmd v-server.east.com /recordadd east.com mail A 191.121.6.7


Mail.east.com is for Internet use.
EXServer.east.com is for internal use.

If Exserver.east.com is resolvable, a Outlook client will use TCP protocol for connection.


Get-MailboxDatabase | Set-MailboxDatabase -RpcClientAccessServer Exserver.east.com


Get-WebServicesVirtualDirectory | ft Name,Server,InternalUrl,ExternalUrl -wrap -autosize

NLB7

Get-OwaVirtualDirectory | ft name,server,internalUrl,ExternalUrl,-wrap -autosize

NLB8

Get-AutodiscoverVirtualDirectory

NLB9

In my test environment, east.com cannot be resolved externally. The abbcanada.com can be resolved exteranlly.

Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -InternalUrl 'https://mail.east.com/EWS/Exchange.asmx' -ExternalUrl 'https://mail.abbcanada.com/EWS/Exchange.asmx'

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InternalUrl 'https://mail.east.com/owa' -ExternalUrl 'https://mail.abbcanada.com/owa'

Get-ECPVirtualDirectory | Set-ECPVirtualDirectory -InternalUrl 'https://mail.east.com/ecp' -ExternalUrl 'https://mail.abbcanada.com/ecp'

Get-AutoDiscoverVirtualDirectory | Set-AutodiscoverVirtualDirectory -InternalUrl 'https://mail.east.com' -ExternalUrl 'https://mail.abbcanada.com'


Enable-OutlookAnywhere –server 'King' –ExternalHostName "mail.abbcanada.com" –DefaultAuthenticationMethod "ntlm"
Enable-OutlookAnywhere –server 'Royal' –ExternalHostName "mail.abbcanada.com" –DefaultAuthenticationMethod "ntlm"

mail.east.com cannot be resolved externally.

mail.abbcanada.com can be resolved internally and externally.

NLB0

work at queen

cd $exscripts

[PS] C:\Program Files\Microsoft\Exchange Server\V14\scripts>.\new-TestCasConnectivityUser.ps1

work at royal

Test-OutlookConnectivity -RpcProxyTestType:Internal -RpcTestType:server

NLB10

Test-OutlookConnectivity -Protocol:http


new-AcceptedDomain -Name 'abbcanada' -DomainName 'abbcanada.com' -DomainType 'Authoritative'


new-EmailAddressPolicy -Name 'abbcanada' -IncludedRecipients 'AllRecipients' -EnabledEmailAddressTemplates 'SMTP:%m@abbcanada.com'


update-EmailAddressPolicy -Identity 'abbcanada'

 


Outlook client configured with Outlook Anywhere

NLB12

NLB13

work fine!


NLB and SMTP

NLB14


new-ReceiveConnector -Name 'FromInternet' -Usage 'Custom' -Bindings '191.121.6.7:25' -Fqdn 'mail.abbcanada.com' -RemoteIPRanges '0.0.0.0-255.255.255.255' -Server 'KING'

new-ReceiveConnector -Name 'FromInternet' -Usage 'Custom' -Bindings '191.121.6.7:25' -Fqdn 'mail.abbcanada.com' -RemoteIPRanges '0.0.0.0-255.255.255.255' -Server 'Royal'

Set-ReceiveConnector -Identity 'Royal\FromInternet' -PermissionGroups ExchangeUsers,ExchangeServers,ExchangeLegacyServers,AnonymousUsers

Set-ReceiveConnector -Identity 'King\FromInternet' -PermissionGroups ExchangeUsers,ExchangeServers,ExchangeLegacyServers,AnonymousUsers

SMTP1


Prince computer crashes. --Rebuild a mailbox server

How to rebuild it?

Reset Computer Account

Work at v-server:DC

DSMOD Computer "CN=Prince,CN=Computers,DC=East,DC=Com"

 

recover1

recover2

 

Remove-MailboxDatabaseCopy -Identity "Shaw\Prince" -Confirm:$False

Remove-MailboxDatabaseCopy -Identity "Telus\Prince" -Confirm:$False

WARNING: Couldn't communicate with the Microsoft Exchange Replication service on server "PRINCE.east.com" to pick up
new configuration changes for database "Shaw". Make sure that the service is running and that the server has network
connectivity. Error: A server-side administrative operation has failed. Operation failed with message: Error 0x71a (The
remote procedure call was cancelled) from cli_RpcsNotifyChangedReplayConfiguration
WARNING: Couldn't delete the replication state for database Shaw on server PRINCE. Error: The attempt to access the
registry on machine 'PRINCE.east.com' did not succeed after 10 seconds.
WARNING: The copy of mailbox database "Shaw" on server "PRINCE" has been removed. If necessary, manually delete the
database copy's files located at "C:\Program Files\Microsoft\Exchange Server\V14\Mailbox\Shaw" and "C:\Program
Files\Microsoft\Exchange Server\V14\Mailbox\Shaw\Shaw.edb" on that server.
WARNING: The search catalog could not be dismounted for the database 'Shaw' on server 'PRINCE'. The files may be locked
while the Microsoft Exchange Search service is still running.

Remove-DatabaseAvailabilityGroupServer -Identity "DAG1" -MailboxServer "Prince" -ConfigurationOnly


Install OS and Name it as Prince and Join it to Domain:East.com

Install all the necessary components for Exchange 2010

Run Exchange 2010 setup

Setup /m:RecoverServer

Add-DatabaseAvailabilityGroupServer -Identity 'DAG1' -MailboxServer "Prince" --failed

Failover Cluster Manager --evict "Prince" node

Add-DatabaseAvailabilityGroupServer -Identity 'DAG1' -MailboxServer "Prince" ---work

Add-MailboxDatabaseCopy -Identity 'Shaw' -MailboxServer 'Prince'

Add-MailboxDatabaseCopy -Identity 'Telus' -MailboxServer 'Prince'

recover3

Move-ActiveMailboxDatabase -Identity 'Telus' -ActivateOnServer 'Prince' -MountDialOverride 'None' -Confirm:$false

recover4


Get-MailboxServer | Where {$_.DatabaseAvailabilityGroup -eq 'DAG1'} | Get-MailboxDatabaseCopyStatus

failed1

Reason:

Cluster Service Stopped!!!

Restart "Cluster Service"

Mount-Database "Shaw"

Mount-Database "Telus"


backup1

Prince computer holds the passive copy of Mailbox Databases.

Run VSS FULL backup on Prince computer.

The logs are not truncated.

Run VSS FULL backup on Queen

The logs are truncated. The logs in Prince computer are truncated (Synched).


Move-ActiveMailboxDatabase -Identity 'Telus' -ActivateOnServer 'Prince' -MountDialOverride 'None'

mailbox1

Julie and Callie are served by Queen.

Scott and Jeff are served by Prince.

https://royal.east.com/owa

Logs on as scott and sends mail to all of them with attachments.

 

NLBMgr.exe enables logging.

nlb.exe display

restart-service wlbs

 

Work at King

Get-SendConnector | Set-SendConnector -SourceTransportServers "Queen","Prince"

setup /mode:uninstall /roles:mailbox,HubTransport

Work at Queen--restart first

setup /mode:uninstall /role:ClientAccess

Work at Prince--restart first

Setup /mode:uninstall /role:ClientAccess

Trouble: Prince failed to start. Fortunately, I have a backup to restore the PRINCE computer. But Database Copies must be reseeded.

Update-MailboxDatabaseCopy -Identity "Shaw\Prince" -SourceServer "Queen"

Update-MailboxDatabaseCopy -Identity "Telus\Prince" -SourceServer "Queen"

Update-MailboxDatabaseCopy -Identity "Vanarts\Prince" -SourceServer "Queen"

Doesn't work.

Remove-MailboxDatabaseCopy -Identity "Shaw\Prince" -Confirm:$False

Remove-MailboxDatabaseCopy -Identity "Telus\Prince" -Confirm:$False

Remove-MailboxDatabaseCopy -Identity "Vanarts\Prince" -Confirm:$False

WARNING: Couldn't communicate with the Microsoft Exchange Replication service on server "PRINCE.east.com" to pick up new configuration changes for database "Shaw". Make sure that the service is running and that the server has network connectivity. Error: A server-side administrative operation has failed. Operation failed with message: Error 0x71a (The remote procedure call was cancelled) from cli_RpcsNotifyChangedReplayConfiguration.

Remove-DatabaseAvailabilityGroupServer -Identity "DAG1" -MailboxServer "Prince"

There was a problem changing the quorum model for database availability group DAG1. Error: An Active Manager operation failed. Error An error occurred while attempting a cluster operation. Error: Cluster API '"SetClusterQuorumResource() failed with 0x1725. Error: A quorum of cluster nodes was not present to form a cluster"' failed..

When the PRINCE is restored, there is no failover cluster configured.

Remove-DatabaseAvailabilityGroupServer -Identity "DAG1" -MailboxServer "Prince" -ConfigurationOnly

 

Add-DatabaseAvailabilityGroupServer -Identity "DAG1" -MailboxServer "Prince" --doesn't work

Remove-DatabaseAvailabilityGroupServer -Identity "DAG1" -MailboxServer "Queen" -ConfigurationOnly ----work

Remove-DatabaseAvailabilityGroup -Identity "DAG1" ----work

New-DatabaseAvailabilityGroup -Name 'DAG1' -WitnessServer 'v-server.east.com' -WitnessDirectory 'c:\witness'

Error:
A computer account named 'DAG1' already exists and is enabled. The account must be disabled in order to be used by the database availability group.

Work at V-Server

Active Directory Module for Windows PowerShell

Remove-ADComputer -identity "DAG1" -Confirm:$false

Work at queen


New-DatabaseAvailabilityGroup -Name 'DAG2' -DatabaseAvailabilityGroupIpAddresses "191.121.6.1" -WitnessServer 'v-server.east.com' -WitnessDirectory 'c:\witness' ----work

Add-DatabaseAvailabilityGroupServer -Identity "DAG2" -MailboxServer "Queen"

Work at Royal

setup /mode:install /roles:ClientAccess,ManagementTools

 

The Cluster service is shutting down because quorum was lost. This could be due to the loss of network connectivity between some or all nodes in the cluster, or a failover of the witness disk.

Error code:

An Active Manager operation failed. An Active Manager Operation encountered an error. The Cluster service is not running.

Enable-OutlookAnywhere –server 'Queen' –ExternalHostName "mail.east.com" –DefaultAuthenticationMethod "ntlm"
Enable-OutlookAnywhere –server 'King' –ExternalHostName "mail.east.com" –DefaultAuthenticationMethod "ntlm"
Enable-OutlookAnywhere –server 'Prince' –ExternalHostName "mail.east.com" –DefaultAuthenticationMethod "ntlm"

Create the temporary test user for test, run New-TestCasConnectivityUser.ps1

[PS] C:\>cd $exscripts

Run the following cmdlet from Queen,King, and Prince computers. No error should be reported.

Test-OutlookConnectivity -RpcProxyTestType:Internal -RpcTestType:Server