question

GavinRoss-3568 avatar image
0 Votes"
GavinRoss-3568 asked EricYin-MSFT commented

Exchange Server 2016 failover

Hi All, Need some help with an issue we had when trying to test a WAN failure with Exchange 2016. Here is the setup

4 Exchange 2016 Servers
2 DAGS
DAGA - Has 2 servers, 1 in primary site and 1 in secondary site
DAGB - Has 2 servers, 1 in primary site and 1 in secondary site

When testing we first manually shutdown the primary server in DAGA and manually moved the databases to the secondary server in DAGA, tested by logging into webmail and everything worked fine. We then tried to test by shutting down the WAN links between the 2 sites and that's where we had an issue. When trying to login to webmail, we got to the login page, but after logging in, we got a page could not be displayed, same with trying to login to the ECP.

So here is my question, why would this stop working with the WAN link down and the mailboxes were already mounted in the secondary site? Was there something else that we needed to do on the Exchange configuration in order to get this to work correctly?

Thanks,
Gavin

office-exchange-server-administrationoffice-exchange-server-connectivity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
0 Votes"
AndyDavid answered

Ok, because that would explain that. THe alternate Witness is not used unless you set it as the FSW. In those steps for datacenter switchovers:
https://docs.microsoft.com/en-us/exchange/high-availability/manage-ha/datacenter-switchovers?view=exchserver-2019

There is dynamic quorum which may kick in , but its something you should confirm

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EricYin-MSFT avatar image
0 Votes"
EricYin-MSFT answered EricYin-MSFT commented

Hi,
How is your witness server deployed?
Did you enable Failover Clustering Dynamic Quorum? Run "(Get-Cluster “cluster_name”).DynamicQuorum" to check it.
If you have witness server in siteA and haven't enabled Dynamic Quorum, the DAG loses quorum and database copy won't mount on second site.
Run "Get-MailboxDatabaseCopyStatus -Identity MDB0* | select name, status, contentIndexState | sort Status | ft -auto" to check the database copy status.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in [our documentation][99] to enable e-mail notifications if you want to receive the related email notification for this thread.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yes, good point - according to the original post, they are mounted: "mailboxes were already mounted in the secondary site?"

But , did they stay mounted ? :)

0 Votes 0 ·

We have 2 Witness servers, one in the primary site and one in the secondary site which has been set as the alternate witness. Yes, the databases were loaded on the secondary server, after I brought the WAN backup, I then moved them back to the primary.

0 Votes 0 ·

Did you verify the databases were mounted when the WAN link was shut down? Its possible they were with dynamic quorum, but worth asking :)

0 Votes 0 ·

Unfortunately I did not check. I am going to be doing another failover in the next few weeks, so will verify that they were mounted.

0 Votes 0 ·
Show more comments
GavinRoss-3568 avatar image
0 Votes"
GavinRoss-3568 answered AndyDavid commented

After researching a bit, it looks like I need to perform the steps in the document. https://docs.microsoft.com/en-us/exchange/high-availability/manage-ha/datacenter-switchovers?view=exchserver-2019

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

that is pretty much what you are doing now however.
The part that isnt working for you is step 4.
Get that to work before you run the an entire datacenter switchover.


Activate Client Access services: This involves using the URL mapping information and the Domain Name System (DNS) change methodology to perform all required DNS updates. The mapping information describes what DNS changes to perform. The amount of time required to complete the update depends on the methodology used and the Time to Live (TTL) settings on the DNS record (and whether the deployment's infrastructure honors the TTL).

https://docs.microsoft.com/en-us/exchange/high-availability/manage-ha/datacenter-switchovers?view=exchserver-2019#activating-client-access-services

105662-image.png


0 Votes 0 ·
image.png (86.4 KiB)
GavinRoss-3568 avatar image
0 Votes"
GavinRoss-3568 answered AndyDavid commented

The test was to assume that the primary site is down (earthquake, fire etc... completely not available) services then failover to the secondary and then can use webmail for e-mail access externally. Do I need to remove the server from the DAG in order to achieve this? We also have DAC enabled to avoid split-brain if the site was to come up again, but in this instance, we could not even load webmail on the internal network with the database already failed over to the secondary site. I could not even access ECP. I had a VPN connection to the secondary site to test.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

No need to remove the server from the DAG to test.
It sounds to me like you arent testing things correctly.
All you need to do is move the databases to the secondary site and connect to the local CAS.
If you are brining the WAN link down and its not working then your testing is the issue

Ensure you are really connecting to the secondary CAS and not the primary and it should work.
If you do this same test with the WAN link up, does it work?

0 Votes 0 ·
GavinRoss-3568 avatar image
0 Votes"
GavinRoss-3568 answered AndyDavid commented

Yes, I manually changed the host file on my system and re-pointed it to the correct servers, flushed DNS and also did a reboot on the system I was testing with.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

How do you connect to the DAGB servers if the WAN link is down?

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered

Did you account for the client connection to the CAS Service?
If the clients are connecting to the CAS in DAG A, then it will fail if the WAN link to the other site is down.

You need to ensure your load balancer marks the DAGA servers down and redirects them to use only the DAGB servers and the clients have the ability to connect to the DAGB servers if the WAN link is down.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.