One of our customers has ExRAAS ( Exchange health and remediation check service) every year to audit their environment for health, performance and MS best practices implementation. ExRAAS tools are developed every year and this years tool discovered very interesting issue about DAG networks.
Description:
Our customers DAG has 3 networks:
- Production – meant to be client network, where only client traffic is enabled, replication traffic is disabled
- Replication – not routable to MAPI network – custom 5Gbit bandwidth only for log replication
- Backup – only for VSS backups, no MAPI nor replication traffic should flow there
Problem:
By design DAG is set, that Backup network should be ignored, however if I give Get-DatabaseAvailabilityGroupNetwork command, I can see MapiAccessEnabled parameter in $True, even though this network doesn´t have Clients for Windows Networks feature enabled and according to MS it is not supported network for clients. The magic starts when I set IgnoreNetwork to $false. Right after the change MapiAccessEnabled parameter is in correct value.
Get-DatabaseAvailabilityGroupNetwork DAG1\BACKUP | Set-DatabaseAvailabilityGroupNetwork -IgnoreNetwork $false Get-DatabaseAvailabilityGroupNetwork | fl RunspaceId : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9 Name : BACKUP Description : VSS BACKUP Backup subnet - Ignored Subnets : {{172.24.188.0/24,Up}, {172.29.99.0/24,Up}} Interfaces : {{DC1MBX1,Up,172.24.188.108}, {DC1MBX2,Up,172.24.188.110}, {DC1MBX3,Up,172.24 .188.112}, {DC1PF1,Up,172.24.188.104}, {DC2MBX1,Up,172.29.99.109}, {DC2MBX2,U p,172.29.99.111}, {DC2MBX3,Up,172.29.99.113}, {DC2PF1,Up,172.29.99.105}} MapiAccessEnabled : False ReplicationEnabled : False IgnoreNetwork : False Identity : DAG1\BACKUP IsValid : True RunspaceId : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9 Name : MAPI Description : Production and possible replication Subnets : {{192.168.0.0/24,Up}} Interfaces : {{DC1MBX1,Up,192.168.0.108}, {DC1MBX2,Up,192.168.0.110}, {DC1MBX3,Up,192.168 .0.112}, {DC1PF1,Up,192.168.0.104}, {DC2MBX1,Up,192.168.0.109}, {DC2MBX2, Up,192.168.0.111}, {DC2MBX3,Up,192.168.0.113}, {DC2PF1,Up,192.168.0.105}} MapiAccessEnabled : True ReplicationEnabled : False IgnoreNetwork : False Identity : DAG1\MAPI IsValid : True RunspaceId : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9 Name : REPLICATION Description : Only replication Subnets : {{10.146.231.0/27,Up}} Interfaces : {{DC1MBX1,Up,10.146.231.24}, {DC1MBX2,Up,10.146.231.26}, {DC1MBX3,Up,10.146.2 31.28}, {DC1PF1,Up,10.146.231.20}, {DC2MBX1,Up,10.146.231.25}, {DC2MBX2,Up,10 .147.231.27}, {DC2MBX3,Up,10.146.231.29}, {DC2PF1,Up,10.146.231.21}} MapiAccessEnabled : False ReplicationEnabled : True IgnoreNetwork : False Identity : DAG1\REPLICATION IsValid : True
When I change the Ignorenetwork back to $true, MapiAccessEnabled is set to $True as well.
Get-DatabaseAvailabilityGroupNetwork DAG1\BACKUP | Set-DatabaseAvailabilityGroupNetwork -IgnoreNetwork $true Get-DatabaseAvailabilityGroupNetwork | fl RunspaceId : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9 Name : BACKUP Description : VSS BACKUP Backup subnet - Ignored Subnets : {{172.24.188.0/24,Up}, {172.29.99.0/24,Up}} Interfaces : {{DC1MBX1,Up,172.24.188.108}, {DC1MBX2,Up,172.24.188.110}, {DC1MBX3,Up,172.24 .188.112}, {DC1PF1,Up,172.24.188.104}, {DC2MBX1,Up,172.29.99.109}, {DC2MBX2,U p,172.29.99.111}, {DC2MBX3,Up,172.29.99.113}, {DC2PF1,Up,172.29.99.105}} MapiAccessEnabled : True ReplicationEnabled : False IgnoreNetwork : True Identity : DAG1\BACKUP IsValid : True
Conclusion:
This lead to errors in ExRAAS report and to question what is the right way. How should I behave to the network configuration? Better way is to set IgnorenNetwork parameter to $True and just ignore MapiAccessEnabled in $True. This article will be updated after I get info from MS for the resolution. It is also worth to mention, that last best practice says, that compression and encryption should be ENABLED on DAG replication network!
