Exchange – Single public IP address and easy SMTP High availability

This article is about use high availability of very simple kind, when you have single public IP address without possibility to forward traffic to more than one hosts. In my case I have single public IP address in my LAB, I use Steve Goodman´s Exchange 2010 HAProxy (http://www.stevieg.org/e2010haproxy/), which is not compiled for SMTP traffic. I have 2 node Exchange 2013 DAG with CAS/MAILBOX roles on each node.
This configuration simply means, that I cannot use Win NLB, because DAG cannot operate on the same machine as Win NLB does.

Previously

I used single node to route SMTP traffic to and in case of node failure SMTP traffic was held on gateway till the node came up.

Current setup

Well. If I think about DAG itself, it is high available cluster solution for Exchange 201x. For me there are 2 aspects good for SMTP high availability:

  • DAG has its own IP address
  • IP address is assigned to node running Active Manager and quorum

Yes, these 2 things are essential. If I route SMTP traffic to DAG IP, I will have it allways online and available, because if Active Manager is not online and accessible on single DAG node, DAG is in serious problems and most probably some or all databases will not work.

What to do to make it work?

  • On each DAG node create new internet receive connector bound to Frontend Transport Service, which is stateless SMTP proxy (running on Client Access role), routing traffic to Transport Service on Mailbox server role. Bind the connector to DAG IP address.

New-ReceiveConnector -Name “From Internet” -Bindings “192.168.1.55:32” -PermissionGroups AnonymousUsers -TransportRole FrontEndTransport -Usage Internet

Identity                                Bindings                                Enabled ——–                                ——–                                ——-

FRONTEND1\FromInternet                  {192.168.1.55:32}                       True

  • Set receive connectors to access traffic from smart hosts if needed.
  • Set up routing of SMTP traffic to virtual DAG IP address
  • Check firewall to be sure SMTP traffic is allowed to traverse the network
  • The node to which traffic will flow is the one owning DAG IP Address (Active manager). There is info how to determine Active manager in my article: http://ficility.net/2012/09/02/exchange-2010-dag-active-manager-determinemove/

Downsides:

  • SMTP traffic is not load balanced for external traffic

OAB Differences between Exchange 2010 and Exchange 2013 in brief

I wanted to summarize OAB differences (and what have not been changed) between Exchange 2010 and Exchange 2013 for my next article about OAB update problems, so here it is:

Server side OAB defaults:

In Exchange 2010

  • OAB is generated daily on specified mailbox server at 5AM. To gather current config use
Get-OfflineAddressBook | select identity,server,schedule
  • OAB is generated by MS Exchange System Attendant service and then distributed to CAS servers virtual directories by File Distribution Service
  • PF distribution is also enabled in Exchange 2010 and Exchange 2007 Clients are getting OAB URL from autodiscover service and upon URL clients download OAB from one of the distribution points (CAS servers)

In Exchange 2013

  • New OAB must be generated for Exchange 2013 in coexistence scenario (either Exchange 2007 or 2010)
  • OAB is generated daily in special mailbox “Organization Mailbox” set with persistent capabilities “OrganizationCapabilityOABGen
Get-OfflineAddressBook | select identity,server,schedule (Server attribute is empty in Exchange 2013)
  • The information about Organization mailboxes can be gathered by the following command
get-mailbox -arbitration | select identity,persistedcapabilities | fl

Identity              : domain.com/Users/SystemMailbox{1f05a927-1445-4b2f-9d3c-f5a07705c8cc} PersistedCapabilities : {}
Identity              : domain.com/Users/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} PersistedCapabilities : {OrganizationCapabilityUMDataStorage}
Identity              : domain.com/Users/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 PersistedCapabilities : {}
Identity              : domain.com/Users/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} PersistedCapabilities : {51, OrganizationCapabilityUMGrammarReady, OrganizationCapabilityMailRouting, 
                        OrganizationCapabilityClientExtensions, OrganizationCapabilityGMGen
,                         OrganizationCapabilityOABGen, OrganizationCapabilityUMGrammar}
Identity              : domain.com/Users/Migration.8f3e7716-2011-43e4-96b1-aba62d229136 PersistedCapabilities : {OrganizationCapabilityManagement}
  • OAB is generated by OABGeneratorAssistant assistant running under Microsoft Exchange Mailbox Assistant service and stored to Organizational mailbox first and then copied to %ExchangeInstallPath%\ClientAccess\OAB\ on the mailbox server, where database hosting Organization mailbox is active
  • OAB generation process is under workload policy management. It is stopped / lowered its priority / increased its priority based on load on the server hosting active mailbox database with Organization mailbox
  • Current configuration of the workload policies can be gathered by the command below
Get-WorkloadPolicy *OAB*
Get-WorkloadPolicy OABGeneratorAssistant | fl

RunspaceId               : a0640926-b38f-42ca-b0ec-793f101c8c30 
WorkloadClassification   : InternalMaintenance 
WorkloadType             : OABGeneratorAssistant 
Name                     : OABGeneratorAssistant 
WorkloadManagementPolicy : DefaultWorkloadManagementPolicy_15.0.505.0
  • Thresholds for the particular level of the workload management can be gathered by
Get-ResourcePolicy | select Identity,InternalMaintenance*

Result is in the Picture:

workload management

Client defaults:

For both Exchange versions are settings for clients similar. Upon result of Autodiscover service client contacts the server hosting the copy of OAB and downloads it.

On Exchange 2010

  • Client contacts load balanced address, which is then redirected to some CAS server

On Exchange 2013

  • Client contacts load balanced address, which is then redirected to mailbox server hosting active database with Organization mailbox
  • If there is recent failover and database with Organization mailbox become active on another mailbox server, OAB files are not present in %ExchangeInstallPath%\ClientAccess\OAB\ and must be extracted from Org. mailbox prior client can download it.
  • If DB stays active on another node during next scheduled generation time, node with active database generates OAB again into organization mailbox

Offline accessible properties:

Default properties included in OAB are same for Exchange 2010 SP3 and Exchange 2013. Properties are up to 1 day old, byt can be accessed even client is offline.

Properties gathered online by default:

It means that these properties are always up to date, but cannot be accessed when client is offline.

  • Custom properties in Active Directory that an administrator has added (for example, the Employee ID of each employee)
  • Organization hierarchy information
  • Group membership information