none
DAG in 2 datacenters Through WAN-IpSec.

    Question

  • Hello All..


    I'm making tests on an Exchange Deployement  in an active production dual Datacenter having following subnets specs..


    Site A : 10.10.x.x (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251 (AD is on this Site)
    Site B : 192.168.44.x (255.255.255.0) - GW : 192.168.44.254 - DNS : 192.168.44.253/254


    Both Sites are linked via a VPN Ipsec Connection.


    My two Dag nodes have following actual tests specs 


    DAG 1 : 
    LAN (MAPI) : 10.10.100.7 (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251
    DAG (Replication) : 10.10.100.6 (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251 (yes i know, i'll have to change this)


    DAG 2 : 
    LAN (MAPI) : 192.168.44.104 (255.255.255.0) - GW : 192.168.44.254 - DNS : 192.168.44.253/254
    DAG (Replication) : 192.168.44.113 (255.255.255.0) - GW : 192.168.44.254 - DNS : 192.168.44.253/254 (yes i know, i'll have to change this)


    Yet i think my cluster is not active correctly. I don't happen to see in Windows Clustering Failover Manager the Site B and DAG 2 network cards when setting up a DAG...


    I am wishing to respect following documents for the dag setup i've found trough the forums : 
    http://technet.microsoft.com/en-us/library/dd638121.aspx
    http://technet.microsoft.com/en-us/library/dd979781.aspx
    http://technet.microsoft.com/en-us/library/dd638104.aspx
    http://technet.microsoft.com/en-us/library/dd638129.aspx


    If i understand well documentations, here are the modifications i'm going to make for a deployement : 


    DAG 1 : 
    LAN (MAPI) : 10.10.100.7 (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251
    DAG (Replication) : 192.168.1.1 (255.255.255.0) 


    DAG 2 : 
    LAN (MAPI) : 192.168.44.104 (255.255.255.0) - GW : 192.168.44.254 - DNS : 192.168.44.253/254
    DAG (Replication) : 192.168.2.1 (255.255.255.0)


    In addition i'll add manually following routes : 
    DAG 1 : netsh interface ipv4 add route 192.168.2.0/24 "DAG" 192.168.1.254
    DAG 1 : netsh interface ipv4 add route 192.168.1.0/24 "DAG" 192.168.2.254


    Finally in EMS : 
    New-DatabaseAvailabilityGroup -Name DAG1 -WitnessServer ExchCas01 -WitnessDirectory C:\DAGWitness\ -DatabaseAvailabilityGroupIPAddresses 10.10.20.100,192.168.44.100
    Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer DAG1
    Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer DAG2


    Is this the right configuration scheme ? Do you see anything wrong in planned tests ? 


    Thanks for your returns..


    Tdldp


    EDIT : 
    I have a weird personnal reflexion on the routing ...
    My IPSec Network has following configuration on Site B : 

            left=SITEB_PUBLIC_IP
            leftnexthop=SITEB_PUBLIC_GATEWAY
            leftsubnet=192.168.44.0/24
            right=SITEA_PUBLIC_IP
            rightsubnet=10.10.10.0/16
            rightnexthop=SITEA_PUBLIC_GATEWAY
            rightsourceip=10.10.10.254

    Is there not a problem with this tunneling ?  It's on my opinion not capable to cope routing to a 192.168.1.X network on site A...
    What should i add to make it cope this routing ?

    Thanks for your help






    • Edited by tdldp1 Monday, March 05, 2012 4:35 PM
    Monday, March 05, 2012 2:59 PM

Answers

All replies

  • Hi tdldp1,

    I would suggest you rename mailbox servers' name to MBX1, MBX2(rather than use the same name as DAG's name).

    The link(Deploying High Availability and Site Resilience:http://technet.microsoft.com/en-us/library/dd638129.aspx) is a good example to deploy DAG.  

    For IPSec issue, please seek the solution in the related forum to resolve it first.


    Frank Wang

    TechNet Community Support

    Tuesday, March 06, 2012 7:24 AM
  • Hello Franck

    Thanks for your reply...
    The link is the one i followed to setup Dag Configuration tests...

    Yet As doubted, i have no communication between my two sites IP as it is not routed correctly..
    Asking the question though i think i already know the answer : Is there a way in given IP Classes to setup a Dag configuration with IPsec compatible IP's, without modifying ipsec configuration ? (ex : Site A DAG1 : DAG (Replication) : 10.10.21.1 (255.255.0.0)  - Site B DAG2 : DAG (Replication) : 192.168.45.1 (255.255.255.0) for which i have an IPsec tunnel configuration set between the sites : It's a test purpose tunnel)

    Thanks again by advance for returns..

    Tdldp

    Tuesday, March 06, 2012 8:24 AM
  • It should work .. If my understanding is correct.


    Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you

    Tuesday, March 06, 2012 11:02 PM
  • Hi tdldp1,

    If you deploy DAG cross two datacenters, please also see below link about DAG Networks and Multiple Subnet Deployments:

    Managing Database Availability Groups

    http://technet.microsoft.com/en-us/library/dd298065.aspx#Dat


    Frank Wang

    TechNet Community Support

    • Marked as answer by tdldp1 Friday, March 16, 2012 5:28 PM
    Wednesday, March 07, 2012 3:28 AM
  • Thanks for that link, i seem to see things a little better...
    We are resolving our network issues today, and i'll undergo the tests after that... Will make follow up if solution works or not...
    Friday, March 09, 2012 9:36 AM
  • Hi tdldp1,

    Any updates?


    Frank Wang

    TechNet Community Support

    Wednesday, March 14, 2012 1:57 AM
  • Hi Frank..

    We resolved this morning our IPSec issues...

    We have now : 

    DAG 1 : 
    LAN (MAPI) : 10.10.100.7 (255.255.0.0) - GW : 10.10.10.254 - DNS : 10.10.11.250/251
    DAG (Replication) : 192.168.50.1 (255.255.255.0) 

    DAG 2 : 
    LAN (MAPI) : 192.168.44.104 (255.255.255.0) - GW : 192.168.44.254 - DNS : 192.168.44.253/254
    DAG (Replication) : 192.168.49.1 (255.255.255.0)

    DAG 1 : netsh interface ipv4 add route 192.168.49.0/24 "DAG" 192.168.50.254
    DAG 2 : netsh interface ipv4 add route 192.168.50.0/24 "DAG" 192.168.49.254

    pinging each network interfaces shows trafic passing in each DAG replication networks so they communicate correctly...

    Next Step : Setup the Dag based on your documentation...

    Through EMC (why but why did i not go trough EMS)  i setup the DAG Group with following tests parameters
    Name : ExchangeDag
    Witness Server : ExchangeCas02
    Folder : C:\DAGWitness\ 

    I then add my two servers and went through an error : 
    Cluster service did not manage to bring up or take down service or cluster application "Cluster Group". Ressources are maybe in failed state (Translated from french, sorry if not exact).. In any case : Error 1205 

    I then tried to bring DAG back to empty state, by removing both servers, and there was a new error (not noted though).
    I have in Event Manager : Cluster Node Dag1 has been removed...

    Yet : 
    DagExchange declares it has only one active server node : DAG 1
    On node 1 (Dag1), there is no more Cluster Service active. but DAG 1 server still appears in DAG management Group trough EMS/EMC.
    On node2 (Dag2), Cluster service is still active, and node appears in Failover Clustering management for ExchangeDAG name, but not in EMS/EMC any more.

    If i try to remove DAG1 node, though EMS or EMC on DAG1 or DAG2 i have following Error :
    Can't connect to cluster Service on given computer, assure they have qorum or are configuration only
    Shell Command attempted : 
    Remove-DatabaseAvailabilityGroupServer -MailboxServer "DAG1" -Identity ExchangeDAG

    I don't seem able to remove anything on DAG2, even if it declares it's in a cluster that doesn't appear in exchange anymore..

    Googling a lot on this crap, if you have any advice i'll take some...But i think i messed up something there ..

    I LOVE EXCHANGE ;)
    tdldp

    EDIT : Technical informations as They come

    DAG 1 Cluster Service Status : 18h15
    c:\>sc query clussvc
    SERVICE_NAME: clussvc

            TYPE               : 10  WIN32_OWN_PROCESS
            STATE              : 1  STOPPED
            WIN32_EXIT_CODE    : 1066  (0x42a)
            SERVICE_EXIT_CODE  : 2  (0x2)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0

    EMC : DAG group Properties throws error : 18h30

    ActiveManager Operation Error : Cluster API 'OpenCluster (DAG1.domain)' failed with error 0x6d9 - There are no more endpoints available from the endpoint

    DAG 2 Cluster Service Cleanup : 9h05
    Managed to remove Local DAG2 cluster node setup by destroying cluster in DAG2 Failover Clustering Management
    Just need now to remove the exchange DAG setup and the lost node from  EMC / EMS properties..

    DAG CleanUP Done ! 9h30
    For Personnal FollowUP : Remove DAG Server with configurationonly switch on lost cluster nodes, cleans up DAG membership.. Following removals done
    Restarting My Configuration, and going a bit more slowly.. I think i found an AD latency issue that could have been responsable of faced problems... AD Team on the problem..


    • Edited by tdldp1 Thursday, March 15, 2012 8:24 AM
    Wednesday, March 14, 2012 5:36 PM
  • Ok...

    Through EMS all DAG primary setup and configuration went right this time...

    I now have A DAG With my two nodes answering correctly...
    Next Setup is normally http://technet.microsoft.com/en-us/library/dd298065.aspx#Dat

    When i run the following command : 

    Set-DatabaseAvailabilityGroupNetwork -Identity DAG1\DAGNetwork01 -Subnets 10.10.0.0,192.168.44.0 -ReplicationEnabled:$false

    to collapse DAGNetwork03 in DAGNetwork01  i get following error : 

    Subnet '10.10.0.0' definition error : it is in conflict with existing Subnet '10.10.0.0/16'
    Googling through that but wondering if command does not need the /16,/24 mask ?

    EDIT : 
    This Is Solved : As i thought adding the mask solves problem...

    EDIT2 :
    Last question before marking this topic SOLVED : 
    I have in my cluster Management console, Following information : 
    Cluster : DAG1   -   Online
    IP Adress : 10.10.20.100  - Online
    IP Adress :  192.168.44.100 - Offline.

    If i attempt to force it online i get following error message : 
    An error occured when attemtping to bring online following ressource : IPv4 Static Adress 1 (Cluster Group)
    error Code : 0x80071397 : The cluster node is not the ressource owner or the node is not an owner possible of the ressource..

    Does it tell you anything ? Is this normal ? 

    Thanks anyway by advance for all support given.. Really helped me get down to the right information...
    I leave my edits for those searching documentation...

    • Edited by tdldp1 Thursday, March 15, 2012 11:38 AM
    Thursday, March 15, 2012 10:45 AM
  • I'm closing this thread now.. It is solved for me regarding the DAG Configuration...

    Please Franck i'll setup a new thread next monday regarding CAS Array in multiple Subnet.. If you do have some time to take a look at it i'll appreciate...

    Tdldp

    Friday, March 16, 2012 5:29 PM