none
Send connector impact cluster network ?

    Question

  • Hi all,

    My environment : 2 exchange server 2013 CU 19 (both CAS + mailbox roles) in 1 DAG , 1 Fortimail 400E , 1 send connector "To internet" with source servers are 2 exchange servers.

    Recently, I notice somethings weird about my DAG cluster, for ex :

    Case 1 : First , DAG01 and "To internet" send connector have only 1 member server1 , after joining server2 to DAG01 , replicating mailbox databases ... (everything works fine) , I open "To internet" send connector and edit source server option to add server2 --> Save then Bump ! I got this error  "'Cluster Network 1' is unreachable by at least one other cluster node" on both servers.
    At that time, I can see 1 node is down in cluster nodes (could be server 1 or server 2) and mailbox databases are mounted on so I have to restart down node and then everything ok.

    Case 2 : The send connector "To internet" with source servers are 2 exchange servers , I open it and edit "Maximum send message size" -> Save then Bump ! , symptoms are similar above.

    Case 3 : The send connector "To internet" routes messages straight to internet not through Fortimail , the Fortimail stand between Exchange servers and internet to scan inbound messages only. But if I edit or disable/enable some IP based Policies on Fortimail , it make problems happen too ! It makes me surprised  because in my opinion if something went wrong with Fortimail it cannot effect my DAG or Exchange servers right ?

    Here some information :

    [PS] C:\Windows\system32>Get-SendConnector | fl
    
    
    AddressSpaces                : {SMTP:*;1}
    AuthenticationCredential     :
    CloudServicesMailEnabled     : False
    Comment                      :
    ConnectedDomains             : {}
    ConnectionInactivityTimeOut  : 00:10:00
    DNSRoutingEnabled            : True
    DomainSecureEnabled          : False
    Enabled                      : True
    ErrorPolicies                : Default
    ForceHELO                    : False
    Fqdn                         : webmail.mydomain.com
    FrontendProxyEnabled         : False
    HomeMTA                      : Microsoft MTA
    HomeMtaServerId              : server1
    Identity                     : To Internet
    IgnoreSTARTTLS               : False
    IsScopedConnector            : False
    IsSmtpConnector              : True
    MaxMessageSize               : 20 MB (20,971,520 bytes)
    Name                         : To Internet
    Port                         : 25
    ProtocolLoggingLevel         : Verbose
    RequireOorg                  : False
    RequireTLS                   : False
    SmartHostAuthMechanism       : None
    SmartHosts                   : {}
    SmartHostsString             :
    SmtpMaxMessagesPerConnection : 20
    SourceIPAddress              : 0.0.0.0
    SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers       : {server1, server2}
    TlsAuthLevel                 :
    TlsCertificateName           :
    TlsDomain                    :
    UseExternalDNSServersEnabled : True
    
    AddressSpaces                : {SMTP:*;2}
    AuthenticationCredential     :
    CloudServicesMailEnabled     : False
    Comment                      :
    ConnectedDomains             : {}
    ConnectionInactivityTimeOut  : 00:10:00
    DNSRoutingEnabled            : False
    DomainSecureEnabled          : False
    Enabled                      : False
    ErrorPolicies                : Default
    ForceHELO                    : False
    Fqdn                         :
    FrontendProxyEnabled         : False
    HomeMTA                      : mydomain.com/Configuration/Deleted Objects/Microsoft MTA
                                   DEL:ca1c6a4b-34e8-4f86-a048-200a954a26e6
    HomeMtaServerId              : mydomain.com/Configuration/Deleted Objects/Microsoft MTA
                                   DEL:ca1c6a4b-34e8-4f86-a048-200a954a26e6
    Identity                     : fortimail
    IgnoreSTARTTLS               : False
    IsScopedConnector            : False
    IsSmtpConnector              : True
    MaxMessageSize               : 10 MB (10,485,760 bytes)
    Name                         : fortimail
    Port                         : 25
    ProtocolLoggingLevel         : Verbose
    RequireOorg                  : False
    RequireTLS                   : False
    SmartHostAuthMechanism       : None
    SmartHosts                   : {[192.168.2.9]}
    SmartHostsString             : [192.168.2.9]
    SmtpMaxMessagesPerConnection : 20
    SourceIPAddress              : 0.0.0.0
    SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers       : {server2}
    TlsAuthLevel                 :
    TlsCertificateName           :
    TlsDomain                    :
    UseExternalDNSServersEnabled : False
    Cluster network interface 'server2 - Local Area Connection' for cluster node 'server2' on network 'Cluster Network 1' is unreachable by at least one other cluster node attached to the network. The failover cluster was not able to determine the location of the failure. Run the Validate a Configuration wizard to check your network configuration. If the condition persists, check for hardware or software errors related to the network adapter. Also check for failures in any other network components to which the node is connected such as hubs, switches, or bridges.
    
    Cluster network interface 'server1 - Local Area Connection ' for cluster node 'server1' on network 'Cluster Network 1' is unreachable by at least one other cluster node attached to the network. The failover cluster was not able to determine the location of the failure. Run the Validate a Configuration wizard to check your network configuration. If the condition persists, check for hardware or software errors related to the network adapter. Also check for failures in any other network components to which the node is connected such as hubs, switches, or bridges.
    
    Cluster network 'Cluster Network 1' is partitioned. Some attached failover cluster nodes cannot communicate with each other over the network. The failover cluster was not able to determine the location of the failure. Run the Validate a Configuration wizard to check your network configuration. If the condition persists, check for hardware or software errors related to the network adapter. Also check for failures in any other network components to which the node is connected such as hubs, switches, or bridges.
    
    Cluster resource 'Cluster IP Address' in clustered service or application 'Cluster Group' failed.
    
    The Cluster service failed to bring clustered service or application 'Cluster Group' completely online or offline. One or more resources may be in a failed state. This may impact the availability of the clustered service or application.
    Did anyone get same problem as me ?

    • Edited by Jack Chuong Wednesday, June 06, 2018 9:40 AM
    Friday, June 01, 2018 3:41 AM

All replies

  • Hi Jack Chuong,

    Have a check in the Failover Cluster Manager, whether there exist some error related with this issue?

    By this way, if those mailbox servers in the same site, you can send mail to internet from both of them even though you only add one of them into the send connector's source server.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, June 04, 2018 11:29 AM
  • Hi Kyle Xu,

    I posted errors related with this issue above, that's all I got from "Cluster Events"

    When problem happened , I can see that all items "Cluster Core Resources" are online , 2 nodes in "Nodes" are online, I can ping DAG ip address, but "Cluster Network 1" in "Networks" is down with red X .
    So I try to access to https://server1/ecp and https://server2/ecp to determine which server has problem , if I cannot login to https://server1/ecp , it means that server1 got problem , then restart server1, and "Cluster Network 1" will back to online.

    Case 4 : I build a test exchange 2013 CU19 server at different network boundary (192.168.0.x) from my Exchange and Fortimail (different domain, different DC), to test something else, so when I add more IP policy to my Fortimail for routing message for this test Exchange server, it causes problem too, "Cluster Network 1" is down, that's weird .
    I don't understand why changing something on Fortimail device effect Cluster network , that is not to mention other cases (1 to 3)

    [PS] C:\Windows\system32>Get-DatabaseAvailabilityGroup | fl
    
    
    RunspaceId                             : 95112033-d3ab-412a-a6c3-a78032153075
    Name                                   : DAG01
    Servers                                : {server1, server2}
    WitnessServer                          : witness.mydomain.com
    WitnessDirectory                       : C:\Witness
    AlternateWitnessServer                 :
    AlternateWitnessDirectory              :
    NetworkCompression                     : InterSubnetOnly
    NetworkEncryption                      : InterSubnetOnly
    ManualDagNetworkConfiguration          : True
    DatacenterActivationMode               : DagOnly
    StoppedMailboxServers                  : {}
    StartedMailboxServers                  : {server2.mydomain.com, server1.mydomain.com}
    DatabaseAvailabilityGroupIpv4Addresses : {192.168.2.5}
    DatabaseAvailabilityGroupIpAddresses   : {192.168.2.5}
    AllowCrossSiteRpcClientAccess          : False
    OperationalServers                     :
    PrimaryActiveManager                   :
    ServersInMaintenance                   :
    ServersInDeferredRecovery              :
    ThirdPartyReplication                  : Disabled
    ReplicationPort                        : 64327
    NetworkNames                           : {}
    WitnessShareInUse                      :
    DatabaseAvailabilityGroupConfiguration :
    AutoDagSchemaVersion                   : 1.0
    AutoDagDatabaseCopiesPerDatabase       : 1
    AutoDagDatabaseCopiesPerVolume         : 1
    AutoDagTotalNumberOfDatabases          : 0
    AutoDagTotalNumberOfServers            : 0
    AutoDagDatabasesRootFolderPath         : C:\ExchangeDatabases
    AutoDagVolumesRootFolderPath           : C:\ExchangeVolumes
    AutoDagAllServersInstalled             : False
    AutoDagAutoReseedEnabled               : True
    AutoDagDiskReclaimerEnabled            : True
    AutoDagBitlockerEnabled                : False
    AutoDagFIPSCompliant                   : False
    ReplayLagManagerEnabled                : False
    MailboxLoadBalanceMaximumEdbFileSize   :
    MailboxLoadBalanceRelativeLoadCapacity :
    MailboxLoadBalanceOverloadedThreshold  :
    MailboxLoadBalanceUnderloadedThreshold :
    MailboxLoadBalanceEnabled              : False
    AdminDisplayName                       :
    ExchangeVersion                        : 0.10 (14.0.100.0)
    DistinguishedName                      : CN=DAG01,CN=Database Availability Groups,CN=Exchange Administrative Group
                                             (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft
                                             Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com
    Identity                               : DAG01
    Guid                                   : 19dbeb7e-d41f-4903-919b-cd1ac9feb97a
    ObjectCategory                         : itl.com/Configuration/Schema/ms-Exch-MDB-Availability-Group
    ObjectClass                            : {top, msExchMDBAvailabilityGroup}
    WhenChanged                            : 5/18/2018 12:11:06 PM
    WhenCreated                            : 3/26/2013 9:00:55 AM
    WhenChangedUTC                         : 5/18/2018 5:11:06 AM
    WhenCreatedUTC                         : 3/26/2013 2:00:55 AM
    OrganizationId                         :
    Id                                     : DAG01
    OriginatingServer                      : dc.mydomain.com
    IsValid                                : True
    ObjectState                            : Unchanged
    
    [PS] C:\Windows\system32>Get-DatabaseAvailabilityGroupNetwork | fl
    
    
    RunspaceId         : 95112033-d3ab-412a-a6c3-a78032153075
    Name               : MapiDagNetwork
    Description        :
    Subnets            : {{192.168.2.0/24,Up}}
    Interfaces         : {{server1,Up,192.168.2.6}, {server2,Up,192.168.2.8}
    MapiAccessEnabled  : True
    ReplicationEnabled : False
    IgnoreNetwork      : False
    Identity           : DAG01\MapiDagNetwork
    IsValid            : True
    ObjectState        : New
    
    RunspaceId         : 95112033-d3ab-412a-a6c3-a78032153075
    Name               : ReplicationDagNetwork01
    Description        :
    Subnets            : {{10.10.10.0/24,Up}}
    Interfaces         : {{IDCEXC003,Up,10.10.10.7}, {IDCEXC004,Up,10.10.10.8}}
    MapiAccessEnabled  : True
    ReplicationEnabled : True
    IgnoreNetwork      : False
    Identity           : DAG01\ReplicationDagNetwork01
    IsValid            : True
    ObjectState        : New
    
    RunspaceId         : 95112033-d3ab-412a-a6c3-a78032153075
    Name               : ReplicationDagNetwork02
    Description        :
    Subnets            : {{fe80::/64,Misconfigured}}
    Interfaces         : {}
    MapiAccessEnabled  : False
    ReplicationEnabled : False
    IgnoreNetwork      : True
    Identity           : DAG01\ReplicationDagNetwork02
    IsValid            : True
    ObjectState        : New





    • Edited by Jack Chuong Wednesday, June 06, 2018 10:10 AM
    Wednesday, June 06, 2018 9:55 AM