cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exchange 2019 and IP-less DAG - how does failover work?

whatwaht
Brass Contributor

‎Feb 14 2023 05:58 PM - edited ‎Feb 14 2023 07:57 PM

‎Feb 14 2023 05:58 PM - edited ‎Feb 14 2023 07:57 PM

Exchange 2019 and IP-less DAG - how does failover work?

Hey all.

 

We currently have 2 Exchange 2013 servers (main and DR) in a DAG.  We have a DAG DNS A record with the IP address of the MAPI interface on our main Exchange server.  Our mail.ourdomain.com DNS record for client access points to this DAG record.

 

When the main server goes offline, the DR Exchange activates its databases and failover clustering changes the IP of the DAG DNS A record to point to the DR exchange server and clients connect to that.

 

How does this work with an IP-less DAG?

 

If there is no DAG IP (and I assume no DAG DNS record), where do we point mail.outdomain.com to?  To the main server?  Will failover clustering change the mail.outdomain.com DNS record to point to the DR server or will Exchange do that?

 

thanks

 

Justin

 

EDIT: I have been reading this - https://learn.microsoft.com/en-us/exchange/high-availability/manage-ha/switchovers-and-failovers?vie...

 

It doesn't say I have to set anything specific up so I assume it just 'happens'?

 

EDIT EDIT: I hate assuming though.  And I hate when things just 'happen' without me knowing why they just 'happen'.

Labels:
6,906 Views
0 Likes
9 Replies
Reply
9 Replies
sbohmer

‎Feb 28 2023 06:39 AM

‎Feb 28 2023 06:39 AM

Re: Exchange 2019 and IP-less DAG - how does failover work?

I'm also curious as we are getting a DAG setup.  Currently with the IP DAG we have already run into issues when we pointed our firewall rules to the DAG instead of the main server itself.  I've since been trying to get a clearer description/layout of the process of exactly what happens in ip-less and IP DAG.  @whatwaht 

0 Likes
Reply
whatwaht

‎Mar 07 2023 08:01 PM

‎Mar 07 2023 08:01 PM

Re: Exchange 2019 and IP-less DAG - how does failover work?

I wonder if I can manually create a cluster, just for changing the dns record for client connection?

We don't have load balancers or anything. Just 2 servers with all roles. One is the main, used for all client connections, the other only there if the main goes down for maintenance or failure.

thanks
0 Likes
Reply
whatwaht

‎Mar 20 2023 04:43 PM

‎Mar 20 2023 04:43 PM

Re: Exchange 2019 and IP-less DAG - how does failover work?

Perhaps failover doesn't work in Exchange 2019 for an IP-less DAG? Seems a backward step.
0 Likes
Reply
whatwaht

‎Mar 20 2023 06:07 PM - edited ‎Mar 20 2023 06:08 PM

‎Mar 20 2023 06:07 PM - edited ‎Mar 20 2023 06:08 PM

Re: Exchange 2019 and IP-less DAG - how does failover work?

Hey @sbohmer

Regarding our existing IP-full dag, failover clustering is set up to change the IP of the dag01.domain.com DNS A record. We have our primary namespace (client connectivity) mail.ourdomain.com as a CNAME pointing to dag01.ourdomain.com, and dag01.ourdomain.com A record has the IP of the main server MAPI interface.

mail.ourdomain.com(CNAME) => dag01.domain.com(A) => IP of main server MAPI interface

In the event of main server death or disablement (or patching) failover clustering automatically changes the IP address of the dag01.domain.com A record to our backup server.

mail.ourdomain.com(CNAME) => dag01.domain.com(A) => IP of backup server MAPI interface

Works fine for our needs. Just not sure how an ip-less dag would work in this situation.

1 Like
Reply
Dan Snape

‎Mar 20 2023 06:56 PM

‎Mar 20 2023 06:56 PM

Re: Exchange 2019 and IP-less DAG - how does failover work?

Generally you would have some sort of load balancer in the network path that accepts connections to the DNS namespace (ie webmail.domain.com; autodiscover.domain.com; smtp.domain.com etc) and detects the endpoint is down and redirects traffic to the server that is up (or you can control this during planned outages).

If you don't have a load balancer, you can also use DNS round robin, where you have a DNS record for each Exchange server that corresponds to the namespace required (ie webmail.domain.com; autodiscover.domain.com; smtp.domain.com etc) and clients will automatically try the other DNS record if the first one fails.

The final option is manually change the IP address of the DNS record when a failover is required, although I wouldn't be recommending that for obvious reasons.
0 Likes
Reply
whatwaht

‎Mar 20 2023 09:34 PM

‎Mar 20 2023 09:34 PM

Re: Exchange 2019 and IP-less DAG - how does failover work?

Thanks for the reply @Dan Snape.

We don't have a load balancer. Seems load balancers are separate devices and not just another Windows server. We are a small organisation and can't afford one of these let alone two that would ideally be required.

With DNS round robin would it always try a particular IP first? Our backup server is at a remote location which is on a slower link than what clients use to connect to the main server. We would want to ensure that the main server is always preferred. Also how does the client determine which dns entry to use first, is it alphabetical?

Even though it is more complex we may just have to set it up like our existing 2013 servers, with an IP-full dag. It works for our environment.
1 Like
Reply
sbohmer

‎Mar 21 2023 05:11 AM

‎Mar 21 2023 05:11 AM

Re: Exchange 2019 and IP-less DAG - how does failover work?

@whatwaht We currently have all internal mail related dns pointed to the DAG IP address. We thought the issue was related to an incorrect firewall setting but it turns out our second server somehow was configured with 2 gateways. Once the second gateway was removed and corrected all works as expected. Server1 goes down server2 takes over with no issues. We still have a single point of failure as we have a single Spamtitan that all mail comes through on the way in but it would take minutes for us to restore that if something were to happen to it. In regard to patching the host that sits on it takes a minute or less to move it to another host prior to reboots.
0 Likes
Reply
whatwaht

‎Mar 22 2023 06:11 PM

‎Mar 22 2023 06:11 PM

Re: Exchange 2019 and IP-less DAG - how does failover work?

We have something similar! MailScanner running on Linux that does our incoming spam/virus as well as outgoing dkim. Also single point of failure but...

It would also take minutes to spin a backup of it's vm up, and it gets VRS'd to our remote site where the DR Exchange server sits.
0 Likes
Reply
Dan Snape

‎Mar 22 2023 07:53 PM

‎Mar 22 2023 07:53 PM

Re: Exchange 2019 and IP-less DAG - how does failover work?

The Exchange DAG really shouldn't have anything to do with failover or HA of client connectivity or message flow. All the DAG is designed to do is replicate databases and make sure they fail over correctly. If you're using the DAG for anything else you are most likely in an unsupported configuration (it may work, but it may change in the future and cause your configuration to fail).

DNS is not designed to do any kind of load balancing, so if you have 2 DNS records, pretty much 50% of connections will go to one and 50% will go to the other. You can do some hacks and get something like load balancing, but the results are variable and prone to change at any time which could cause issues down the track.
Depending on what is servicing DNS, you may be able to use weighted round robin. Details can be found here for DNS on Server 2016 https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/app-lb
0 Likes
Reply