One of our customers has ExRAAS ( Exchange health and remediation check service) every year to audit their environment for health, performance and MS best practices implementation. ExRAAS tools are developed every year and this years tool discovered very interesting issue about DAG networks.
Description:
Our customers DAG has 3 networks:
- Production – meant to be client network, where only client traffic is enabled, replication traffic is disabled
- Replication – not routable to MAPI network – custom 5Gbit bandwidth only for log replication
- Backup – only for VSS backups, no MAPI nor replication traffic should flow there
Problem:
By design DAG is set, that Backup network should be ignored, however if I give Get-DatabaseAvailabilityGroupNetwork command, I can see MapiAccessEnabled parameter in $True, even though this network doesn´t have Clients for Windows Networks feature enabled and according to MS it is not supported network for clients. The magic starts when I set IgnoreNetwork to $false. Right after the change MapiAccessEnabled parameter is in correct value.
Get-DatabaseAvailabilityGroupNetwork DAG1\BACKUP | Set-DatabaseAvailabilityGroupNetwork -IgnoreNetwork $false
Get-DatabaseAvailabilityGroupNetwork | fl
RunspaceId : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9
Name : BACKUP
Description : VSS BACKUP Backup subnet - Ignored
Subnets : {{172.24.188.0/24,Up}, {172.29.99.0/24,Up}}
Interfaces : {{DC1MBX1,Up,172.24.188.108}, {DC1MBX2,Up,172.24.188.110}, {DC1MBX3,Up,172.24
.188.112}, {DC1PF1,Up,172.24.188.104}, {DC2MBX1,Up,172.29.99.109}, {DC2MBX2,U
p,172.29.99.111}, {DC2MBX3,Up,172.29.99.113}, {DC2PF1,Up,172.29.99.105}}
MapiAccessEnabled : False
ReplicationEnabled : False
IgnoreNetwork : False
Identity : DAG1\BACKUP
IsValid : True
RunspaceId : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9
Name : MAPI
Description : Production and possible replication
Subnets : {{192.168.0.0/24,Up}}
Interfaces : {{DC1MBX1,Up,192.168.0.108}, {DC1MBX2,Up,192.168.0.110}, {DC1MBX3,Up,192.168
.0.112}, {DC1PF1,Up,192.168.0.104}, {DC2MBX1,Up,192.168.0.109}, {DC2MBX2,
Up,192.168.0.111}, {DC2MBX3,Up,192.168.0.113}, {DC2PF1,Up,192.168.0.105}}
MapiAccessEnabled : True
ReplicationEnabled : False
IgnoreNetwork : False
Identity : DAG1\MAPI
IsValid : True
RunspaceId : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9
Name : REPLICATION
Description : Only replication
Subnets : {{10.146.231.0/27,Up}}
Interfaces : {{DC1MBX1,Up,10.146.231.24}, {DC1MBX2,Up,10.146.231.26}, {DC1MBX3,Up,10.146.2
31.28}, {DC1PF1,Up,10.146.231.20}, {DC2MBX1,Up,10.146.231.25}, {DC2MBX2,Up,10
.147.231.27}, {DC2MBX3,Up,10.146.231.29}, {DC2PF1,Up,10.146.231.21}}
MapiAccessEnabled : False
ReplicationEnabled : True
IgnoreNetwork : False
Identity : DAG1\REPLICATION
IsValid : True
When I change the Ignorenetwork back to $true, MapiAccessEnabled is set to $True as well.
Get-DatabaseAvailabilityGroupNetwork DAG1\BACKUP | Set-DatabaseAvailabilityGroupNetwork -IgnoreNetwork $true
Get-DatabaseAvailabilityGroupNetwork | fl
RunspaceId : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9
Name : BACKUP
Description : VSS BACKUP Backup subnet - Ignored
Subnets : {{172.24.188.0/24,Up}, {172.29.99.0/24,Up}}
Interfaces : {{DC1MBX1,Up,172.24.188.108}, {DC1MBX2,Up,172.24.188.110}, {DC1MBX3,Up,172.24
.188.112}, {DC1PF1,Up,172.24.188.104}, {DC2MBX1,Up,172.29.99.109}, {DC2MBX2,U
p,172.29.99.111}, {DC2MBX3,Up,172.29.99.113}, {DC2PF1,Up,172.29.99.105}}
MapiAccessEnabled : True
ReplicationEnabled : False
IgnoreNetwork : True
Identity : DAG1\BACKUP
IsValid : True
Conclusion:
This lead to errors in ExRAAS report and to question what is the right way. How should I behave to the network configuration? Better way is to set IgnorenNetwork parameter to $True and just ignore MapiAccessEnabled in $True. This article will be updated after I get info from MS for the resolution. It is also worth to mention, that last best practice says, that compression and encryption should be ENABLED on DAG replication network!
Links:
http://blogs.technet.com/b/schadinio/archive/2010/12/08/exchange-2010-mailbox-dag-based-practice-network-configurations.aspx