Exchange 2010 – DAG – Mapi network issue (MapiAccessEnabled, IgnoreNetwork)


One of our customers has ExRAAS ( Exchange health and remediation check service) every year to audit their environment for health, performance and MS best practices implementation. ExRAAS tools are developed every year and this years tool discovered very interesting issue about DAG networks.

Description:

Our customers DAG has 3 networks:

  • Production – meant to be client network, where only client traffic is enabled, replication traffic is disabled
  • Replication – not routable to MAPI network – custom 5Gbit bandwidth only for log replication
  • Backup – only for VSS backups, no MAPI nor replication traffic should flow there

Problem:

By design DAG is set, that Backup network should be ignored, however if I give Get-DatabaseAvailabilityGroupNetwork command, I can see MapiAccessEnabled parameter in $True, even though this network doesn´t have Clients for Windows Networks feature enabled and according to MS it is not supported network for clients. The magic starts when I set IgnoreNetwork to $false. Right after the change MapiAccessEnabled parameter is in correct value.

Get-DatabaseAvailabilityGroupNetwork DAG1\BACKUP | Set-DatabaseAvailabilityGroupNetwork -IgnoreNetwork $false
Get-DatabaseAvailabilityGroupNetwork | fl

RunspaceId         : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9
Name               : BACKUP
Description        : VSS BACKUP Backup subnet - Ignored
Subnets            : {{172.24.188.0/24,Up}, {172.29.99.0/24,Up}}
Interfaces         : {{DC1MBX1,Up,172.24.188.108}, {DC1MBX2,Up,172.24.188.110}, {DC1MBX3,Up,172.24
                     .188.112}, {DC1PF1,Up,172.24.188.104}, {DC2MBX1,Up,172.29.99.109}, {DC2MBX2,U
                     p,172.29.99.111}, {DC2MBX3,Up,172.29.99.113}, {DC2PF1,Up,172.29.99.105}}
MapiAccessEnabled  : False
ReplicationEnabled : False
IgnoreNetwork      : False
Identity           : DAG1\BACKUP
IsValid            : True

RunspaceId         : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9
Name               : MAPI
Description        : Production and possible replication
Subnets            : {{192.168.0.0/24,Up}}
Interfaces         : {{DC1MBX1,Up,192.168.0.108}, {DC1MBX2,Up,192.168.0.110}, {DC1MBX3,Up,192.168
                     .0.112}, {DC1PF1,Up,192.168.0.104}, {DC2MBX1,Up,192.168.0.109}, {DC2MBX2,
                     Up,192.168.0.111}, {DC2MBX3,Up,192.168.0.113}, {DC2PF1,Up,192.168.0.105}}
MapiAccessEnabled  : True
ReplicationEnabled : False
IgnoreNetwork      : False
Identity           : DAG1\MAPI
IsValid            : True

RunspaceId         : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9
Name               : REPLICATION
Description        : Only replication
Subnets            : {{10.146.231.0/27,Up}}
Interfaces         : {{DC1MBX1,Up,10.146.231.24}, {DC1MBX2,Up,10.146.231.26}, {DC1MBX3,Up,10.146.2
                     31.28}, {DC1PF1,Up,10.146.231.20}, {DC2MBX1,Up,10.146.231.25}, {DC2MBX2,Up,10
                     .147.231.27}, {DC2MBX3,Up,10.146.231.29}, {DC2PF1,Up,10.146.231.21}}
MapiAccessEnabled  : False
ReplicationEnabled : True
IgnoreNetwork      : False
Identity           : DAG1\REPLICATION
IsValid            : True

When I change the Ignorenetwork back to $true, MapiAccessEnabled is set to $True as well.

Get-DatabaseAvailabilityGroupNetwork DAG1\BACKUP | Set-DatabaseAvailabilityGroupNetwork -IgnoreNetwork $true
Get-DatabaseAvailabilityGroupNetwork | fl

RunspaceId         : 7d204cce-1dde-4e6f-9d52-cde8b238d2a9
Name               : BACKUP
Description        : VSS BACKUP Backup subnet - Ignored
Subnets            : {{172.24.188.0/24,Up}, {172.29.99.0/24,Up}}
Interfaces         : {{DC1MBX1,Up,172.24.188.108}, {DC1MBX2,Up,172.24.188.110}, {DC1MBX3,Up,172.24
                     .188.112}, {DC1PF1,Up,172.24.188.104}, {DC2MBX1,Up,172.29.99.109}, {DC2MBX2,U
                     p,172.29.99.111}, {DC2MBX3,Up,172.29.99.113}, {DC2PF1,Up,172.29.99.105}}
MapiAccessEnabled  : True
ReplicationEnabled : False
IgnoreNetwork      : True
Identity           : DAG1\BACKUP
IsValid            : True

Conclusion:

This lead to errors in ExRAAS report and to question what is the right way. How should I behave to the network configuration? Better way is to set IgnorenNetwork parameter to $True and just ignore MapiAccessEnabled in $True. This article will be updated after I get info from MS for the resolution. It is also worth to mention, that last best practice says, that compression and encryption should be ENABLED on DAG replication network!

Links:

http://blogs.technet.com/b/schadinio/archive/2010/12/08/exchange-2010-mailbox-dag-based-practice-network-configurations.aspx

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s