question

UsamaARub-6946 avatar image
0 Votes"
UsamaARub-6946 asked UsamaARub-6946 commented

Outloog configuration problem after DAG Setup (Exchange Server 2016)

I have configured DAG such that i have 1 mailbox server (MB01) in Primary location and 1 mailbox (MB02) server in secondary location. Both have each other's database copies and are mounted and healthy. Witness server is at another location.


For now i haven't made the virtual directories on both servers same. They are mb01.domainname/owa and mb02.domainname/owa etc
(We don't require internet connectivity so using only internal urls)

I have a third Exchange 2010 (nhq-mg01) server from where the user's will be migrated to the Exchange 2016 server. I have tested a few users by migraying them and they work fine in new 2016 server. But the problem is with my Outlook configuration.

When i access my 2010 server via its web link it points to mb02 server. It should point to my primary server i.e mb01. I don't understand from where this setting is coming from.

204519-111.jpg


Then, in my outlook, under account information the web url that is being showed is correct i.e mb01

204581-222.jpg

But if i go to Exchange proxy settings (under the account settings) the url of mb02 server is shown. Although i haven't configured any outlook settings.

204499-333.jpg


Moreover, if i test dag by disconnecting my primary server (making it offline), the mb02 server works fine but only on the web.
My outlook gets disconnected and even after primary is back online it tries to connect to mb02 sometimes and gives error that certificate name doesnt match and sometimes connects to mb01 correctly.

Any help will be greatly appreciated.


office-exchange-server-mailflowoffice-exchange-server-connectivityoffice-exchange-server-deployment
111.jpg (49.8 KiB)
222.jpg (59.8 KiB)
333.jpg (150.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

KaelYao-MSFT avatar image
1 Vote"
KaelYao-MSFT answered UsamaARub-6946 commented

Hi @UsamaARub-6946

This should be the expected behavior.
As both the two Exchange 2016 servers can be used for clients to connect for authentication, and then proxy the requests to the correct server hosting the mailboxes. (in this case Exchange 2010)
If Outlook and OWA work fine, you don't need to worry about it.

Moreover, if i test dag by disconnecting my primary server (making it offline), the mb02 server works fine but only on the web.
My outlook gets disconnected and even after primary is back online it tries to connect to mb02 sometimes and gives error that certificate name doesnt match and sometimes connects to mb01 correctly.

The recommended best practice is to set the internal URLs of virtual directories and also Autodiscover endpoints (scp objects) on both Exchange 2016 servers to be the same.
For example, mail.contoso.com.
Since it is an internal environment, you may deploy an internal CA server and assign the certificate, then import the certificate to all client devices to have it trusted by the Outlook client.

If it is possible to deploy a load balancer in the environment, you can point mail.contoso.com to the ip address of the load balancer and add the two Exchange servers to the load balance pool.
Otherwise you may also consider using Round-robin DNS.


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 10
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So i changed the names of virtual directories
paths to mail.domainname.com/owa /ecp etc. on both the exchange servers.

We have an internal CA server. From which i generated a domain certificate for my exchange server and imported it on both servers but i had to to enter wildcard with domain name in CN since same certificate was to be added on both exchange servers and also, without the wild card the outlook client keeps on looking for autodiscover.domainname.com in the certificate name. So i added *.domainname.com as CN in cerificate.

I also added the DNS entries for mail.domainname.com against both servers' IP addresses and added a CNAME as autodiscover also for mail.domainname.com


Is this approach correct ?

0 Votes 0 ·

Yes it seems correct to me.

0 Votes 0 ·

Ok thankyou.

Incase of "Load Balancer", is it a separate machine on separate network? Because if primary site goes down the load balancer might also go down ?

0 Votes 0 ·
Show more comments