In this article I’ll cover deployment of a two-node, multi-role Exchange 2010 Database Availability Group (DAG). The required steps from schema updates to post-installation configuration will be detailed in order to get you up and running… hopefully!
This article is a natural progression of the recent serieis of articles I have published on deployment and configuration of NetScaler VPX devices for load balancing Exchange 2010:
VMAC’s are a useful addition in the NetScaler high availability tool set. In brief a VMAC creates a virtual MAC address that can ‘failover’ between devices. VMACs can be used to compliment the built-in HA or to create an active/active NetScaler pair.
By virtualising the MAC address there is no drop in network connectivity during failovers as the MAC address is shared across NetScaler devices – this means that the CAM table in the upstream switches does not require any update. As a result, failovers between NetScaler devices should be faster and less intrusive with regards to user sessions/connections.
VMAC’s work using a ‘priority’ – the higher priority determines ownership of the VMAC between devices. In a NetScaler HA configuration the priority of the VMAC between devices is the same, without HA it is configurable. For example if we had two NetScalers not using HA, NS1 and NS2, and a single VMAC configured on each we could set NS1 to have a priority of 100 and NS2 to have a priority of 90. NS1 would have ‘ownership’ of the VMAC because of its higher priority.
There are a couple of options when configuring VMAC’s:
One key benefit of using HA as well is that it synchronises the session tables across devices, without HA a failover of VMACs will disconnect Outlook Web Access users as their sessions is lost at failover, with HA sessions are kept, there is just a brief interruption to the user before they can carry on.
It is also possible to assign a VMAC to a single IP address, or group multiple IP addresses into a single VMAC. The first option allows for granularity when assigning ownership as you can assign each VMAC to a device of your choice whereas grouping the IP’s into a single VMAC reduces configuration but also reduces the options you have for splitting traffic. One option could be to group the IP’s into VMACs that represent services, so if you are load balancing multiple services via your NetScalers create a VMAC per service, i.e. Exchange 2010, Citrix Access Gateway etc.
In a NetScaler Load Balancing Exchange 2010 I covered deployment of a NetScaler device to Load Balance Exchange 2010, this is an extension fo that article – illustrating how to configure a second NetScaler device in a High Availability Pair.
In this article I’ll illustrate how to add a secondary NetScaler device and configure High Availability to ensure you have a resiliant NetScaler deployment.
I ran into an issue with a System Center Configuration Manager 2012 deployment recently where if I selected the Distribution Point to be PXE enabled and then imported a certificate from our PKI I was unable to view or configure any of the server roles anymore. I simply got “Not items Found” in the ConfigMgr console!
Working with Microsoft Support it was identified that our Certificate size exceeded 32K, which is larger than the buffer used by ConfigMgr. The XML assocaited with the Distribution Point was then being truncated leading to the error in the ConfigMgr console, as above.
Note; if your issue is affecting a SECONDARY SITE then see note at the bottom of the article.
This article will illustrate configuration of both a one-arm and two-arm topology for load balancing Exchange 2010 SP1 using a single NetScaler VPX (NS9.3: Build 52.3.nc). The specific focus is on a one-arm topology, however I’ll clearly outline what’s required if you decide to use a two-arm configuration; either way by the end of the article you’ll have a working deployment… I hope!
This guide assumes you have deployed the NetScaler VPX and configured an IP address – for information on how to do this see the NetScaler Deployment Article.
AD CS : CertSrv Website “No certificate templates could be found”
Recently I deployed two Windows 2008 R2 Enterprse Subordinate Certificate Authorities, whilst these have been issuing certificates requested through Autoenrollment I noticed today that the web interface for requests wasn’t working properly using https://<caname>/certsrv. When clicking on “‘Request a certificate’, then ‘Create and submit a request to this CA” I would then get the following error message:
“No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.”
Aftering digging about it turned out that by this is resolved by using IIS Manager and changing the DefaultAppPool Identity to NetworkService from ApplicationPoolIdentity:
IIS : Windows Authentication 401.2 Unauthorised
Having deployed a couple of Certificate Authorities recently I ran into an issue with the Web interface http://<caname>/certsrv where despite entering valid credentials I was continually prompted for a username and password, and eventually a 401.2 Unauthorised error.
On further investigation it turned out that the Windows Authentication providers were the cause, chaging this from Negotiate,NTLM to NTLM,Negotaite (you could even remove the Negotiate provider) resolves this issue, click read more to see the solution.
VMWare Workstation : Using FreeNAS for Virtualised Windows Clusters
You can obtain a copy of FreeNAS from the following location: http://www.freenas.org/
Installation is simple, create a FreeBSD (not 64-bit) VM with a 2GB HDD, 1 vCPU and 1GB of memory. Download the ISO and boot from it – select option 1 to install FreeNAS to the local hard drive.
Confirm the drive you wish to install to, and the prompt to erase all data on the drive.
Wait for the installation to finish, then reboot the VM (I said it was simple!)
You’ll then be prompted to configure the NAS box, – by default FreeNAS support DHCP so if DHCP is available on your network you’ll find the FreeNAS VM already has an IP address:
To configure a static IP address:
You can now access the web interface for the FreeNAS VM using the DHCP/static IP address:
Now add your required storage to the FreeNAS VM, we’ll use this to configure the iSCSI drives which will be presented to the Windows 2008 R2 VM’s for clustering.
To be continued….
Deploying the Virtual Machine
First you’ll need to convert the OVF available for ESX using the OVF tool available here. Once installed, extract the NetScaler archiveand run the following command – changing the paths appropriately:
{code lang:css showtitle:false lines:false hidden:false}C:\Program Files\VMware\VMware OVF Tool\ovftool.exe “X:\NSVPX-ESX-9.3-52.3_nc\NSVPX-ESX-9.3-52.3_nc Folder\NSVPX-ESX-9.3-52.3_nc.ovf” “X:\NSVPX-ESX-9.3-52.3_nc\NSVPX-ESX-9.3-52.3_nc Folder\NSVPX.vmx”{/code}
The machine must have 2 vCPU’s and 2GB RAM in order to boot, so dont think about changing these as I did!
You’ll need to make one change in the VM settings; the Operating System – change this to Solaris 10 64-bit:
Power on the VM, you’ll then be prompted to configure IPv4 addressing:
When finished you’ll be able to use a browser to navigate to the NetScaler Web Interface, after login you may be prompted to install JRE 6 update 14.
The default username and password are nsroot / nsroot
Initial Setup Wizard
When you login for the first time you’ll be prompted with the setup wizard, click next to proceed:
Confirm TCP/IPv4 settings for the NetScaler and also define the Mapped IP (MIP) Address – this is the address that client connections will appear to come from on your load balanced servers that utilise the NetScaler;
Choose to skip any configuration on the next page if you are using NetScaler for Exchange 2010, your configuration may vary here:
Click finish on the summary screen to apply the configuration:
Close any other windows that popup following this wizard.
Obtain License From Citrix
Next things next you’ll need ot obtain a license from Citrix for the NetScaler;
{code lang:css showtitle:false lines:false hidden:false}shell{/code}
{code lang:css showtitle:false lines:false hidden:false}lmutil lmhostid –ether{/code}
(NOTE; remove the colon’s from the MAC address when inputting it into My Citrix!)
Installing the License
In order to utilise most of the NetScaler functions you need to import your license that you downloaded in the last step.
Browse to System > Licenses from the NetScaler Management Interface
At the bottom of the page there is a ‘Manage Licenses…’ link, click it, click Add and browse to the file you downloaded:
Finally, click ‘OK’ – you’ll be prompted to reboot, after-which your NetScaler is ready for configuration.
LANSweeper : Identify Non-standard Browsers
The following query, when copied into the report designer, will identify computers with non-standard browsers – i.e. users with browsers other than Internet Explorer. Adjust this to suit your environment, corporate standards are different everywhere.
{code lang:sql showtitle:false lines:false hidden:false}Select Top 1000000 tblComputers.ComputerName,tblComputers.ComputerUnique,tblSoftware.softwareNameAsProduct, tblComputers.Domain,tblComputers.Username
From tblSoftware
Inner Join tblComputers On tblSoftware.ComputerName=tblComputers.Computername
Inner Join web40ActiveComputers On tblComputers.Computername=web40ActiveComputers.Computername
Where tblSoftware.softwareName Like ‘%Google Chrome%’
OR tblSoftware.softwareName Like ‘%Safari%’
OR tblSoftware.softwareName Like ‘%Mozilla%’
Group By tblComputers.ComputerUnique,tblComputers.ComputerName,tblSoftware.softwareName,tblComputers.Domain,tblComputers.Username
Order By tblSoftware. softwareName{/code}