July 2009 - Posts
Export/Import to PST Requirements
In order to export or import mailboxes to PST files the following requirements must be met:
- Export/Import to PST must be run from a 32 bit client machine with Exchange Management Tools installed (Version Exchange 2007 SP1 or later). The 32bit requirement comes from a dependency with the Outlook client.
- Either Outlook 2003 or Outlook 2007 must be installed on the client machine.
A before you perform this procedure, be aware of the following:
- To grant full access to a mailbox, use the Add-MailboxPermission cmdlet and specify FullAccess for the AccessRights parameter. For example, if the user Admin01 needs to import data from a .pst file to John's mailbox, you must first run the following command.
Procedure
For those familiar with the GUI interface for Exchange Server 2003 diagnostic logging the new Exchange Server 2007 diagnostic logging cmdlets might seem a little daunting at first. But with a little PowerShell understanding they become much easier to manage. Lets take a look at a few examples.
First of all the two shell cmdlets we are going to use are Get-EventLogLevel and Set-EventLogLevel. Each does what the name suggests, and can be combined to manage multiple diagnostic logging items quickly and easily. The -Level parameter of each cmdlet determines what level of diagnostic logging is displayed. The levels you can choose are 0 (Lowest), 1 (Low), 3 (Medium), 5 (High), and 7 (Expert). Usually level 5 (High) is adequate but sometimes you will want level 7 (Expert). The default level is 0 (Lowest) and should always be reset once your troubleshooting is complete.
more of this in this link
http://www.capslockassassin.com/2009/02/23/managing-diagnostic-logging-with-exchange-server-2007/
this article will outline how to migrate WSUS 3.0 to a new server using a local SQL Express instance and without downloading all of the updates again.
http://www.capslockassassin.com/2008/09/22/how-to-move-wsus-30-to-a-new-server/comment-page-1/#comment-903
-
Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options
- On the Edit menu, point to New, and then click DWORD Value.
- Type DumpsterAlwaysOn, and then press ENTER.
- Double-click DumpsterAlwaysOn.
- Type 1 in the Value data area, click Decimal in the Base area, and then click OK.
- Close Registry Editor.
- Restart Outlook.
RPC over HTTPS: Server Configuration
Required Components Setup
Install the "RPC over HTTP Proxy" on the server that is hosting the public facing web site. If this is a front-end/back-end then it is the front-end server. If if it a single server, then it will be the Exchange server.
You will find RPC Proxy in Add/remove Programs --> Add/Remove Windows Components --> Networking Services
Configure SSL and Certificate
if you have a web certificate you can contniue if not create a web certificate http://blogs.microsoft.co.il/blogs/dand/archive/2009/07/19/enabling-owa-2003-ssl-using-your-own-certificate-authority.aspx
On some installation you should also look at IIS Manager settings for the rpc virtual directory. The process is similar to that of setting up the exchange virtual directory for Outlook Web Access.
Exchange Server Registry Changes
Single Server Configuration
Exchange Server is also the domain controller
The domain controller needs to be a Global Catalog Server, but only requires one entry.
That key is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004
or you can download this file rpc-http-dc.txt and change it to rpc-http-dc.reg
Than add this key:
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
Key:ValidPorts
Key:
server = domain controller/exchange server
domain.local = internal domain name
mail.external.com - external domain name - then change "domain.local" to match your domain.
or you can download this file rpc-proxy.txt edit the file to match you exchange server and change it to rpc-porxy.reg
You need reboot the server
Front-End / Back-end Server Configuration
Where there are two Exchange servers and a separate domain controller.Key:
server-fe = Front-end Exchange Server
server-be = Back-end Exchange Server
server-dc = Domain Controller with Global Catalog
domain.local = Internal domain name
mail.external.com = External certificate/domain name
or you can download this file rpc-http-porxy-fornt.txt. edit the file to match you exchange server and change it to rpc-porxy-front.reg
Testing the port configuration
do a telnet chack to port 6001, 6002, 6004
telnet localhost 6001
telnet localhost 6002
telnet localhost 6004
if the telnet is not connecting to one of this port check the reg key again,
the most populer problem is with the port 6004 so run this rpc-http-dc.txt (change the name to rpc-http-dc.reg) and reboot the server
Test the System from Outside using Microsoft's Test Site
Microsoft have created a test site for Exchange features. use a test account with it.
https://testexchangeconnectivity.com
Create a Microsoft Office Outlook 2003 Profile for your users to use with RPC over HTTPS
Next, we must configure the Microsoft Outlook 2003 Profile to use RPC over HTTPS.
Navigate to the Control Panel in your Windows XP Professional Workstation and click the Mail icon. Add a new Mail profile or modify an existing Profile. Navigate to the Connection Tab and check the Checkbox Connect to my Exchange mailbox using HTTP and then click the Exchange Proxy Settings Button.
Figure 7: Enable RPC Proxy Settings
Enter your Server Information, similar to Figure 8.
Figure 8: Exchange Proxy Settings
Test the Connection
After enabling the RPC Proxy settings, your Outlook connection to the Exchange Server should be established successfully. The question is now: How to determine that it is an RPC over HTTPS connection?
The answer is simple. Right click the Outlook icon in the taskbar while you are holding the CTRL Key. The Context menu opens and now you have the option to see the Exchange Server Connection Status.
Figure 9: Test the RPC over HTTPS connection
Congratulations! You have successfully enabled your Exchange Server 2003 / Microsoft Outlook 2003 environment to use the RPC over HTTPS feature.
create a port channel using the following commands:
s3(config)#int port-channel1
s3(config-if)#description NIC team for ESX server
s3(config-if)#int gi0/23
s3(config-if)#channel-group 1 mode on
s3(config-if)#int gi0/24
s3(config-if)#channel-group 1 mode on
show etherchannel load-balance
This will report the current load balancing algorithm in use by the switch
To set the switch load-balancing algorithm, use one of the following commands in global configuration mode:
port-channel load-balance src-dst-ip (to enable IP-based load balancing)
port-channel load-balance src-mac (to enable MAC-based load balancing)
To configure the VLAN trunking, use the following commands on the physical switch:
s3(config)#int port-channel1
s3(config-if)#switchport trunk encapsulation dot1q
s3(config-if)#switchport trunk allowed vlan all
s3(config-if)#switchport mode trunk
s3(config-if)#switchport trunk native vlan 4094
This configures the NIC team (port-channel1, as created earlier) as a 802.1q VLAN trunk. You then need to repeat this process for the member ports in the NIC team:
s3(config)#int gi0/23
s3(config-if)#switchport trunk encapsulation dot1q
s3(config-if)#switchport trunk allowed vlan all
s3(config-if)#switchport mode trunk
s3(config-if)#switchport trunk native vlan 4094
s3(config-if)#int gi0/24
s3(config-if)#switchport trunk encapsulation dot1q
s3(config-if)#switchport trunk allowed vlan all
s3(config-if)#switchport mode trunk
s3(config-if)#switchport trunk native vlan 4094
If you haven’t already created VLAN 4094, you’ll need to do that as well:
s3(config)#int vlan 4094
s3(config-if)#no ip address
more of this in this link
http://blog.scottlowe.org/2006/12/04/esx-server-nic-teaming-and-vlan-trunking/
To install the CA component, do the following:
- Click Start > Control Panel > Add or Remove Programs
- Select Add/Remove Windows Components
- Put a checkmark in Certificate Services
Below screen will popup as a warning, just click Yes > then Next
We now have to select what type of CA to use, choose Enterprise root CA and click Next
In the following screen we have to fill out the Common name for our CA, which in this article is mail.testdomain.com.
Leave the other fields untouched and click Next >
We now have the option of specifying an alternate location for the certificate database, database log, and configuration information. In this article we will use the defaults, which in most cases should be just fine.
Now click Next >
The Certificate Service component will be installed, when it’s completed, click Finish
Creating the Certificate Request
Now that we have installed the Certificate Services component, it’s time to create the Certificate Request for our Default Website. We should therefore do the following:
- Click Start > Administrative Tools > Internet Information Services (IIS) Manager
- Expand Websites > Right-click Default Website then select Properties
- Now hit the Directory Security tab
- Under Secure Communications click Server Certificate…
As we’re going to create a new certificate, leave the first option selected and click Next >
Because we’re using our own CA, select Prepare the request now, but send it later, then click Next >
Type a descriptive name for the Certificate and click Next >
We now need to enter our organization name and the organizational unit (which should be pretty self-explanatory), then click Next >
In the next screen we need to pay extra attention, as the common name reflects the external FQDN (Fully Qualified Domain Name), to spell it out, this is the address external users have to type in their browsers in order to access OWA from the Internet.
Note: As many (especially small to midsized) companies don’t publish their Exchange servers directly to the Internet, but instead runs the Exchange server on a private IP address, they let their ISP’s handle their external DNS settings. In most cases the ISP creates a so called A record named mail.domain.com pointing to the company’s public IP address, which then forwards the appropriate port (443) to the Exchange servers internal IP address.
When your have entered a Common Name click Next >
Now it’s time to specify the Country/Region, State/Province and City/locality, this shouldn’t need any further explanation, when you have filled out each field, click Next >
In the below screen we have to enter the name of the certificate request we’re creating, the default is just fine, click Next >
In this screen we can see all the information we filled in during the previous IIS Certificate Wizard screens, if you should have made a mistake, this is your last chance to correct it. If everything looks fine click Next >
And finally we can click Finish.
Getting the Pending Request accepted by our Certificate Authority
Now that we have a pending Certificate Request, we need to have it accepted by our CA, which is done the following way:
- On the server open Internet Explorer
- Type http://server/certsrv
Note: In order to access the Certsvr virtual folder, you may be prompted to enter a valid username/password, if this is the case use the Administrator account. When you have been validated the Windows 2003 Server will most probably block the content of the CertSrv virtual folder, which means you wil have to add it to your trusted sites in order to continue.
Now that you’re welcomed by the Certificate Services, select Request a Certificate
Click advanced certificate request
Under Advanced Certificate Request click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file
Now we need to insert the content of the certreq.txt file we created earlier, you can do this by clicking the Browse for a file to insert or by opening the certreq.txt file in notepad, then copy/paste the content as shown in the screen below, then click Submit >
Now select Base 64 encoded then click Download certificate
Click Save
Choose to save the certnew.cer on the C: drive > then click Save
Close the Microsoft Certificate Services IE window.
Appending the Certificate to the Default Website
Okay it’s time to append the approved Certificate to our Default Website, to accomplish this we need to do the following:
- Click Start > Administrative Tools > Internet Information Services (IIS) Manager
- Expand Websites > Right-click Default Website then select Properties
- Now select the Directory Security tab
- Under Secure Communications click Server Certificate… > then Next
Select Process the pending request and install the certificate > click Next >
Unless you have any specific requirements to what port SSL should run at, leave the default (443) untouched, then click Next >
You will now see a summary of the Certificate, again if you should have made any mistakes during the previous wizard screens, this is the final chance to correct them, otherwise just click Next >
The Certificate has now been successfully installed and you can click Finish
Enabling SSL on the Default Website
We have now appended the Certificate to our Default Website, but before the data transmitted between the clients and the server is encrypted, we need to click the Edit… button under Secure Communications.
Here we should put a checkmark in Require Secure Channel (SSL) and Require 128-bit encryption just like below:
Now click OK.
Testing our SSL enabled Default Website
Now that we have gone through all the configuration steps necessary to enable SSL on our Default Website, it’s time to test if our configuration actually works.
From the server (or a client) open Internet Explorer, then type:
http://exchange_server/exchange
You should get a screen similar to the one shown below:
This is absolutely fine, as we shouldn’t be allowed to access the Default Website (and any virtual folders below) through an unsecure connection. Instead we should make a secure connetion which is done by typing https, therefore type below URL instead:
https://exchange_server/exchange
The following box should appear:
Note: You may have noticed the yellow warning sign, this informs us The name on the security certificate is invalid or does not match the name of the site. Don’t worry there’s nothing wrong with this, the reason why it appears is because we aren’t accessing OWA through the common name, which we specified when the certificate was created. When you access OWA from an external client through mail.testdomain.com/exchange, this warning will disappear.
Click Yes
You will now be prompted for a valid username/password in order to enter your mailbox, for testing purposes just use the administrator account, like shown below:
Now click OK
We should now see the Administrator mailbox.
Notice the yellow padlock in the lower right corner, a locked padlock indicates a secure connection, which means OWA now uses SSL.
SYMPTOMS
When you view the Microsoft Office Outlook 2007 policy settings in the Group Pol...
When you view the Microsoft Office Outlook 2007 policy settings in the Group Policy Object Editor, you only see the following policy setting that is related to RPC/HTTP:
Configure Outlook Anywhere user interface options
However, this policy setting only configures whether the dialog box for configuring Outlook Anywhere settings is available to the user.
CAUSE
This issue occurs because the Outlook Anywhere policy settings are not included...
This issue occurs because the Outlook Anywhere policy settings are not included in the Group Policy template file (Outlk12.adm).
RESOLUTION
To resolve this issue, follow these steps: Install the 2007 Microsoft Office sui...
To resolve this issue, follow these steps:
- Install the 2007 Microsoft Office suite Service Pack 1. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
936982 (http://support.microsoft.com/kb/936982/ ) Description of the 2007 Microsoft Office suite Service Pack 1.
- Install Hotfix 941275. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
941275 (http://support.microsoft.com/kb/941275/ ) Description of the Outlook 2007 post-Service Pack 1 hotfix package: January 28, 2008
Note We recommend that you install hotfix 950282 because of a regression in hotfix 941275. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
950282 (http://support.microsoft.com/kb/950282 / ) Description of the Office Outlook 2007 hotfix package: March 20, 2008
- The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download the Article-961112.adm package now. (http://download.microsoft.com/download/F/B/C/FBC43645-89EA-4FB4-828C-DFE27C360233/article-961112.adm)
- In the Group Policy Object Editor add the Article-961112.adm file:
- Right-click Administrative Templates and click Add/Remove Templates.
- In the Add/Remove Templates dialog box click Add.
- In the Policy Templates dialog box locate and select the Article-961112.adm file. Click Open.
- Click Close in the Add/Remove Templates dialog box.
- Under User Configuration in Administrative Templates expand the policy node labeled Article 961112 Policy Settings.
- Select the Outlook Anywhere (RPC/HTTP) node to list the following policies under the Setting column in the right-pane:
- RPC/HTTP Connection Flags
- Proxy Server Name
- Only Connect if Proxy Server certificate has this principal name
- Proxy authentication Setting
- Double-click each policy to configure the appropriate RPC/HTTP setting for your Outlook clients
Remove-RoutingGroupConnector -Identity "Exchange Administrative Group (FYDIBOHF23SPDLT)\Exchange Routing Group (DWBGZMFD01QNBJR)\Interop RGC" -DomainController dc.contoso.com
Scenario: You’ve created a new user (or any Exchange recipient that should show up in Exchange Address Books/GAL), but the recipient does not show up in the GAL in Outlook
In Exchange Server 2007, the OAB can be updated using the following command from the shell:
Update-OfflineAddressBook "Name of Address Book"
To update all OABs:
Get-OfflineAddressBook | Update-OfflineAddressBook
- On the client go to Outlook 2003/2007 | Tools | Send/Receive | Download Address Book….
- Uncheck Download changes since last Send/Receive
- Make sure Download Full Details is checked
- Click OK, wait for the download to complete (depending on your bandwidth and size of OAL, this may be close to instant, or it may take a few minutes)
- Check if the user appears in the GAL
Modify the OAB generation schedule: The OAB update interval can be modified to have Exchange update it more frequently, depending on your environment.
Alternatively, you can wait till after Exchange has updated the OAB.
more about this problem in this links
http://blogs.msdn.com/dgoldman/archive/2007/03/08/how-to-use-oabinteg-s-oabfldcheck-and-proxytest-to-find-oab-issues.aspx
http://blogs.msdn.com/dgoldman/archive/2006/06/19/636996.aspx
Users who use Microsoft Office Outlook 2003 cannot publish their free/busy data in Microsoft Exchange Server 2007
When you run the Outlook /cleanfreebusy command, you receive the following error message:
Unable to clean your freebusy information
This behavior can occur in the following scenarios.
Scenario 1
Users have mailboxes in an Exchange Server 2007 environment that does not include other versions of Exchange Server.
Scenario 2
Users were migrated from Microsoft Exchange 2000 Server or from Exchange Server 2003 to Exchange Server 2007.
After this migration, all Exchange 2000 Server or Exchange Server 2003 installations in the organization were decommissioned.
This problem occurs because the Exchange 2007 Server public folder database is m...
This problem occurs because the Exchange 2007 Server public folder database is missing the following replicas.
Scenario 1 cause
The "Schedule+ Free/Busy" system folder replica is missing.
Scenario 2 cause
- The "Schedule+ Free/Busy" system folder replica is missing on the servers that were running Exchange Server 2003.
- The Exchange 2000 Server Administrative Group replica is missing.
RESOLUTION
To resolve this problem, follow the steps that are appropriate for your situatio...
To resolve this problem, follow the steps that are appropriate for your situation.
Scenario 1 resolution
- In the Exchange Management Shell, run the following command:
get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" -Recurse |fl
- Verify that the replica object for SCHEDULE+ FREE BUSY exists in the administrative group. In the following example, the administrative group (EX:/o=ORG NAME/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)) has no replica object for SCHEDULE+ FREE BUSY. Therefore, users cannot see SCHEDULE+ FREE BUSY data when they view details for the free/busy data folder.
For example, free/busy data may appear as follows.
Name : EX:/o=ORG NAME/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)
ParentPath : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY
Replicas : {}
- In the Exchange Management Shell, run the following command:
set-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=ORG NAME/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" -replicas "Server\Second Storage Group\Public Folder Database"
Note This command syntax assumes that the Exchange Server 2007 public folder database is in the default location under the second storage group.
- Verify that the legacy administrative group now has a replica object. In the following example, the free/busy data shows a replica object.
get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" -Recurse |fl
Name : EX:/o=ORG NAME/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)
ParentPath : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY
Replicas : {Public Folder Database}
Scenario 2 resolution
- In the Exchange Management Shell, run the following command:
get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" -Recurse |fl
- Verify that the replica object for SCHEDULE+ FREE BUSY exists in the legacy administrative groups. In the following example, the legacy administrative group (EX:/o=ORG NAME/ou=Legacy Administrative Group) has no replica object for SCHEDULE+ FREE BUSY. Therefore, users who were migrated from the legacy administrative groups cannot see SCHEDULE+ FREE BUSY data when they view details for the free/busy data folder. For example, free/busy data may appear as follows.
Name : EX:/o=ORG NAME/ou=Legacy Administrative Group
ParentPath : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY
Replicas : {}
- In the Exchange Management Shell, run the following command:
set-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=ORG NAME/ou=Legacy Administrative Group" -replicas "Server\Second Storage Group\Public Folder Database"
Note This command syntax assumes that the Exchange Server 2007 public folder database is in the default location under the second storage group.
- Verify that the legacy administrative group now has a replica object. In the following example, the free/busy data shows a replica object.
get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" -Recurse |fl
Name : EX:/o=ORG NAME/ou=Legacy Administrative Group
ParentPath : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY
Replicas : {Public Folder Database}
The free/busy data no longer shows hash marks for users who were migrated from legacy administrative groups to Exchange Server 2007.
Note All users whose free/busy data is not populated must accept or decline a meeting request to populate the free/busy data.
MORE INFORMATION
You must not delete any Exchange Server 2003 legacy administrative groups that c...
You must not delete any Exchange Server 2003 legacy administrative groups that contained mailboxes at any point in time. The
legacyExchangeDN attribute for each user still references the old administrative groups. As long as clients are using versions of Outlook before Outlook 2007, the
legacyExchangeDN attributes are used to find the free/busy data. If the administrative group no longer exists, we can no longer guarantee that the free/busy data folder will exist for users who have the matching
legacyExchangeDN attribute. These users might have problems finding or publishing free/busy information. Additionally,
legacyExchangeDN attributes are used when Exchange Server 2007 uses the Outlook client to delegate access to folders.
Customer Benefits
Key new features of Exchange Server 2007 SP2 unveiled today include:
- Enhanced Auditing - New Exchange auditing events and audit log repository enable Exchange administrators to more easily audit the activities occurring on their Exchange servers. It allows the right balance of granularity, performance, and easy access to audited events via a dedicated audit log repository. This simplifies the auditing process and makes review of audited events easier by segregating audited events in a dedicated location.
- Exchange Volume Snapshot Backup Functionality - A new backup plug-in has been added to the product that will enable customers to create Exchange backups when a backup is invoked through the Windows Server 2008 Backup tool. Exchange Server 2007 didn't have this capability on Windows Server 2008 and additional solutions were required to perform this task.
- Dynamic Active Directory Schema Update and Validation - The dynamic AD schema update and validation feature allows for future schema updates to be dynamic deployed as well as proactively preventing conflicts whenever a new property is added to the AD schema. Once this capability is deployed it will enable easier management of future schema updates and will prevent support issues when adding properties that don't exist in the AD schema.
- Public Folder Quota Management - SP2 enables a consistent way to manage quotas by improving the current PowerShell cmdlets to perform quota management tasks.
- Centralized Organizational Settings - SP2 introduces new PowerShell option that enable centralized management of many of the Exchange organization settings.
- Named Properties cmdlets - SP2 enables Exchange administrators to monitor their named property usage per database.
- New User Interface for Managing Diagnostic Logging- SP2 enables Exchange administrators to easily configure and manage diagnostic logging from within the Exchange Management Console.
after moving the Cluster resource to other NODE all the resource are online except The System Attendant service failed to bring Online
after run failover validation check you see that there is a mismtach in windows update between the node
installing the same windows updates in both of the NODE and restart the servers resolving the problem and the System Attendant service bring online
Forcing quorum is a manual process that requires the following steps
Stop the cluster service ON ALL of the remaining nodes using cluster administrator.
The cluster service must be told which nodes should be considered as having quorum. This can be done in one of two ways:
Setup ForceQuorum registry key ON ALL remaining nodes in the cluster under
HKLM\SYSTEM\CurrentControlSet\Services\ClusSvc\Parameters\ForceQuorum
This is a REG_SZ key that should be setup to contain a comma separated list of the names of the nodes that are to have quorum. The key is case insensitive. So, in the above example, if the secondary site contains "Node5", "Node6" and "Node7", then the ForceQuorum registry key should be setup as
"Node5,Node6,Node7"
NOTE
|
| There should be no spaces in the key (except where there are spaces in the node names themselves). |
Once the registry keys are set on all nodes, the cluster service can be started on those nodes.
Setup the cluster service startup parameters ON ALL remaining nodes in the cluster. This is done by starting up the services control panel, selecting the cluster service and entering the following into the "start parameters" option:
/forcequorum <node list>
In the above example, if the secondary site contains "Node5", "Node6" and "Node7", then the cluster service start parameter should be set to:
/forcequorum Node5,Node6,Node7
The cluster service MUST be started by clicking the START button on the service control panel, you must not hit OK or Apply first as this does not preserve the parameters.
NOTE
| |
| Any command line parameters over-ride the registry setting, however, the command line parameters do NOT persist a reboot, and therefore, setting the registry key is the preferred mechanism for forcing quorum. |
The cluster service will now start up on those nodes that are considered part of the quorum set and resources will be brought online.
Special care must be taken if and when the primary site comes back since the nodes are configured as part of the cluster.
Do NOT reboot the cluster nodes at the primary site
Stop the cluster service ON ALL of the cluster nodes
Remove the registry key setting or the cluster service startup parameters set to force quorum
Startup the cluster service on all of the nodes at the secondary site
Boot the nodes at the primary site
NOTE
| |
| The cluster service on all nodes NOT in the force quorum node list must remain stopped until the force quorum information is removed. Failure to do so can lead to data inconsistencies OR data corruption. |
While a cluster is running in the force quorum state, it is fully functional. For example, nodes can be added or removed from the cluster; new resources, groups etc. can be defined.
The only problem I could not get the above commands to work on a 64-bit Windows Server 2003 R2, Enterprise Edition SP2 machine. I most got invalid syntax.
Here is what to do:
1. We shutdown one of the nodes, a true power off. We will call this the passive node.
2. We added the following value to this registry key on the surviving node (active node):
HKLM/System/CurrentControlSet/Services/Clussvc/Parameters
Value: ForceQuorum
Type: REG_SZ
Data: nodenamea
3. Replace nomenamea with the machines name, such as exch2007nodea - where this is the node that is currently running.
4. We attempted to start the cluster service on the active- surviving node and it started.
5. We then stopped the cluster service on the active - surviving node and added nodenameb to the ForceQuorum data value on the surviving node.
6. We restarted the powered off (passive) machine.
7. We then started the cluster service on the active node and it started. The registry with the ForceQuorum containing both node names.
8. We attempted to start the cluster service on passive (with no parameters or registry changes) and it started.
9. We verified that the Cluster group resources were online.
10. Undo the registry changes by deleting the ForceQuorum key from the Active node.
Exchange Server 2007 System Attendant fails to come online within a CCR/SCC cluster
After the cluster was up and running, the Exchange SA was not. Looking in the Application event log and we were getting the following errors with regards to the Exchange SA failing to start:
Event ID 1011, 1030, 1003, and 1019 errors.
We found that a bug exists where the Exchange SA times out after 40 seconds when the default of 180 seconds is used for the resource.
We changed the value to 179 and the Exchange SA resource came online. This is scheduled to be fixed in SP1. This bug was confirmed for SCC & CCR Exchange Server 2007 Clusters.
More Posts
Next page »