Forum Discussion
skilletz_85456
Nimbostratus
NimbostratusExchange 2010 and Mailbox Export
Hello. Just looking for feedback if anyone has experienced this issue. The Exchange 2010 'new-mailboxexportrequest' fails when a load balancer and CAS Array are in use. While not specific to an F5, this article wonderfully lays out the issue:
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/c0cb3ed8-f964-4c63-acd2-344a26088d39
These are the highlights of the article:
CAUSE If a Client Access Array has been set up, and a Cisco ACE Load Balancer is being used with SNAT (Source NAT'ing) disabled, this can cause connections to time out on the load balancer because the MRS "client" is not honoring the session that has already been established. This will result in resets being issued and will result in the timeout errors above. This is due to the Mailbox Replication Service functioning as both a "Client" and as a "Server", and the client attempts to initiate direct connections to the server instead of using the session via the load balancer.
RESOLUTION SNAT (Source NAT'ing) should be enabled on the Cisco ACE load balancer. Enabling SNAT will force the MRS "client" process to use the existing session via the load balancer.
Not that I believe MSFT, but as the result of a formal incident ticket with them we were told this was a known issue. Again, has anyone experienced this??? Just wondering how your experience was. Thanks.
3 Replies
- Hi skilletz, I hadn't heard of this. Did SNAT solve the issue for you?
We'll try and reproduce the problem and add guidance to our documentation, if necessary.
thanks
Mike - I haven't been able to reproduce this yet-can you post the verbose output from the New-MailboxExportRequest command?
Also, how did you configure the BIG-IP for Exchange? Did you use the iApp template, or configure manually using the deployment guide? 
skilletz_85456Unfortunately I am not the network person, I am the Exchange Admin, and I was just trying to do some homework on my own. I can share with you the details though.
If you look at the syntax of the new-mailboxrestorerequst, when troubleshooting, you have the option of adding the -mrsserver switch. When I run this command without that switch, this is how it looks-
COMMAND: new-mailboxrestorerequest -mailbox user@domain.com -filepath \\servername\share$
ERROR: Couldn't connect to the source mailbox.
Not a very descriptive error. Now I add in the mrsserver switch.
COMMAND: new-mailboxrestorerequest -mailbox user@domain.com -filepath \\servername\share$ -mrsserver CASNAME
ERROR: The call to 'net.tcp://casname/microsoft.exchange.mailboxreplicationservice' failed because no service was listening on the specified endpoint. Error details: Could not connect to net.tcp://casname/microsoft.exchange.mailboxreplicationservice. The connection attempt lasted for a time span of 00:00:21.0162157. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 129.220.1.1:808. --> A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 129.220.1.1:808.
NOW.....the support article I mentioned initially tells you that enabling SNAT will correct this. They have not done it yet. I was able to follow the workaround and manually update the RPC Client Access Server name on the users database FROM the CASNAME to the actual name of a CAS server.
For your lab testing, remember, this failure is specific to hardware load balancers and CAS Arrays. So maybe check that all of your CAS servers are in your CAS Array. Hope this helps. Also hoping my network team will add the SNAT config so I can report back. But per Microsoft, this is somewhat of a known issue and that article is pretty specific. Thanks.
