I already wrote about Edge role in Microsoft Exchange environment, and if you can – I would suggest you implement it in your environment, it is not mandatory, but it is very useful. It is only component in the whole Exchange 2019 series we haven’t made highly available (yet). In this guide, we are going to configure additional Edge role, so that we have completely highly available Exchange server.
Before we begin
There are many ways and through which you can achieve High Availability, and they depend on multiple factors…
Your servers are in same datacenter, in different datacenters, you have one public IP, multiple public IPs…
For this guide, I’m going to go with one datacenter and two public IPs scenario.
In case you have one public IP address, you can use load balancer for example, to achieve high availability.
Prerequisites
Prepare another Edge VM, you can go through my previous guide which covered installation of Edge role. Follow the guide through installation section – if you need certificates on your Edge role, you can also read certificates section, but hold off the coniguration section.
My LAB setup:
Mailbox role
I have two mailbox role servers which form DAG in local LAN.
SBEx1 – 10.0.0.36
SBEX3 – 10.0.0.37
These two machines are part of the domain which is informatiker.local
DC1 – 10.0.0.31
Edge role
Edge role server is in DMZ. DMZ communicates only through necessary ports with LAN (check edge installation guide for more info).
edge – 192.168.50.3
We are going to add new machine which will be named edge2
edge2 – 192.168.50.9
Installation and preparation process is the same as for edge machine.
Machines are not part of the domain.
Public DNS/WAN/Firewall
Since I have two public IPs – let’s say these are xxx.xxx.xxx.12 and xxx.xxx.xxx.13
I will NAT public IP xxx.xxx.xxx.12 to edge machine on 192.168.50.3
I will NAT public IP xxx.xxx.xxx.13 to edge2 machine on 192.168.50.9
Public IP xxx.xxx.xxx.12 will have A record mail.informaticar.net
Public IP xxx.xxx.xxx.13 will have A record mail1.informaticar.net
MX record mail.informaticar.net will have weight of 10
MX record mail1.informaticar.net will have weight of 20
Firewall
If you have specific and strict firewall rules like I have, make sure you also open appropriate ports towards edge2 server (192.168.50.9). I let only necessary ports from LAN to edge role server. After I created edge2 role server, I also set same ports from LAN to edge2 machine (otherwise, if you forget rules, you can get various issues while trying to rely only on edge2 server, 550 5.7.54 is one of them). If you let these ports flow in general (not to specific machine) from LAN to DMZ and vice versa – you don’t have to do anything.
Configuration
If you already have one edge server in place, you don’t have to do anything on it.
Let’s head to new edge2 role server. I assume you already installed it and did all the preparation work.
We need to creae Edge Subscripotion file on edge2 server. Start Exchange Management Shell as admin and type in
New-EdgeSubscription -Filename "c:\temp\edge2.xml"
Next step is to copy that create edge2.xml file from edge role server to mailbox server.
On mailbox server run Exchange Management Shell and type in following (change Default-First-Site-Name for your site name).
New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\temp\edge2.xml" -Encoding Byte -ReadCount 0)) -Site "Default-First-Site-Name"
After this step if we check inside Exchange Admin Center
So, that should really be it.
Testing
If you done Public DNS and NAT on your router properly, you can proceed to testing phase.
Test is simple, shutdown one edge role and then send email to your mail server from outside world.
I will first shutdown edge2 role server (both mailbox role servers are up)
Ok, it works, mailflow is still intact
Let’s now test by powering up edge2 server and shutting down edge server. This test will be more interesting since edge server holds “main” MX record mail.informaticar.net
If everyhing is set ok, outside server should recognize that mail.informaticar.net server is down (it has weight of 10) and then it should try another MX – mail1.informaticar.net (which has weight of 20).
It works!
I was also able to send emails from my domain to the world – workflow works fine.
I also tested other scenarios – I tried to test each edge role server with one of the mailbox servers also down – everything worked fine, all services were available (I have DAG in place, IIS ARR, look other articles on my blog on this topic).
So, this receipt works great.
If you wish to test all the aspects of this setup, you can check with tools such as MXtoolbox or Microsoft Remote Connectivity Analyzer.
Conclusion
I shown you one, simple scenario how to make your edge role on Exchange highly available. There are numerous other ways and configurations you can apply, or you can simply follow mine.