Exam Ref 70-342 Advanced Solutions of Microsoft Exchange Server 2013 (MCSE): Design, Configure, and Manage Site Resiliency
This section contains the solutions to the thought experiments and answers to the objective review questions in this chapter.
Objective 2.1: Thought experiment
- You can switch off three servers in the primary site or one server in the primary site and both servers in the secondary site.
- To prevent outage in the event of a non-resilient WAN failure during server maintenance, a single node can be successfully taken offline at a time. If any server in the secondary site in unavailable, you are limited to a single server in the primary site. Different combinations of answers are available based on the number of servers that are online at any given time, and the Mailbox Role Calculator is a great tool for helping you understand these numbers for a given scenario.
Objective 2.1: Review
Correct answer: C
- Incorrect: Resume-DatabaseAvailabilityGroup is not a valid cmdlet.
- Incorrect: Start-DatabaseAvailabilityGroup is used to restart the DAG in the failed site that is back online again. It is not used to reduce the DAG to just the secondary site and bring the DAG online in the event of a failure.
- Correct: The correct commands are Stop-DatabaseAvailabilityGroup followed by Restore-DatabaseAvailabilityGroup.
- Incorrect: The question says the alternative witness server has already been set so it is not needed to be set again, but if it was needed it would be set as a property of the DAG with Set-DatabaseAvailabilityGroup –AlternateWitnessServer.
Correct answer: C
- Incorrect: This answer does not meet the requirement for a failure scenario because all of the databases would go online in Madrid in the event of a site outage.
- Incorrect: This answer would result in an outage of servers or sites failing to Tokyo or San Francisco. If the failure was a network failure that isolated Madrid mailboxes, these users would come online in the other data centers and not where the users are located.
- Correct: Each user population needs a DAG that in the event of failure comes online in their nearest datacenter. If a failure occurred in any of the other answers there would be a scenario where some users’ mailboxes would come online in a site that the user could not access.
- Incorrect: This is not a valid DAG design. All servers that hold a replica of a database must be in the same DAG.
Objective 2.2: Thought experiment
- As each site with its associated DR site is geographically separate you can use the bound namespace model and bind a namespace to each region. For example, the UK region would be mail-uk.contoso.com and the US region mail-us.contoso.com. The unbound model would work (mail.contoso.com for everyone) though this would depend upon factors not described in the question. As Exchange 2013 does not have an RCP connection between servers you can connect to a CAS proxy in the primary site and successfully reach a server in the remote site. The ExternalURL in the DR site should be the same in the primary site.
- Because you have the files share witness in a third site, you can bring Exchange online in the DR site automatically. You only need to make sure that the DNS A record for the namespace points to the load balancer in the DR site. If you have a geo-load balancing solution, this would happen automatically; if not, you would need to change the IP address once for that region’s namespace.
Objective 2.2: Review
Correct answers: C and D
- Incorrect: This will create a self-signed certificate on the server that contains the servers name only and will not be trusted.
- Incorrect: This answer does not include all of the names that the certificate needs to have.
- Correct: This answer is the first part of the answer. The certificate will be used on all CAS servers and so this one certificate needs to have all of the names used by Exchange on it.
- Correct: This answer is the second part of the answer. A trusted certificate needs to be purchased and the request created in C will be used to create this certificate.
Correct answers: A, D, and F
- Correct: Using a single ExternalURL means only two names needed in the certificates. That will be mail.contoso.com and autodiscover.contoso.com.
- Incorrect: If this were done, only OWA would be available externally. Other protocols like Outlook Anywhere and Exchange Web Services would not be available externally.
- Incorrect: Each CAS server needs to be registered in DNS for management purposes, but for client connectivity you would need to add the Exchange namespace record to DNS as well.
- Correct: This answer ensures that internal users connect to Exchange via the load balancer and not directly or individually to one server via its FQDN.
- Incorrect: This will result in DNS round robin load balancing, which means removing the records manually from DNS when servers stop responding. This requires a lot of hands-on management.
- Correct: This answer ensures that external users connect to the load balancer serving the Exchange Server via the IP address that they can reach from outside of the network.
Objective 2.3: Thought experiment
- The business has a requirement to journal the invoices and receipts; they are sent through Exchange Server rather than directly using an SMTP relay. Therefore, you would need a receive connector configured, preferably on more than one server and either round robin DNS records to list the IPs of these multiple servers and use the FQDN of this A record in the CRM and sales application, or you could use a load balancer in front of Exchange with a virtual IP for TCP 25 that connects to an available Exchange Server. To ensure journaling of all email, you would create a journal rule and not use the journaling property on a mailbox database.
There are three possible ways to do this:
- Configure the application to have a username and password of an account in the Active Directory that has a mailbox and then connect to TCP port 587 to send email. This will require an authenticated connection but relay is already available on this connection.
- Create a new receive connector with Externally Secured permissions on the frontend transport service on a few CAS servers. Ensure that the RemoteIPRange parameter of the connector is set to the IP addresses of the CRM and sales application. And finally ensure that relay permissions (accept any recipient) are granted to the connector.
- Create a new receive connector with anonymous permissions on the frontend transport service on a few CAS servers. Ensure that the RemoteIPRange parameter of the connector is set to the IP addresses of the CRM and sales application. And finally ensure that relay permissions (accept any recipient) are granted to the connector.
Objective 2.3: Review
Correct answer: D
- Incorrect: SafetyNet duration is a global setting and not set per server. The value for the SafetyNetHoldTime parameter is also incorrect.
- Incorrect: SafetyNet duration is a global setting and not set per server.
- Incorrect: The value of SafetyNetHoldTime is written as a timespan value. Timespan values are Days:Hours:Minutes. This answer uses a string value and so is incorrect.
- Correct: SafetyNet duration is a global setting and not set per server or database. Therefore Set-TransportConfig is used.
Correct answers: A and B
- Correct: Authoritative domains can be included in an email address policy.
- Correct: Internal relay domains can be included in an email address policy.
- Incorrect: OpenRelay is not a valid accepted domain type.
- Incorrect: External Relay domains cannot be included in an email address policy.
Correct answers: C and E
- Incorrect: This answer would route all emails during normal working times to the wrong datacenter.
- Incorrect: This answer would distribute emails across both datacenters all the time.
- Correct: This answer adds a lower priority MX record that would only be used when the higher priority record server has gone offline.
- Incorrect: As the question covers two different organizations there is a choice of which accepted domain to include. The internal relay allows the email address of the other company to be added to email address lists and email addresses in the other domain given to users in the first domain. This is not required by the scenario and so this is not the best answer given the options.
- Correct: This answer allows for emails to be accepted by the other partner and forwarded to the first partner, queued if necessary, but without accidently opening the possibility of having an email address list with this domain listed on it.
Objective 2.4: Thought experiment
- Check the copy queue length on the passive databases. This will give you an idea of possible data loss.
- Remove the cluster nodes in the office that is out of use. You can do this using Stop-DatabaseAvailabilityGroup -ActiveDirectorySite MountainTop -ConfigurationOnly. This will not connect to the servers in the MountainTop site (as they are unreachable) but write to the local domain controller that they are out of the cluster should they ever come back online again.
- Then you would run Restore-DatabaseAvailabilityGroup to evict the nodes in the MountainTop site from the cluster and reduce the cluster node count to just the servers in the Basecamp site (that is, the other site).
- If the number of outstanding transaction logs is 12 or less, the databases will mount. If it is more than 12, you will need to issue the Mount-Database database_name command. On the databases mounting, any time window of lost logs will be requested from the SafetyNet database automatically to attempt to reduce data loss. The transport service database (mail.que) in the Basecamp site will have a copy of all the recent messages as shadow redundancy defaults to ensuring messages are shadowed to the other site the DAG is located in.
Objective 2.4: Review
Correct answer: A
- Correct: Get-ClusterNode returns the nodes in the cluster and their status with regard to being up or down.
- Incorrect: This PowerShell cmdlet is not a valid cmdlet.
- Incorrect: This PowerShell cmdlet does not contain information about the cluster nodes.
- Incorrect: This is a cmd prompt executable and not a PowerShell cmdlet. It does return the same information as the correct answer and the exe can be run in a PowerShell window, but it is not a PowerShell cmdlet as required by the question.
Correct answers: A, B, and C
- Correct: As there will be log files that have not been copied to a passive copy they cannot be truncated by backup. This is expected behavior when you have a copy queue length that exceeds 100 logs.
- Correct: This is also correct. You should have enough disk space on the server with the active copy to store enough logs to cover your largest expected network outage - which is the most likely reason for a large copy queue length.
- Correct: If you run out of disk space on the active log folder then if the active database shares that drive, you run out of disk space for the database too, which will cause the database to shutdown.
- Incorrect: The playing forward of any lagged copy happens when the lagged copy disk space runs out and not when the active copy is short on disk space.
Correct answer: D
- Incorrect: The Notify verb is used for receipts.
- Incorrect: SMTP verbs are sent from the client to the server.
- Incorrect: The SMTP server tells the SMTP client that the message has been received with a 250 response to the data termination period or the BDAT verb.
- Correct: RCPT is the recipient verb in SMTP.