Messaging Gateway

  • Private Community
 View Only

  • 1.  Exchange 2010 SP1 hosting mode issues with version 9

    Posted Feb 27, 2011 12:06 PM
    We feel like we have known the answer to this for some time, but we're getting sick of the errors. It would appear because of the way that Exchange 2010 SP1 handles "domains" it causes invalid errors related to directory integrity in AD. Specifically "A directory data integrity error has occurred. An email address is associated with more than one directory entry." I say "domains" in quotes because the hosted Exchange mode in 2010 SP1 simulates domains basically. Is this configuration not fully compatible with Exchange 2010 SP1 and BMG 9? We've been using 2010 SP1 since beta, along with using the BMG appliance for over 8 months. We've had no problems with it, but we constantly get these errors. If it is what I think, are there any plans to fix this?


  • 2.  RE: Exchange 2010 SP1 hosting mode issues with version 9

    Broadcom Employee
    Posted Feb 27, 2011 02:36 PM
    It sounds like you have two DDS sources with the same information. This is a problem for services like Routing. You can only use recipient validation on the redundant ldap servers. http://www.symantec.com/docs/TECH123920


  • 3.  RE: Exchange 2010 SP1 hosting mode issues with version 9

    Posted Feb 28, 2011 09:52 AM
    It would be useful if the articles and posts about this issue explained why, as it doesn't make sense until you think about an organization with multiple domains, and multiple mail systems. Once you realize that, you understand why you can't have multiple directory lookups on the same domain. That said, it seems really odd you can't define a domain, and at least one backup DC within that entry. This makes the BMG the single point of failure if your DC dies, which isn't really ideal. I understand that with one BMG, it is a single point of failure, so the answer would obviously be to have multiple BMGs and different DCs defined in each one, but we're not at that point yet size wise.


  • 4.  RE: Exchange 2010 SP1 hosting mode issues with version 9

    Posted Feb 28, 2011 12:09 PM

    You could use a load balancer.  You should also have in your internal DNS a MS created entry e.g. <domain>.com  that rerturns the list of DCs in your environment.  You should be able to use that DNS entry and round-robin across each of your DNS servers.   If not, create a custom internal DNS entry with a subset of your DCs that are "near" your SBG boxes.  If your scanners have a FW between them and the LDAP sources, this will simplfy your FW rules.