Exchange 2013 Transport High Availability: Shadow Redundancy

Shadow redundancy feature was introduced with Exchange Server 2010 that makes a copy of a message available if a Mailbox server crashes before messages are committed to the databases.

Image:Microsoft

The primary goal of shadow redundancy is to maintain two copies of a message while the message is in transit.

In Exchange Server 2013, this feature is improved by automatically creating a redundant copy of any message it receives before it acknowledges successful receipt to the sending Simple Mail Transfer Protocol (SMTP) server.

In Exchange Server 2013, it no longer matters if a sending server supports shadow redundancy, because now a shadow copy is automatically created every time.

By default, a shadow copy of a message is removed after two days.

How Shadow Redundancy works in DAG?

• An SMTP server connects to the Transport service on a Mailbox server where the active database of the target recipient is mounted, and it transmits a message. After the message is received, the session stays active.

• The Transport service opens a new SMTP session to a Transport service on another Mailbox server in the same DAG to create a redundant copy of the message. If the DAG spans multiple Active Directory sites, a Mailbox server in another Active Directory site is preferred by default. The copy of the message is the shadow message, and the Mailbox server that holds it is the shadow server for theprimary server. The message exists in a shadow queue on the shadow server.

• After the message is successfully transmitted to the shadow server, the server acknowledges receipt of the message to the SMTP server and closes the connection.

When Shadow Messages are Removed?

After the server successfully transmits the message to the database, the server updates the discard status of the message. A successfully delivered message does not need to be retained in a shadow queue. After the shadow server knows that the primary server has successfully transmitted the message to the next hop, the shadow server moves the shadow message from the shadow queue into the Safety Net.

How Message Recovery Works?

If a Mailbox server has an outage due to failure, each Mailbox server that has shadow messages queued for it assumes ownership of those messages. When the server comes back online, it tries to resubmit the messages. All messages are then redelivered to their destinations. This results in duplicate delivery of the messages, but Exchange Server automatically detects duplicate messages and does not add them to the database again. It only adds the messages that are not already in the database.