Deployment takes over 4 hours, rather than advertised approx 90 mins?

[quietarcade]

Hi there,

Not sure if this is the right way to contact the dev's of this template but figured I would try here anyway.

I'm trying to setup a basic, default install using this template. I am keeping all the parameters as default (except the mandatory ones) but it takes over 4 hours for the deployment to complete. It seems the ExchangeStack is taking the longest time (over 2 hours). On the quickstart page it says it should take around 90 minutes so I feel I am maybe missing something.

I wonder if maybe I need to change any parameters to be able to speed this up or if you have any other advice?

Thanks in advance.

[dragos-madarasan]

Hi @dyleroo , thanks for getting in touch.
The deployment time has historically increased because Exchange 2016/2019 and the cumulative updates keep getting bigger so take more time to deploy.

A big factor in the deployment time will be the instance type/size, the larger they are the shorter the installation time (you can re-size after installation). Deploying Edge nodes would also slightly increase the deployment time.

What instance type are you using?

[quietarcade]

Hi @dragos-madarasan thanks for the reply. I am using the following: 2x t3.large (DomainController), t3.small (Fileserver), m5.large (RDGW), 2x m5.xlarge (ExchangeNodes). If you can make any recommendations on the smallest types I could use to speed up the process that would be great.

Edit: Also if you could advise how I can connect to the Exchange Nodes so I can run configuration I would appreciate it.

[dragos-madarasan]

Try going with larger m5s for the Exchange nodes, such as m5.2xlarge or m5.4xlarge. The installation is CPU intensive so going with c5 instances might also help.

I also test the deployment using m5.xlarge for the domain controllers, as the Exchange stack needs to wait out until the second domain controller is up.

I'm on vacation until early August, but I'll check what average installation times we have in our test pipelines.

if you could advise how I can connect to the Exchange Nodes so I can run configuration I would appreciate it

Connect to the Remote desktop gateway (which has a public IP) and from there jump to the Exchange nodes via their hostname/private IP. Make sure the security groups allow port 3389 traffic.

[quietarcade]

Hi @dragos-madarasan thanks for the info.

I am unable to change the nodes to c5 as they aren't an option. I will just leave my deployment running when i can to save spinning up and down.

Am I able to edit the security group inbound rules before or during deployment, like in the template? I need to open ICMP traffic.

[dragos-madarasan]

Generally you would edit the security group rules after the deployment is finished. The Exchange nodes have 3 security groups associated, designed as following:

• EXCHClientSecurityGroup is meant to allow traffic to Exchange related ports like SMTP, POP or IMAP
• ExchangeSecurityGroup should be attached to Exchange nodes only and allows all traffic
• DomainMemberSGID allowing Active Directory related traffic to flow, including port 3389 (RDP)

I would suggest adding the inbound rule allowing ICMP in the DomainMember security group, since it gets created as part of the Active Directory stack, before the Exchange template kick-offs.

[quietarcade]

Hey @dragos-madarasan thanks again for your support. I was able to change the security group rules. I have a further question. As i am trying to work with the Exchange server only, is there any way I can just connect to it directly (like assigning it a public ip), rather than going through the RDGW and then through the DC? If not can you give more detail on how I would jump from the RDGW straight to the Exchange node?

Alternatively is it even possible to modify the template to reduce the node numbers to just one rather than two? I am only interested in testing configuration on an Exchange node directly via running scripts on it. This architecture is a bit complex for what I need but it is the only working template or guide for Exchange on AWS that I have found.

Apologies for the questions, I appreciate your help!

[dragos-madarasan]

You can jump from the RDGW directly to the Exchanges node as long as traffic is allowed. If a PowerShell interface is what you need, you can also use Session Manager and bypass RDGW.

Currently the template deploys 2 (or 3) mailbox nodes to provide high availability/redundancy. I will flag this request and look at the feasibility of implementing a simple 1 node (dev) setup. The alternative is for you to fork this repo and remove the extras node(s).

[quietarcade]

Thanks again @dragos-madarasan for the help.

Unfortunately session manager won’t work for me as I am trying to spin up the architecture and open the connection and make config changes on the exchange node via an automated script. I need to be able to winrm the RDGW then connect via powershell to run exchange config cmdlets.

Also having a 1 node setup would be awesome, would save on resource costs and deployment time!

Edit: I think I have been able to successfully connect. One node setup would be a great addition and would benefit my setup loads!

[quietarcade]

Hi @dragos-madarasan sorry for reopening but this is the best way of communicating. Could you advise on how I can modify this repo to allow for a one node setup? I have been working with this template for a while now but the length of time and resource cost is a lot for what I need.

Do I just remove any mention of the second nodes in the exchange-master.template file?

[dragos-madarasan]

I have reviewed the template and switching to a single node deployment will require significant rewrite as most operations assume you deploy 2 nodes (if not 3). I'm closing this and leaving #36 open.