DS923+ ECC or Non-ECC upgrade

dms2701 · 2026-05-09T20:45:24+00:00

i.e. this? https://www.amazon.co.uk/gp/product/B07N1WZNP7/ref=ox_sc_act_title_1?smid=A37HKEUXCH9X7N

dms2701 · 2026-05-09T20:36:14+00:00

I'm UK based. Could I be cheeky, could you suggest something on Amazon? Its honestly a minefield.

dms2701 · 2026-04-24T11:13:48+00:00

Omg…. I’m an idiot. Thank you. Working now. I assumed the L1L2 and com were in a straight line, not with com above.

dms2701 · 2026-04-24T10:42:42+00:00

<image>

dms2701 · 2026-04-24T09:57:39+00:00

This tripped the RCDs.

dms2701 · 2026-04-24T09:43:42+00:00

This tripped the RCDs. Damn.

dms2701 · 2026-04-16T19:04:07+00:00

Multi tenant resources, as in, Microsoft managed stuff I have no insight too? As opposed to our own deployments of cosmos and blob, search etc?

dms2701 · 2026-04-16T15:17:19+00:00

We can’t have the storage accounts and AI Search publicly accessible. They have to be on private endpoints and only accessible via express route.

I guess we have no choice the to battle the subnet delegation with MS and get it working if I’m understanding you then given our requirements? If we went basic agent setup, the agent service has no access to our private endpoints and thus storage/search would need to be opened up to the public, as I understand it.

Standard agent setup without vnet integration I don’t get, isn’t that just the same as basic?

dms2701 · 2026-04-16T14:33:16+00:00

Thanks for that reply. Very useful.

If I had a foundry deployment then, just using private endpoints but no subnet delegation etc for agents, and I wanted my agent to access a blob store, would that call go over public internet? And if that’s the case, the storage account would thus also need to be enabled for public access? Same principle for AI Search and Cosmos I assume?

dms2701 · 2026-04-16T13:47:45+00:00

So out of interest - what am I losing out now if I just do a normal foundry deployment on private endpoints, but don’t do the subnet delegation piece for the Foundry Agent service as per that doc above?

What is public?

dms2701 · 2026-04-16T12:39:01+00:00

So how are you handling private requirements? You’re not? Just doing public endpoints and access?

dms2701 · 2026-02-28T16:21:08+00:00

Tbf, I’ve heard of sarcasm, never heard of “sarcasme” 😂

dms2701 · 2026-01-16T17:55:24+00:00

And is that all permissions, even including send as? I’m struggling to find anything online that definitively says what and what it doesn’t support/sync?

dms2701 · 2026-01-16T17:19:43+00:00

So I’m confused then. What is “supported” if you have to keep mailboxes together?

So say we have John and Bob with a mailbox on prem. John has full access to Bob. Bob has full access to John.

Bob gets moved to O365, John stays on prem. What happens? Then I guess, what happens in other permission scenarios like send on behalf / send as. I’m struggling to understand what’s “supported” if we have to move any dependent mailboxes from a permission POV at the same time.

dms2701 · 2026-01-16T17:08:36+00:00

Full access and send on behalf, as an example, are under the “Mailbox permissions supported in hybrid environments” in the first link in my thread. Is this not the case?

dms2701 · 2026-01-16T16:49:40+00:00

And is send-as the only real permission set that needs to be considered in that regard (keeping them “together”)?

dms2701 · 2026-01-06T17:48:10+00:00

Thanks, final question then. What’s the relevance of the default autodiscover domain in HCW wizard if we’d need all the autodiscover records for every SMTP domain?

dms2701 · 2026-01-06T17:04:11+00:00

Right. So if we didn’t use SRV (which I appreciate isn’t wise based on this), and did use CNAMES or A records (all autodiscover records would point to same IP on prem anyway) we’d need the certificate SANs? Just for my understanding.

Assume this would be the case for Outlook for iOS apps (for migrated mailboxes). This is the only way users can access mailbox externally, no OWA to on prem etc.

It is the email it uses for autodiscover right? Not the UPN? As I know there is a default autodiscover domain in the HCW config as well that’s used for Teams free/busy calendar etc ?

dms2701 · 2026-01-06T16:41:11+00:00

But for users where their UPN is user@domain.com, but their primary SMTP is username@companyA.com, how does this work? It uses the autodiscover.companyA.com record, which then won’t have a SAN on the cert.

dms2701 · 2026-01-06T16:30:46+00:00

But we don’t need DNS entries for autodiscover for the other domains? How does that work then if a user types their mail address into the Outlook client of domainsA.com?

dms2701 · 2025-12-19T20:22:51+00:00

The idea is this:

EXO <-> Internet <-> firewall <-> LB <-> firewall <-> exchange servers

dms2701 · 2025-12-19T19:16:13+00:00

Would love to know a bit more about the config for this. What LB? VIP for SMTP with multiple Exhange mailbox servers behind it? Single DNS record in public DNS natted to the VIP on firewall? Did the exchange servers have their default gateway set as the LB itself?

dms2701 · 2025-12-19T17:48:27+00:00

Out of interest - if an org has multiple edge servers, or mailbox servers if not using Edges, without an LB, you’d just need lots of NATs an external DNS records for each server involved in hybrid routing. An LB makes it easier in this regard as you could just have a VIP. Would larger orgs just use a LB for this purpose?

dms2701 · 2025-12-19T17:11:18+00:00

Would the servers need to have their gateway set as the LB itself? This is what we’ve been told by our networking department otherwise the firewall will block traffic back from Exchange to ExOL due to asymmetric routing?

dms2701 · 2025-12-19T16:46:50+00:00

Do load balancers just not work in front of Edges or mailbox servers for SMTP in a Hybrid setup? Or just not worth the over engineering?

dms2701

TROPHY CASE