Home » Exchange Server » Recovering a Failed Exchange 2016 Database Availability Group Member

Recovering a Failed Exchange 2016 Database Availability Group Member

If you're running an Exchange 2016 database availability group, and one of the DAG members fails, you can recover the DAG member to restore the high availability of your Exchange mailbox databases. Providing that your DAG is healthy and configured correctly, your remaining DAG member(s) should be able to maintain service availability while you perform the recovery.

Recovering a failed DAG member makes use of the Exchange recovery installation method, which reinstalls Exchange onto a server of the same name and pulls configuration information from Active Directory. However there are some additional steps required before and after you perform the recovery install.

For this demonstration scenario I have a two-member Exchange 2016 DAG named EX2016DAG01 with the following members:

  • EX2016SRV1 has failed
  • EX2016SRV2 remains healthy

Removing the Failed Member from the Database Availability Group

The failed member needs to be removed from the DAG configuration by running the following commands. First, the database copies on the failed DAG member are removed. They should have a status of ServiceDown, and you can remove them with the Remove-MailboxDatabaseCopy cmdlet.

Next, remove the failed server from DAG membership using the Remove-DatabaseAvailabilityGroupServer cmdlet. The -ConfigurationOnly switch is used to make the change in Active Directory without needing to communicate with the failed server.

The failed DAG member also needs to be manually evicted from the underlying Windows Failover Cluster.

Removing EdgeSync Credentials

If the AD site has an Edge Transport server subscribed, you'll need to remove the EdgeSync credentials from the Exchange server using ADSIEdit. If you don't complete this step, Exchange setup will fail with the following error:

The internal transport certificate for the local server was damaged or missing in Active Directory. The problem has been fixed. However, if you have existing Edge Subscriptions,
you must subscribe all Edge Transport servers again by using the New-EdgeSubscription cmdlet in the Shell.

To remove the EdgeSync credentials, open ADSIEdit and connect to the well known naming context of “Configuration”. Browse to Services -> Microsoft Exchange -> Your Org Name -> Administrative Groups -> Admin Group Name -> Servers. Right-click the server object and select Properties. Find the msExchEdgeSyncCredentials attribute in the list, and edit it to remove all entries.


Preparing the New Server for Exchange Recovery

Replace or rebuild the failed server with a new installation of Windows Server, using the same computer name as the failed server, and join it to the Active Directory domain. You should configure the server to match the failed server and your other DAG members in terms of networking and storage. Once you have the server ready, you can check which build of Exchange 2016 to install by running Get-ExchangeServer from a healthy Exchange server and noting the build number.

The failed server in this demo, EX2016SRV1, was running Exchange 2016 Cumulative Update 1 (you can check build numbers here).

Performing a Recovery Install of Exchange 2016

Open a CMD prompt, navigate to the folder where you've mounted the Exchange 2016 ISO or extracted the setup files, and run setup with the following parameters.

Wait for setup to complete, then restart the server.

Add the Recovered Server as a DAG Member

After restarting the server you can add it back to the database availability group.

After adding the DAG member, you can add the mailbox database copies as well.

Additional Steps

Since every environment is different, here's a few additional steps you might need to look at as well:

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server


  1. Russell Allen says:

    I have done the recovery and all has come up but I try to log in with my admin account and it says it can’t access the mailbox. We did not recover the DB because it is just a test lab. Should I go into ADSIEdit and remove the DB?

  2. Kyle says:


    Great article as always. When installing Exchange with the recovery switch, do we need an ISO that already has the CU we need incorporated, or can we install the base Exchange package and then the required CU as a second step?


  3. Maik says:

    Hi Paul,

    We have an Exchange 2016 DAG with 2 Exchange Servers. The DAG is setup old-fashioned ( DAG IP, Failover Cluster Manager externally configured, File share witness configured in Failover Manager).
    Hope you get the installation.

    So, as you have stated clearly before, we need to change this implementation because we have frequent disconnections and failover invocation causing exchange disconnections.
    Is there any way to change to the best-practice installation now?

    • I don’t understand your question. If you know what the best practices are, it should be fairly simple to plan a series of changes to get from your current configuration to one that aligns with those best practices. Is there something specific you’re not sure about?

      • Maik says:

        My apologies, the question was too generic.
        To my knowledge, Exchange 2016 DAG configures VIP and cluster database role automatically (No Failover Cluster Manager in Windows setup needed). However, in our case there has been a manual DAG IP set which is assigned to either or the other node. Failover cluster manager is manually setup through Windows Cluster Manager Role and all Clients are searching for this particular DAG IP via DNS.

        So, we are planning to switch to automatic configuration, which means that Exchange needs to be installed from scratch, right?
        If so, can we backup the database and afterwards restore it to the new DAG configured?
        Is there a way to do it without downtime?
        Thank you a lot.

          • The DAG IP is not a client access endpoint. Your CAS namespaces should not be resolving to the DAG IP. That is something you should fix.

            If you want to go with an IP-less DAG instead then you’ll need to remove the DAG first, then recreate it. You don’t need to reinstall Exchange. There’s no downtime involved in that, but it will mean a period of time during which there’s no HA for your databases.

  4. Nabeel says:

    I have followed the steps mentioned above. All commands ran successfully except for the last one “Get-ClusterNode mail2 | Remove-ClusterNode”. It gives this error “Get-ClusterNode : Failed to retrieve the node ‘mail2’ from the cluster ‘Exch16-DAG’ ”
    Any ideas why i am getting this error ?

Leave a Reply

Your email address will not be published. Required fields are marked *