The first article in this series on Exchange Server 2013 Database Availability Groups provided an overview of Exchange 2013 DAG concepts.
In this article we’ll go through the installation of a simple Exchange 2013 DAG with two members. The DAG will have a MAPI network as well as one replication network. The file share witness will be another member server in the domain that has no Exchange 2013 server roles installed.
Preparing to Deploy an Exchange Server 2013 Database Availability Group
Installing the Mailbox Servers
Database Availability Group members run the Mailbox server role. Although they can also run the Client Access server role this is separate and not required for DAG operations. In some situations the Client Access role should not be installed on the same server, for example:
- if you plan to use Network Load Balancing for Client Access server high availability (NLB is not supported to co-exist with the Failover Clustering that DAGs leverage)
- if you have any reason to believe you might later remove the Client Access server role (removal of a single server role is not possible in Exchange Server 2013)
Exchange Server 2013 can run on both Windows Server 2008 R2 and Windows Server 2012. However, due to the dependency on Failover Clustering you should note the following requirements:
- Windows Server 2008 R2 must be Enterprise edition to support Failover Clustering
- Windows Server 2012 can be either Standard or Datacenter edition
To install your Exchange Server 2013 DAG members:
- Install the appropriate pre-requisites for Windows Server 2008 R2 or Windows Server 2012
- Install Exchange Server 2013 on the servers
In my example scenario I have two servers E15MB1 and E15MB2 both running Windows Server 2012. Each server is installed with both the Client Access and Mailbox server roles. A third server E15FSW exists for the file share witness.
Note: thanks to the concept of “incremental deployment” a DAG can be created using existing mailbox servers that are already in production with active mailboxes on them. There is no hard requirement to build brand new mailbox servers to be able to deploy a DAG.
Configuring Permissions on the File Share Witness
Because the file share witness server is not an Exchange server some additional permissions are required. The Exchange Trusted Subsystem group in Active Directory must be added to the local Administrators group on the server.
The file share witness also requires the File Server feature installed.
PS C:\> Add-WindowsFeature FS-FileServer
And you should verify that File and Printer Sharing is allowed through the firewall.
If the file share witness is another Exchange server, such as a Client Access server, it already has the correct permissions configured.
For more information see:
Configuring Networking for Exchange 2013 Database Availability Groups
In this example each server is connected to the 192.168.0.0/24 network, which is the client-facing network. The two Exchange servers are also connected to the 10.1.100.0/24 network which will be used for DAG replication traffic.
Dedicated replication networks are not a requirement for Database Availability Groups, however if you do choose to deploy one or more replication networks you must ensure that DNS registration is disabled the network interfaces connected to those networks.
The replication interfaces are also not configured with a default gateway. In the case where replication interfaces for the same replication network are on separate IP subnets, static routes are configured. However in this example that is not required.
The configuration of the network interfaces is important for DAG network auto-config to be successful. For more information see Misconfigured Subnets Appear in Exchange Server 2013 DAG Network.
Configuring Existing Databases
In my example the server E15MB1 and E15MB2 had databases that were automatically created during Exchange 2013 setup. To prepare for database replication within the DAG I performed the following tasks:
- “Mailbox Database 1” on E15MB1, which already contains active mailboxes, has been moved from the default folder path onto storage volumes dedicated to databases and transaction log files
- “Mailbox Database 2” on E15MB2, which contained no mailboxes, has been removed from Exchange
Those steps may not be required in your environment depending on your existing databases.
Pre-Staging the Cluster Name Object
Depending on your environment the pre-staging of the Cluster Name Object (CNO) may be required (it is a requirement if you are running Windows Server 2012 for the DAG members), but in any case it is a recommended best practice.
The CNO is simply a computer account object in Active Directory. There are two methods you can use to create the CNO.
The first is to manually create the CNO using Active Directory Users & Computers. Create a new computer object with the name that you intend to give to your DAG. Then disable the computer account.
Next, grant the computer account for the first DAG member Full Control permissions for the CNO computer account. Note that you may need to click the View menu in AD Users & Computers and enable Advanced Features before you can see the Security tab for the computer object.
The other method for creating the CNO is to use Michel de Rooij’s Cluster Name Object Pre-Staging script.
Deploying an Exchange Server 2013 Database Availability Group
Creating the Database Availability Group
In the Exchange Admin Center navigate to Servers -> Database Availability Groups and click the + icon to create a new DAG.
Enter the following details for the new Database Availability Group:
- DAG name – this should match the CNO you pre-staged earlier
- Witness server – this is required for all DAGs, even those that have an odd number of members and hence run in node majority quorum mode
- Witness directory – this is optional. If you do not specify a directory Exchange will choose one for you.
- IP address – the DAG requires an IP address on each IP subnet that is part of the MAPI network. If you do not specify IP addresses the DAG will use DHCP instead.
Click Save when you have entered all of the required details.
Adding Database Availability Group Members
After the DAG has been created it still does not contain any actual members. These need to be added next.
Highlight the new Database Availability Group and click the icon to manage DAG membership.
Add the servers that you wish to join the DAG and then click Save. This process will install and configure the Failover Clustering feature of Windows Server 2012 and add the new DAG members to the cluster.
Note: if you’re using a non-Exchange server for the file share witness, and you have correctly configured the permissions on the FSW, you will still see a warning at this stage that the Exchange Trusted Subsystem is not a member of the local administrators group on the FSW. This is a bug that can be disregarded.
When the operation is complete the Database Availability Group will display the members you added.
In the next part of this series we will look at configuring the database copies in the DAG.
[adrotate banner=”49″]
” If you do not specify IP addresses the DAG will use DHCP instead.” Incorrect.
If you do not specify IP addresses the DAG will be created with an IP address of 255.255.255.255, which is called IPless DAG.
Dear Sir,
I am using codetwo to link up with my outlook in one computer. Then I have brought 12 licenses so that i can go to any computer and use outlook to link up with the master computer. but theyare going to shut down this operation permanently soon.
can this exchange software help me? or you can recommend any software replacement to me?
hi anyone faced this error before.. exchange 2013 CU21. when i try to add 2 new mailbox to DAG. this is error i see..
a server-side database availability group administrative operation failed. error the operation failed. createcluster errors may result from incorrectly configured static addresses.
error: an error occurred while attempting a cluster operation.
error: node is already joined to a cluster.. [Server: FQDN]
thank you.
go for cmdlet
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer MBX1
Pingback: Test Lab Guide: Windows Server 2016 with Integrated Exchange 2016, SfB Server 2015 and SharePoint 2016 – A random blog from a sysadmin
Do we still need FSW if we have 3 Nodes? As per your blog post if some one configured with 2 nodes and add 3rd node later point time time they will end with lots of quorum last errors.
This blog post is not suitable if we have 3 node(s) majority Dag configuration.
Suitable only for test labs
The Real Person!
The Real Person!
Every DAG has an FSW configured. Not all DAGs make use of the FSW at all times though.
Hi,
I have two Exchange 2013 servers running on Windows 2012 R2
Both of them have CU17 installed
I try to enable DAG but getting the following error message
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster
errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster
operation. Error: Cluster API failed: “CreateCluster() failed with 0x5b4. Error: This operation returned because the
timeout period expired”
Thank you for your help
Dear Paul,
Just wanted to thank you for the guide in installing Exchange 2013 DAG. I have perfectly configured everything through your guide. All tests came PASSED when I run Test-ReplicationHealth from exchange management shell, there is no BAD COPY COUNT. All Databases, active and passive, are all in HEALTHY state on all DAG members. I just have some questions in my mind.
Do I need to load the same certificate which we are using in the LIVE Exchange Server to all DAG members? How this will work? Let’s say the Live server shuts down for any reason and the other DAG member is up? How is it going to work? What are the settings we need to do in the other DAG member to minimize downtime? Thanks in advance for your input.
The Real Person!
The Real Person!
Yes, you should use the same certificate on other DAG members that are also configured with the same client access namespaces.
For more on namespace config:
https://www.practical365.com/exchange-server/exchange-server-2016-client-access-namespace-configuration/
For more on load balancing/HA for Exchange 2013/2016:
https://www.practical365.com/exchange-server/exchange-2013-client-access-server-high-availability/
thank u dear for this
Getting powershell error on one of the DAG member in DR site when starting Exchange Powershell and connecting successfully to primary site Exchange
Applied Exchange 2013 CU14 to fix the issue, but still issue exists but don’t want to apply on primary DAG member which is on Exchange 2013 CU14 .
Is there any other issues been in two different CU on DAG members?
Hi Paul, in the past I have successfully set up several DAG (2010 and 2013) with networks in AUTO mode and MANUAL, but right now I have a very strange problem…
If I set the settings in AUTO mode, create the DAG sucessfull without errors, but the MAPI network and ISCI leave them enabled replication; that’s not good, you know. I caný disable replication because it is AUTO mode.
Then if I switch to MANUAL mode, I can configure manually my 3 interfaces correctly and all good. But when you restart the Exchange 2013 Mailbox servers Exchange change my settings again and leaves interfaces and ICSI MAPI-enabled replication.
I confirm you that I have reviewed 5 times each interface and each one is configured correctly according to the requirements of Microsfot and of ExchangeServerPro web site. I dont´have configuration interfaces failure. By the way, my networks ISCI and REPLICATION are private networks and isolated VLAN.
You think it’s a new BUG/ISSUE of Exchange 2013 ??? My servers has SP3 with CU13.
I hope you help me please , regards!
HI paul
I have installed exchange server 2013 enterprise edition at my home and whether it is possible to install the DNS and AD.
How to be done?
For just study purpose. Also am just learner.
The Real Person!
The Real Person!
If you’ve installed Exchange then you already have an AD and DNS working, otherwise you wouldn’t have been able to install Exchange. Other than that, I’m not sure what you’re asking? If you’re looking for some training you could start here: https://www.practical365.com/training/exchange-server-2013-boot-camp/
Configuring DAG i keep getting below issue.
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Node amb-ad03 is already joined to a cluster.. [Server: AMB-EXCH02.]
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API failed: “AddClusterNode() (MaxPercentage=100) failed with 0x5b4. Error: This operation returned because the timeout period expired”. [Server: AMB-EXCH02.]
Any help i will Appreciate
Hello Paul,
Really nice right up!
Can you please comment (explain more in detail) “if you have any reason to believe you might later remove the Client Access server role (removal of a single server role is not possible in Exchange Server 2013)”
Thanks,
Carlo
Hi Paul,
Thank you for sharing your knowledge !
I have succesfully created an Exchange 2013 2 node cluster DAG on Windows 2012R2, but the test-replicationhealth give me a *FAILED* on DataBaseRedundancy and DatabaseAvailability only. I have installed CAS and Mailbox role together on the servers. I have a MAPI and Replication NIC. Do I need a 3th NIC for the CAS server and if so I cannot give it a default gateway. I will use a hardware loadbalancer for the CAS servers.
The Real Person!
The Real Person!
How many copies of each database have you configured in the DAG?
Hi there, I am running into a bit of an issue:
I have 2 servers already in a DAG. Win2012 at site A
I want to add another one in this DAG. Win2012R2 at site B
All servers have been set up with Mailbox and CAS, all are SP1 (aka CU4) and all entreprise
FSW is in site A. FSW is a regular windows file server.
Latency between sites is 60ms
After running Add-DatabaseAvailabilityGroupServer to add server 3 to the dag, I consistently get:”AddClusterNode() (MaxPercentage=100) failed with 0x5b4. Error: This operation returned because the timeout period expired”
Did I missed anything obvious?
Hi Paul,
We followed your guide on the DAG Installation at our office.
Basically we have a Main Site Exchange 2013 with CAS and Mailbox Roles and all users connect to this exchange from their Outlook.
Now we installed an other Exchange 2013 at the DR site.. Our main office and the DR site are connected with a Layer2 bridge so the two exchanges are joined to the same domain and are also on the same network subnet. So the two Exchange servers have one network card between them which is the LAN/Domain network.
We created the DAG and the replication of the DBs works fine.. but the issue that we are currently facing is that some users are connecting directly to the DR Exchange from our Main office with their Outlook which is not what we would like to have.. We want that the DR hosts a copy of the DB and is activated only if some issues arise at the main site and we have to switch everything on the DR site manually.
We noticed this issue when we went to check the connection status on their Outlook and noticed that the Proxy server that they are connected to is the DR exchange.
Do you know how can we solve this issue please?
Thanks & kind Regards,
Stefan
The Real Person!
The Real Person!
Sounds like you haven’t considered CAS high availability. Here’s some reading:
https://www.practical365.com/exchange-2013-client-access-server-high-availability/
I have a mailing system running exchange 2010 and want to migrate it to 2013 exchange server. OS 2008 R2. One physical server in another site and the other two virtualized in another site. Now i need to migrate please help .The database size is around 600 GB there are 3 databases now i need to find the solutin of migrating without impact please help
We are planning to deploy exchange 2013 DAG using shared storage by utilizing 3PAR. Is it possible? I yes, would it be fine if you share some procedures or a link that i can look up.
Thank you and more power!
The Real Person!
The Real Person!
DAG members don’t share storage, they each have their own storage.
Hi Paul,
I have one server 2012 R2 with Exchange 2013 SP1 rollup 7 running for around 3 months after migration.
I have second server with 2012 R2 where I am planning to deploy an Exchange 2013 and create DAG and use one of Win 2008 server as Witness.
My existing Exchange server is ESX VM guest and the members I would be adding as DAG member and witness are both physical server.
Unlike you example I do not have pre-installed DAG members but I am going to install Exchange on second server now.
What are the precaution I should take before installing Exchange 2013 on second server to avoid any service conflict with existing Exchange server. Is it recommended to install both role like mail server or just keep mailbox? Do I need to create separate DB on second server to replicate from primary or it would just be one DB?
The Real Person!
The Real Person!
Sounds like you have one multi-role server so far. So in your case I recommend deploying a second multi-role server. That allows you to do HA not only for mailbox (with the DAG) but also for CAS services.
https://www.practical365.com/exchange-2013-client-access-server-high-availability/
For precautions, the most important one is to set the Autodiscover URL/SCP immediately after you’ve installed the second server, to avoid certificate warnings for your Outlook users.
You do not need to create a second database, you can instead just replicate your existing database to the second server after you’ve created the new DAG. It’s up to you whether you create more than one database at any stage in the future.
Pingback: Load Balancing Exchange 2013 (CAS) with clustered (Zen) Load Balancers | A random blog from a sysadmin
HI, Paul
Sorry to ask this question, in your example you have two Windows Server 2012 installing both CAS and Mailbox. So we will have 2 CAS right? How do we configure that 2 CAS to work as one? sorry for my bad English.
Thanks
Best Regard
SAVOEURN Rada
The Real Person!
The Real Person!
You can use a load balancer or use DNS Round Robin.
Here’s more info:
https://www.practical365.com/exchange-2013-client-access-server-high-availability/
Hello, would like to know what are the configurations or settings to do after installing a new exchange for database availability group. after the installation errors started pumping and the users lost connection to exchange until I uninstalled the new exchange.
Pingback: Create an IP-less DAG (No Administrative Access Point)
hi. is failover clustering required to have DAG operative?
Pingback: Exchange 2013 DAG Setup Guide: Reposted from several sites | Infrastructure Land
Pingback: The Exchange Trusted Subsystem not a member of local Administrators
My nodes are running windows server 2012 and 2012 R2, can i add them into DAG?
The Real Person!
The Real Person!
All members of a DAG must be running the same version of Windows Server.
Hi Paul,
I followed your steps and everything went smoothly with the installation and configuration. We have existing Exchange 2007 SP3, and we just installed 2 Exchange 2013 SP1 in DAG to co-exist with Exchange 2007.
The OWA is working perfectly fine BUT our problem is with the Outlook anywhere, All new users(Outlook 2010,outlook 2013) cannot connect to the new Exchange server 2013. The Error is “The action cannot be completed. The connection to Microsoft Exchange is unavailable.Outlook must be online to complete this action.” The exchange 2007 clients are still ok connected to exchange 2007.
Below is the details with Outlook anywhere and the Autodiscovery for your reference.
[PS] C:Windowssystem32>Get-OutlookAnywhere
RunspaceId : 48713c0e-2595-4e35-b93c-3818d5cba867
ServerName : MAIL2
SSLOffloading : False
ExternalHostname : mail2.—–.com.sa
InternalHostname :
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Ntlm}
XropUrl :
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : False
MetabasePath : IIS://mail2.—–/W3SVC/1/ROOT/Rpc
Path : C:WINDOWSSystem32RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 8.3 (Build 83.6)
Server : MAIL2
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL2,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=—–,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=atheeb-ingr,DC=com
Identity : MAIL2Rpc (Default Web Site)
Guid : 490e456f-b450-4711-a2ea-a1e14b6d4f9b
ObjectCategory : atheeb-ingr.com/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged : 11/9/2014 3:43:40 PM
WhenCreated : 9/28/2010 12:46:33 AM
WhenChangedUTC : 11/9/2014 12:43:40 PM
WhenCreatedUTC : 9/27/2010 9:46:33 PM
OrganizationId :
OriginatingServer : dc2.—–.com
IsValid : True
ObjectState : Changed
RunspaceId : 48713c0e-2595-4e35-b93c-3818d5cba867
ServerName : MAIL3
SSLOffloading : False
ExternalHostname :
InternalHostname : mail5.—–.com
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
XropUrl :
ExternalClientsRequireSsl : False
InternalClientsRequireSsl : True
MetabasePath : IIS://Mail3.—–.com/W3SVC/1/ROOT/Rpc
Path : C:Program FilesMicrosoftExchange ServerV15FrontEndHttpProxyrpc
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 847.32)
Server : MAIL3
AdminDisplayName :
ExchangeVersion : 0.20 (15.0.0.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL3,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=—–,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=atheeb-ingr,DC=com
Identity : MAIL3Rpc (Default Web Site)
Guid : 488b632e-ae52-48b3-b9f1-74faccf48eef
ObjectCategory : atheeb-ingr.com/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged : 4/14/2015 7:21:40 AM
WhenCreated : 4/10/2015 10:31:36 AM
WhenChangedUTC : 4/14/2015 4:21:40 AM
WhenCreatedUTC : 4/10/2015 7:31:36 AM
OrganizationId :
OriginatingServer : dc2.atheeb-ingr.com
IsValid : True
ObjectState : Changed
RunspaceId : 48713c0e-2595-4e35-b93c-3818d5cba867
ServerName : MAIL4
SSLOffloading : False
ExternalHostname :
InternalHostname : mail5.—–.com
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
XropUrl :
ExternalClientsRequireSsl : False
InternalClientsRequireSsl : True
MetabasePath : IIS://—–/W3SVC/1/ROOT/Rpc
Path : C:Program FilesMicrosoftExchange ServerV15FrontEndHttpProxyrpc
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 847.32)
Server : MAIL4
AdminDisplayName :
ExchangeVersion : 0.20 (15.0.0.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL4,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=—–,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=atheeb-ingr,DC=com
Identity : MAIL4Rpc (Default Web Site)
Guid : 55199969-d73c-4c70-bdf2-d3b4b6245c70
ObjectCategory : —–/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged : 4/14/2015 7:22:09 AM
WhenCreated : 4/10/2015 12:12:33 PM
WhenChangedUTC : 4/14/2015 4:22:09 AM
WhenCreatedUTC : 4/10/2015 9:12:33 AM
OrganizationId :
OriginatingServer : dc2.—–.com
IsValid : True
ObjectState : Changed
[PS] C:Windowssystem32>Get-ClientAccessServer | FL AutoDiscoverServiceInternalUri
Creating a new session for implicit remoting of “Get-ClientAccessServer” command…
AutoDiscoverServiceInternalUri : https://mail2.—–.com/autodiscover/autodiscover.xml
AutoDiscoverServiceInternalUri : https://autodiscover.—–.com/autodiscover/autodiscover.xml
AutoDiscoverServiceInternalUri : https://autodiscover.—–.com/autodiscover/autodiscover.xml
Hoping for your help…
Hi Paul, first of all sincerely, Out this error when I try to make the DAG:
Could not perform operation management availability group database due to a transient error. Retry the operation. Error: An error occurred while attempting a cluster operation. Error: Cluster API failed: “createCluster () failed with error 0x5b4. This operation is returned because the timeout is exhausted” [Server: ns5.gaopanama.com.ve]
ERROR
Unable to perform operation management availability group database server. Error: Could not perform the operation. CreateCluster errors can be caused by incorrect configuration of static addresses. Error: The computer account ‘DAG01’ could not be validated by the user ‘NT AUTHORITY SYSTEM’. Error: Error when trying to use the specified cluster name. There is already enabled computer object with that name in the domain [Server: ns6.gaopanama.com.ve]
Configuration of servers:
NS5: Exchange 2013 Domain controller (Replica to NS6)
IP: 192.168.80.211
Netmask 255.255.255.0
Gategay 192.168.80.40 DNS 192.168.80.212, 8.8.8.8
NS6: Exchange 2013 Domain controller (Replica to NS6)
IP: 192.168.80.212
Netmask 255.255.255.0
Gategay 192.168.80.40 DNS 192.168.80.211, 8.8.8.8
PC Witness
Hyper-V, Windows 2008 server
belongs to the domain
IP: 192.168.80.213
Netmask 255.255.255.0
Gategay 192.168.80.40 DNS 192.168.80.211, 8.8.8.8
What is wrong or what should I do to solve this problems .. Many thanks and grateful.
Hi Paul,
Thanks for the great blog. Whenever I try to install exchange on a pre existing cluster it says it cannot be installed on a windows cluster. Uninstall the feature and retry. I tried looking it up, but no luck. Any ideas?
Thanks!
The Real Person!
The Real Person!
The error message is correct, you can’t install it on a pre-existing cluster.
Pingback: exchange 2013 DAG setup | Bart Vincke's Blog
Oh and what would you recommend for TTL value on the DNS records?
Thanks,
Dave
The Real Person!
The Real Person!
5 minutes.
Thanks for the clarification. One other thing. You talk about having identical namespaces for internal and external url for OWA and Outlook Anywhere (e.g. mail.domain.com) would I do the same the EWS, ECP, Active-Sync, and OAB?
Thanks again,
Dave
The Real Person!
The Real Person!
Yes.
Paul,
Great article on DAG. I also read your article on CAS HA (https://www.practical365.com/exchange-2013-client-access-server-high-availability/) and plan to use both articles to set up HA for both roles. One part that confuses me in this DAG article is that you mention NLB is not supported to co-exist with the Failover Clustering that DAGs leverage. Are you referring to WNLB? Because your CA HA article mentions using DNS RR or a Hardware appliance LB to provide HA for your CAS servers and you used multi-role Exchange 2013 servers as your examples?
Dave
The Real Person!
The Real Person!
Yes, NLB = WNLB = Windows Network Load Balancing, as in the feature built-in to Windows Server.
WNLB shouldn’t be used with Exchange 2013 at all, in my opinion. Use DNS RR or a hardware/virtual load balancer.
We have two mailbox servers ( MBX1 and MBX2 ) , we also have two web access servers ( CAS1 and CAS2 ) .
Our server DAG is the CAS1 , but when manually spent active database to MBX2 , the CAS1 not allow access to mailboxes by OWA and Outlook.
I have reviewed the error events and do not refer to this problem . Neither from the IIS or Exchange events.
When I manualy change active database from MBX2 to MBX1, I have restart IIS on 2 CAS servers.
My version of Microsoft Exchange is 2013 CU7.
Thanks for your atention!
We are migrating from Exchange 2007 to Exchange 2013.
Exchange 2007 is a single box with all roles in one.
OS – Windows Server 2008 Enterprise Version 6.0 (Build 6002) Service Pack 2
Exchange – Microsoft Exchange Server 2007 Version 8.2.176.2
All Mailbox servers on Exchange 2013 below are on
Windows Server 2012 R2 Standard Build 9600
Microsoft Exchange Server 2013 Service Pack 1 Version 15.0.847.32
Our setup for Exchange 2013 is 4 mailbox servers and 1 CAS.
EXMB01 – DB1 (Active) DB2 (Passive)
EXMB02 – DB2(Active) DB3 (Passive)
EXMB03 – DB3 (Active) DB1 (Passive)
EXMB04 – DB 1, DB2 & DB3 (All Passive) – The main reason for this mailbox server is for running mailbox and db backups to ensure the other servers do not get loaded.
My questions are:
How do I setup a DAG in this setup.
How many DAG groups must I have?
I have a non-exchange machine setup as FSW. Kindly advise how I need to configure this?
For coexistence between Exchange 2007 and Exchange 2013, kindly advise the minimum versions and/or service packs required.
Appreciate your help in this to ensure the migration is smooth.
Hi Paul,
I need to deploy a Microsoft exchange 2013 to a client afresh, with 15 CAS. Your explanation on DAG was really good, please could your assist on the best way to configure CAS after the installation of exchange without any issue.
I have an available server with Microsoft 2012 where i intend to install the exchange and another server for D.C. Is there any addition server needed after these?
Your urgent reply would highly be appreciated.
Adeniyi.
I need some suggestion from you on implementing Exchange 2013 DAG.
Do we need to have separate CAS server as i am going to 2 Node DAG in HQ and i node in DR which will be part of the DAG nodes itself. What is your suggestion?
And also SSL certificate for these servers as i wanted to use same SSL for theses 3 nodes. Kindly suggest the way forward.We have got two different domains (email.domain1.com and email.domain2.com) which needs to be protected using single certificate
The Real Person!
The Real Person!
You can combine the CAS and Mailbox roles on the same servers.
You may like to read some more info on CAS HA:
https://www.practical365.com/exchange-2013-client-access-server-high-availability/
You can put as many domain names on the SSL certificate as you like, by purchasing a SAN certificate.
Hi Paul…thanks again..How to check the AutoDiscover is working in workgroup computer?? If autodiscover is not in the DNS entry,please provide guide in setting the autodiscover in the DNS..
Thank you very much..
The Real Person!
The Real Person!
Add autodiscover.yourdomain.com to your DNS zone, basically. That is the quickest and easiest way.
Hi Paul…Thanks again for a very useful guide…Our exchange 2013 is now working fine in Domain environment…just one more Question for the clients in WORKGROUP because we have some Laptop which are not connected in the Domain, when we connect Manually the Exchange server there is an error “The action cannot be completed” or “The name cannot be resolved”. Is there a way to connect the Workgroup client in Exchange 2013.?? We tried Outlook 2010 and Outlook 2013 with the same result.
Thanks again…
The Real Person!
The Real Person!
Non-domain joined computers will use Autodiscover to work out their Outlook settings. So as long as Autodiscover records are in DNS (eg, autodiscover.yourdomain.com) and resolving to the Client Access server IP address then all they should need to do is enter their email address and password in the Outlook new account wizard at startup.
Hi Paul,
Thank you for all your articles, they have been invaluable to me during our Exchange migration.
I have a very similar setup to this article (2 Mailbox Servers in a DAG and a FSW) with a separate network for DAG replication traffic. I’m a little confused on configuring the networking for replication. I have given the DAG an IP address on the client-facing network (as you did with the 192.168.0.189 IP for your DAG)
Now I want to ensure the DAG replication traffic actually goes over the NICs I want it to. In your example, would that just be a matter of adding the 10.1.100.0/24 network as a DAG network for the DAG?
Thanks
The Real Person!
The Real Person!
DAG networks in Exchange 2013 will auto-configure as long as you configure the adapters correctly. More info on that here:
https://www.practical365.com/misconfigured-subnets-exchange-2013-dag-network/
But you can save yourself a lot of trouble by not configuring dedicated replication networks. Just use one DAG network. Less complex and less prone to misconfiguration or other issues that might cause a problem with your DAG. For a small environment with 1Gbps or higher NICs on the server there’s no real benefit to dedicated replication networks.
Thanks for the reply, the link to your other article was helpful. The network setup for these is somewhat complex so I would prefer to configure the replication manually.
I seemed to have a lot of finicky issues when configuring the DAG network in the ECP (wouldn’t let me uncheck the “Enable Replication” box within a DAG network, but the clicking “Disable Replication” on the DAG Network page would work, seemed to take awhile for my changes to show up in ECP, making me think they hadn’t been applied, etc). Hopefully that was a fluke thing with my installation. It probably would have been better to configure it from Powershell.
After blowing away the DAG and recreating it, I think I’ve finally got it configured how I want.
Hi Paul,
Wanted to run something by you real quick if you don’t mind…we are now adding an Exchange server at our offsite DR location. I will add it as a member of the DAG (which currently has 2 members + 1 FSW).
Will I need to change any kind of quorum mode since I will now have 3 DAG members or will Exchange handle all that automatically? I’m assuming it is safe to not make any changes to the FSW and leave it in place?
Thanks!
The Real Person!
The Real Person!
Exchange will adjust the quorum requirements automatically.
Pingback: 雑誌でレディース 帽子
Hi, Please my main problem here is how was the second exchange server installed? I currently have 1 hyper-v machine running windows server 2012, with exchange 2013 installed. i m trying to install a second exchange 2013 server but unable to. please can you advice me on this
The Real Person!
The Real Person!
There’s no special install steps required for the second server, you just install it as you did the first one.
I have followed all the pre installation steps (prerequisite). Now on trying to install exchange 2013 cu5, I ran it as administrator. On the first page, add server role, mailbox role, client access role, management tools were greyed out…indicating that it has already been installed. As a result I cannot progress to the next page.
As part of the prerequisite, I had prepared schema, restarted the server. On preparing AD, I got the message that an organisation already existed. I then preparedalldomains and tried the installation.
I don’t know what next to do. please I would appreciate your assistance
The Real Person!
The Real Person!
The AD preparations (schema prep, domain prep, etc) only need to be done when deploying the very first Exchange server into an AD forest. There is also usually another schema update with new service pack releases.
If you’re installing a second Exchange server into the existing forest/organization you only need to build a new Windows server, install the pre-reqs, and then install Exchange.
The UI for the Exchange setup is very white and washed out, so it is possible what you think are greyed out options are actually not. You would only find out if you click on them to try and tick the boxes.
Another approach is do a command line install, which is quite easy.
i get this error
i have exchnage with malti role cas,mab and one with MB only and windows 2012 witness server when i add dag mamber i get this erorr
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API ‘”CreateCluster() failed with 0x13c1. Error: The cluster IP address is already in use”‘ failed.. [Server: Mail-srv.pop.local]
The Real Person!
The Real Person!
From your error: “The cluster IP address is already in use”
Seems like a clue to me.
This error appear when they set IP for DAG by the in use IP. Find the avaiable IP in the network to set for DAG to fix this error.
Thank you VERY much for all the time and effort you put into your blog. It is incredibly helpful. I use it over and over again for so many Exchange issues.
I just configured the DAG that included 2 Exchange 2013Sp1 Hyper-V VMs running Windows Server 2012R2. It worked. No issues. No errors. Both VMs are connected to the network via virtual switches that were configured on hosts that had NIC teaming enabled before the virtual switches were configured. No issues. Thank you-
Hi Paul, thnak’s a lot for your article. It help me very lot.
Ihave a similar problem than “theduke1989”! Can you help me? I seaurch on internet and i d’ont find the solution.
WriteError! Exception = Microsoft.Exchange.Cluster.Replay.DagTaskServerTransientException: Échec d’une opération d’administration du groupe de disponibilité de base de données côté serveur à cause d’une erreur provisoire. Veuillez recommencer l’opération. Erreur : An error occurred while attempting a cluster operation. Error: Cluster API failed: “CreateCluster() failed with 0x13c1. Error: The cluster IP address is already in use” —> Microsoft.Exchange.Cluster.Shared.ClusterApiException: An error occurred while attempting a cluster operation. Error: Cluster API failed: “CreateCluster() failed with 0x13c1. Error: The cluster IP address is already in use”
Before this error, il delete a first DAG and i would like reinstall it but i have this problem since the deleting DAG!
I test with otheemerger IP DAG’s, i rebuild the first point and that’s OK. When i would like add my exchange server this error emerge!
Thnak’s for your helping.
Hej Paul,
I am not at the point to actualy add members to my DAG.
But i am getting some errors when i want to add them.
See below for the error:
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API ‘”CreateCluster() failed with 0x13c1. Error: The cluster IP address is already in use”‘ failed.. [Server: EXC-1.yakuzacorp.local]
FOUT
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API ‘”CreateCluster() failed with 0x13c1. Error: The cluster IP address is already in use”‘ failed.. [Server: EXC-2.yakuzacorp.local]
its a test-facility to learn new things. Can you help me out here???
The Real Person!
The Real Person!
“The cluster IP address is already in use” seems to be the biggest clue there.
Hello,
thank you for the great tutorials.
My problem now is:
Error:You must be a member of the ‘Organization Management’ role group or a member of the ‘Enterprise Admins’ group to continue.For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspxError:You must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx
etc
i havr 3 server total for learning. Exchange1 had the same fault as the problem above but after adding: install-windowsfeature rsat-adds it worked on my first exchangeserver but on my second server i still get the error 🙁
VM1= AD-DS (DC)
AD-DS
2 NICS
*1 = bridged
*2 = LAN-SEGMENT1 192.168.3.253
DHCP
NAT <- CONNECTED TO NIC1
VM2= EXLAB-01
Installed al the pre-installs what is needed for exchange 2013
2 NIC's
*1 = bridged
*2 = LAN-SEGMENT2 <- 10.1.100.1 address
VM3= EXLAB-03
Installed al the pre-installs what is needed for exchange 2013
2 NIC's
*1 = bridged
*2 = LAN-SEGMENT2 <- 10.1.100.1 address
they are joined as an memberserver and are connected to my domain, administrator account using…
Hi Paul,
Thank you so much for the well-detailed steps in configuring DAG. I have one question before I will try the steps. Currently, we have installed Exchange Server 2013 on Windows Server 2008 R2 Enterprise SP1 on two HP Proliant Servers. One Exchange Server is Live and already running. We want to configure DAG so the other server will replicate the database of the Live Exchange Server. Is it necessary to have a third server to become a Witness Server or can we configure the Backup Exchange as the witness server itself and at the same time, it will be the member of the DAG? Thank you.
The Real Person!
The Real Person!
The witness must be a separate server, not one of the DAG members.
Can it be a normal workstation with Windows 7 on it? I saw one screenshot in your tutorials which looks like a normal computer, the one with COMPUTER MANAGEMENT assigning Exchange Trusted Subsystem. Thanks for the reply. = )
The Real Person!
The Real Person!
No, it must be a server. Desktop OS is not supported as an FSW. The screenshot is from a server.
Hi Paul, it’s me again and thank you for the quick reply. One more thing if you can help me out regarding Mailbox Databases. In our Exchange Server, we would like to create 2 database files. Our Exchange Server is hosting 6 email domain. We would like to configure three email domains will be saved to DB1 mailbox database and the remaining three domains will be saved to DB2 mailbox database. In the ECP>SERVER>DATABASE, I have created two database files namely DB1 and DB2. How can I point the three email domain to DB1 and the remaining three email domains to DB2? Hope you understand my question. Thanks.
The Real Person!
The Real Person!
You’ll need to manually choose the database when you create the mailboxes.
Currently our Outlook anywhere is using HTTP, Can you Please provide the STEPS in configuring the Outlook Anywhere to use HTTPS.
Thank you very much.
Hi Paul, I hope that you can help with this issue.
I have 2x cas2013 and 2x mb2013 exchange servers. On the EXMB4 server I created the dag, no worries, and added EXMB4 server. I cannot however add a second mb server. during the process I can watch it attach to the cluster in FCM, but then later an error event states that “Cluster node EXMB3 has been evicted from the failover cluster”.
I performed this using the ECP and so the gui response was A server-side database availability group administrative operation failed with a transient error. Please try the operation again. Error: An error occurred while attempting a cluster operation. Error: Cluster API failed: “AddClusterNode() (MaxPercentage=100) failed with 0x5b4. Error: This operation returned because the timeout period expired” [Server: EXMB4]
I have triple checked the replication adapter, does not have a gateway, no dns registration, no lmhost. It is 2nd in order of priority to the mapi network. I can ping each server using both mapi and replication network.
Any clues?
Hello Paul ,
I created DAG 2013 ,when I tested DAG replication cmdlt , I have the issue with cluster network in one node of the DAG
Cluster network “failed” Network ‘MapiDagNetwork’ has no network interface for server ‘ …
for your help please.
Thank you .
the exchange trusted subsystem is a universal group. and i can’t add it to my fs server, local admin group.
The Real Person!
The Real Person!
Yes, it is a universal security group, and I’ve added it to the local administrators group on my FSW just fine.
Hi Paul,
We are installing the Exchange server 2013 in Hyper-V Virtualization, Is it Ok to leave the Database in the Default Directory on C drive, so that we have one full BackUp only on the Virtualization drive?? and that we can mount it as a whole drive in any Physical server with Hyper-v??
Thanks
Pingback: Confluence: Bayleaf - Systems Administration
Paul —
Wanted to start off by thanking you for this incredibly useful store of information helping me navigate my way through Exchange 2013 administration.
Following your DAG step-by-step in my lab and came across an issue. Had a problem with getting the second of the Exchange 2013 servers for my DAG. The initial installation crashed with an error regarding an “Unstable” Exchange 2013 server. Formatted, reinstalled Windows 2012 Datacenter, renamed the server something different than before and successfully installed Exchange 2013, but now when I’m deleting the newly-created mailbox database per your instructions in this article, I noticed the old server name pop up in the Servers>Databases and the now-nonexistent server managed to set up a mailbox database that I can’t delete!
I removed the computer account from Active Directory using ADSI Edit, but I have a feeling I need to do more to removed this nonexistent server from my AD. So my questions are: 1. Will this mess up my DAG? Should I stop the config and focus on getting rid of this thing? and 2. How do I get rid of this nonexistent server from AD?
Thanks so much, and keep up the great work! Truly a big help to us Exchange newcomers!!!!!
The Real Person!
The Real Person!
I would recommend doing a recovery installation of the failed server, then cleanly remove the mailbox database and then uninstall the server itself cleanly.
Hi Paul,
Thanks for the efforts and for educating the people.
I have a question regarding DAG IP.
What is the use/role of a DAG IP,IP which we are configuring as DAG IP is used in which communication ,is it used in checking the heart beat ?
Could you please clarify?
Eager to see your comments.
Thanks,
Mallik
hi paul,
Thank you very much,the Failover is working now if the active exchange server is offline the Passive TakesOver but it took 10 to 15 minutes for the outlook to be connected again, is that normal??
The Outlook anywhere is using the HTTP, is there a way to use HTTPS?? i tried HTTPS but i got an error in Certificate.
Also about the Witness server, what will happen if the Witness server is OFFLINE??Will it affect the Cluster?
Thank you very much again…
The Real Person!
The Real Person!
I wouldn’t consider that normal. You need to look at whether the databases actually mounted quickly, and whether the CAS load balancing was not detecting the server that was down quickly enough.
Yes Outlook Anywhere can use HTTPS and requires a valid SSL certificate.
The witness server can be up/down without impacting the cluster. It is only when a majority of cluster members (eg the witness + one DAG member) go offline that you risk the entire DAG/cluster going down.
Hi Paul,
Thank you very much again for all the help..
I need another help regarding our Active Directory, Our existing Active directory is windows 2003 server and the existing exchange server is exchange 2007.
We will be building a New Windows 2012 Active Directory plus the 2013 exchange server, We will not touch or upgrade the existing Existing 2003 server and exchange 2007 so that we have a working Exchange server 2007 while preparing and building the exchange 2013.
I need a help in Transfering the existing users from 2003 server to the new 2012 server active directory, i tried to look and search at microsoft the available ADMT(Active directory migration tool) is version 3.2 which is for 2008 server only.
Is there any other tool that can transfer users from 2003 server to 2012 server Active directory. Hope you can help me with this.
Thanks again…
On your exchange 2007, you can script powershell command to export everyone’s mailbox to PST
http://blogs.technet.com/b/exchange/archive/2007/04/13/3401913.aspx
You can then upload all of the PSTs to the new Exchange 2013 environment and import from PST
http://technet.microsoft.com/en-us/library/ff607310(v=exchg.150).aspx
quite tedious, especially if you have hundreds or thousands of users. but if you script it right, it can be only two command that you need to execute 🙂
Why don’t you upgrade your AD to 2008R2, then co-exist your exchange 2007/2013 and save you a lot of pain.
Good luck!
The Real Person!
The Real Person!
There’s no need to build a whole new AD and Exchange organization.
Exchange 2013 supports Windows 2003 SP2 domain controllers.
http://technet.microsoft.com/en-us/library/aa996719(v=exchg.150).aspx
The Exchange Deployment Assistant can help guide you through a 2007 -> 2013 migration.
http://technet.microsoft.com/en-US/exdeploy2013/Checklist?state=2284-W-AAAAAAAAQAAAAAEAAAAAAA~~
Hi Paul,
One more thing, how about the certificate?? Can we use the default certificate or create a new certificate to include the 2 exchange server and the created name in the DNS?? If we will create a new certificate please provide also on how to create a new certificate.
Thank you very much for all the help.
regards
The Real Person!
The Real Person!
You will need to configure a certificate.
https://www.practical365.com/exchange-server-2013-ssl-certificates/
It can include the server names but it doesn’t need to if you do things the recommended way.
https://www.practical365.com/avoiding-exchange-2013-server-names-ssl-certificates/
Hi paul,
Thank you very much for the very quick response, i will do this one. For confirmation i just have some follow up on the following:
1. In configuring a single namespace instead of the unique server FQDN for each, is this the command in the exchange Powershell?
—[PS] C:\>Get-OutlookAnywhere | Set-OutlookAnywhere -InternalHostname mail.exchange2013demo.com -InternalClientsRequireSsl $false
2. In configuring DNS records exist for that namespace and resolve to the Client Access servers.Is this the command??
—PS C:\> Resolve-DnsName mail.exchange2013demo.com
or i have to do it in DNS management and create a new record then issue the command
Thanks again
The Real Person!
The Real Person!
1) Yes, but you need to change the internal host name to one that is valid for your environment
2) You need to create the DNS records. That command just tests that they are resolving.
Hi Paul,
Thank you for the guide.I just have a question:
We created 2 exchange servers member of the DAG and One Witness server and everything looks OK but when the Active server is down and the Passive server Takes Over BUT the Office Outlook shows Disconnected. The Failover is not successful in the Office outlook 2010.
Hope you can help me.
The Real Person!
The Real Person!
You also need to configure high availability for your Client Access servers.
https://www.practical365.com/exchange-2013-client-access-server-high-availability/
Hi Paul,
Thank you very much for your prompt reply.
Petros
Hi Paul,
thank you very much for your effort.
After reading some of your articles, I am thinking of configuring the following:
Two Exchange 2013 servers with both CAS and Mailbox roles, DAG between them (for 2 mailbox databases),
and a third Exchange 2013 server holding the Archive database, also acting as the Witness Server.
All above will run on Windows Server 2012 for the benefit of dynamic quorum.
Does it looks like a nice configuration?
Thanx
Petros
The Real Person!
The Real Person!
I don’t know your business requirements, but I don’t see anything *wrong* with that. You could also make the third server a member of the DAG for even more resilience.
TYVM you’ve solved all my preoblms
Hi Paul
I have a question about DAG 2013. I have configured DAG and all things working fine but if I lose entire DAG I can use the procedure in this link?
Rebuild an Entire Database Availability Group
http://technet.microsoft.com/en-us/library/gg513521(v=exchg.141).aspx
Is it supported for exchange 2013?
If it is not possible could you route me to right procedure in order to rebuild DAG 2013?
Cheers
Maximilian
Hello Paul, Thank you for the superb article. This definitely helps in my configuration of our DAG 2013. I found one thing that I needed to do extra that was not mentioned in your article in order to create my DAG2013 and I would like to share that with everyone.
When Pre-Staging the Cluster Name Object, I found that I also needed to add the following security group to the DAG Cluster name: “Exchange Trusted Subsystem” and give that group full control.
Without the Exchange trusted subsystem, I keep getting Access Denied when trying to add my first DAG member. This is also the approach recommended by Microsoft technet at http://technet.microsoft.com/en-us/library/ff367878%28v=exchg.150%29.aspx.
I hope this may help someone else in setting up DAG. I feel this should have been taken care of by Microsoft instead of having us pre-stage the cluster name object (seems silly to me).
Thanks for the great article. I have my DAG running happily!
Ed Osckar
The Real Person!
The Real Person!
You can either add the computer account for the first DAG member, or you can add Exchange Trusted Subsystem. The article you link to explains that. In my example above I added the computer account.
my system have 5 Server 2 CAS, 2 DB and 1 Witness
I Cannot connect to CAS Server when one in two Server database is down.
Help me…
Thanks
How could this be setup for geographical redundancy? ie. two locations connected via VPN tunnel. Could I still use only a 2 Exchange server configureation? Where would I have to put the witness share?
The Real Person!
The Real Person!
You would need to make sure you read the networking requirements for multi-site DAG. Yes you can use just 2 servers though that may not be the best approach. The witness server would go in the “primary” datacenter or even possibly a third site, depending on a lot of factors.
Multi-site DAG is possible but needs to be designed properly.
Hello Paul,
I followed your steps (though I use an exchange (CAS) server as witness), but I receive an 0x80070005 (E_ACCESSDENIED) message.
How to troubleshoot this?
Pingback: Adding Database Copies in an Exchange Server 2013 DAG
This is a good article…The only thing that got me was that I forgot to enable the DAg account after the DAG was created. It think it would be good to add this to the article.
The Real Person!
The Real Person!
Interesting. I don’t recall having to do that step at all. And there’s log entries in the dag setup logs that suggest Exchange did it for me.
I HAD to leave it disabled. When you add the first server to the DAG, it enables the computer account. If you enable it before – it errors out adding the first server saying the computer account is already enabled.
Correct. I left (forgot) disabled, and Exchange enabled it for me.
Hi,
Can we use a Domain Controller as a FSW ? What are the prerequisites for a Witness Server ?
I use a test environnment, I have a DC with just 1GO RAM, I’d like to know if I can use it as a FSW for my DAG.
Regards,
The Real Person!
The Real Person!
In a test lab, yes. Details here:
http://www.flamingkeys.com/2013/04/how-to-use-a-domain-controller-as-an-exchange-2013-dag-witness-server-dont/
In a production environment, technically yes, but you should never do it.
All good, but one thing, how should the client access the server? how can he tell which server to go to?
What if a server goes down? the client would probably have his outlook setup to one exchange.
How can he still receives email when that server goes down?
Please help me to understand this process.
The Real Person!
The Real Person!
The client connects to the Client Access server. Databases can failover, Mailbox servers can go down, but as long as the Client Access server(s) are available the client can still connect.
There’s more to it obviously, but that is the basic concept.
Thanks for the reply Paul,
But you are here setting both servers to have Client Access Server, my question is that to which server the client should go to when one goes down, or there should be a manual intervention from an admin to set the DNS/IP addresses.
Would you suggest setting the CAS on some other server and have the Mailbox roles set on two other server? but the single point of failure would be the one CAS.
Your information is very straight forward setting up the DAG, but the glitch I’m facing is the CAS.
I hope you can clarify it to me.
Best Wishes,
The Real Person!
The Real Person!
It involves setting up a highly available CAS. I’m going to write up some articles on the topic very soon actually.
Where do i place DAG Witness server if Mailbox and CAS server are co-located? General recommendation is to put it on CAS server but not on a Mailbox server in the DAG. Any idea what would be the best choice?
The Real Person!
The Real Person!
If no other Exchange servers that aren’t DAG members are available to be the FSW, then any other member server in the site should be fine.
See here for more details:
https://www.practical365.com/using-a-non-exchange-server-as-an-exchange-2013-dag-file-share-witness
Pingback: Exchange Server 2013 Database Availability Groups
Running this setup in an hyper-v environment. Cannot add a second node and it does not matter which one. Always fails when adding the second. Is this supported?
Hi Paul, i try to install DAG on Hyper-V Windows Server 2012, i have to Virtual Mailbox with Exchange 2013 and Server 2012 Standard. two nic VLAN 192.168.100.166,168 and for DAG VLAN 192.168.103.40,41. when a try to add the second node to DAG
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster
errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster
operation. Error: Cluster API ‘”AddClusterNode() (MaxPercentage=100) failed with 0x5b4. Error: This operation returned
because the timeout period expired”‘ failed.. [Server: simimx-mbexc01.simi.com]
+ CategoryInfo : InvalidArgument: (:) [Add-DatabaseAvailabilityGroupServer], DagTaskOperationFailedExcept
ion
+ FullyQualifiedErrorId : F544CC70,Microsoft.Exchange.Management.SystemConfigurationTasks.AddDatabaseAvailabilityG
roupServer
+ PSComputerName : simimx-mbexc01.simi.com
i hope u can help me
Thanks
Try removing the teaming from the Hyper-V hosts. That worked for me.
I have a call open with MS about this as it’s affecting a large number of deployments.
Was there any update on the call you have open? I think I am experiencing the same issue.
Great article!
Hello Paul,
Thanks a lot for such informational howto. I just configured DAG without any problems. However I’ve few questions in my mind which are still unanswered. If you can then please answer
Q1. Is it essential to use non-exchange extra server as Witness Server or not ? Can I use Domain Controller (I am using DC for DFS also) or CAS as Witness Server ?
Q2. If I do not want to use dedicated replication network then can I use my main connection for replication ?
Q3. How I can assure my replication is working absolutely fine ?
Q4. As you mentioned your other database is removed. Did you removed it yourself or DAG creation process done it ? Since my 2nd database (setup created when I installed mailbox role on 2nd server) didn’t deleted. Will this hurt DAG performance or some other potential issues can raise for this ?
The Real Person!
The Real Person!
1. I use a non-Exchange server in this demo mainly so I can demonstrate the extra steps involved. It is generally recommended to use another Exchange server, eg a dedicated CAS, which has fewer steps because Exchange Trusted Subsystem is already configured correctly on that server.
I do not recommend ever using a Domain Controller as the file share witness.
2. Yes, a DAG can have only one network that it uses for both client and replication traffic.
3. Get-MailboxDatabaseCopyStatus and Test-ReplicationHealth are two cmdlets for testing the health of your DAG.
4. I removed it myself. The DAG setup does not remove existing databases. Consider that the existing databases can then have copies added in the DAG, so why would DAG setup remove them? It won’t hurt performance, but if you don’t want the database you should remove it so you don’t need to manage it (eg back it up) and so nobody accidentally puts mailboxes on it.
Thanks a lot for prompt response.
Pingback: The Exchange Trusted Subsystem not a member of local Administrators
For the CNO process is adding one (first) DAG member sufficient enough? Thanks!
The Real Person!
The Real Person!
Yes.
Hi Paul,
Thanks for providing step by step guides, really helpful articles.
About CNO setup.
Adding the 2nd member server to DAG will automatically get added to CNO permissions or there is no requirement for 2nd member. What if the 1st member (which has permissions configured on CNO) failed? will the other member be able to take control on CNO?
Also a bit confused with the Network config for DAG.
“the DAG requires an IP address on each IP subnet that is part of the MAPI network”
If my network (client subnets) has 3 subnets 192.168.1.x, 2.x, 3.x. Do I need to assign 1 IP from each subnet?
all 3 subnets can communicate with each other and also to the “server subnet” 10.10.10.x.
Thanks for your time and help.
The Real Person!
The Real Person!
You only need to do the permissions on the CNO for the first DAG member.
A DAG network is any network that a DAG node is connected to. So other subnets (such as where your client computers reside) are not considered to be DAG networks and don’t need to be configured as such.
A DAG has only one MAPI (client-facing) network. But that network may include multiple IP subjects, such as when the DAG is multi-site. Therefore the DAG needs to be given an IP address in each of those IP subnets that exist in that DAG network.
Informative