Setting up a new Exchange 2013 DAG

Our existing MS Exchange setup uses a Database Availability Group (DAG) to replicate the mailbox databases to another Exchange 2010 server located in another office. Recently we installed Exchange 2013 to replace our existing Exchange 2010 implementation and needed to setup a new DAG for the 2013 servers.

Under 2012 the permissions for computer objects have changed slightly. When a DAG is configured it creates a Cluster Named Object (CNO) which is basically just a computer account for the DAG. If you are running Exchange 2013 on a 2012 server though the wizard is unable to create this object correctly because of the new permissions and instead you need to pre-setup the CNO in active directory so that the DAG can add the servers you assign.

 

  1. Pre-stage CNO (Cluster Named Object)
    1. Open Active Directory Users and Computers.

    2. Expand the forest node.

    3. Right-click the organizational unit (OU) in which you want to create the new account, select New, and then select Computer.

    4. In New Object - Computer, type the computer account name for the CNO in the Computer name box. This is the name that you'll use for the DAG. Click OK to create the account.

    5. Right-click the new computer account, and then click Disable Account. Click Yes to confirm the disable action, and then click OK.

  2. Assign permissions to the CNO

    1. Open Active Directory Users and Computers.

    2. If Advanced Features aren't enabled, turn them on by clicking View, and then clicking Advanced Features.

    3. Right-click the new computer account, and then click Properties.

    4. In <Computer Name> Properties, on the Security tab, click Add to add either the computer account for the first node to be added to the DAG or to add the Exchange Trusted Subsystem USG:

      • To add the Exchange Trusted Subsystem, type Exchange Trusted Subsystem in the Enter the object names to select field. Click OK to add the USG. Select the Exchange Trusted Subsystem USG and in the Permissions for Exchange Trusted Subsystem field, select Full Control in the Allow column. Click OK to save the permission settings.

      • To add the computer account for the first node to be added to the DAG, click Object Types. In the Object Types dialog box, clear the Built-in security principals, Groups, and Users check boxes. Select the Computers check box and click OK. In the Enter the object names to select field, type the name of the first Mailbox server to be added to the DAG, and then click OK. Select the first node's computer account, and in the Permissions for <NodeName>field, select Full Control in the Allow column. Click OK to save the permission settings.

    5. Ensure you allow time for this account to replicate in Active Directory or Force replication using Active Directory Users and Computers

  3. Create DAG

    1. Use the EAC to create a database availability group

      1. In the EAC, go to Servers > Database Availability Groups.

      2. Click Add Icon to create a DAG.

      3. On the new database availability group page, provide the following information for the DAG:

        • Database availability group name   Use this field to type a valid and unique name for the DAG of up to 15 characters. The name is equivalent to a computer name, and a corresponding CNO will be created in Active Directory with that name. This name will be both the name of the DAG and the name of the underlying cluster
        • Witness server   Use this field to specify a witness server for the DAG. If you leave this field blank, the system will attempt to automatically select a Client Access server in the local Active Directory site that isn't installed on a computer with the Mailbox server to be used as the witness server

          NoteNote:
          If you specify a witness server, you must use either a host name or a fully qualified domain name (FQDN). Using an IP address or a wildcard name isn't supported. In addition, the witness server can't be a member of the DAG.
        • Witness directory   Use this field to type the path to a directory on the witness server that will be used to store witness data. If the directory doesn't exist, the system will create it for you on the witness server. If you leave this field blank, the default directory (%SystemDrive%\DAGFileShareWitnesses\<DAG FQDN>) will be created on the witness server.
        • Database availability group IP addresses   Use this field to assign one or more static IPv4 addresses to the DAG. Enter an IPv4 address and click Add Icon to add it. Leave this field blank if you want the DAG to use Dynamic Host Configuration Protocol (DHCP) to obtain the necessary IPv4 addresses. Optionally, enter 255.255.255.255 to create a DAG without an IP address or cluster administrative access point, which applies only to DAGs that will contain Mailbox servers running Windows Server 2012 R2.
      4. Click Save to create the DAG.

  4. Add Member servers
    1. Use the EAC to manage database availability group membership
      1. In the EAC, go to Servers > Database Availability Groups
      2. Select the DAG you want to configure, and then click Manage DAG members.
        • To add one or more Mailbox servers to the DAG, click Add Icon, select the servers from the list, click Add, and then click OK.
        • To remove one or more Mailbox servers from the DAG, select the servers, and then click the minus (-) icon.
      3. Click Save to save the changes.

      4. When the task has completed successfully, click Close.

 

References:

Comments

Popular posts from this blog

Error setting Out of Office via Outlook during Exchange 2010/2013 Coexistence