Setting up a new Exchange 2013 DAG

Our existing MS Exchange setup uses a Database Availability Group (DAG) to replicate the mailbox databases to another Exchange 2010 server located in another office. Recently we installed Exchange 2013 to replace our existing Exchange 2010 implementation and needed to setup a new DAG for the 2013 servers.

Under 2012 the permissions for computer objects have changed slightly. When a DAG is configured it creates a Cluster Named Object (CNO) which is basically just a computer account for the DAG. If you are running Exchange 2013 on a 2012 server though the wizard is unable to create this object correctly because of the new permissions and instead you need to pre-setup the CNO in active directory so that the DAG can add the servers you assign.

 

  1. Pre-stage CNO (Cluster Named Object)

    1. Open Active Directory Users and Computers.

    2. Expand the forest node.

    3. Right-click the organizational unit (OU) in which you want to create the new account, select New, and then select Computer.

    4. In New Object - Computer, type the computer account name for the CNO in the Computer name box. This is the name that you'll use for the DAG. Click OK to create the account.

    5. Right-click the new computer account, and then click Disable Account. Click Yes to confirm the disable action, and then click OK.

  2. Assign permissions to the CNO

    1. Open Active Directory Users and Computers.

    2. If Advanced Features aren't enabled, turn them on by clicking View, and then clicking Advanced Features.

    3. Right-click the new computer account, and then click Properties.

    4. In <Computer Name> Properties, on the Security tab, click Add to add either the computer account for the first node to be added to the DAG or to add the Exchange Trusted Subsystem USG:

      • To add the Exchange Trusted Subsystem, type Exchange Trusted Subsystem in the Enter the object names to select field. Click OK to add the USG. Select the Exchange Trusted Subsystem USG and in the Permissions for Exchange Trusted Subsystem field, select Full Control in the Allow column. Click OK to save the permission settings.

      • To add the computer account for the first node to be added to the DAG, click Object Types. In the Object Types dialog box, clear the Built-in security principals, Groups, and Users check boxes. Select the Computers check box and click OK. In the Enter the object names to select field, type the name of the first Mailbox server to be added to the DAG, and then click OK. Select the first node's computer account, and in the Permissions for <NodeName>field, select Full Control in the Allow column. Click OK to save the permission settings.

    5. Ensure you allow time for this account to replicate in Active Directory or Force replication using Active Directory Users and Computers

  3. Create DAG

    1. Use the EAC to create a database availability group

      1. In the EAC, go to Servers > Database Availability Groups.

      2. Click Add Icon to create a DAG.

      3. On the new database availability group page, provide the following information for the DAG:

        • Database availability group name   Use this field to type a valid and unique name for the DAG of up to 15 characters. The name is equivalent to a computer name, and a corresponding CNO will be created in Active Directory with that name. This name will be both the name of the DAG and the name of the underlying cluster
        • Witness server   Use this field to specify a witness server for the DAG. If you leave this field blank, the system will attempt to automatically select a Client Access server in the local Active Directory site that isn't installed on a computer with the Mailbox server to be used as the witness server

          NoteNote:
          If you specify a witness server, you must use either a host name or a fully qualified domain name (FQDN). Using an IP address or a wildcard name isn't supported. In addition, the witness server can't be a member of the DAG.
        • Witness directory   Use this field to type the path to a directory on the witness server that will be used to store witness data. If the directory doesn't exist, the system will create it for you on the witness server. If you leave this field blank, the default directory (%SystemDrive%\DAGFileShareWitnesses\<DAG FQDN>) will be created on the witness server.
        • Database availability group IP addresses   Use this field to assign one or more static IPv4 addresses to the DAG. Enter an IPv4 address and click Add Icon to add it. Leave this field blank if you want the DAG to use Dynamic Host Configuration Protocol (DHCP) to obtain the necessary IPv4 addresses. Optionally, enter 255.255.255.255 to create a DAG without an IP address or cluster administrative access point, which applies only to DAGs that will contain Mailbox servers running Windows Server 2012 R2.

      4. Click Save to create the DAG.

  4. Add Member servers
    1. Use the EAC to manage database availability group membership
      1. In the EAC, go to Servers > Database Availability Groups
      2. Select the DAG you want to configure, and then click Manage DAG members.
        • To add one or more Mailbox servers to the DAG, click Add Icon, select the servers from the list, click Add, and then click OK.
        • To remove one or more Mailbox servers from the DAG, select the servers, and then click the minus (-) icon.

      3. Click Save to save the changes.

      4. When the task has completed successfully, click Close.

 

References:

Comments

Post a Comment

Popular posts from this blog

Powershell: Remove Inheritance, cloning the ACl and then removing a specific rule

This block of code was used to remove inheritance from all folders in the $RootFolder and Copy the current Permissions that were previously inherited.  Then it reloads the ACL to allow the Domain Users rule to be removed.  If you do not remove and save the inheritance first, the ACL will not remove the individual rule. $RootFolder - "C:\Temp\" cd $RootFolder # Get list of Folders where Inheritance is enabled $Folders = Get-ChildItem $RootFolder | ?{ $_.PSIsContainer } | ? {!(Get-Acl $_.FullName).AreAccessRulesProtected} # Loop through Each Folder ForEach ($Folder in $Folders) {     Echo $Folder     # You must disable inheritance before you can remove     # one of the rules from the ACL     # Get ACL for current Folder     $SourceACL = Get-ACL -Path $Folder     echo "------====== BEFORE ======---------"     echo $SourceACL.Access     $SourceACL.SetAccessRuleProtection($True, $True)     Set-Acl -Path $Folder -AclObject $SourceACL     $SourceACL = Get-ACL -Path
Read more

Error setting Out of Office via Outlook during Exchange 2010/2013 Coexistence

Recently we implemented Exchange 2013. During the CoExistence period we experienced an issue with external users (accessing via Internet) not being able to set their OoO rule. This only seemed to affect those users whos mailbox still resided on the old 2010 Exchange server. The solution turned out to be one of those that you would never have stumbled upon and was only found because somebody else posted the exact same issue. After raising a case with MS and spending 48hr talking to support (not continually I suspect) the following solution was implemented   On E2k13 CAS server IIS manager. Highlight EWS virtual directory and select Configuration Editor In the drop down, select System.WebServer/ServerRuntime/ Then in the middle pane select UploadReadAheadSize and set it to 49152 Do an IISReset   Hope this helps somebody else   Ref: http://social.technet.microsoft.com/Forums/exchange/en-US/c5f80b3f-c73d-4911-b734-c9e846642bfa/exchange-2013-sp1-coexistence-exchange-2010-sp3-roll
Read more