Managing DAG: Configuring a DAG Witness Server

This entry is part 1 of 7 in the series Managing DAG in Exchange 2013
Share

In this post we are going over the process to manage a Share File Witness and how to move it around in case you need to.

Before starting the technical details, there are a few key items that an Exchange Admin must be aware when planning for the DAG Witness Server, as follows:

  • A DAG Witness Server cannot be a member of the DAG
  • The Operating System for it doesn’t really matter since it is just a Share where the DAG members can access it for quorum purposes
  • The DAG Witness Server will be useful with an even number of DAG members (2, 4, 6..)
  • If the DAG Witness is an Exchange Server 2013 then the local administration is not required because it is part of the Exchange Server 2013 deployment process
  • Don’t bother having File Cluster or DFS for that Share, the process to restore it is simpler than adding that complexity specially when dealing with several DAG members
  • It can be hosted in a Domain Controller but that is not a good idea
  • The same DAG Witness Server can be used for several DAG however they must use different shares for obvious reasons
  • Using Exchange Server 2013 and if you have two Datacenters with you DAG, it is a good idea to have the DAG Witness Server in a third datacenter to provide automatic failover

Scenario..

We are planning to build our first DAG and our first step is to create the DAG Witness Server which is going to be a regular Windows Server 2012 that was just installed with default settings and it was joined to domain and assigned a static IP address.

Prerequisites…

In this section we will cover the Security requirements on a DAG Witness Server, the first portion will be around the Windows Firewall (if you don’t use it, you can skip that portion) and the last one is around the Local Administrator group on that server.

Firewall Requirements

Let’s say that you use your Windows firewall like the image shown below and you have your Windows Server 2012 just installed with all default settings and joined to the domain.

image thumb13 thumb Managing DAG: Configuring a DAG Witness Server

In order to create automatically the Firewall exceptions to allow connectivity from the DAG members to this DAG Witness Server is to install the File Server role on it, as depicted in the figure below.

image thumb12 thumb Managing DAG: Configuring a DAG Witness Server

Local Administrator Group

Since the DAG Witness Server does not have Exchange Server installed on it, we need to add the group Exchange Trusted Subsystem to the local Administrators group.

image thumb6 thumb Managing DAG: Configuring a DAG Witness Server

A simple test…

The DAG Witness Server only hosts a share, so the basic testing is to try to access it (using \\DAG-Witness-Server-Name) from any DAG member and the result should be similar to the figure below.

image thumb14 thumb Managing DAG: Configuring a DAG Witness Server

Creating a new DAG…

So, when do you configure this DAG Witness Server in Exchange Server 2013? Well, after having all prerequisites are in place, we just need to specify it during a new DAG creation for example.

Let’s say you don’t have a DAG and you are creating one from scratch, you will be opening the EAC (Exchange Admin Center), click on Servers, then click on database availability groups and click on + (add icon which is the first one) and on the new page, we have to choose the DAG name and the DAG Witness Server and a Witness Directory with an IP for the DAG, as shown in the figure below.

Note: If you are running your DAG members in Windows Server 2012 you need to create the DAG object in Active Directory first before running the wizard shown in the figure below and we are going to check how to do that in this series.

image Managing DAG: Configuring a DAG Witness Server

Written by Anderson Patricio

 Managing DAG: Configuring a DAG Witness Server

Anderson Patricio is a Canadian Exchange Server MVP and MCSM (Solutions Master) and he contributes to the Microsoft Community with articles, tutorials, blog posts, forums and book reviews. He is a regular contributor at MSExchange.org, AndersonPatricio.ca (English) and AndersonPatricio.org (Portuguese).
You can connect with Anderson on Twitter , Facebook, and Google+.

Series NavigationManaging DAG: Configuring Network Adapters >>

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>