Thursday 19 June 2014

Configuring Database Availability Group (DAG) in Exchange 2013 SP1

In this example I have two Mailbox Servers, and two Client Access Servers. I am going to configure a Database Availability Group. The official Microsoft description of a DAG, borrowed from TechNet.

DAG's work by replicating Mailbox Databases to neighbouring Mailbox Servers, deployed correctly this can create a highly resilient Exchange environment. Although Replication traffic can share the traditional MAPI network, it is considered best practise to separate the Replication traffic do it own network, either a subnet and/or VLAN.
I have provisioned my Mailbox Severs with two network adapters to support this configuration. It is important to name the adapters descriptively, as by default Exchange 2013 automatically configures the separate Replication network.
My adapters have been renamed Domain and Replication. The Domain interface is on the subnet which is my production subnet that contains Domain Controllers, SCCM etc. The Replication interface is configured on the subnet.
The Domain interface should be configured like it would on any other server, although as a Windows computer can only have a single default route (Default Gateway) the Replication interface should not be configured with a Gateway.
Click on the Advanced... button from the Internet Protocol Version 4 (TCP/IPv4) Properties page, and select the DNS tab. Untick the Register this connection's addresses in DNS.
As the Replication interface does not have a default gateway, a static route is required to provide a route to the rest of the subnet. The route add subnet mask subnetmask interface -p command to add this route. The -p switch ensures the route is persistent.
You can perform a route print to display the routing table on the server.
You will run into issues when creating the DAG, and adding DAG members if the bind order is not configured correctly. It is important the Domain interface is the primary connection.
The DAG itself must be represented in Active Directory, by the way of a Cluster Name Object. This is done by creating a disabled computer object. To do this open Active Directory Users and Computers, right click and select New, Computer name this object according. Please note when creating the DAG it must be named the same as the object.
As mentioned previously it's important the DAG computer object is disabled.
The security principal Exchange Trusted Subsystem is added to the ACL of the Cluster Name Object. It must also have Full Control access to this object. You can do this by using the Security tab on the properties of the object.
Now open the Exchange ECP and click Servers, Database Availability Groups. Click the + symbol to create a new DAG.
Now populate the fields with the corresponding information. Notice my mistake here, that will cause this to fail. My DAG is not named exactly the same as the Cluster Name Object, please ensure this is done properly. The File Share Witness is used as a tie breaker if servers suffer failure, if you do not specify a Witness server the wizard will automatically create it on one of the Client Access Servers. If you choose to configure your own File Share Witness, the Exchange Trusted Subsystem security principal must be in the local Administrators group of the server that is going to host the File Share. You will notice a Domain Controller cannot be a File Share Witness because DC's do not have local users and groups.
A DAG must also have an IP address, it is my recommendation to make this a static address even though the option is there to have DHCP assign an address dynamically.
Click Save and the DAG is created.
Now you must add DAG members to the DAG, this is done using the Add DAG Member button.
Click the + to add servers.
Select the Mailbox Servers you want to be part of the DAG, click Add and OK.
Click Save to commit the configuration.
By default Exchange automatically detects and configures the MAPI and Replication networks, there is not an obvious place in the GUI to show the MAP and Replication networks configuration. The PowerShell command Get-DatabaseAvailabilityGroupNetworks this shows how Exchange has configured the networking.
Now the DAG is created, with DAG members you must now configure Database Copies on the individual Mailbox Databases you want to be replicated by the DAG.
Click the ... icon and select Add Database Copy.
Specify the Mailbox Server you would like the Database replicated to. The Preference number is used to define a preference of where the database should be mounted while the DAG is operating normally. Click Save.
The wizard will now replicate the initial copy to the new DAG member server.
The Active button can be used when a server is selected to gracefully manage the failing over of what server is currently hosting the Mailbox Database. The Activate button will mount the Database on another DAG member and automatically redirect all connection, and it will also manage the reverse of the replication traffic. This can be useful if a server hosting a Mailbox Database requires updating or patching.