Exchange 2013 – Database Availability Groups – Part 2

In the first part of my explorations into Exchange 2013 and specifically, the setup and any new functionality of database availability groups,  I setup the network adapters on my Exchange 2013 mailbox servers to support the creation of a new database availability group. To review the settings thus far, please go here. Next we’ll take a look at how the dag creation process differs in the Exchange Admin Center in 2013 from its predecessor in 2010. Of course this can all be done directly in the shell but I’d like to explore the user experience in the new console personally for now.

First, we’ll navigate to a client access server as only mailbox services are running on EX13-MB1 and EX13-MB2. The url is https://nameofcas/ecp.


Upon successful login we are presented with the default view of recipients as shown below. Database availability group configuration is located under the “Servers” section of the navigation pane on the right. Highlighted below.


Currently nothing outside of network adapter setup has been configured as it relates to dag setup. Before any setup, the EAC should display a configuration as shown below.


Just for confirmation two mailbox servers are already configured in the organization or “Enterprise”.


Back to creating the DAG, first click the “+” to create a new database availability group in the enterprise which will present the “new database availability group” screen in IE. I have configured my settings as shown below. The Witness server is in fact an Exchange 2013 Client Access Server so if things are the same as they were in Exchange 2010, setup should have no problem configuring the witness directory I have specified.


After the configuration has been saved, we now have a dag configured for the enterprise with no member servers. Only the dag name and witness server (with fqdn) specified show in the configuration.


Before adding member servers and checking the results in failover cluster manager, I want to ensure the client access server (witness server) was configured with the proper directory and settings. And at first glance it does NOT appear that the “dag_witness” directory specified in the above screenshot was created.

dag_nowitnessEvent logs look to be clean and failover cluster manager on the mailbox servers show no cluster configuration taking place so my hunch is that is stored the configuration settings but has not executed any changes to the environment. For now, I’ll proceed with adding member servers and will try to confirm my hunch. Back in the “database availability groups section of EAC, I’ll first select the “DAG01” dag and then select the “Manage DAG membership” shown below.


Before proceeding, I want to also point out that a new feature in Exchange 2013 is “DAG network auto-configuration“. It is mentioned here and states that, “DAGs networks can be automatically configured by the system based on configuration settings. In addition to manual configuration options, DAGs can also distinguish between MAPI and Replication networks and configure DAG networks automatically“. I have not configured any dag networks in Exchange, simply configured the network adapters in Windows. The configuration can be found here.

After selecting “Manage DAG membership“, the “manage database availability group membership” window open and allows me to add the dag members. Clicking the”+” then allows for the addition of all mailbox servers that will be members of the DAG at once.



Click “Save” will start the process of provisioning the mailbox servers and join them to a new failover cluster to provide dag features.  The process starts off by installing the failover clustering component on each member servers.


Once finished installing necessary failover clustering components on EX13-MB1, Exchange will then attempt to create and form the cluster using the configuration specified up to this point. In my example, it will attempt to create a new cluster named, DAG01 and join both EX13-MB1 and EX13-MB2 to the new cluster as members.


I was then presented with an error as shown below and as a result the cluster was not created successfully and the database availability group was not created.


Taking a quick look at the full error, I realized there was an “Access is denied” error. More specifically the error stated, “Error: Cluster API ‘”CreateCluster() failed with 0×5. Error: Access is denied”. Double checked the Exchange Trusted Subsystem group membership and all three Exchange servers were in fact present. So, unless something permissions related changed from 2010 to 2013 the witness server’s file share witness directory creation permissions shouldn’t be the issue. Did some quick searching and landed on the following TechNet article located here. I quickly realized that the issue/error is to be expected when implementing dag members on Windows Server 2012. It states in the first paragraph of the article, the following; “Pre-staging the CNO is required for Windows Server 2012 DAG members due to permissions changes in Windows Server 2012 for computer objects.

To set the proper permissions on the CNO object that was already created in the attempt at forming the dag, we need to launch “Active Directory Users and Computers“, and click “View“, then “Advanced Features“. Locate the CNO (cluster network object), which in my example is “DAG01” and is located the computers container. Right click and select properties as shown below.


In the properties of the DAG01 cluster network object, we’ll select the security tab and add the Exchange Trusted Subsystem group to the list of users and select OK.


Once the group is added, grant “Full control” rights and click “OK” to continue.


After permissions have been set, right click the CNO object and click “disable account“.


Back in EAC, repeating the steps above to add the DAG members, the cluster will now form and Exchange will add each members that was selected.


EX13-MB2 did not have Failover clustering installed due to the errors, so that will take place next and then it also will be added into the cluster/dag.


Once complete, we are presented with a successfully completed operation window and should have a new database availability group in Exchange 2013.


It looks as though Exchange did recognize the networks on the mailbox servers and detected the replication network and the mapi network correctly. However both networks are setup for replication so we’ll need to modify the networks and turn of replication for the “dag01\MapiDagNetwork“.


Before we can modify the network settings in the shell, we’ll need to disable the automatic dag network configuration for the dag. To this, we will run the below command.


The below command will disable replication for the “dag01\MapiDagNetwork“.


Once completed, “Get-DatabaseAvailabilityGroupNetwork” should show the mapi network as replication disabled.


In the next part, I’m going to dive into adding mailbox database copies and testing *over scenarios using both an administration initiative switchover and also a system initiated failover while attempting to bug check the active mailbox severs based on new availability monitoring rules found here. To create a new Exchange 2013 database availability group in EMS, all needed information can be found here.

Any thoughts?