Exchange 2013/2016: Create IP Less DAG with SP1 – Another Step to Simplification
Exchange 2013 has already been so revolutionary and the recent release of service pack 1 made it more exciting. Let us see how to create the simple Database Availability Group (DAG) cluster without any cluster IP.
This blog is applicable for Exchange 2016 as well.
Microsoft has always looking to give the simplest and user friendly applications and Operating Systems softwares. Exchange 2013 Service Pack 1 adds some more value to it especially when we install it on Windows 2012 R2. One of the feature is IP Less Database Availability Group.
This DAG does not need a cluster IP which simplifies the DAG more, this means DAG will be managed at application level using the configuration from the configuration partition.
This also reduces on the dependency of the IP of the every DAG node subnet in a multi subnet/datacenter expanded DAG.
You will not see the dead IPs which are not online and network security team will not bother you anymore.
There will be No DAG IP, No DAG Cluster Name, No Cluster Name Object (CNO), No DNS Entry.
In the IP address 255.255.255.255 will be used to fill the property because IP address property is required.
We can still create a traditional DAG. Transition from traditional DAG to DAG without an administrative access point is not supported and there is no way to transition except creating new DAG and moving mailboxes.
We are using windows 2012 R2 Active Directory-detached cluster feature mentioned here where in place of dns we are giving none.
We can only manage this DAG from Exchange management shell or Exchange Admin Center. New DAG can’t be managed from Failover Cluster Manager because it does not have Cluster name object.
So here we see the steps to create new DAG.
Assumption:
-The operating system is Windows Server 2012 R2 or higher
-The exchange server is Exchange 2013 Service Pack 1 or higher
Steps:
-
Add “Exchange Trusted Subsystem” active directory group to the local administrators group of the “File share witness” member server. In case you are going to use a domain controller, you need to add “Exchange Trusted Subsystem” group to domain administrators group.
- Open ECP on Exchange 2013 SP1 server by opening following url and login
- https://localhost/ecp
3. Click on Servers à Database Availability Group
Database Availability Group Name
Witness server
Witness directory
Database Availability Group IP Address: 255.255.255.255 then click +
Click save.
Or
Run the below mentioned command from the Exchange Management shell
New-DatabaseAvailabilityGroup -Name DAGName -DatabaseAvailabilityGroupIPAddresses ([System.Net.IPAddress]::None) -WitnessServer WitnessServerName –WitnessDirectory “Path of witness Directory“
sign then click on + sign. In the select server select one server, click add then click ok.
Or
ADD the server by running the following command from Exchange management shell. Repeat for all servers.
Add-DatabaseAvailabilityGroupServer identity DAGName –MailboxServer mailboxservername
7. Click Save and you will see below screen.
11. Click on + sign to add new database.
Mailbox Database = Name of the database
Server = Browse and select the server on which we will create this DB
Database file Path = Database path with the databasename.edb
Log file Path = Log file path
Check Mount this database if unchecked.
Or
Run the below mentioned command from Exchange management shell
New-Mailboxdatabase -server servername -name DBname -Edbfilepath “DBpathDBname.edb” -logFolderPath “LogFilesPAth”
13. Database should be created and mounted. But you will see this warning so restart the Information service.
“Please restart the Microsoft Exchange Information Store service on server R2SP1D3 after adding new mailbox databases.”
Or
Run the below mentioned command from Exchange management shell
Add-MailboxDatabaseCopy databasename -MailboxServer mailboxservername
15. Now browse and select 2nd database server, click ok then click save.
16. Now seeding will begin to the 2nd or another server.
17. Once seeding finishes restart the information store service on the 2nd or next server.
18. Check the status of the copies by running the command get-mailboxdatabasecopystatus **.
You can see the content index is in failed state. This will become healthy after some time of the restart of information store service.
Now the question came if we wanted to see the cluster from “Failover Cluster manager” then how can we see it. Initially after Exchange 2013 SP1, I was able to use . to connect to the cluster on the exchange dag node but updates has fixed this bug and now we can’t connect to the cluster with .
So how will we manage the cluster beyond Exchange which is the question for a situation when you have to review the configuration or do a disaster recovery.
Here are the command lines for the powershell to review and change DAG cluster.
To Check Cluster properties run this command: Get-Cluster -Name ClusterNodename | select *
To Determine the nodes in the cluster and node state: Get-ClusterNode -Cluster Clusternodename
To get individual node properties: Get-ClusterNode -Cluster Clusternodename -Name Clusternodename | select *
To get cluster network states: Get-ClusterNetwork -Cluster Clusternodename
To get cluster network properties: Get-ClusterNetwork -Name “Cluster Network 1” -Cluster Clusternodename | select *
To get cluster interface properties: Get-ClusterNetworkInterface -Cluster Clusternodename -Node Clusternodename
To get individual cluster network interface properties: Get-ClusterNetworkInterface -Cluster Clusternodename -Name “Clusternodenicname” | select *
To get the cluster quorum status configuration: Get-ClusterQuorum -Cluster Clusternodename | fl
To get the cluster group status: Get-ClusterGroup -Cluster Clusternodename
To move the cluster group between nodes: Move-ClusterGroup -Cluster Clusternodename -Name “Cluster Group” -Node MBX-2
To get the cluster logs: Get-ClusterLog –cluster Clusternodename
To get the cluster resource state: Get-ClusterResource -ClusterClusternodename | fl
To get cluster group: Get-ClusterGroup -Cluster Clusternodename
To get Primary Active Manager in Dag: Get-DatabaseAvailabilityGroup -Identity DAG -status | fl name,primaryActiveManager
Prabhat Nigam
Microsoft MVP | Exchange Server
Team@MSExchangeGuru
April 4th, 2014 at 12:21 pm
if we did this could we set up a client access arry for the cas role and not need a load balancer?
April 5th, 2014 at 12:02 am
@daniel
We are talking about mailbox role. This is mailbox server clustering.
There is no cas array in 2013 and your option is spearate CAS role and use windows LB or use multi role server and use load balancer.
April 10th, 2014 at 4:21 pm
Hello,
while adding a mailbox copy i have the follwing error, i tried everything.. Do you have any suggestion? Thanks!
WARNING: Seeding of content index catalog for database ‘SpecialUsers’ failed. Please verify that the Microsoft Search
(Exchange) and the Host Controller service for Exchange services are running and try the operation again. Error: There
was no endpoint listening at
net.tcp://localhost:3863/Management/SeedingAgent-17BDDA50-B2EE-4410-A53B-4AD967CAA2DA12/Single that could accept the
message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more
details..
April 10th, 2014 at 11:45 pm
@UgoCat
What is your exchange 2013 version?
Here are the 2 suggestion to try, let me know if this helps
1. Set the correct Nic order.
Then restart the “Microsoft Exchange Search” and the “Microsoft Exchange Search Host Controller” services
You content index will be healthy.
Until context index is healthy you may get the error.
2. Create a new AD group named ‘ContentSubmitters’ and grant ‘Admistrators’ and ‘NetworkService’ full access to it
Thereafter restart “Microsoft Exchange Search” & “Microsoft Exchange Search Host Controller” services
April 22nd, 2014 at 3:51 pm
Hello Prabhat,
So, with no DAG IP, no DAG cluster name and no DAG CNO, is everything else the same with regard to DAG networking – MAPI (Production) IP and Repl DAG (IP)? Obviously, MAPI IP will still be required but what about Repl IP? Will the DAG still seed\replicate via Repl interface?
Also, since this isn’t managed via Failover Cluster manager (no admin access point), is the DAG cluster configured with a dynamic quorum?
April 23rd, 2014 at 1:28 am
@Rocky
Yes everything else works the same way. There is no DAG IP but MAPI and Replication networks will work the same way.
Replication network is never a enforcement but an additional feature so yes replication network will be there and you can configure it.
No Admin access point but you can open failover cluster manager and type . to connect to the local cluster.
Dynamic quorum is enabled by default so yes DAG will be configured with dynamic quorum.
The below command will tell you which server has the dynamic quorum weight. | ft name, dynamicweight, state
Get-ClusterNode
May 14th, 2014 at 8:53 pm
[…] https://msexchangeguru.com/2014/03/21/e2013sp1-ip-less-dag/ […]
May 15th, 2014 at 2:06 am
[…] https://msexchangeguru.com/2014/03/21/e2013sp1-ip-less-dag/ […]
May 22nd, 2014 at 12:24 pm
what are pro and con between The IP less DAG and traditional DAG when DAG is running issue for troubleshooting point of view?
We ran issue with 2010 DAG before. All suddenly the DAG was in partially online status. We found out the cluster was running at subnet A but DNS of the DAG is pointing to IP of subnet B. After we manually create DNS entry pointing to the cluster IP on subnet A and cluster status became online. However, we had another issue that Cluster cannot see two DAG member servers’ MAPI NIC interfaces though we can ping it and mapped drive by its IP address. so the DAG was running at degraded status since of four mbx cluster servers, two of them were not visible to the cluster. Later on we learned that there were some issue was core switch , a backup switch was active at that time that caused the issue. Once the core switch came back online, Exchange DAG became normal after that automatically. My point here, if these specific event happened again, the issue might not happen at all with IP less DAG with 2013 SP1 or If it did happen, we would be no way to find out what’s going on then since there are no cluster manager application anymore. Thanks in advance for your advise.
May 22nd, 2014 at 3:34 pm
@Harry
Pros and cons are mentioned in the beginning of the blog.
Troubleshooting might not have benefit but dynamic quorum will be helping with 2012 OS.
We have many Disaster recover blogs. I would recommend you to go through them.
Regarding your issue with the DNS entry. This is not going to part of DAG if you do IP Less DAG. so this is one of the benefit.
Regarding your switch issue. If there is any hardware issue then a software can’t fix it but we can avoid using this hardware which is why it is recommended to have at least 2 of every hardware component.
Well Failover Cluster manager is there but there is no name of the cluster so on the mailbox server you can open failover cluster manager and connect to cluster then type . to connect to the IPLess cluster. Over all you can connect with . on the mailbox server but from any management workstation you can’t connect to the cluster.Latest updates has stopped connecting the Dag cluster with . so we need to use the powershell commands to manage the cluster. I have updated them in the blog.
May 27th, 2014 at 1:29 pm
That’s great. Thanks for detailed explanation.
The following is good enough for me. Thanks again.
Well Failover Cluster manager is there but there is no name of the cluster so on the mailbox server you can open failover cluster manager and connect to cluster then type . to connect to the IPLess cluster. Over all you can connect with . on the mailbox server but from any management workstation you can’t connect to the cluster.
June 16th, 2014 at 10:49 am
FYI:
As of now this setup will not be supported by Backup Exec. Not even Backup exec 2014.
You can read the Admin Guide on page 951. (“Backup Exec does not support DAGs without cluster administrative access points”)
June 16th, 2014 at 11:12 am
Thank you Bobby for the update.
Most of the recommendations are coming to live without backup after having multiple copies of DAG, 1 lag copy and retention period. So some of the deployment can go without it but this is not our recommendation.
June 20th, 2014 at 8:29 am
I just implemented this guide in a test environment and would like to know what time backup will be support since in the previews post it is saying that wont be support.
cheers
June 21st, 2014 at 2:02 am
@Elton
Kindly share the link. You can always take the backup. I would recommend using Microsoft DPM.
July 28th, 2014 at 1:41 pm
Sir can u please suggest me better way to learn about Ex Server
August 11th, 2014 at 11:12 pm
Hi Prabhat,
Back to Rocky’s question about the MAPI and Replication networks. aka “Collapsing DAG Networks”
Do I still need the two networks if I have two sites, a MBX server on each and they are both part of an IP less DAG ?
All Servers are running Windows 2012 R2 with Exchange 2013 SP1
Site A – CAS1A CAS2A MBX1A \__ DAG
Site B – CAS1B CAS2B MBX1B /
I just need to know if we can send our DAG/replication traffic over the same WAN link (same IP) as client traffic or do we need to another IP space separated from the client traffic for the DAG replication ?
If I can do this with MBX server and members of a DAG with a single network card, single IP that is a time saver 🙂
Thanks,
Jakub
August 12th, 2014 at 9:00 am
@Santosh
Go through the Exchange help file
http://www.microsoft.com/en-us/download/details.aspx?id=35395
After this Go through every topic on technet
http://technet.microsoft.com/en-us/library/bb124558(v=exchg.150).aspx
One both are done Look for videos on my youtube channel and channel 9 MEC event
https://www.youtube.com/channel/UCkiCw4Gf28vNwohPTqdrFqw/videos
http://channel9.msdn.com/events/MEC/2014
August 12th, 2014 at 9:06 am
@Jakub
Single network works fine as well
We recommend to keep separate replication network considering it might choke up your prod network but it might be fine if you have very less traffic.
August 16th, 2014 at 7:00 am
If some one needs expert view concerning blogging afterward i suggest
him/her to visit this weblog, Keep up the good work.
August 22nd, 2014 at 1:27 am
Peculiar article, just what I needed.
August 23rd, 2014 at 8:24 pm
What happens if you have a dag without an administrative access point and need to change it to a dag with one (because of the Symantec issue)? Do you simply add an IP address or is there more to it?
August 24th, 2014 at 1:16 am
Simply add the IP.
August 24th, 2014 at 11:33 am
I’ve added the IP but no CNO has been created. Looks like I may have to remove the db copies, remove the dag, then recreate the dag with an IP so the CNO is created (unless I can do it the pre-staged way and the failover cluster manager will pick up on it). Anyone have any insight to this?
August 24th, 2014 at 12:40 pm
what is the Symantec issue for reverting IPLess DAG to an IP DAG.
August 24th, 2014 at 12:54 pm
Backup Exec requires a CNO…
August 24th, 2014 at 1:33 pm
Overall backup exec connects to the exchange servers to take backup from active or passive copy depends on the config.
Please share any popup or error.
August 24th, 2014 at 1:36 pm
It’s clearly not supported according to Symantec. http://www.symantec.com/business/support/index?page=content&id=TECH218366
The errors that are described in that link are the one’s produced. We called Symantec and they said they do not support backing up a DAG without a CNO. The Exchange agent connects to the CNO by reading data from the Failover cluster manager, and since there is no CNO, BUEXEC cannot find the dag.
August 24th, 2014 at 2:02 pm
Just posted a challenging question here – https://www-secure.symantec.com/connect/forums/exchange-2013-sp1-ip-less-dag-no-cno
Let see what do they reply.
At the same time host file entry might help which is helping netbackup. http://www.symantec.com/business/support/index?page=content&id=TECH223843
August 24th, 2014 at 2:10 pm
I am sorry, you can’t convert the DAG from without IP to with IP. So yes, you need to destroy the DAG if you need to convert it.
August 24th, 2014 at 2:17 pm
Net Backup and Backup Exec are 100% different products that were bought from different vendors by Symantec. I checked your challenge post – very nice, very nice! We have Snap Manager that I know works with no CNO – I’m working on moving the databases to snap volumes instead of vmdk’s and I’m going to use Snap manager and ask Symantec for my money back. Using snap volumes and snap manager is probably much better anyway.
August 25th, 2014 at 2:29 am
[…] of a cluster and made it a simple cluster exchange. I posted the blog of creating IP Less Dag here and also delivered a session in Tech Stravaganza Times Square New York Conference. You can watch […]
August 26th, 2014 at 9:15 am
You say there is no way to transit from an old DAG except creating a new DAG and move mailboxes. But if we already have in production a single CAS/Mailbox server 2013 with a single database on a Server 2012 R2 and plan to build a DAG on this production server and two new servers? Do we then have en to create a new DAG database and move mailboxes from current production database?
August 26th, 2014 at 9:49 am
No, You don’t need to create a new database for DAG, existing database in single server environment can be used when you create DAG. In this case, you just need to add 2nd copy to the 2nd server once DAG is created.
August 29th, 2014 at 10:49 am
Could you mention about how to configure alternate file sharing witness and how to check if this work?
August 29th, 2014 at 11:20 am
@Daro
Alternate File Sharing Witness will work when you will activate the DR site.
February 13th, 2015 at 6:15 am
This seems to work really well – thanks!
February 13th, 2015 at 12:54 pm
Hi Prahbat,
On Question #6 where you replying to Rocky, you tell him that he can continue to use a Replication network with the IP Less Dag. My question is how does the IP Less Dag know about the separate Replication network that I have configured? Do I need to add 2 IP’s for the DAG? 255.255.255.255 and the IP of my Replication network?
Thanks,
-Steven (From NY Exchange User Group)
February 13th, 2015 at 2:27 pm
Hey Steven,
Dag look of the networks on the server and by default try to allow both Prod and replication but we can manually decide on the Dag network property which one should allow replication.
No, you don’t need to assign 255.255.255.255 2 times.
February 16th, 2015 at 12:40 am
Hi Prabhat,
Thank you. It worked very well.
-Steven
March 15th, 2015 at 11:47 am
Hi Prabhat,
I have a fully operational 2013 3-Node IP Less DAG Environment with 1 File Share Witness now with a couple of Mailbox Databases in my DAG. Additionally, I have 2 hardware Kemp load balancers and all is working as it should. Now I have a requirement to Shutdown all Servers in my environment because of building engineering is turning off the power. This is scheduled maintenance and servers will be offline for a couple of days. How can I safely shutdown my new 2013 environment so that the DAG is safe? I have read various methods from dismounting the databases etc. Can you explain the best approach for shutting down and starting up later?
Thanks again!
-Steven
March 16th, 2015 at 2:44 pm
Manually dismounting the DB will ensure all log files has committed to the database so I would say yes dismount the databases. Then shutdown the exchange servers one by one.
Once exchange servers are shutdown, start shutting down your domain controllers.
June 1st, 2015 at 10:04 am
I have an IP-less DAG on Exchange 2013 SP1 and Windows 2012 R2. I want to change the IP address on one of the Exchange server which is member of the DAG.
Do I only need to assign the new IP to the Exchange 2013 or is there anything else I should do with the DAG too after the change.
Grateful if you could help
Thanks
Koomar
June 1st, 2015 at 10:25 am
No worries for DAG as far as DNS responds to the new IP. So move all the DBs and PAM from this server to another server before changing the IP and restart the server post changing the IP. Make sure DNS is responding to new IP.
June 1st, 2015 at 10:26 am
Koomar,
I also had to change the IP address of one of my IP-less DAG nodes recently. Firstly, I changed the node’s IP address but the DAG broke despite me trying PowerShell commands to change the DAG node addresses. Unfortunately I had to recreate the DAG from scratch. That was the quick and easy bit. The longest time was spent replicating the databases between the nodes. I couldn’t find any specific info on this process but I suspect there’s an easier way.
Andy.
June 1st, 2015 at 10:29 am
So if I follow the steps below I should be fine:
a) Move DB to another server
b) Change the IP address on the member server of the DAG
c) Restart the server.
Sorry for asking , but what’s PAM?
Koomar
June 1st, 2015 at 10:30 am
Andy,
I am sure DNS was still responding to the old IP in your case.
Dag should not break otherwise.
Moreover you can add and remove Dag nodes.
Then you can also use old replicated database copies. You should not be required to reseed the DB.
June 1st, 2015 at 10:45 am
Hi Prabhat
Sorry for asking again , but what is PAM in your response?
Thanks
Koomar
June 1st, 2015 at 10:54 am
Koomar.
You need to move PAM to the other server. PAM is Primary Active manage. Read the below technet link. If you manage a DAG then you should be aware about PAM.
https://technet.microsoft.com/en-us/library/dd776123%28v=exchg.150%29.aspx
To move the PAM use the below command. group “Cluster Group” /moveto:
cluster.exe
June 2nd, 2015 at 4:31 am
Prabhat, my memory is failing me. What I should have said was that my problem was due to changing the AD Site that the secondary node was in. What a world of pain that was, right down to disabling the Edge Transport subscription. Even though the DNS entries for the two nodes was correct it seemed to break the DAG. I still don’t know how it happened but I didn’t have time to investigate.