Exchange 2013/2016: Create IP Less DAG with SP1 – Another Step to Simplification
Exchange 2013 has already been so revolutionary and the recent release of service pack 1 made it more exciting. Let us see how to create the simple Database Availability Group (DAG) cluster without any cluster IP.
This blog is applicable for Exchange 2016 as well.
Microsoft has always looking to give the simplest and user friendly applications and Operating Systems softwares. Exchange 2013 Service Pack 1 adds some more value to it especially when we install it on Windows 2012 R2. One of the feature is IP Less Database Availability Group.
This DAG does not need a cluster IP which simplifies the DAG more, this means DAG will be managed at application level using the configuration from the configuration partition.
This also reduces on the dependency of the IP of the every DAG node subnet in a multi subnet/datacenter expanded DAG.
You will not see the dead IPs which are not online and network security team will not bother you anymore.
There will be No DAG IP, No DAG Cluster Name, No Cluster Name Object (CNO), No DNS Entry.
In the IP address 255.255.255.255 will be used to fill the property because IP address property is required.
We can still create a traditional DAG. Transition from traditional DAG to DAG without an administrative access point is not supported and there is no way to transition except creating new DAG and moving mailboxes.
We are using windows 2012 R2 Active Directory-detached cluster feature mentioned here where in place of dns we are giving none.
We can only manage this DAG from Exchange management shell or Exchange Admin Center. New DAG can’t be managed from Failover Cluster Manager because it does not have Cluster name object.
So here we see the steps to create new DAG.
Assumption:
-The operating system is Windows Server 2012 R2 or higher
-The exchange server is Exchange 2013 Service Pack 1 or higher
Steps:
-
Add “Exchange Trusted Subsystem” active directory group to the local administrators group of the “File share witness” member server. In case you are going to use a domain controller, you need to add “Exchange Trusted Subsystem” group to domain administrators group.
- Open ECP on Exchange 2013 SP1 server by opening following url and login
- https://localhost/ecp
3. Click on Servers à Database Availability Group
Database Availability Group Name
Witness server
Witness directory
Database Availability Group IP Address: 255.255.255.255 then click +
Click save.
Or
Run the below mentioned command from the Exchange Management shell
New-DatabaseAvailabilityGroup -Name DAGName -DatabaseAvailabilityGroupIPAddresses ([System.Net.IPAddress]::None) -WitnessServer WitnessServerName –WitnessDirectory “Path of witness Directory“
Or
ADD the server by running the following command from Exchange management shell. Repeat for all servers.
Add-DatabaseAvailabilityGroupServer identity DAGName –MailboxServer mailboxservername
7. Click Save and you will see below screen.
11. Click on + sign to add new database.
Mailbox Database = Name of the database
Server = Browse and select the server on which we will create this DB
Database file Path = Database path with the databasename.edb
Log file Path = Log file path
Check Mount this database if unchecked.
Or
Run the below mentioned command from Exchange management shell
New-Mailboxdatabase -server servername -name DBname -Edbfilepath “DBpathDBname.edb” -logFolderPath “LogFilesPAth”
13. Database should be created and mounted. But you will see this warning so restart the Information service.
“Please restart the Microsoft Exchange Information Store service on server R2SP1D3 after adding new mailbox databases.”
Or
Run the below mentioned command from Exchange management shell
Add-MailboxDatabaseCopy databasename -MailboxServer mailboxservername
15. Now browse and select 2nd database server, click ok then click save.
16. Now seeding will begin to the 2nd or another server.
17. Once seeding finishes restart the information store service on the 2nd or next server.
18. Check the status of the copies by running the command get-mailboxdatabasecopystatus **.
You can see the content index is in failed state. This will become healthy after some time of the restart of information store service.
Now the question came if we wanted to see the cluster from “Failover Cluster manager” then how can we see it. Initially after Exchange 2013 SP1, I was able to use . to connect to the cluster on the exchange dag node but updates has fixed this bug and now we can’t connect to the cluster with .
So how will we manage the cluster beyond Exchange which is the question for a situation when you have to review the configuration or do a disaster recovery.
Here are the command lines for the powershell to review and change DAG cluster.
To Check Cluster properties run this command: Get-Cluster -Name ClusterNodename | select *
To Determine the nodes in the cluster and node state: Get-ClusterNode -Cluster Clusternodename
To get individual node properties: Get-ClusterNode -Cluster Clusternodename -Name Clusternodename | select *
To get cluster network states: Get-ClusterNetwork -Cluster Clusternodename
To get cluster network properties: Get-ClusterNetwork -Name “Cluster Network 1” -Cluster Clusternodename | select *
To get cluster interface properties: Get-ClusterNetworkInterface -Cluster Clusternodename -Node Clusternodename
To get individual cluster network interface properties: Get-ClusterNetworkInterface -Cluster Clusternodename -Name “Clusternodenicname” | select *
To get the cluster quorum status configuration: Get-ClusterQuorum -Cluster Clusternodename | fl
To get the cluster group status: Get-ClusterGroup -Cluster Clusternodename
To move the cluster group between nodes: Move-ClusterGroup -Cluster Clusternodename -Name “Cluster Group” -Node MBX-2
To get the cluster logs: Get-ClusterLog –cluster Clusternodename
To get the cluster resource state: Get-ClusterResource -ClusterClusternodename | fl
To get cluster group: Get-ClusterGroup -Cluster Clusternodename
To get Primary Active Manager in Dag: Get-DatabaseAvailabilityGroup -Identity DAG -status | fl name,primaryActiveManager
Prabhat Nigam
Microsoft MVP | Exchange Server
Team@MSExchangeGuru
June 7th, 2015 at 10:41 am
Hi quick question, do we need to create a Active Directory-detached cluster before the DAG? Thanks.
June 7th, 2015 at 2:07 pm
No.
October 1st, 2015 at 3:01 am
[…] No need of Cluster administrative access point: Since Exchange 2013 SP1 we have an option to create DAG with no IP and cluster administrative access point. This has already taken care multiple issue around IP DAG. In Exchange 2016 Default DAG creation will be without IP and cluster administrative access point so it is recommended to install Exchange 2016 on Windows 2012 R2 or higher. Check out my blog on it here. […]
November 21st, 2015 at 12:33 am
[…] Dive into DAGs in Exchange 2013 SP1 – Prabhat Nigam Download Presentation Session Details Watch […]
February 12th, 2016 at 10:28 am
Hi. What about the network Adapter configuration or preparation? Do we Need to disable for example QoS Packet Scheduler, Client for Microsoft Networks or File and Printer Sharing for Microsoft Networks?
Thanks
ihsan
February 12th, 2016 at 10:42 am
No changes required
April 7th, 2016 at 7:39 am
I would like to ask if there is any update when we can expect the “upcoming release” supporting IP-less Exchange DAG’s ?
April 7th, 2016 at 1:36 pm
Arirang – What are you asking? DAG is already at its best.
April 11th, 2016 at 7:41 am
Hi, Since there will be more than 1 exchange servers and DAG is IP-less, which IP would MX record point to in the Firewall?
Thanks
April 11th, 2016 at 2:51 pm
Load Balancer IP which you are using for SMTP High Availability. If no load balancer, give any mailbox server but remember to change when you need to restart the server.
April 11th, 2016 at 7:54 pm
Thanks a lot for the reply Prabhat. In fact I have installed two exchange 2016 servers and grouped them through DAG. I have also enabled DNS Round Robbin. Do I still need to the IP in the fire wall when I restart the server. Shouldn’t DNS Round Robbin automatically point to the other server. Thank you
April 11th, 2016 at 8:35 pm
Firewall still need an IP to do 1-1 nat with external IP.
May 14th, 2016 at 3:15 pm
This was great, we set this up and would fail over back and forth when our two site were operational. We thought with this setup alone we would be covered in the event of a primary site failure. We just had one and couldn’t mount the database on the secondary site. After reasearch we realized that we needed an alternate witness server in the 2nd site or to have one in Azure. Is this accurate? Or is a third option to some how force the secondary site to mount even though there were not enough votes on that secondary site?
If so do you know the commands and steps to force the 2nd exchange server to mount when it can’t contact the witness server. After that is done when you restore the primary site how would you fail back to the primary and clean up.
I really enjoy your work and I think some good follow up articles that would help people not feel safe like i did:
1. How to force a take over when your using your above scenario and don’t have an alternate witness where you 2nd dag exchange server is and clean when failing back.
2. How to create an alternative witness in the 2nd site and how to fail back and forth with clean up
3. Let users know about this link. How to run a witness server in Azure https://technet.microsoft.com/en-us/library/dn903504(v=exchg.150).aspx
Thanks again
May 14th, 2016 at 3:23 pm
You should have 3rd Ad site for the auto failover in case of 1 AD site is down.
In any case 1 AD site and FSW should not be down for auto failover.
In case of only 2 AD sites 3rd ad site can be Azure(you need a DC there as well or DC can host FSW)
Now in case of no 3rd AD site, you need to run the tradition 2nd AD site activation by following our exchange 2010 DIsaster Recovery blog. Search for it. I am typing from phone so can’t link it.
May 14th, 2016 at 4:31 pm
You are the man replying on a Saturday !!
Is it this link? https://msexchangeguru.com/2012/10/25/exchange-2010-dag-dr/
Does it not matter that its 2013 I’m talking about and the fact that its an IP less dag as described in this post?
January 18th, 2017 at 6:13 am
Hi,
We are using PowerShell to remotely manage mailboxes of users. In case of IP based DAG, an exchange session is created to DAG to manage mailboxes. We are facing issues in case of IP less DAG environment. The session creation to DAG is failing.
The IP less DAG is configured on Exchange 2013 SP1. The following command to create session through PowerShell fails where “DAG1” is the name of Database Availability Group. Also “ping DAG1” fails. The IP Address of DAG is set to 255.255.255.255.
New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://DAG1/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Here is the error:
New-PSSession : [dag1] Connecting to remote server dag1 failed with the following error message : WinRM cannot
complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the
network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By
default, the WinRM firewall exception for public profiles limits access to remote computers within the same local
subnet. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri ht …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed
When I update DAG and clear all the IP address entries then it works fine i.e. ping to DAG works fine and also the New-PSSession command succeeds. I am not sure if this is called an IP less DAG as an IP address is getting assigned to DAG1.
I need help in creating exchange session to an IP less DAG through remote PowerShell. Do I need to look into any specific configuration to make it work?
January 18th, 2017 at 11:19 am
Do the session to exchange server and not to DAG.
255.255.255.255 is a broadcast IP address which is unusable so configuration is correct. It should be same.
January 20th, 2017 at 2:18 am
Nice explanation…Keep it up…
January 23rd, 2017 at 2:02 am
Prabhat,
Thanks for the quick response.
If I access the one of the exchange server directly, does the failover happen when it down?
January 23rd, 2017 at 2:44 am
No
January 23rd, 2017 at 5:20 am
In that case, how do I open a session to IP less DAG through Powershell which can handle the failover as well.
January 23rd, 2017 at 11:13 am
Configure the URL and connect to the URL. Let your load balancer connect you to the different server.
January 24th, 2017 at 2:23 am
Why do you want to open a PS connection to the DAG? You only need to use PS on the DAG when checking Health Stats, Mailbox Database Copy Status, and when putting the DAG into Maintenance Mode. Once you have your IP Less DAG setup, add the virtual IP’s of your Exchange Servers to your Load-Balancer(s). The Load Balancer will determine which Mailbox Server to connect to when a failure occurs.
April 20th, 2017 at 5:58 am
Nice explanation sir