Hello all! Having worked for a while with various computer systems, primarily Active Directory and Exchange, I wanted to share some of my experiences with two objectives in mind: 1) obtain feedback to improve my mastery of those systems and 2) help others working on the same subject. Other posts are about CentOS, Citrix NetScaler, and VMware.
NOTE: most of my posts are in English but some others in French, with a summary in English. However, some of the CentOS blog posts lack this summary.
When a DAG (Database Availability Group) is composed of an even number of mailbox servers, we need to implement what is known as a "File Share Witness" (FSW). This is a file share containing a very small but very important amount of data that allows the DAG to maintain "quorum" and remain functional if either of the two DAG members is momentarily unavailable (during maintenance for example).
Note: if we looked at the properties and content of the file share, this is what we would see:
This file share can reside on just about any server that is a domain member as long as it is not a member of the DAG itself. It can be another Exchange server, a non-Exchange server like a file or print server or even (in a test network) a domain controller.
Note: it is not advisable to use a domain controller in a production environment for security reasons. We would have to add the "Exchange Trusted Subsystem" group to the builtin Administrators group on the domain controller, which would give the members of this group (essentially the Exchange servers) excessive rights and thus violate the security principle of "least privilege".
I explained how to configure a DAG in a previous blog post:
Please refer to that post if you want to create a new DAG.
In this post, I want do demonstrate how to change the location of the FSW from one server to another. We may need to do this for various reasons: the current server is being retired from service or perhaps has failed. In this latter case, the DAG will not cease functioning immediately (as long as the two DAG members are operational and can communicate with each other) but we will have to replace the FSW sooner or later. For example, with the FSW unavailable, we could not restart either of the two DAG members without causing a mailbox database dismount on the other member.
It is rather simple to change the location of the FSW provided that the new server meets the normal requirements for being a file share witness (domain member, Exchange Trusted Subsystem group added to the local administrators group if the server is not an Exchange server, not a member of the DAG itself).