Sunday, April 19, 2015

Exchange 2010 - DAG (Database Availability Group) - change File Share Witness

When a DAG (Database Availability Group) is composed of an even number of mailbox servers, we need to implement what is known as a "File Share Witness" (FSW). This is a file share containing a very small but very important amount of data that allows the DAG to maintain "quorum" and remain functional if either of the two DAG members is momentarily unavailable (during maintenance for example).

Note: if we looked at the properties and content of the file share, this is what we would see:






This file share can reside on just about any server that is a domain member as long as it is not a member of the DAG itself. It can be another Exchange server, a non-Exchange server like a file or print server or even (in a test network) a domain controller.

Note: it is not advisable to use a domain controller in a production environment for security reasons. We would have to add the "Exchange Trusted Subsystem" group to the builtin Administrators group on the domain controller, which would give the members of this group (essentially the Exchange servers) excessive rights and thus violate the security principle of "least privilege".  

I explained how to configure a DAG in a previous blog post:

Exchange 2010 - DAG (Database Availability Group) - Part 1 - Configuration (initial)

 Please refer to that post if you want to create a new DAG.

In this post, I want do demonstrate how to change the location of the FSW from one server to another. We may need to do this for various reasons: the current server is being retired from service or perhaps has failed. In this latter case, the DAG will not cease functioning immediately (as long as the two DAG members are operational and can communicate with each other) but we will have to replace the FSW sooner or later. For example, with the FSW unavailable, we could not restart either of the two DAG members without causing a mailbox database dismount on the other member.

It is rather simple to change the location of the FSW provided that the new server meets the normal requirements for being a file share witness (domain member, Exchange Trusted Subsystem group added to the local administrators group if the server is not an Exchange server, not a member of the DAG itself).

In my case, this is the current FSW location:

[PS] C:\>Get-DatabaseAvailabilityGroup -status | fl name,wit*

Name                      : DAG1
WitnessServer        : fsw1.mynet.lan
WitnessDirectory   : C:\FSW_DAG1
WitnessShareInUse : Primary


We can change the location with the following command:

Set-DatabaseAvailabilityGroup DAG1 -WitnessServer fsw2.mynet.lan -WitnessDirectory C:\FSW_DAG1


Which leaves us with this:

[PS] C:\>Get-DatabaseAvailabilityGroup -status | fl name,wit*

Name                      : DAG1
WitnessServer        : fsw2.mynet.lan
WitnessDirectory   : C:\FSW_DAG1
WitnessShareInUse : Primary


And that's it.

Even after rebooting both of the DAG members (not at the same time), the mailboxes continue to be available just as they were before.

Note: I do place the DAG member in maintenance mode with the "StartDagServerMaintenance.ps1" script.




No comments:

Post a Comment