Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I have a question about the DAG and the witness server.

Status
Not open for further replies.
jlh1

jlh1

MIS
Mar 26, 2001
65
US

I have 2 exchange 2010 server in different locations using a DAG.

Recently I ran into a problem at the site where exchange server and the witness server are located. The site to site that connected the two sites where the exchange server are located went down. This cause the exchange server in the location that was still accessible to dismount the database because the server could not communicate with either the witness or the other exchange server.

I have other site to sites that connect all of our remote sites together and would like to move the witness to one of these sites.

My problem is that the other sites only have an Active Directory server there. The setup of the witness server has the Exchange Trusted Subsystem added to the local admin group, being that these servers are Active Directory server they do not have local groups.

My question is that if I create a user in active directory and make this user a member of the Domain Admin Group and Exchange Trusted Subsystem group. Could I use the Active Directory server as a witness to the DAG? In addition if this is possible I would like to take advantage of the alternate witness server.
With two exchange servers and two witness servers this would be an even number and there would be no majority. When does the alternate witness server come into play?

Thanks
Jlh1
 
Sort by date Sort by votes
To address your specific question, the key is to give the Exchange Trusted Subsystem account full control of the NTFS/Share permissions on the witness share. I don't think that it's that important for it to have admin rights on the whole witness box--remember, really all the witness is is a share that the other servers write and read from.

The alternate witness server only comes into play in datacenter switchover scenarios (not something you are doing), and you'd never have a situation with two witnesses live. If you have a witness, an alternate witness and two mailbox servers, you only have three players. In your situation, configuring the alternate witness is a waste of time, since it won't be used.

If I were you, I'd carefully read this document, since you seem to have at least two misconceptions about how DAGs function:

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Upvote 0 Downvote
Thanks for the information.

The witness server in the primary location makes sense, and that’s what I currently have in some sense.

It was determined when we setup the servers/DAG that even though our users are in the corporate office we would make the colo site the primary. The thought being that if and when the corporate office goes down (which it has for days because of storms) the colo will always be up.

That was until the internet/router at the colo failed. That caused the exchange server in the corporate site to dismount the database because neither the witness nor the other exchange server could be contacted.

To avoid that problem again my thought was to move the witness to another office/site that is connected to all other sites by Site to Site connections. This way I could lose any one of the points, Exchange server or witness and still have quorum.

Does this make sense or I’m I opening my system up to other communication problems that I am not seeing.

Thanks again
Jlh1
 
Upvote 0 Downvote
Another thought, Would there be anything to gain if I just install another exchange server in the remote site. I would then have a three server DAG.

jlh1
 
Upvote 0 Downvote
That would actually be a much better solution, in my opinion. That's exactly what I ended up doing after an initial deployment of a 2-site DAG that had the witness at one of the sites. It was much better to have three sites and not worry about witness at all. What I ended up doing was keeping a second copy of each database from both of the main sites on the new site, so it mainly performed a DR function and I would perform a datacenter failover to it if one of the two main sites went down.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
1K
david jackson
david jackson
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
Rohit Bareja
  • Locked
  • Question
View and access only own records, and not the records by others on SharePoint.
Replies
3
Views
1K
garysm
garysm
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
2K
microsGuy16
microsGuy16

Part and Inventory Search

Sponsor

Back
Top