Exchange 2010 SP1 DAG – Step by step (Proof of concept)

 

For your Exchange 2010 DAG POC, you will need 4 virtual Windows Server 2008 R2 servers.

  1. Domain controller & DNS
  2. Exchange Hub Transport server (Witness server and witness directory)
  3. Exchange Mailbox & Client Access
  4. Exchange Mailbox

Not only will you need 4 Windows Server 2008 R2 servers (3 Exchange servers & 1 Domain Controller (DNS)), you will also need 3 Windows 7 Enterprise client machines.

All software is available Microsoft:

  1. Exchange 2010 with SP1 (180 day evaluation) http://technet.microsoft.com/en-us/evalcenter/default
  2. Windows Server 2008 R2 (180 day evaluation) http://technet.microsoft.com/en-us/evalcenter/default
  3. Windows 7 Enterprise (90 day evaluation) http://technet.microsoft.com/en-us/evalcenter/default
  4. Office 2010 Professional Plus (60 day evaluation) http://technet.microsoft.com/en-us/evalcenter/default

Steps

  1. You will need to install your own domain controller & DNS on the first Windows Server 2008 R2 server, call the domain dag.local and name the server TS-AD-SYD
  2. Install 3 other servers as vanilla builds with Windows Server 2008 R2, use the following names
    • TS-EX-SYD-01 (Exchange mailbox server)
    • TS-EX-SYD-02 (Exchange mailbox and client access server)
    • TS-EX-SYD-03 (Exchange Hub transport server and DAG witness server)
  3. Configure networking on all machines, you will need two NIC’s on each of the 3 exchange servers and one on the domain controller.
    1. Domain controller (one NIC connected as a standard LAN interface)
    2. 3 Exchange servers (one NIC as a standard LAN interface and the second one will be called REPLICATION and used for this purpose)
      • TS-AD-SYD
        • One NIC named LAN IP:192.168.168.1
      • TS-EX-SYD-01
        • One NIC named LAN IP:192.168.168.11
        • One NIC named REPLICATION IP:192.168.192.11
      • TS-EX-SYD-02
        • One NIC named LAN IP:192.168.168.12
        • One NIC named REPLICATION IP:192.168.192.12
      • TS-EX-SYD-03
        • One NIC named LAN IP:192.168.168.13
        • One NIC named REPLICATION IP:192.168.192.12
    3. Change the adaptor settings on the 3 exchange servers, click the Advanced menu and then Advanced settings. Change the order to the following:
      SNAG-0033
  4. Install Microsoft .NET Framework 3.5 Service Pack 1 (SP1). For details, see Microsoft .NET Framework 3.5 Service Pack 1.
  5. Install the Microsoft .NET Framework 3.5 Family Update for Windows Vista x64 and Windows Server 2008 x64 updates. For details, see Microsoft .NET Framework 3.5 Family Update for Windows Vista x64, and Windows Server 2008 x64 and Knowledge Base article 959209, An update for the .NET Framework 3.5 Service Pack 1 is available.
  6. Install Windows Remote Management (WinRM) 2.0 and Windows PowerShell V2 (Windows6.0-KB968930.msu). For details, see Knowledge Base article 968930, Windows Management Framework Core package (Windows PowerShell 2.0 and WinRM 2.0).
  7. On servers that will host the Hub Transport or Mailbox server role, install the Microsoft Filter Pack. For Exchange 2010 release to manufacturing (RTM), see 2007 Office System Converter: Microsoft Filter Pack. For Exchange 2010 SP1, see Microsoft Office 2010 Filter Packs. For more information about registering the Filter Pack, see Register Filter Pack IFilters with Exchange 2010.
  8. On the Start menu, navigate to All Programs > Accessories > Windows PowerShell. Open an elevated Windows PowerShell console, and run the following command.
    Import-Module ServerManager
  9. Prior to installing Exchange 2010, there are a number of Exchange pre requisites that need to be installed on the 3 servers

    NET-Framework

    RSAT-ADDS

    Web-Server

    Web-Basic-Auth

    Web-Windows-Auth

    Web-Metabase

    Web-Net-Ext

    Web-Lgcy-Mgmt-Console

    WAS-Process-Model

    RSAT-Web-Server

    Web-ISAPI-Ext

    Web-Digest-Auth

    Web-Dyn-Compression

    NET-HTTP-Activation

    RPC-Over-HTTP-Proxy

    This example is for a server that will have the typical installation of the Client Access, Hub Transport, and Mailbox server roles.

    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

    This example is for a server that will host the Client Access, Hub Transport, Mailbox, and Unified Messaging server roles.

    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Desktop-Experience -Restart

    This example is for a server that will host the Client Access and Hub Transport server roles.

    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

    This example is for a server that will host the Hub Transport and Mailbox server roles.

    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -Restart

    This example is for a server that will host the Client Access and Mailbox server roles.

    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

    This example is for a server that will host only the Client Access server role.

    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

    This example is for a server that will host the Hub Transport or the Mailbox server role.

    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -Restart

    This example is for a server that will host only the Unified Messaging server role.

    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Desktop-Experience -Restart

    This example is for a server that will host the Edge Transport server role.

    Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart
  10. Once the 3 servers reboot, you will need to run another PowerShell command on all 3 server that will become Exchange 2010 servers

    Set-Service NetTcpPortSharing –StartupType Automatic

  11. You will need to extend the Active Directory schema on the domain controller prior to installing Exchange 2010.
    1. setup.com /PrepareSchema or setup.com /ps
    2. setup.com /PrepareAD /OrganizationName:<organization name> (The organization name for Exchange)
      1. Or alternatively, you can run setup.com /p /on:<organization name>
  12. There are a number of Microsoft updates and hotfixes that need to be installed prior to installing all of the Exchange roles, install all of these on each of the 3 exchange servers.
    1. http://support.microsoft.com/kb/979099
    2. http://support.microsoft.com/kb/982867 (Client access role only)
    3. http://support.microsoft.com/?kbid=979744 (Client access role only)
    4. http://support.microsoft.com/kb/983440 (Client access role only)
    5. http://support.microsoft.com/kb/977020 (Client access role only)
  13. Install Exchange 2010 as a custom installation installing only the mailbox role on the first server, the mailbox and client access role on the second server and the hub transport role on the third server.
  14. On the Hub transport server, setup a stand-alone certification authority and enable SAN certificate support.
  15. You will need to change the default self signed certificate on the client access server and create an Exchange 2010 client access SSL certificate for client access.
    1. In order to create a new certificate, you will need to generate a certificate request using the New-ExchangeCertificate cmdlet. Once you have a certificate request generated, you can obtain a certificate from your internal Certificate Authority (CA).
    2. Using PowerShell on the client access server run this command:
      1. $cert = New-ExchangeCertificate -FriendlyName "Exchange 2010 Certificate" -IncludeServerFQDN -DomainName mail.dag.local,autodiscover.dag.local,ts-ex-syd-02.dag.local,ts-ex-syd-02 -GenerateRequest -PrivateKeyExportable $true
    3. As you can see in the example, the output from the command is saved in a variable called $cert. Next, export the data to a text file using the Out-File cmdlet:
      1. $cert | Out-File c:\cert.txt
    4. After the request has been saved in the text file, submit the new request to your CA to obtain the certificate.

    5. After you obtain a certificate from the CA, you will need to install it on the client access server. From the Exchange Management Console click Server Configuration and select the Client Access server to the right.

      image
    6. Down below, complete the pending request.

      image
    7. Navigate to the downloaded certificate.
    8. Now that the certificate is installed, you need to enable it and assign Exchange services that it will be used for e.g. IIS.
    9. For the first step in creating the actual DAG, create a new database, under Organization Configuration > Mailbox > Database Management tab, add a new mailbox database called DAG-DB-01.
    10. Now you need to configure the DAG network. Open the Exchange Management Console, click on Organization Configuration > Mailbox > click the Database Availability Groups tab. You will find the networks listed below. image

      Right click each of the networks listed in bold, ensure that the Enable Replication tick box is not enabled on any networks except for the actual replication network (192.168.192.0/24)

      image
    11. Then at the top of the same page, you can create a new Database Availability Group, give it a name of DatabaseGroup, if you leave the Witness Server and Witness Directory blank, it will use the Hub Transport server by default, click next.

    12. Right click on your new DAG to add members to it, click Manage Database Availability Group membership, then add in TS-EX-SYD-01 and TS-EX-SYD-02 (two mailbox servers). The database is DAG-DB-01.

    13. You will need to setup an IP address on the MAPI network for the DAG itself, this should be in the same subnet as the MAPI (Data) network. If the DAG is on two separate subnets, across sites, then an IP address is needed for each subnet. You can list current DAG IP addresses by running Get-DatabaseAvailabilityGroup | FL

      1. You can add DAG IP addresses using the console in the properties of the DAG.

        image image
      2. Within the failover cluster, it will look like this, for which ever is the current cluster host server is which DAG IP address will be online.

        image
    14. That’s it, your DAG is setup. On the Database Management tab you will see the two members of the DAG.

      image
    15. If you are using Riverbed on your link, then you will need to disable Encryption and Compression on the DAG Replication

      1. Set-DatabaseAvailabilityGroup -Identity <DatabaseAvailabilityGroupIdParameter> -NetworkEncryption Disabled

      2. Set-DatabaseAvailabilityGroup -Identity <DatabaseAvailabilityGroupIdParameter> -NetworkCompression Disabled

    16. If your DAG is across subnets, you will have to have a look at the heartbeat timeout settings for the DAG cluster
      1. Type cluster /list to list the cluster names, and cluster /prop to see all settings for the cluster.
      2. By default, the CrossSubnetDelay is 1000ms, which is 1 second
        1. I would recommend changing this – cluster /cluster:<ClusterName> /prop CrossSubnetDelay=2000
      3. By default, the CrossSubnetThreshold is 5, which is the number of heartbeats to be missed before a failover occurs.
        1. Keep this the same, as default – cluster /cluster:<ClusterName> /prop CrossSubnetThreshold=5
      4. Changing the above will cover you for a latency of 10 seconds.

Computers and Internet Uncategorized

3 Comments Leave a comment

  1. Correction……

    for server TS-EX-SYD-03 it says that :

    One NIC named LAN IP:192.168.168.13
    One NIC named REPLICATION IP:192.168.192.12

    it suppose to be :
    One NIC named LAN IP:192.168.168.13
    One NIC named REPLICATION IP:192.168.192.13 <–(am i correct?)

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: