Exchange 2010 allows us to have Database Availability Group (DAG) members in several AD Sites. For every subnet a DAG member’s MAPI NIC is in, we must obtain a DAG IP. This DAG IP is a separate IP than is located on the MAPI NICs themselves. We take this DAG IP to the DAG using the Set-DatabaseAvailabilityGroup command.
Multiple DAG IPs
Let’s take a look at an example of how the architecture may look.
Taking a look at the above Visio diagram, we have two sites, Primary Site and DR Site, with one node in each. The MAPI NIC in the Primary Site has an IP Address of 172.17.24.200. That means that we’ll need to have a DAG IP that lives in this same subnet. We choose a DAG IP of 172.17.24.120. The MAPI NIC in the DR Site has an IP Address of 172.16.24.200. That means that we’ll need to have a DAG IP that lives in this same subnet. We choose a DAG IP of 172.16.24.120.
In order to add these MAPI IP Addresses, we’ll need to run the following the command.
Note: IPs on Replication NIC’s subnet do not get added to the Database AvailabilityGroupIPAddresses. Only MAPI NIC Subnets get added.
Keep in mind, when adding additional IPs in the future, it is important that you include all existing DAG IPs. The Set-DatabaseAvailabilityGroup -DatabaseAvailabilityGroupIPAddresses property is not additive.
To verify the DAG IPs were added successfully, let’s check out our DAG Properties.
In Exchange 2010 SP1, we have the ability to add our DAG IPs via the GUI. If we go to the DAG Properties, we now see we can manage our Witness Server and Alternate Witness Server.
This allows us to do our IP Address configuration right from the GUI instead of needing to use Set-DatabaseAvailabilityGroup with the DatabaseAvailabilityGroupIPAddresses property and needing to worry about all previous IP Addresses being included since the property isn’t additive.
Cluster Resources
So, let’s take a look at what really happens to the cluster resources and what determines which DAG IP is active. Let’s open the Failover Cluster Manager. Start > Administrative Tools > Failover Cluster Manager.
After selecting our DAG, let’s take a look at the cluster resources. We can see from here that we have two Network IP Resources.
But let’s take even a deeper look.
Select the DAG from within the Cluster Core Resources > Right-Click > Choose Properties.
Now let’s take a look at the Dependencies Tab.
As we can see, the two DAG IPs are set up with an OR dependency which means that the cluster can activate either DAG IP at any given time. As we saw earlier, the 172.16.24.120 IP is the existing DAG IP that is online which means the DRSiteNode’s DAG IP is currently the online Network IP resource.
Let’s run a cluster command so we can failover the default “Cluster Group” from one cluster node to another.
We now see the PrimarySiteNode is the node that has the “Cluster Group.” Let’s go ahead and take a look at the Cluster Resources again and see which Network IP Resource is online.
Looks like the PrimarySiteNode’s DAG IP is now Online instead of the DRSiteNode’s DAG IP. This means that the Network IP Resource that is online depends on which DAG Node has the “Cluster Group.” If you recall from my previous articles, the DAG Node that has the “Cluster Group” is the DAG Node that acts as the Primary Active Manager. The Primary Active Manager is the DAG Node responsible for choosing what databases get activated in a failover. For more information on Active Manager, click here.
What about the DAG´s DNS name? Should I add a record to point the DNS name to DR IP address?
You don't have to do this. The Clustering Service will take care of all this during the DAG creation process or the failover process.
True dynamic DNS will take care of it. I think the only exception is if you've configured static DNS records. There were some issues with W2k8 dropping DNS records so there are cases where people elected to go static. Those issues were hot-fixed at some point.
Hi Elan,
We have a DAG environment with 4 DAG members in site A and 4 DAG members in site B, we were having only single IP address assigned to DAG which lives in Site A subnet, now as per the article above we had assigned an additional IP to DAG which lives in Subnet of Site B.
Now the additional IP is only visible in EMC under DAG properties on IP address tab.
But it is not visible in Failover cluster manager, only existing IP address is visible.
Any idea what else can be done to fix this.
Elan,
I know this is an old post, I'm sorry to bother you, but I have a quick question. I added a 3rd IP address to my DAG to facilitate moving of passive servers to a new data center. The Set-DatabaseAvaliabilityGroup command worked without issue. I can see all the IPAddresses in both EMS and EMC, but I don't see it in the failover cluster manager.
I'm not sure if maybe one of the nodes must come online in the other site, but was hoping you may have some input.
Let me know. Thanks.
Steven
I have 4 questions.
1. I ran command as you mentioned (cluster group "cluster group" /move)
in my environment it is not getting changed to PrimarySiteNode, instead it choosing another node in the DR.
2. I have three AD sites (single DAG), do i have to provide three IP's from each production NICs for a DAG.
3. Will they get register in DNS (with DAG name) automatically, or do i have to register them manually?
4. I guess those IPs should respond to ICMP, if i ping it from my network. ( in my case not pinging)
Great Article Elan,
One question for you as I am current setting up this senerio with exchange 2010 Sp1. 2 mailbox servers in subnet A , 2 hub/cas servers in subnet A and a 3rd mailbox server in subnet B. Subnet A is in one AD site and subnet B is in another AD site, will the above still work in my situation? I just want a copy of the DB's off site , clients would still access the hub/cas servers in site A which is hardware load balanced.
Thanks in advance for your time and the fantastic article!.
Yes, this is the way it's supposed to work. The Mailbox Servers all would be in the same DAG but the offsite Mailbox Server for Site Resilience would be in another subnet which would be assigned another site. Then when you go through the DR procedures and you need to take down the DAG in SiteA/SubnetA, you would specify the SiteA site when removing those DAG members. Then you switchover to that 3rd Mailbox Server.
Hi Elan,
Nice Article..
I have a query here, i have site A and Site B and streched DAG members, i dont want database to automatically failover to site b server even if site a server is down. I want only DB & Logs to be copied to another site server.
thnks
Varun had an excellent question which has sadly remained unanswered. I am experiencing the exact same issue as Varun, and would like to know if there is anything that can be done about it.
Any response at all would be greatly appreciated.
Thanks,
Nate
I responded to Varun. Hope that information helps.
Hi, we hv the same simillar setup that ha shown above in diagram. We hv problem whenever network Links to DR unstable then the entire cluster is unstable and all exchange DB's are getting dismounted and getting mounted.. is there any way we can configure all servers in production within cluster and DR shld be used only for replication.
There can only ever be 1 MAPI Network. The DAG chooses the NICs that are configured to register in DNS and have a valid DNS record. All the replication NICs need to have DNS registration disabled. If multiple NICs are registering in DNS, that can potentially cause the DAG to have some issues.
For proper NIC/Network configuration, see the following link: http://technet.microsoft.com/en-us/library/dd6381…
Hi James, we use arcserve r16 and when backing up the DAG it's best to use the DAG DNS name although you can use IP addresses or HOSTS file when backing up pre-prod DAG via a production backup server.
Hi Elan
I think I have this almost figured out. I just have two questions. I have 2 mailbox servers in subnet A and both are members of DAG1. I am adding a 3rd mailbox server in subnet B. Do I add the DAG Ip address for subnet B then add the third server to the DAG? or add the server to the DAG and then add the subnet B address to the DAG. Second question, do I add the subnet B DAG IP to DNS? We use Netbackup which does query DNS for the DAG IP address.
Add the DAGIP beforehand. You do not need to manage DNS manually for your DAG. When the DR Server becomes the Primary Active Manager (Default Cluster Group is on DR DAG Server), DNS is updated to point to that Cluster IP. But, clients don't connect to that Cluster IP like they did in Exchange 2007. They connect to the CAS Server's RPC Client Access FQDN which then makes the appropriate MBX connections.
If the DAG is running from production site then the DAG Name IP address will be registered in DNS (such as 10.201.17.236). However, the disaster recovery site DAG IP (10.15.5.90) will not be registered in DNS. However, how do I prevent other hosts (and administrators) from using the IP address I entered in the DAG properties for the disaster recovery site (10.15.5.90)? Thank you kindly.
A DAG still creates a Network Name and Network IP Resource in the cluster. If a cluster fails over, DNS is updated and the DAG Cluster IP for the second site is brought online.
Currently, if I ping our DAG (DAG01.domain.net), I will get a reply and host name, such as….
Pinging dag01.domain.net [10.201.17.236] with 32 bytes of data:
Reply from 10.201.17.236: bytes=32 time<1ms TTL=128
However, if I ping the secondary site DAG IP address it does not reply and does not provide a hostname, such as…..
C:Users…..>ping -a 10.15.5.90
Pinging 10.15.5.90 with 32 bytes of data:
Request timed out.
I certainly understand that the ping to the second IP address would not reply but I am concerned that no hostname is provided either. If another adminstrator is building an unrelated server in that subnet they could grab 10.15.5.90 and assign it to their server. The other adminitrator would not think anything of it because there is no name or ping reply are associated with and assign it to their server. The other adminitrator would not think anything . All is well until I fail over the DAG.
Any suggestions how to prevent someone or something else from grabbing the secondary site IP address when the DAG is hosted in the primary site?
As always, thank you for sharing your knowledge with us.
Hi Elan,
I f I have a small site of 2000 users, I want to have 2 cas/hub servers in 1 cas array and 2 additional mailbox servers in DAG can I put the FSW on one of the CAS/HT servers?
Is there an issue putting the FSW on a cas array member?
Alternatively, if I create a third mailbox server instaed will this be overkill for 2000 users?
Thanks for your help
Sure, you can have a FSW on a HUB/CAS. In fact, if you don't manually designate a specific server/share for the FSW, a HUB Server in the same site will automatically be chosen to put the FSW on that HUB in C:\. If you had a separate HUB Server and a separate CAS Server, you could also choose to put it on a CAS.
I would honestly be reluctant to tel you adding a third server would be overkill. It depends on your business requirements in regards to data retention, high availability, DR, etc… But in simple fashion, a single server can easily handle 2000 users if you spec it to have the necessary cpu, memory, and disk requirements.
And by the way, I would opt to deploy multi-role servers with a hardware load balancer. I'm not a fan of separation of roles. Either is Microsoft.
Hi Elan
my self prakash..am facing a prob ..in OWA am unable to delete move search the mail.. but in outlook it was fine
we r running windows2008R2 with exchange 2010sp1 updated rollup1…but on that day on wards am facing these probs
Thanks Elan, here is my setup with single DAG IP set statically. Will I need to set multiple DAG IP Addresses?
server1 at site A IP address: 172.29.0.98/23 and GW 172.29.0.1
server 2 at site A IP Address 172.29.0.99/23 and GW 172.29.0.1
server 3 at site B IP Address 172.29.8.47/23 and GW 172.29.8.1
Site B is a different network. Therefore, you need one DAG IP in the subnet located at Site A and another DAG IP in the subnet located at Site B. The way it's set up right now is potentially incorrect. The reason I say potentially is the same as the reason I gave in my previous comment to you.
So if I have a three node DAG across two subnets and I have NOT configured multiple DAG IP's is my configuration incorrect?
Not necessarily. If no IP Addresses are entered, it will use DHCP to obtain a cluster IP for each segment just as long as DHCP is available to on the same subnet that hosts the MAPI IPs. Many environments don't have DHCP on the subnets. Since your DAG is working, it sounds like DHCP is available. But while it may be available for the MAPI Network that is hosted in one site, it may still not be available in the other site that hosts that MAPI Network.
I typically assign static IPs.
Super post. Thanks.
Thanks Elan, Excellent Article really this is helpful document.
So Elan im starting get confused let me tell you what i have
DC1
Domain 2008
Cas Array 2010 using WNLB.
HUB on 2 server's Using Fail-over.
Dag01
DC1 all ready installed on it certificate after reading information i think will need to buy new San certificate hold primary and secondary site names also auto discovery.
the Second DC2
i think i will do the followin ti apply Active Passive Scenario wit the same name
Install Additional A.D In the Second Data-center.
add database copy from the primary Data center to the second Data Center ……. here now
i will run this command
Set-DatabaseAvailabilityGroup -DatabaseAvailabilityGroupIPAddresses [ Primary Dag IP only !!!!! ]
that what i think only one DAG with one witness share …… that wht i understand from you
so what i do next
thank you
Mohamed,
Now i have previous DAG should i create new dag to the DR or Branch site or add th DR site Mailbox to the primary site dag.
Thank You
Regards
Mohamed
Without knowing much about your business requirements and what the conceptual design is, it's hard to be definitive. But typically, if you have a Primary Site and a Failover Site you would use the same DAG for both locations so you can replicate databases from Server in Primary Site to Server in Failover Site.
Thank you very Much Elan
Hi Elan,
Thank You for your quick response.
On the MAPI NIC – Obvisouly traffic between the different MAPI connections needs to be open, right ? so that mail flow can occur.
On the REPLICATION NIC –
1. Does this network segment needs to be SEPARATE FROM the MAPI NIC segment ? ie: MAPI-NIC=192.168.1.xxx & REP-NIC=192.168.2.xxx
2. Again all traffic between DAG member on this REP-NIC's will need to be open ?
Thank You
Regards
Ian
Hi, I refer u to your diagram above
Are the 2 Nic for MAPI & Replication 2 different physical NIC’s?
Cheers
Ian
Ian, they are two different physical NICs. One Physical NIC for the MAPI Network and a separate Physical NIC for the Replication NIC.
Nice, this is a real good article and saved lot of my time…Excellent work.
Thanks for the article. I would like to know that the MAPI NIC ip is belongs to the LAN network and Replication NIC is belongs to the heartbeat???? File sharing option should be enabled on heartbeat connection or not???
Well in Exchange 2010 both NICs do heartbeating. In fact, the Exchange 2010 documentation wants you to ACL the network so MAPI NIC on Node A cannot talk to MAPI NIC on Node B to prevent any heartbeat crosstalk. Here is a good article on NIC configuration: http://www.howexchangeworks.com/2010/05/network-a…
Nice posting…… this is helpful document……. Thanxxxxs.
I was searching for this document. Thanks alot for the explanation.
Good article. The cluster.exe command needs to be documented more. However, your article starts with a MAPI and a DAG network, and then your DAG networks only cover/address one of the networks you started the article with.