Installing an Exchange Server 2013 Database Availability Group

The first article in this series on Exchange Server 2013 Database Availability Groups provided an overview of Exchange 2013 DAG concepts.

In this article we’ll go through the installation of a simple Exchange 2013 DAG with two members. The DAG will have a MAPI network as well as one replication network. The file share witness will be another member server in the domain that has no Exchange 2013 server roles installed.

Preparing to Deploy an Exchange Server 2013 Database Availability Group

Installing the Mailbox Servers

Database Availability Group members run the Mailbox server role. Although they can also run the Client Access server role this is separate and not required for DAG operations. In some situations the Client Access role should not be installed on the same server, for example:

  • if you plan to use Network Load Balancing for Client Access server high availability (NLB is not supported to co-exist with the Failover Clustering that DAGs leverage)
  • if you have any reason to believe you might later remove the Client Access server role (removal of a single server role is not possible in Exchange Server 2013)

Exchange Server 2013 can run on both Windows Server 2008 R2 and Windows Server 2012. However, due to the dependency on Failover Clustering you should note the following requirements:

  • Windows Server 2008 R2 must be Enterprise edition to support Failover Clustering
  • Windows Server 2012 can be either Standard or Datacenter edition

To install your Exchange Server 2013 DAG members:

In my example scenario I have two servers E15MB1 and E15MB2 both running Windows Server 2012. Each server is installed with both the Client Access and Mailbox server roles. A third server E15FSW exists for the file share witness.

Note: thanks to the concept of “incremental deployment” a DAG can be created using existing mailbox servers that are already in production with active mailboxes on them. There is no hard requirement to build brand new mailbox servers to be able to deploy a DAG.

Configuring Permissions on the File Share Witness

Because the file share witness server is not an Exchange server some additional permissions are required. The Exchange Trusted Subsystem group in Active Directory must be added to the local Administrators group on the server.

The file share witness also requires the File Server feature installed.

PS C:\> Add-WindowsFeature FS-FileServer

And you should verify that File and Printer Sharing is allowed through the firewall.

If the file share witness is another Exchange server, such as a Client Access server, it already has the correct permissions configured.

For more information see:

Configuring Networking for Exchange 2013 Database Availability Groups

In this example each server is connected to the network, which is the client-facing network. The two Exchange servers are also connected to the network which will be used for DAG replication traffic.

Dedicated replication networks are not a requirement for Database Availability Groups, however if you do choose to deploy one or more replication networks you must ensure that DNS registration is disabled the network interfaces connected to those networks.

The replication interfaces are also not configured with a default gateway. In the case where replication interfaces for the same replication network are on separate IP subnets, static routes are configured. However in this example that is not required.

The configuration of the network interfaces is important for DAG network auto-config to be successful. For more information see Misconfigured Subnets Appear in Exchange Server 2013 DAG Network.

Configuring Existing Databases

In my example the server E15MB1 and E15MB2 had databases that were automatically created during Exchange 2013 setup. To prepare for database replication within the DAG I performed the following tasks:

  • “Mailbox Database 1” on E15MB1, which already contains active mailboxes, has been moved from the default folder path onto storage volumes dedicated to databases and transaction log files
  • “Mailbox Database 2” on E15MB2, which contained no mailboxes, has been removed from Exchange

Those steps may not be required in your environment depending on your existing databases.

Pre-Staging the Cluster Name Object

Depending on your environment the pre-staging of the Cluster Name Object (CNO) may be required (it is a requirement if you are running Windows Server 2012 for the DAG members), but in any case it is a recommended best practice.

The CNO is simply a computer account object in Active Directory. There are two methods you can use to create the CNO.

The first is to manually create the CNO using Active Directory Users & Computers. Create a new computer object with the name that you intend to give to your DAG. Then disable the computer account.

Next, grant the computer account for the first DAG member Full Control permissions for the CNO computer account. Note that you may need to click the View menu in AD Users & Computers and enable Advanced Features before you can see the Security tab for the computer object.

The other method for creating the CNO is to use Michel de Rooij’s Cluster Name Object Pre-Staging script.

Deploying an Exchange Server 2013 Database Availability Group

Creating the Database Availability Group

In the Exchange Admin Center navigate to Servers -> Database Availability Groups and click the + icon to create a new DAG.

Enter the following details for the new Database Availability Group:

  • DAG name – this should match the CNO you pre-staged earlier
  • Witness server – this is required for all DAGs, even those that have an odd number of members and hence run in node majority quorum mode
  • Witness directory – this is optional. If you do not specify a directory Exchange will choose one for you.
  • IP address – the DAG requires an IP address on each IP subnet that is part of the MAPI network. If you do not specify IP addresses the DAG will use DHCP instead.

Click Save when you have entered all of the required details.

Adding Database Availability Group Members

After the DAG has been created it still does not contain any actual members. These need to be added next.

Highlight the new Database Availability Group and click the icon to manage DAG membership.

Add the servers that you wish to join the DAG and then click Save. This process will install and configure the Failover Clustering feature of Windows Server 2012 and add the new DAG members to the cluster.

Note: if you’re using a non-Exchange server for the file share witness, and you have correctly configured the permissions on the FSW, you will still see a warning at this stage that the Exchange Trusted Subsystem is not a member of the local administrators group on the FSW. This is a bug that can be disregarded.

When the operation is complete the Database Availability Group will display the members you added.

In the next part of this series we will look at configuring the database copies in the DAG.


      • Wasim says

        Hi Paul,

        Thanks for providing step by step guides, really helpful articles.

        About CNO setup.
        Adding the 2nd member server to DAG will automatically get added to CNO permissions or there is no requirement for 2nd member. What if the 1st member (which has permissions configured on CNO) failed? will the other member be able to take control on CNO?

        Also a bit confused with the Network config for DAG.
        “the DAG requires an IP address on each IP subnet that is part of the MAPI network”
        If my network (client subnets) has 3 subnets 192.168.1.x, 2.x, 3.x. Do I need to assign 1 IP from each subnet?
        all 3 subnets can communicate with each other and also to the “server subnet” 10.10.10.x.

        Thanks for your time and help.

        • says

          You only need to do the permissions on the CNO for the first DAG member.

          A DAG network is any network that a DAG node is connected to. So other subnets (such as where your client computers reside) are not considered to be DAG networks and don’t need to be configured as such.

          A DAG has only one MAPI (client-facing) network. But that network may include multiple IP subjects, such as when the DAG is multi-site. Therefore the DAG needs to be given an IP address in each of those IP subnets that exist in that DAG network.

  1. says

    Hello Paul,

    Thanks a lot for such informational howto. I just configured DAG without any problems. However I’ve few questions in my mind which are still unanswered. If you can then please answer

    Q1. Is it essential to use non-exchange extra server as Witness Server or not ? Can I use Domain Controller (I am using DC for DFS also) or CAS as Witness Server ?

    Q2. If I do not want to use dedicated replication network then can I use my main connection for replication ?

    Q3. How I can assure my replication is working absolutely fine ?

    Q4. As you mentioned your other database is removed. Did you removed it yourself or DAG creation process done it ? Since my 2nd database (setup created when I installed mailbox role on 2nd server) didn’t deleted. Will this hurt DAG performance or some other potential issues can raise for this ?

    • says

      1. I use a non-Exchange server in this demo mainly so I can demonstrate the extra steps involved. It is generally recommended to use another Exchange server, eg a dedicated CAS, which has fewer steps because Exchange Trusted Subsystem is already configured correctly on that server.

      I do not recommend ever using a Domain Controller as the file share witness.

      2. Yes, a DAG can have only one network that it uses for both client and replication traffic.

      3. Get-MailboxDatabaseCopyStatus and Test-ReplicationHealth are two cmdlets for testing the health of your DAG.

      4. I removed it myself. The DAG setup does not remove existing databases. Consider that the existing databases can then have copies added in the DAG, so why would DAG setup remove them? It won’t hurt performance, but if you don’t want the database you should remove it so you don’t need to manage it (eg back it up) and so nobody accidentally puts mailboxes on it.

  2. Rogelio Garcia says

    Hi Paul, i try to install DAG on Hyper-V Windows Server 2012, i have to Virtual Mailbox with Exchange 2013 and Server 2012 Standard. two nic VLAN,168 and for DAG VLAN,41. when a try to add the second node to DAG

    A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster
    errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster
    operation. Error: Cluster API ‘”AddClusterNode() (MaxPercentage=100) failed with 0x5b4. Error: This operation returned
    because the timeout period expired”‘ failed.. [Server:]
    + CategoryInfo : InvalidArgument: (:) [Add-DatabaseAvailabilityGroupServer], DagTaskOperationFailedExcept
    + FullyQualifiedErrorId : F544CC70,Microsoft.Exchange.Management.SystemConfigurationTasks.AddDatabaseAvailabilityG
    + PSComputerName :

    i hope u can help me

    • Dick Turpin says

      Try removing the teaming from the Hyper-V hosts. That worked for me.

      I have a call open with MS about this as it’s affecting a large number of deployments.

  3. Ishtvan Balint says

    Running this setup in an hyper-v environment. Cannot add a second node and it does not matter which one. Always fails when adding the second. Is this supported?

  4. Alex says

    Where do i place DAG Witness server if Mailbox and CAS server are co-located? General recommendation is to put it on CAS server but not on a Mailbox server in the DAG. Any idea what would be the best choice?

  5. Tarik says

    All good, but one thing, how should the client access the server? how can he tell which server to go to?
    What if a server goes down? the client would probably have his outlook setup to one exchange.

    How can he still receives email when that server goes down?

    Please help me to understand this process.

    • says

      The client connects to the Client Access server. Databases can failover, Mailbox servers can go down, but as long as the Client Access server(s) are available the client can still connect.

      There’s more to it obviously, but that is the basic concept.

      • Tarik says

        Thanks for the reply Paul,

        But you are here setting both servers to have Client Access Server, my question is that to which server the client should go to when one goes down, or there should be a manual intervention from an admin to set the DNS/IP addresses.

        Would you suggest setting the CAS on some other server and have the Mailbox roles set on two other server? but the single point of failure would be the one CAS.

        Your information is very straight forward setting up the DAG, but the glitch I’m facing is the CAS.

        I hope you can clarify it to me.

        Best Wishes,

  6. Jeremy Chu says


    Can we use a Domain Controller as a FSW ? What are the prerequisites for a Witness Server ?

    I use a test environnment, I have a DC with just 1GO RAM, I’d like to know if I can use it as a FSW for my DAG.


  7. JIm says

    This is a good article…The only thing that got me was that I forgot to enable the DAg account after the DAG was created. It think it would be good to add this to the article.

  8. Stephan van der Plas says

    Hello Paul,

    I followed your steps (though I use an exchange (CAS) server as witness), but I receive an 0x80070005 (E_ACCESSDENIED) message.
    How to troubleshoot this?

  9. Paul says

    How could this be setup for geographical redundancy? ie. two locations connected via VPN tunnel. Could I still use only a 2 Exchange server configureation? Where would I have to put the witness share?

    • says

      You would need to make sure you read the networking requirements for multi-site DAG. Yes you can use just 2 servers though that may not be the best approach. The witness server would go in the “primary” datacenter or even possibly a third site, depending on a lot of factors.

      Multi-site DAG is possible but needs to be designed properly.

  10. says

    Hello Paul, Thank you for the superb article. This definitely helps in my configuration of our DAG 2013. I found one thing that I needed to do extra that was not mentioned in your article in order to create my DAG2013 and I would like to share that with everyone.

    When Pre-Staging the Cluster Name Object, I found that I also needed to add the following security group to the DAG Cluster name: “Exchange Trusted Subsystem” and give that group full control.

    Without the Exchange trusted subsystem, I keep getting Access Denied when trying to add my first DAG member. This is also the approach recommended by Microsoft technet at

    I hope this may help someone else in setting up DAG. I feel this should have been taken care of by Microsoft instead of having us pre-stage the cluster name object (seems silly to me).

    Thanks for the great article. I have my DAG running happily!

    Ed Osckar

    • says

      You can either add the computer account for the first DAG member, or you can add Exchange Trusted Subsystem. The article you link to explains that. In my example above I added the computer account.

  11. Petros Patalas says

    Hi Paul,
    thank you very much for your effort.
    After reading some of your articles, I am thinking of configuring the following:

    Two Exchange 2013 servers with both CAS and Mailbox roles, DAG between them (for 2 mailbox databases),
    and a third Exchange 2013 server holding the Archive database, also acting as the Witness Server.

    All above will run on Windows Server 2012 for the benefit of dynamic quorum.
    Does it looks like a nice configuration?


  12. teyob says

    Hi Paul,
    Thank you for the guide.I just have a question:
    We created 2 exchange servers member of the DAG and One Witness server and everything looks OK but when the Active server is down and the Passive server Takes Over BUT the Office Outlook shows Disconnected. The Failover is not successful in the Office outlook 2010.

    Hope you can help me.

  13. teyob says

    Hi paul,
    Thank you very much for the very quick response, i will do this one. For confirmation i just have some follow up on the following:
    1. In configuring a single namespace instead of the unique server FQDN for each, is this the command in the exchange Powershell?
    —[PS] C:\>Get-OutlookAnywhere | Set-OutlookAnywhere -InternalHostname -InternalClientsRequireSsl $false

    2. In configuring DNS records exist for that namespace and resolve to the Client Access servers.Is this the command??
    —PS C:\> Resolve-DnsName
    or i have to do it in DNS management and create a new record then issue the command

    Thanks again

    • says

      1) Yes, but you need to change the internal host name to one that is valid for your environment

      2) You need to create the DNS records. That command just tests that they are resolving.

  14. teyob says

    Hi Paul,
    One more thing, how about the certificate?? Can we use the default certificate or create a new certificate to include the 2 exchange server and the created name in the DNS?? If we will create a new certificate please provide also on how to create a new certificate.

    Thank you very much for all the help.


  15. teyob says

    Hi Paul,
    Thank you very much again for all the help..

    I need another help regarding our Active Directory, Our existing Active directory is windows 2003 server and the existing exchange server is exchange 2007.

    We will be building a New Windows 2012 Active Directory plus the 2013 exchange server, We will not touch or upgrade the existing Existing 2003 server and exchange 2007 so that we have a working Exchange server 2007 while preparing and building the exchange 2013.

    I need a help in Transfering the existing users from 2003 server to the new 2012 server active directory, i tried to look and search at microsoft the available ADMT(Active directory migration tool) is version 3.2 which is for 2008 server only.

    Is there any other tool that can transfer users from 2003 server to 2012 server Active directory. Hope you can help me with this.

    Thanks again…

  16. teyob says

    hi paul,
    Thank you very much,the Failover is working now if the active exchange server is offline the Passive TakesOver but it took 10 to 15 minutes for the outlook to be connected again, is that normal??

    The Outlook anywhere is using the HTTP, is there a way to use HTTPS?? i tried HTTPS but i got an error in Certificate.

    Also about the Witness server, what will happen if the Witness server is OFFLINE??Will it affect the Cluster?

    Thank you very much again…

    • says

      I wouldn’t consider that normal. You need to look at whether the databases actually mounted quickly, and whether the CAS load balancing was not detecting the server that was down quickly enough.

      Yes Outlook Anywhere can use HTTPS and requires a valid SSL certificate.

      The witness server can be up/down without impacting the cluster. It is only when a majority of cluster members (eg the witness + one DAG member) go offline that you risk the entire DAG/cluster going down.

  17. Brandon says

    Paul —

    Wanted to start off by thanking you for this incredibly useful store of information helping me navigate my way through Exchange 2013 administration.

    Following your DAG step-by-step in my lab and came across an issue. Had a problem with getting the second of the Exchange 2013 servers for my DAG. The initial installation crashed with an error regarding an “Unstable” Exchange 2013 server. Formatted, reinstalled Windows 2012 Datacenter, renamed the server something different than before and successfully installed Exchange 2013, but now when I’m deleting the newly-created mailbox database per your instructions in this article, I noticed the old server name pop up in the Servers>Databases and the now-nonexistent server managed to set up a mailbox database that I can’t delete!

    I removed the computer account from Active Directory using ADSI Edit, but I have a feeling I need to do more to removed this nonexistent server from my AD. So my questions are: 1. Will this mess up my DAG? Should I stop the config and focus on getting rid of this thing? and 2. How do I get rid of this nonexistent server from AD?

    Thanks so much, and keep up the great work! Truly a big help to us Exchange newcomers!!!!!

  18. teyob says

    Hi Paul,
    We are installing the Exchange server 2013 in Hyper-V Virtualization, Is it Ok to leave the Database in the Default Directory on C drive, so that we have one full BackUp only on the Virtualization drive?? and that we can mount it as a whole drive in any Physical server with Hyper-v??


  19. andrew says

    the exchange trusted subsystem is a universal group. and i can’t add it to my fs server, local admin group.

  20. Yasin says

    Hello Paul ,

    I created DAG 2013 ,when I tested DAG replication cmdlt , I have the issue with cluster network in one node of the DAG

    Cluster network “failed” Network ‘MapiDagNetwork’ has no network interface for server ‘ …

    for your help please.

    Thank you .

  21. teyob says

    Currently our Outlook anywhere is using HTTP, Can you Please provide the STEPS in configuring the Outlook Anywhere to use HTTPS.

    Thank you very much.

  22. Ernesto says

    Hi Paul,

    Thank you so much for the well-detailed steps in configuring DAG. I have one question before I will try the steps. Currently, we have installed Exchange Server 2013 on Windows Server 2008 R2 Enterprise SP1 on two HP Proliant Servers. One Exchange Server is Live and already running. We want to configure DAG so the other server will replicate the database of the Live Exchange Server. Is it necessary to have a third server to become a Witness Server or can we configure the Backup Exchange as the witness server itself and at the same time, it will be the member of the DAG? Thank you.

      • Ernesto says

        Can it be a normal workstation with Windows 7 on it? I saw one screenshot in your tutorials which looks like a normal computer, the one with COMPUTER MANAGEMENT assigning Exchange Trusted Subsystem. Thanks for the reply. = )

        • Ernesto says

          Hi Paul, it’s me again and thank you for the quick reply. One more thing if you can help me out regarding Mailbox Databases. In our Exchange Server, we would like to create 2 database files. Our Exchange Server is hosting 6 email domain. We would like to configure three email domains will be saved to DB1 mailbox database and the remaining three domains will be saved to DB2 mailbox database. In the ECP>SERVER>DATABASE, I have created two database files namely DB1 and DB2. How can I point the three email domain to DB1 and the remaining three email domains to DB2? Hope you understand my question. Thanks.

  23. theduke1989 says


    thank you for the great tutorials.

    My problem now is:

    Error:You must be a member of the ‘Organization Management’ role group or a member of the ‘Enterprise Admins’ group to continue.For more information, visit: must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.For more information, visit:


    i havr 3 server total for learning. Exchange1 had the same fault as the problem above but after adding: install-windowsfeature rsat-adds it worked on my first exchangeserver but on my second server i still get the error :(

    VM1= AD-DS (DC)
    2 NICS
    *1 = bridged
    *2 = LAN-SEGMENT1

    VM2= EXLAB-01
    Installed al the pre-installs what is needed for exchange 2013
    2 NIC's
    *1 = bridged
    *2 = LAN-SEGMENT2 <- address

    VM3= EXLAB-03
    Installed al the pre-installs what is needed for exchange 2013
    2 NIC's
    *1 = bridged
    *2 = LAN-SEGMENT2 <- address

    they are joined as an memberserver and are connected to my domain, administrator account using…

  24. theduke1989 says

    Hej Paul,

    I am not at the point to actualy add members to my DAG.
    But i am getting some errors when i want to add them.

    See below for the error:
    A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API ‘”CreateCluster() failed with 0x13c1. Error: The cluster IP address is already in use”‘ failed.. [Server: EXC-1.yakuzacorp.local]

    A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API ‘”CreateCluster() failed with 0x13c1. Error: The cluster IP address is already in use”‘ failed.. [Server: EXC-2.yakuzacorp.local]

    its a test-facility to learn new things. Can you help me out here???

  25. Burletchris says

    Hi Paul, thnak’s a lot for your article. It help me very lot.
    Ihave a similar problem than “theduke1989”! Can you help me? I seaurch on internet and i d’ont find the solution.

    WriteError! Exception = Microsoft.Exchange.Cluster.Replay.DagTaskServerTransientException: Échec d’une opération d’administration du groupe de disponibilité de base de données côté serveur à cause d’une erreur provisoire. Veuillez recommencer l’opération. Erreur : An error occurred while attempting a cluster operation. Error: Cluster API failed: “CreateCluster() failed with 0x13c1. Error: The cluster IP address is already in use” —> Microsoft.Exchange.Cluster.Shared.ClusterApiException: An error occurred while attempting a cluster operation. Error: Cluster API failed: “CreateCluster() failed with 0x13c1. Error: The cluster IP address is already in use”

    Before this error, il delete a first DAG and i would like reinstall it but i have this problem since the deleting DAG!
    I test with otheemerger IP DAG’s, i rebuild the first point and that’s OK. When i would like add my exchange server this error emerge!

    Thnak’s for your helping.

  26. Pam says

    Thank you VERY much for all the time and effort you put into your blog. It is incredibly helpful. I use it over and over again for so many Exchange issues.

    I just configured the DAG that included 2 Exchange 2013Sp1 Hyper-V VMs running Windows Server 2012R2. It worked. No issues. No errors. Both VMs are connected to the network via virtual switches that were configured on hosts that had NIC teaming enabled before the virtual switches were configured. No issues. Thank you-

  27. Haitham says

    i get this error

    i have exchnage with malti role cas,mab and one with MB only and windows 2012 witness server when i add dag mamber i get this erorr

    A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API ‘”CreateCluster() failed with 0x13c1. Error: The cluster IP address is already in use”‘ failed.. [Server: Mail-srv.pop.local]

  28. chiemele akoma says

    Hi, Please my main problem here is how was the second exchange server installed? I currently have 1 hyper-v machine running windows server 2012, with exchange 2013 installed. i m trying to install a second exchange 2013 server but unable to. please can you advice me on this

      • chiemele akoma says

        I have followed all the pre installation steps (prerequisite). Now on trying to install exchange 2013 cu5, I ran it as administrator. On the first page, add server role, mailbox role, client access role, management tools were greyed out…indicating that it has already been installed. As a result I cannot progress to the next page.

        As part of the prerequisite,  I had prepared schema, restarted the server. On preparing AD, I got the message that an organisation already existed. I then preparedalldomains and tried the installation. 

        I don’t know what next to do. please I would appreciate your assistance

        • says

          The AD preparations (schema prep, domain prep, etc) only need to be done when deploying the very first Exchange server into an AD forest. There is also usually another schema update with new service pack releases.

          If you’re installing a second Exchange server into the existing forest/organization you only need to build a new Windows server, install the pre-reqs, and then install Exchange.

          The UI for the Exchange setup is very white and washed out, so it is possible what you think are greyed out options are actually not. You would only find out if you click on them to try and tick the boxes.

          Another approach is do a command line install, which is quite easy.

  29. Jeremy says

    Hi Paul,

    Thank you for all your articles, they have been invaluable to me during our Exchange migration.

    I have a very similar setup to this article (2 Mailbox Servers in a DAG and a FSW) with a separate network for DAG replication traffic. I’m a little confused on configuring the networking for replication. I have given the DAG an IP address on the client-facing network (as you did with the IP for your DAG)

    Now I want to ensure the DAG replication traffic actually goes over the NICs I want it to. In your example, would that just be a matter of adding the network as a DAG network for the DAG?


    • says

      DAG networks in Exchange 2013 will auto-configure as long as you configure the adapters correctly. More info on that here:

      But you can save yourself a lot of trouble by not configuring dedicated replication networks. Just use one DAG network. Less complex and less prone to misconfiguration or other issues that might cause a problem with your DAG. For a small environment with 1Gbps or higher NICs on the server there’s no real benefit to dedicated replication networks.

      • Jeremy says

        Thanks for the reply, the link to your other article was helpful. The network setup for these is somewhat complex so I would prefer to configure the replication manually.

        I seemed to have a lot of finicky issues when configuring the DAG network in the ECP (wouldn’t let me uncheck the “Enable Replication” box within a DAG network, but the clicking “Disable Replication” on the DAG Network page would work, seemed to take awhile for my changes to show up in ECP, making me think they hadn’t been applied, etc). Hopefully that was a fluke thing with my installation. It probably would have been better to configure it from Powershell.

        After blowing away the DAG and recreating it, I think I’ve finally got it configured how I want.

        • Jeremy says

          Hi Paul,

          Wanted to run something by you real quick if you don’t mind…we are now adding an Exchange server at our offsite DR location. I will add it as a member of the DAG (which currently has 2 members + 1 FSW).

          Will I need to change any kind of quorum mode since I will now have 3 DAG members or will Exchange handle all that automatically? I’m assuming it is safe to not make any changes to the FSW and leave it in place?


  30. teyob says

    Hi Paul…Thanks again for a very useful guide…Our exchange 2013 is now working fine in Domain environment…just one more Question for the clients in WORKGROUP because we have some Laptop which are not connected in the Domain, when we connect Manually the Exchange server there is an error “The action cannot be completed” or “The name cannot be resolved”. Is there a way to connect the Workgroup client in Exchange 2013.?? We tried Outlook 2010 and Outlook 2013 with the same result.

    Thanks again…

    • says

      Non-domain joined computers will use Autodiscover to work out their Outlook settings. So as long as Autodiscover records are in DNS (eg, and resolving to the Client Access server IP address then all they should need to do is enter their email address and password in the Outlook new account wizard at startup.

  31. teyob says

    Hi Paul…thanks again..How to check the AutoDiscover is working in workgroup computer?? If autodiscover is not in the DNS entry,please provide guide in setting the autodiscover in the DNS..

    Thank you very much..

  32. Senthil Kumar says

    I need some suggestion from you on implementing Exchange 2013 DAG.

    Do we need to have separate CAS server as i am going to 2 Node DAG in HQ and i node in DR which will be part of the DAG nodes itself. What is your suggestion?
    And also SSL certificate for these servers as i wanted to use same SSL for theses 3 nodes. Kindly suggest the way forward.We have got two different domains ( and which needs to be protected using single certificate

  33. Adeniyi says

    Hi Paul,

    I need to deploy a Microsoft exchange 2013 to a client afresh, with 15 CAS. Your explanation on DAG was really good, please could your assist on the best way to configure CAS after the installation of exchange without any issue.

    I have an available server with Microsoft 2012 where i intend to install the exchange and another server for D.C. Is there any addition server needed after these?

    Your urgent reply would highly be appreciated.


  34. Sunith Philip says

    We are migrating from Exchange 2007 to Exchange 2013.

    Exchange 2007 is a single box with all roles in one.

    OS – Windows Server 2008 Enterprise Version 6.0 (Build 6002) Service Pack 2

    Exchange – Microsoft Exchange Server 2007 Version

    All Mailbox servers on Exchange 2013 below are on

    Windows Server 2012 R2 Standard Build 9600
    Microsoft Exchange Server 2013 Service Pack 1 Version 15.0.847.32
    Our setup for Exchange 2013 is 4 mailbox servers and 1 CAS.

    EXMB01 – DB1 (Active) DB2 (Passive)
    EXMB02 – DB2(Active) DB3 (Passive)
    EXMB03 – DB3 (Active) DB1 (Passive)
    EXMB04 – DB 1, DB2 & DB3 (All Passive) – The main reason for this mailbox server is for running mailbox and db backups to ensure the other servers do not get loaded.
    My questions are:

    How do I setup a DAG in this setup.
    How many DAG groups must I have?
    I have a non-exchange machine setup as FSW. Kindly advise how I need to configure this?
    For coexistence between Exchange 2007 and Exchange 2013, kindly advise the minimum versions and/or service packs required.
    Appreciate your help in this to ensure the migration is smooth.

  35. Dave says


    Great article on DAG. I also read your article on CAS HA ( and plan to use both articles to set up HA for both roles. One part that confuses me in this DAG article is that you mention NLB is not supported to co-exist with the Failover Clustering that DAGs leverage. Are you referring to WNLB? Because your CA HA article mentions using DNS RR or a Hardware appliance LB to provide HA for your CAS servers and you used multi-role Exchange 2013 servers as your examples?


    • says

      Yes, NLB = WNLB = Windows Network Load Balancing, as in the feature built-in to Windows Server.

      WNLB shouldn’t be used with Exchange 2013 at all, in my opinion. Use DNS RR or a hardware/virtual load balancer.

  36. Dave says

    Thanks for the clarification. One other thing. You talk about having identical namespaces for internal and external url for OWA and Outlook Anywhere (e.g. would I do the same the EWS, ECP, Active-Sync, and OAB?

    Thanks again,


  37. Ali says

    Hi Paul,

    Thanks for the great blog. Whenever I try to install exchange on a pre existing cluster it says it cannot be installed on a windows cluster. Uninstall the feature and retry. I tried looking it up, but no luck. Any ideas?


  38. Yoncir Chiquito says

    Hi Paul, first of all sincerely, Out this error when I try to make the DAG:

    Could not perform operation management availability group database due to a transient error. Retry the operation. Error: An error occurred while attempting a cluster operation. Error: Cluster API failed: “createCluster () failed with error 0x5b4. This operation is returned because the timeout is exhausted” [Server:]

    Unable to perform operation management availability group database server. Error: Could not perform the operation. CreateCluster errors can be caused by incorrect configuration of static addresses. Error: The computer account ‘DAG01’ could not be validated by the user ‘NT AUTHORITY \ SYSTEM’. Error: Error when trying to use the specified cluster name. There is already enabled computer object with that name in the domain [Server:]

    Configuration of servers:
    NS5: Exchange 2013 Domain controller (Replica to NS6)
    Gategay DNS,
    NS6: Exchange 2013 Domain controller (Replica to NS6)
    Gategay DNS,

    PC Witness
    Hyper-V, Windows 2008 server
    belongs to the domain
    Gategay DNS,

    What is wrong or what should I do to solve this problems .. Many thanks and grateful.

  39. Fadee Attieh says

    Hello, would like to know what are the configurations or settings to do after installing a new exchange for database availability group. after the installation errors started pumping and the users lost connection to exchange until I uninstalled the new exchange.

  40. Rada says

    HI, Paul

    Sorry to ask this question, in your example you have two Windows Server 2012 installing both CAS and Mailbox. So we will have 2 CAS right? How do we configure that 2 CAS to work as one? sorry for my bad English.


    Best Regard


Leave a Reply

Your email address will not be published. Required fields are marked *