Friday, September 2, 2016

Convert IP-less DAG to IP-based DAG

Hi folks,

As you well know Exchange 2013 SP1 and later installed on Windows Server 2012 R2 supports DAG without IP address. You can read more about it here and here. It is much easier to configure as there is no dependency on the availability of the IP address and CNO object in the AD. According to Microsoft it also reduces surface of attack on the server.

One important notice for IP-less DAGs is that you should well plan it. Make sure that application that integrate with Exchange 2013 or 2016 can work with IP-less DAG. The problem is that you won't be able to convert from IP-less DAG to IP-based DAG on fly and vice versa. In order to convert DAG from IP-less to IP-based you will need to destroy IP-less DAG and create a new IP-based DAG.

You can still convert DAG from IP-less to IP-based while preserving user data. First you will need to activate all DBs in DAG on one of the Exchange servers by running the command as below:

Get-MailboxDatabase DB001 |Move-ActiveMailboxDatabase -ActivateOnServer SERVER01

After this you will need to remove all passive copies from other servers:

Remove-MailboxDatabaseCopy DB001\SERVER02 -Confirm:$false

If your DAG runs in Datacenter Activation Coordination mode (as any post-Exchange 2010 SP1):

Set-DatabaseAvailabilityGroup -Identity DAG01 -DatacenterActivationMode Off

After DAC mode is disabled you need to remove all servers from DAG by running the below command against each server:

Remove-DatabaseAvailabilityGroupServer -Identity DAG01 -MailboxServer SERVER02 -confirm:$false

After none of the servers left in the DAG you can kill it:

Remove-DatabaseAvailabilityGroup -Identity DAG01 -confirm:$false

Of course you will be building your Exchange 2013 or 2016 DAG on Windows 2012 R2 servers. To succeed you will need to prestage CNO for your DAG in  AD based on the instruction from this TechNet article. If this step has not been performed attempts to add mailbox servers to DAG will fail with the following error:

Please retry the operation. Error: The fully qualified domain name for node ‘XXXX’ could not be found.

When everything is ready you can create new DAG with the IP address by running a command similar to this one:

New-DatabaseAvailabilityGroup -Name DAG01 -WitnessServer -WitnessDirectory C:\Witness\DAG01 -DatabaseAvailabilityGroupIPAddresses,

Then you can add all of your servers to DAG by running the following commands against each of them:

Add-DatabaseAvailabilityGroupServer -Identity DAG01 -MailboxServer SERVER01 -Verbose

After all servers are added to DAG you will need to enable DAC mode:

Set-DatabaseAvailabilityGroup -Identity DAG01 -DatacenterActivationMode DagOnly

If you use AutoReseed you will need to configure DAG with the parameters needed for AutoReseed and number of DB copies per volume:

Set-DatabaseAvailabilityGroup DAG01 -AutoDagVolumesRootFolderPath "E:\ExchVols"
Set-DatabaseAvailabilityGroup DAG01 -AutoDagDatabasesRootFolderPath "E:\ExchDB"
Set-DatabaseAvailabilityGroup DAG01 -AutoDagDatabaseCopiesPerVolume 2

I have already posted about AutoReseed configuration and operations previously.

When DAG is ready you can add mailbox database copies to the remaining servers:

Add-MailboxDatabaseCopy  -Identity "DB001" -MailboxServer "SERVER02" -ActivationPreference 2
Add-MailboxDatabaseCopy  -Identity "DB001" -MailboxServer "SERVER03" -ActivationPreference 3

Finally, when your DAG is ready and all copies are healthy you can redistribute them based on the activation preferences so that the load spread evenly across your Exchange servers:

RedistributeActiveDatabases.ps1 -DagName DAG01 -BalanceDbsByActivationPreference -Confirm:$False

So your DAG has been rebuilt and data preserved.