22 C
Saturday, March 2, 2024

How to create a DAG (Database Availability Group) in Exchange 2010

Well, Creating DAG is much more simpler,

But configuring it properly is the best part to have it efficiently working.

So lets see how to create a 2 node DAG , where most of the Environments are willing to have 2 Dedicated servers for Exchange which has all the roles HUB,CAS,MBX.

NOTE **Am not Describing Client access array in this blog , Windows NLB won’t work if you have all roles installed on the same Server

you should for a 3rd party NLB in this Scenario for Client access Array ,

I will describe my environment now

I have 2 AD sites


Exchange Servers = 2 , Every AD site has a Exchange Server



First we will prepare the Environment for the DAG

You can Skip this Step if you are not going to Have your File Share Witness in the Domain Controller


Am Adding Exchange Trusted Subsystems in Administrators Group as am going to have my File Share Witness in the “Primary-DC”

To get rid of permissions issue. If you are not giving this permission , you may end up with the below error while creating DAG.

Insufficient permissions to access file shares on witness server . Until this problem is corrected, the database availability group may be more vulnerable to failures. You can use the Set-DatabaseAvailabilityGroup cmdlet to try the operation again. Error: Access is denied

Open Administrators Group and add Exchange Trusted Subsystem Group to it.



I will have my Primary LAN . Will add a Replication LAN ,for my DAG replication

So that I will come out of an Single point of failure on my LAN

If my replication network fails it can failover to the production network. vice versa.


My Replication Network , IP configuration should be defined as below

as one machine cannot have 2 default gateways,


Will do the same on both the nodes . will add a route for my Replication IP , so that they can ping each other


Now we will  Create a DAG ,


Specify the DAG name . Witness Server Name , Witness Location


“ Always have File Share Witness in the Primary Site “

Now my DAG is Ready

Add members to it.


Adding the members



Great !! Now your DAG is ready !!

Now go to your DAG properties , Assign a Static IP for the DAG

if you have difference subnet or different class of ip on either Sites.

Have Two IP address for the DAG so that DAG resource can be online while failover on either sites

If you have only one Subnet , then you can have only one Ip address for the DAG


Now you can see your Database Master Servers are pointing to the DAG


Now you can add a Mailbox Database Copy , So that Databases can Failover Each other


Choosing a Server to Add a Copy


Now your Copy Shows Healthy


Now you can Activate a copy on the other server to Test the Failing over a database



Lossless is 0 logs lost, Good Availability is 3 logs lost, and Best Availability, which is the default, is 6 logs lost

Best Effort – You might have a massive loss of data.

You can choose as per your convenience ,Great !! you did a Database failover now !!

For Disaster Recovery Purpose You got to add Two more steps

Enabling DataCenterActivationMode , This avoids Split Brain Syndrome if the whole Primary Datacenter Fails

Set-DatabaseAvailabilityGroup "DAG1-CareExch" –DataCenterActivationMode DAGOnly


Configuring Alternate File Share Witness

Set-DatabaseAvailabilityGroup "DAG1-CareExch" –AlternateWitnessServer "DR-DC" –AlternateWitnessDirectory "C:\File Share Witness"


Now you got the Recommended design for DAG !!

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles


  1. Nice one.

    Why are you using the “primary-exch’ as your witness server?

    My understanding is the Witness server should be a separate Exchange server with at least one role installed (e.g., hub transport). Therefore, you have “primary-exch” and “dr-exch” as member servers then you have the third exchange server as the witness server.

  2. Hi,
    I have 2* Windows 2008 R2 server with Exchange as nodes + one another Windows 2008 R2 server to be configured as Witness server.

    All the 3 systems are under “Exchange Trusted Subsystem” security group. However, my DAG configuration constantly fails with the error as below:

    Insufficient permissions to access file shares on witness server ‘win-52-239.interopexchange.com’. Until this problem is corrected, the database availability group may be more vulnerable to failures. You can use the Set-DatabaseAvailabilityGroup cmdlet to try the operation again. Error: Access is denied

    Exchange Management Shell command completed:
    New-DatabaseAvailabilityGroup -Name ‘InteropDAG1? -WitnessServer ‘win-52-239.interopexchange.com’ -WitnessDirectory ‘c:\witness’

    Elapsed Time: 00:00:00?

    Any help possible on this please? Please let me know if you need any further information?

  3. Will you be able to enable DataCenterActivationMode with only 2 members in DAG? I think the requirement to enable DataCenterActivationMode is 3 or more DAG members.

  4. Hi,
    i have exchange 2013 sp1 with win 2012, my problem is my database mount automatically even i shutdown my primary data center, (DAC mode is enable)
    file share witness are on both side..
    PAM is on primary data center.
    is it due to dynamic quram model ?

    • DAG cannot have two witness . Secondary witness . needs manual intervention . Witness doesn’t fail over.

      Read misconceptions of DAG . Google it .

  5. Hi,
    from file share witness server on both side i mean i mention my alternate file share witness in DAG.
    but still file share is on primary site.. i am not ruing any command to activate DR site.

  6. Internet is written with the capital letter in a sentence, by the way. And hundredths are written not with a point but with a comma. This is according to the standard. And actually everything is very good..!


Please enter your comment!
Please enter your name here

× How can I help you?