After setting up the most common settings in Part4 we can eventually start building CAS/Mailbox fault tolerance.
Before we proceed to installing the second Exchange Server let’s add the two DNS A-records to the primary zone:
– this will provide the easiest form of the CAS fault tolerance: using DNS round-robin the hosts mail.testcompany.com and autodiscover.testcompany.com will be resolved either to 18.104.22.168 or to 22.214.171.124.
Now I will install the second server – Exch2 – as decribed in Part1 and log on to the ECP once the installation is complete:
Most settings (for example, OWA policy) this newly installed server will get automatically as it’s been added to the existing Exchange organization, but as mentioned in Part4, there’re some settings that are unique for each server (unti-malware engine, smtp banner, set logging …) so we must repeat the process of Exch2 customization as described in Part4.
Get-OwaVirtualDirectory |Set-OwaVirtualDirectory -LogonPageLightSelectionEnabled $True
Get-OwaVirtualDirectory |Set-OwaVirtualDirectory -LogonPagePublicPrivateSelectionEnabled $True
Get-OwaVirtualDirectory | Set-OwaVirtualdirectory -LogonFormat UserName -DefaultDomain “TestCompany.com”
(Scripts folder) .\Update-MalwareFilteringServer.ps1 -Identity Exch2
After that the OWA logon page on Exch2 will look as follows:
As you see this page looks exactly as the one on Exch1 except for the certificate warning: we must install and assign to SMTP and IIS the same wildcard certificate as used on Exch1:
The wildcard certificate must also be applied in IIS:
Again, configure external domain on Exch2 (after that all virtual directories’ external host name should be set to mail.testcompany.com), set the domain name in the Internal URL fields to mail.testcomany.com for all virtual directories…
and set Outlook Anyware external name to mail.testcompany.com (please see Part4).
As one of the goals of installing the second server, amongst others, is to provide redundancy of the mail flow I’ll add Exch2 as a source server to the existing Send connector:
Next let’s again create a new autodiscover site for the new server – please run the following command after creating the Autodiscover site in IIS (please see Part3 for the detailed instructions):
New-AutodiscoverVirtualDirectory -WebSiteName “Autodiscover.TestCompany.com” -WindowsAuthentication $true
and configure Client Access Server:
Set-ClientAccessServer -Identity Exch2 -AutoDiscoverServiceInternalUri https://Autodiscover.TestCompany.com/Autodiscover/Autodiscover.xml
Now it’s time to create a DAG and add DAG members – servers Exch1 and Exch2 – to the DAG1, but before we can do that we must add Exchange Trusted Subsystem universal security group (USG) to the local Administrators group on the witness server – in my case it’ll be the domain controller – DC.
Now let’s open ECP and navigate to Servers-database availability groups:
Now let’s activate the passive db copy on server Exch2 – this process is called “switchover”:
And the last step: testing CAS/DAG fault tolerance.
I will open the logon OWA page twice – the first time mail.testcompany.com will be resolved to 126.96.36.199, the second -to 188.8.131.52 and will send a message from Administrator to User3:
To make mail.testcomany.com resolve to another ip I’ll get use of ipconfig /flushdns:
In Part5 we installed the second multirole Exchange server, configured some server specific settings, built and and tested fault tolerance for CAS and Mailbox roles. This part concludes the series of articles on deploying Exchange Server 2013 SP1.