Deploying Exchange 2013 SP1 step by step – Part5

After setting up the most common settings in Part4 we can eventually start building CAS/Mailbox fault tolerance.

Before we proceed to installing the second Exchange Server let’s add the two DNS A-records to the primary zone:

– this will provide the easiest form of the CAS fault tolerance: using DNS round-robin the hosts and will be resolved either to or to


Now I will install the second server – Exch2 – as decribed in Part1  and log on to the ECP once the installation is complete:


Most settings (for example, OWA policy) this newly installed server will get automatically as it’s been added to the existing Exchange organization, but as mentioned in Part4,  there’re some settings that are unique for each server (unti-malware engine, smtp banner, set logging …) so we must repeat the process of Exch2 customization as described in Part4.

Get-OwaVirtualDirectory |Set-OwaVirtualDirectory  -LogonPageLightSelectionEnabled $True

Get-OwaVirtualDirectory |Set-OwaVirtualDirectory -LogonPagePublicPrivateSelectionEnabled $True

Get-OwaVirtualDirectory | Set-OwaVirtualdirectory -LogonFormat UserName -DefaultDomain “”

(Scripts folder)  .\Update-MalwareFilteringServer.ps1 -Identity Exch2


After that the OWA logon page on Exch2 will look as follows:


As you see this page looks exactly as the one on Exch1 except for the certificate warning: we must install and assign to SMTP and IIS the same wildcard certificate as used on Exch1:

P5-13 P5-14 P5-15P5-17 P5-18 P5-20 P5-21

The wildcard certificate must also be applied in IIS:


Again, configure external domain on Exch2 (after that all virtual directories’ external host name should be set to, set the domain name in the Internal URL fields to for all virtual directories…

P5-24 P5-25

and set Outlook Anyware external name to (please see Part4).

As one of the goals of installing the second server, amongst others, is to provide redundancy of the mail flow I’ll add Exch2 as a source server to the existing Send connector:




Next let’s again create a new autodiscover site for the new server – please run the following command after creating the Autodiscover site in IIS (please see Part3 for the detailed instructions):

New-AutodiscoverVirtualDirectory -WebSiteName “” -WindowsAuthentication $true

Get-AutodiscoverVirtualDirectoryP5-27 P5-28

and configure Client Access Server:

Set-ClientAccessServer -Identity Exch2 -AutoDiscoverServiceInternalUri

Get-ClientAccessServer |fl *autodiscover*P5-AutoDis

Now it’s time to create a DAG and add DAG members – servers Exch1 and Exch2 – to the DAG1, but before we can do that we must add Exchange Trusted Subsystem universal security group (USG) to the local Administrators group on the witness server – in my case it’ll be the domain controller – DC.

Now let’s open ECP and navigate to Servers-database availability groups:

P5-44 P5-45P5-46 P5-47P5-48 P5-50P5-51 P5-52

P5-53The next step is to create a database copy – I will create a copy for the TestCompany database:

P5-55 P5-57 P5-59P5-60-GOOD


Now let’s activate the passive db copy on server Exch2 – this process is called “switchover”:

P5-73P5-75 P5-76 P5-77

And the last step: testing CAS/DAG fault tolerance.

I will open the logon OWA page twice – the first time will be resolved to, the second -to and will send a message from Administrator to User3:



To make resolve to another ip I’ll get use of ipconfig /flushdns:





In Part5 we installed the second multirole Exchange server, configured some server specific settings, built and and tested fault tolerance for CAS and Mailbox roles. This part concludes the series of articles on deploying Exchange Server 2013 SP1.




4 responses

  1. Hi,

    We have recently installed and configured exchange 2016 servers in an existing 2010 environment. We are in the process of migration from Exchange 2010 to 2016.

    We have updated all the URLs on our old exchange 2010 servers and given it a common name. We have configured exchange 2016 servers with the same URLs.
    Exchange 2016 acts as a proxy for 2010.

    We migrated few mailboxes to 2016 for testing. We are experiencing issues with employees whose mailbox is on Exchange 2016 and are using outlook 2010. It takes too long to connect to the exchange server and freezes at times.
    On checking the connection status, we see it is trying to connect to the exchange 2010 server-

    server name: old URL name of exchange 2010 server-
    protocol: RPC/TCP
    status: connecting
    type: public folder

    We checked the public folder, it is empty.

    This issue is only with outlook 2010. Outlook 2013 and 2016 works fine.

    Is this because of incompatibility of outlook 2010 with exchange 2016 or we missed some configuration?

    Can you please share your thoughts on this.


    1. Hi Ankit,
      Outlook 2010 is supported with Exchange 2016 in case KB2965295 is installed (on a client) as stated here: Exchange 2016 system requirements
      I’d try to remove the empty public folder (if installing KB2965295 would not help) cos one of the main differences between Exch2010 and Exch2016 is the absence of Public Folder database in 2016 – maybe if you migrate all needed public folders to public mailboxes (I mean Public folders that reside inside Public mailboxes) in Exch2016 Outlook 2010 could connect more easily…
      Please post any questions here should you have any.

  2. Thank you. Really useful!

    1. Thank you very much for you words, Hamid – you’re always welcome!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: