I was creating a test lab with Windows 2008 R2 as the base operating system and Exchange 2010, with a view to configure a DAG. I have explained the process of configuring a DAG in one of my previous articles.
While the DAG creation completed successfully, the completion wizard showed me a warning.
I wasn’t that bothered as the file share is not created until we add nodes to the DAG. I added the first node successfully. While adding the second node, the operation failed with the following error.
Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:48
DAG02
Failed
Error:
There was a problem changing the quorum on cluster DAG1. File share witness ‘\2010DC.HEW10.LOCALDAG1.HEW10.LOCAL’ network name was not found. This may be due to a problem with firewall settings.
Warning:
Insufficient permissions to access file shares on witness server ‘2010DC.HEW10.LOCAL’. Until this problem is corrected, the database availability group may be more vulnerable to failures. You can use the Set-DatabaseAvailabilityGroup cmdlet to try the operation again. Error: Access is denied
Warning:
The operation wasn’t successful because an error was encountered. You may find more details in log file "C:ExchangeSetupLogsDagTasksdagtask_2009-12-12_22-51-11.198_add-databaseavailabiltygroupserver.log".
Exchange Management Shell command attempted:
Add-DatabaseAvailabilityGroupServer -Identity ‘DAG1’ -MailboxServer ‘DAG02’
Elapsed Time: 00:00:48
The problem was that I gave the witness server to be my domain controller, a Windows 2008 R2 machine.
The solution is that “Exchange Trusted Subsystem” security group has to be added as a member of the local administrators group of the server. Since my witness server is a DC, I added the “Exchange Trusted Subsystem” group to the Administrators group in AD.
Once the group was added, I could add my second node to the DAG successfully.
If you provide another Exchange 2010 server as your witness server, everything works fine. If not, the “Exchange Trusted Subsystem” group has to be given local admin rights.
Typo: I have two Windows 2008 R2 server with Exchange as nodes + one another Windows 2008 R2 server to be configured as Witness server.
Hi Abhi,
Exchange trusted subsystem group should be added as a local admin on the witness server. Is that the case?
Thanks.
Thanks for the very right question. I had added the Witness server AD users–> Administrator to the group. But now after your question, when I checked in Local Users & Groups –> Groups–> Administrator Properties–> Exchange trusted subsystem grp wasn’t there. Now I added and I could successfully configure DAG
Glad that it has been fixed Abhi.
I have Windows 2008 R2 server with Exchange as nodes + one another Windows 2008 R2 server to be configured as Witness server.
All the 3 systems are under “Exchange Trusted Subsystem” security group. However, my DAG configuration constantly fails with the error as below:
“Warning:
Insufficient permissions to access file shares on witness server ‘win-52-239.interopexchange.com’. Until this problem is corrected, the database availability group may be more vulnerable to failures. You can use the Set-DatabaseAvailabilityGroup cmdlet to try the operation again. Error: Access is denied
Exchange Management Shell command completed:
New-DatabaseAvailabilityGroup -Name ‘InteropDAG1’ -WitnessServer ‘win-52-239.interopexchange.com’ -WitnessDirectory ‘c:\witness’
Elapsed Time: 00:00:00”
Any help possible on this please?
Good to know it helped you Todd. Thanks for the comment.
Had to do the same thing. Surprised there's not a Technet article by now, but this is exctly how this is done. I also received a similar error until I made the DC's computer account part of the Exchange Servers Security Group. Those two changes work like a chanp! Thanks for posting.
Thanks Anonymous.
spot on, good post :)