How to Configure Witness Server in Exchange 2016 & 2013
This write-up is going to teach you how to configure Witness Server in Exchange 2016 or 2013. In this article, we will learn a bit about the witness server, too. So let’s proceed.
Table of Contents
What is Witness Server?
As you might know that the witness server is used for high availability and site resilience in a Database Availability Group (DAG). It helps Exchange Server for managing user requests in a DAG among nodes of two different Exchange servers. In a big organization, Exchange Server is installed in a DAG for good manageability and high availability.
Best Practices to Set up Witness Server in Exchange
The new Microsoft recommendations for placing Witness Servers in Exchange 2013 and later are as follows.
| Deployment Scenario | Recommendations | Reason |
| One DAG in a Single Datacenter | Put the witness server and DAG members in the same datacenter. | – For low latency and high availability.
– As the witness server is close to the DAG members, no additional site is needed. – Every resource becomes localized. |
| One DAG Across Two Datacenters | 1. Put the witness server in Microsoft Azure (virtual network).
2. Keep the witness server in the primary datacenter. |
– Azure allows geographic isolation with automatic failover capability.
– Whereas the primary datacenter simplifies operations and maintains quorum even when a third site is unavailable. |
| Multiple DAGs in One Datacenter | 1. Allow the witness server to exist in the same datacenter as DAG members.
2. Use the same witness server for every DAG. 3. Make one main DAG member a witness server for another DAG. |
– Centralizes witness placement, simplifying infrastructure.
– Reduces resource usage while maintaining high availability. – Suitable for localized deployments. |
| Multiple DAGs Across Two Datacenters | 1. Place the witness server in Microsoft Azure (virtual network).
2. Place it in the primary datacenter for each DAG. |
– Azure adds resilience through isolation and automatic failover capability.
– Primary datacenter ensures quorum for that specific DAG during partial failures. |
| One or More DAGs Across More than Two Datacenters | Put the witness server in the datacenter where the majority of quorum votes should exist. | – Retains the majority of votes to avoid quorum loss.
– Also ensures continuity of service in case of failure. |
| Using a Third Location (optional) | Use a third location (physical or virtual), such as Microsoft Azure or an isolated branch office. | – Provides geographic independence
– Minimize outage risk with support for automatic failover. |
Importance of Witness Server
If you are going to install at least two different datacenters, then you must configure one witness server. Let’s discuss about importance of the witness server in more detail.
Suppose there are ten Exchange Server nodes installed in a DAG. In which five nodes are installed on datacenter 1, and five other nodes are installed on datacenter 2. Datacenter 1 is the primary where all databases are active. At datacenter 2, there is are mirror image of the site 1 database.
Let’s assume that the connection between datacenter 1 and datacenter 2 is not available cause of an issue. The issue could be any disaster or anything else. The fault percentage will be 50 % because half the nodes are not online, and the server will disconnect all mailboxes, and thus Site A will also be unavailable.
However, when File Share Witness (FSW) is available in datacenter 1, then FSW will also be considered as another node. And if there is no connection available between both sites, then the site which have a larger number of nodes are Online will be available online. In the disconnected case, datacenter 1 will have six nodes, including FSW, and datacenter 2 will have five nodes. Therefore, all mailboxes of datacenter 2 will be disconnected.
Witness server is useful when are even number of exchange servers are installed in a DAG. According to above above-defined scenario witness server provides failover clustering and helps to keep at least one datacenter active at any cost.
Preconfiguration for Witness Server Installation
Before anything else, make sure you have completed all that is required for planning and installing the Exchange Server DAG environment.
As going to install and configure the Witness Server in the Exchange 2016 DAG, first go through the Windows firewall settings and check whether your computer is connected to the domain or not. If already connected, then all is okay; otherwise, you have to connect your computer to the domain first.
This is not much different from the steps used to delete orphaned mailboxes in the Exchange 2010 edition.
Now go to the Add Roles and Features Wizard to install one server role. Therefore, select File Server under File and Storage Services and complete the installation process.
After the installation of the file server role, add the Exchange Trusted Subsystems Group to the local Administrators group. You just need to go to Computer Management and then in the left panel, expand Local Users and Groups, and then click on groups. Now, in the result pane in the middle, select Administrators and add a new group of Exchange Trusted Subsystems.
Configure Witness Server in Exchange 2016 with EAC and PowerShell
To create and configure a new witness server in Exchange 2016 or 2013, there must be a shared folder related to it. Therefore, first create a shared folder. Just go to the C drive and create a folder (in my case folder name is abc). Then go to properties and make it shared.
After creation of the shared folder, go through the Exchange Admin Center (EAC), then click on Servers, and then click on database availability groups. Now, click on the + sign and enter the new Database Availability Group Name, Witness Server, and the location of the Shared folder that you have created.
This was the GUI mode. If you want more control over the process and have experience handling PowerShell scripts before the following cmdlets can help you a lot.
The Entire process can be broken down into 3 essential steps:
Step 1. First, Get the Current DG Witness
Using the Admin account, open a new instance of Exchange Management Shell (EMS).
Make sure you have the DAG name, Witness server, and the corresponding witness directory. Then type:
Get-DatabaseAvailabilityGroup -Identity <DAGName> -Status | ft Name, Witness*, Servers
Witness* here acts as a wildcard to fetch WitnessServer, WitnessDirectory, WitnessShareInUse.
Once you have the information, the next step is:
Step 2. Change DAG Witness Server and Witness Directory
To do this, type:
Set-DatabaseAvailabilityGroup -Identity <DAGName> -WitnessServer <WitnessServerName> -WitnessDirectory <WitnessDirectoryLocation>
Note: If you don’t get results right away and instead see a warning label, it means the firewall is preventing the query from running. You can disable it temporarily.
Finally,
Step 3. Verify the DAG Witness Server
Use the following cmdlet:
Get-DatabaseAvailabilityGroup -Identity <DAGName> -Status | ft Name, Witness*, Servers
After this, try to create mailbox database copies or attempt any regular task to see if the process worked or not. To undo a faulty setup, check out our guide on how to remove DAG servers safely.
Conclusion
In this article, we have discussed how to configure a witness server in Exchange 2016. We have also discussed what is witness server is, plus its importance and usage of the witness server. Moreover, if you ever have to download data from an Exchange Server, use a professional tool
Download a copy and try out the demo.
Frequently Asked Questions
Q. Is a Witness Server and DAG the same in Exchange?
No, Witness Server is a separate section within the DAG environment. Its main role is to help the DAG maintain quorum and avoid split-brain scenarios.
Q. Can I use the same Witness Server in multiple DAGs?
Yes, but before you use it, make sure that the Witness Server has enough resources and that the witness directory stays separate for each DAG.
Q. What will happen if my DAG goes offline?
DAG will continue to run. However, if another node collapses for some reason, then the quorum will be lost.
Q. Do I have to keep Witness Server on-premise?
No, it’s not compulsory; you could use virtual servers, including Azure VMs, which can function as Witness Servers.
Q. Which firewall ports should I keep open for DAG and Witness communication?
TCP ports 445 and 135 must be open for file sharing and cluster communication.
Tej Pratap Shukla
https://about.me/tejpratap