1- Prepare for Installation of Exchange 2016
Friday, July 31, 2015
10:53 AM
Install-WindowsFeature RSAT-ADDS
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation
Windows 2016 (Windows Server)
Install-WindowsFeature Net-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation
1- (Extending Schema)
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
From <https://technet.microsoft.com/en-us/library/bb125224(v=exchg.160).aspx#Step1>
- (Preparing AD)
Setup.exe /PrepareAD /OrganizationName:”<organization name>” /IAcceptExchangeServerLicenseTerms
From <https://technet.microsoft.com/en-us/library/bb125224(v=exchg.160).aspx#Step1>
Setup.exe /PrepareAD /OrganizationName:TEST /IAcceptExchangeServerLicenseTerms
- Prepare one domain in the forest or all domains
Setup.exe /PrepareDomain:<FQDN of the domain you want to prepare> /IAcceptExchangeServerLicenseTerms
From <https://technet.microsoft.com/en-us/library/bb125224(v=exchg.160).aspx#Step1>
To prepare all domains run the following cmd
Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms
From <https://technet.microsoft.com/en-us/library/bb125224(v=exchg.160).aspx#Step1>
Once you’ve done all the steps above, you can check to make sure everything’s gone smoothly. To do so, you’ll use a tool called Active Directory Service Interfaces Editor (ADSI Edit). ADSI Edit is included as part of the Active Directory Domain Services Tools feature in Windows Server 2012 R2 and Windows Server 2012. If you want to know more about it, check out ADSI Edit (adsiedit.msc).
Warning:
Never change values in ADSI Edit unless you’re told to do so by Microsoft support. Changing values in ADSI Edit can cause irreparable harm to your Exchange organization and Active Directory.
After Exchange extends your Active Directory schema and prepares Active Directory for Exchange, several properties are updated to show that preparation is complete. Use the information in the following list to make sure these properties have the right values. Each property needs to match the value in the table below for the release of Exchange 2016 that you’re installing.
- In the Schema naming context, verify that the rangeUpper property on ms-Exch-Schema-Verision-Pt is set to the value shown for your version of Exchange 2013 in the Exchange 2016 Active Directory versions table.
- In the Configuration naming context, verify that the objectVersion property in the CN=<your organization>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain> container is set to the value shown for your version of Exchange 2016 in theExchange 2016 Active Directory versions table.
- In the Default naming context, verify that the objectVersion property in the Microsoft Exchange System Objects container under DC=<root domain is set to the value shown for your version of Exchange 2016 in the Exchange 2016 Active Directory versions table.
From <https://technet.microsoft.com/en-us/library/bb125224(v=exchg.160).aspx#Step1>
Software Prerequisites
Creating DAG
Since this is a LAB and I only have 2 nodes (DAG must have an odd number for Failover), so I am going to use the DC server as my FSW (Which is highly not recommended for Production Environment).
In order for the FSW on DC to work, you will have to add your DC to the Exchange Trusted Subsystem group
Here I added the DC as a member of the group
Normally file server feature is already added to the server by default, but to make sure I’ll run the following command
It’s already there
Now I’ll go back to Exchange servers and add a second NIC for Replication..
I usually rename each NIC so I know which is which, the default NIC belongs to the MAPI traffic and the other one is the replication NIC.
I will configure the Replication NICs on both exchange servers to disable the “Register this connection’s addresses in DNS”
Checking ping between Exchange servers on the Replication NIC
Now I will create the NGO Object (Computer Object) in the Active directory for the DAG
I will disable the object
Double click on the DAG object and go to Security tab and add Exchange servers
Now configure the security for the Exchange members to full
Apply and close…
Now on the DC I will create the FSW’s folder and give it full permission to the Trusted Subsystem group and exchange servers
Click apply and go back to EAC and I’ll start configuring the DAG
Microsoft says that one of the enhancements that have been added to Exchange 2016 is that DatabaseAvailabilityGroupIpAddresses is no longer required when creating a DAG. By default, the failover cluster will be created without an administrative access point, as this is the recommended best practice.
From <http://blogs.technet.com/b/exchange/archive/2015/05/05/exchange-server-2016-architecture.aspx>
So in this case we won’t need to assign any IP address to the DAG…
I’ll click on save and see what happens
Navigating to the administrators group on AD, The Exchange subsystem group is not added so I’ll add it.
Now I will add Exchange servers as members to the DAG
error
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: Windows Failover Clustering isn’t installed on ‘EXCH2K16.test.com’.. [Server: EXCH2K16.test.com]
error
A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: Windows Failover Clustering isn’t installed on ‘EXCH2k1602.test.com’.. [Server: EXCH2k1602.test.com]
Error occurs due to firewall being enabled on the DC (Where the FSW is )
I disabled the firewall and gave full permission to the Exchange trusted system to the DAG object
After that I signed out of Exchange servers, signed back in.. Deleted DAG and recreated it… that didn’t work either
Tried using Exchange management shell but it didn’t work too
Checking the log coming in the description, I find out the log is complaining about not finding DAG while trying to resolve it.
Also the log says that it has installed Failover cluste rbut still the cluster can’t find FQDN called DAG.
So I will have to configure DAG in the dns and give it an IP of my first Exchange server
Checking DAG resolving from Exchange server
As the log says, restart is required after installing failover cluster so I’ll restart Exchange servers and then retry to add Exchange servers to the dag.
After restarting the server, It seems that things are working
The second server gave the following error
The Microsoft Exchange Replication service does not appear to be running on “EXCH2k1602”. Make sure that the server is operating, and that the services can be queried remotely.
Apparently the error is correct, After restarting the server it turned out that most of the second Exchange server’s services were not working.. To be honest I didn’t ask myself why did not the services started since I am using a preview version of Exchange 2016.
Interestingly while checking services, I noticed new services e.g. (DAG Management, Compliance Audit, Notifications broker)
After starting the services, now I tried to add the second server again to the DAG.
So eventually, DAG doesn’t need an IP address but still a DNS value needs to be created for the NCO object and needs to have an IP assigned to it which will be the Exchange server IP address..
Next: I will add a database copy and see how it’s improved and do I need to restart the IS service as in Exchange 2013.
I will leave all the default values and add the second server for the database to be copied on. Unlike Exchange 2013 in most of the times the database would fail first and gives an error .. In 2016 it starts directly seeding the database to the second Exchange server that’s member of the DAG.
On the second Server where the database has been copied to, I checked the Logs and Fastsearch was throwing errors as usual since database logs are not copied … as soon as the database logs finished copying the fastsearch will return ok and the database will appear as Healthy in EAC.
Fastsearch finally reported that indexing started on the newly copied DB.
The database copy should now report healthy in the EAC.
I will add the second database to the DAG and then create a new test mailbox and publish the Exchange server online to check the rest of the functionalities.