Exchange 2010 DAG Configuration
I am trying to setup the first DAG in my Exchange 2010 environment. I currently have an Exchange 2003 cluster and have built new Windows 2008 R2 enterprise servers for Exchange 2010. I have the first server built with the cas, mb, and ht roles. When I try to configure the DAG I get the error that states "The Exchange Trusted Subsystem is not a member of the local administrators group on the specified witness server"
However, it is a member of the local admins group on the server I'm trying to specify as the witness server.
I have scoured google and the technet and haven't found a solution yet. Anyone else run into this?
Thanks
However, it is a member of the local admins group on the server I'm trying to specify as the witness server.
I have scoured google and the technet and haven't found a solution yet. Anyone else run into this?
Thanks
MegaNuk3
Is the witness server a DC/GC?
Are you installing the FSW on the HT Server?
ASKER
MegaNuk3 - No it's a member server
talkinsmak - No, I know it's recommended but I hate to waste an exchange license like that, and I read it can run on just a member server.
talkinsmak - No, I know it's recommended but I hate to waste an exchange license like that, and I read it can run on just a member server.
I found this CMDLET:
Set-DatabaseAvailabilityGr
If that doesn't work they recommend adding the DAG File Server to the "Exchange servers" universal security group but that is a vulnerability. Anyone with admin access to your file server can gain contol over all your Exchange objects.
You might want to check this out if you haven't already.
http://www.thecabal.org/2009/12/busting-the-exchange-trusted-subsystem-myth/
John
Set-DatabaseAvailabilityGr
If that doesn't work they recommend adding the DAG File Server to the "Exchange servers" universal security group but that is a vulnerability. Anyone with admin access to your file server can gain contol over all your Exchange objects.
You might want to check this out if you haven't already.
http://www.thecabal.org/2009/12/busting-the-exchange-trusted-subsystem-myth/
John
ASKER
I have read that article. When I run the cmdlet I get an error stating that DAGNAME could not be found on dnsserver.localdomain.com.
When I try to create a dag using the gui I still get the error stating that the exchange truseted group is not part of the local admins group.
May be time for a call to microsoft?
When I try to create a dag using the gui I still get the error stating that the exchange truseted group is not part of the local admins group.
May be time for a call to microsoft?
Install Exchange 2010 SP1 if you haven't already...
If it is already installed the open a command prompt and go to the source files and run "setup.com /mode:upgrade" that will reinstall the SP and repair group memberships...
If it is already installed the open a command prompt and go to the source files and run "setup.com /mode:upgrade" that will reinstall the SP and repair group memberships...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Kinda sucks that you had to go through all that to get it to work but that is the recommended way.
John
John
ASKER
Decided to change design on my exchange upgrade.