?
Solved

Exchange 2013 Witness Server

Posted on 2014-02-27
11
Medium Priority
?
614 Views
Last Modified: 2014-03-23
Hi Experts,

Can I use Server 2008 R2 as witness server of my Exchange 2013? BTW, my Exchange Servers are running on Server 2012 platform. When I try to setup the witness server to Server 2008 it always prompt this error. (see attached file)

exchange 2013 error on witness server
Thanks,
0
Comment
Question by:junyap
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 39893820
Did you prestage the computer account ( CNO) first ?

steps here : http://technet.microsoft.com/en-us/library/dd351172(v=exchg.150).aspx

- after prestaging CNO object should be disabled ? is it disabled ?

- if yes, the first node adding to the DAG should have appropriate permissionso n CNO object,

  system account should have full permissionso on CNO object,

- paste the complete permissions of CNO object.


http://exchangeserverpro.com/installing-an-exchange-server-2013-database-availability-group/
0
 
LVL 5

Expert Comment

by:Arjun Vyavahare
ID: 39893856
What is version of domain controller ? Windows 2008 or Windows 2012?

If your domain controller is Windows 2008 then request you to refer below Technet article this will help you to resolve your issue:
http://social.technet.microsoft.com/Forums/exchange/en-US/f690af17-31f6-4abf-a6fa-d46fc655ad68/exchange-2013-dag-creation-issue?forum=exchangesvravailabilityandisasterrecovery

Regards,
Arjun
0
 
LVL 1

Author Comment

by:junyap
ID: 39893983
Hi Mojahid,

Yes, I already performed that. Actually I ave successfully configured my DAG but my witness server is Server 2012. I am trying to switch the witness server to my domain controller which is Server 2008 R2.

Thanks,
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 1

Author Comment

by:junyap
ID: 39893986
Hi Arjun,

My server is Windows Server 2008 R2.

Thanks,
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 39893999
A witness server is a voter that is external to the DAG that participates in quorum by adding a tie-breaking voter to DAGs that have an even number of members.

You do not need a dedicated server for the FSWs(file share Witness) and typically it is recommended to use a hub transport server in the primary data center. This is usually a safe thing to do as the Exchange team also manages the hub transport servers and the Exchange Trusted Subsytem will already be a member of the local administrators group and have the necessary permissions to create the file share.


The requirements for the witness server are as follows:
The witness server can't be a member of the DAG.
The witness server must be in the same Active Directory forest as the DAG.
The witness server must be running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, or Windows Server 2003.
A single server can serve as a witness for multiple DAGs. However, each DAG requires its own witness directory.
Please refer  below  for more details:

http://technet.microsoft.com/en-us/library/dd298065.aspx

http://social.technet.microsoft.com/Forums/exchange/en-US/521789ef-69cc-47a4-83d3-fb21331f4908/what-is-witness-server-used-for
0
 
LVL 1

Author Comment

by:junyap
ID: 39894012
Hi Mojahid,

I have only two Exchange Server on 2013 versions both contains mixed roles. My only problem is that I can used any Server 2012 servers as witness server but when I switch to Server 2008 R2 error occurred.

Thanks,
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 39894037
You have to create new DAG only.


Witness Server must have the Exchange Trusted Subsystem (ETS) group added to the local administrators group.  If this is a Domain Controller, it needs to be added to Domain\Administrators.  This is why you might want to not pick a domain controller.  This gives the ETS administrative rights to the entire domain, not just that server.  Granted ETS has crazy rights already, but putting the ETS in the Administrators group for the domain might make your security folks nervous.

Read this articles for more

http://jerridwills.com/2013/02/04/creating-a-two-node-exchange-2013-dag/
0
 
LVL 1

Author Comment

by:junyap
ID: 39894123
I already added the ETS on administrators, but still error occurred.

Thanks,
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39895662
"I am trying to switch the witness server to my domain controller which is Server 2008 R2."

That isn't a recommended configuration.
Do you not have a member server that you can use?

Simon.
0
 
LVL 1

Accepted Solution

by:
junyap earned 0 total points
ID: 39938921
As my solution, I created new Server with Server 2012 OS and promote it as my witness server.
0
 
LVL 1

Author Closing Comment

by:junyap
ID: 39948395
Resolve by my self
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question