Link to home
Create AccountLog in
Avatar of challBOE

asked on

Exchange 2010 DAG died can't re-establish. Can I drop it, create new one using one network card (this is VM)?

Exchange 2010, sp3 rollup 25 on server 2008 r2, EXI-vms.
Our DAG died an ugly death in the aftermath of another incident. There may have been the deletion of a second virtual network card, but I didn't do the initial setup of Exchangeor DAG, so dont know for sure.
Right now there is one card and one network address.
Oddly the active mailbox server seems to have the IP address of the DAG embedded in itself but it is not in the normal network card information under TCPIP/4. Its only visible when looking at ipconfig /all.

In any case, I am trying to re-establish the DAG, but can not.
I see in the event log that the account "ExchangeDAG$" has a login failure, but I dont think there ever was such an account/machine. There is a DNS entry for "ExchangeDAG" as required, but no actual active directory object for it.
I ran cluster verification to try and help understand what was going on - it warns that that the windows KB's dont match.

Should I break DAG, let users work on the existing server and then try to establish a new DAG?
Can I do this with one network card ? (PS, there is no MAPI network)
Is running cluster verification on 2010 EX/2008 r2 OS not a valid thing to do?
I have read a few articles but honestly I think I have a mental block on this.
I hope this doesnt end in a dreaded, $$, MS call...
Avatar of Mahesh
Flag of India image

how many servers you have in DAG?
which server gone down? active or passive?
if all mailbox databases went down?
1st of all try to bring online Mapi network

U can verify it from cluster console and ensure that it has correct IP assigned

Also check computer objects for DAG "ExchangeDAG"

Did you checked base cluster name and its ip if alive?
Avatar of challBOE


There were 2 servers in the Dag ( I know, it should be an odd-number, 3 or more).
The databases switched over so that they are on the now active server.
No databases are down,  just all copies are failed.
I dont remember there ever being a MAPI network.
Under DAG networks of the EMC DAG details- the failed server  it's OWN interface is down. That "failed"
server can itself ping the active mailbox server and can write to the witness directory.
So, your DAG is not died, DAG can work smoothly with *two* nodes as well

Only one node of DAG is down may be due to wrong network configuration

DAG failed means its not necessarily databases are also down.

You can either resolve network configuration problem on failed node and brig node online again
Check what network is using by current active node and it is Mapi network, make sure you wil restore network config on failed node to match mapi network on current active node

Worst come to worst, you can delete all passive copies form failed server and remove server from DAG and add it again
Ah, found the Active Directory entry for the virtual computer called "ExchangeDagName".
Here is what I see in SecurityLog audits, if it is significant should I reset the above "ExchangeDagName" virtual computer in ADUC?
Event id 4625 Microsoft-Windows-Security logon
      Security ID:            S-1-5-18
      Account Name:            FailedSERVER$
      Account Domain:            MYDomainName
      Logon ID:            000003E7
Logon Type:                  8
Account For Which Logon Failed:
      Security ID:            S-1-0-0
      Account Name:            EXCHANGEDAGNAME$
      Account Domain:            MYDomainName
Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  C000006D
      Sub Status:            C000006A
Process Information:
      Caller Process ID:      00000924
      Caller Process Name:      C:\Windows\Cluster\rhs.exe
Network Information:
      Workstation Name:      FailedSERVER
      Source Network Address:      -
      Source Port:            -
Detailed Authentication Information:
      Logon Process:            Advapi  
      Authentication Package:      Negotiate
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
Avatar of Mahesh
Flag of India image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I added a second location for writing witness files and this morning walked in and.. everything is up* and copying databases.
Specifically, the network card that was listed as "unavailable" is now available.

This alternative witness directory location is located on the same VM host as the "failedserver".
I also changed some permissions, giving the virtual computer "ExchangeDAGname" more permissions on both servers, but I don't remember exactly what I did there. I will have to go back and look.

Meanwhile Mahesh, you have been pointed to me to an excellent, clear, concise article. Thank you.
You have also helped in the past, so thank you again.