This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 18%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
we got exchange 2013 deployment in our primary data center with AD Domain = domain1.com and AD site= primary-Site and with two exchange 2013 servers each with CAS+mailbox roles (srv1.domain1.com + srv2.domain1.com) setup as DAG and file-share witness server in same data center filesrv.domain1.com. each mailbox database has 2 copies one active and one passive. both CAS servers are load-balanced by a separate dedicated load balancer for all exch services like OWA, ECP, EWS,MAPI,...
in this office the owa namespace is = https://owa.domain1.com, where all users Outlook clients connect and discovers to their mailboxes using MAPI/HTTP to https://owa.domain1.com/... which is fine since the outlook clients are in the same LAN of the exchange servers data center 1 and belonging to domain1.com AD domain.
We wanted to achieve Site Resiliency (a.k.a DR) to our exchange setup. we have already a working data center 2 in another country with:
AD Domain = domain2.com and AD site= Branch-Site and with two exchange 2013 servers each with CAS+mailbox roles (srv1.domain2.com + srv2.domain2.com) setup as DAG and fileshare witness server in same data center filesrv.domain2.com. each mailbox database has 2 copies one active and one passive. both CAS servers are load balanced by a separate dedicated load balancer for all exch services like OWA, ECP, EWS,MAPI,...
similar to the primary office, this branch office has local LAN Outlook users (belonging to domain2.com AD) connects to their mailboxes which are hosted on the domain2 Exchange owa/DAG
this office owa namespace is = https://owa.domain2.com, where all users Outlook clients connect and discovers to their mailboxes using MAPI/HTTP to https://owa.domain2.com/... which is fine since the outlook clients are in the same LAN of the exchange servers data center 2 and belonging to domain2.com AD domain.
Notes:
both domains domain1.com and domain2.com have full trust and belong to same AD forest. VPN links exist between both offices and functional. both domains are at the same level/ no child domains exist.
all users primary SMTP domain is unified = name@tiedtlaw email .com
internal DNS autodiscover.email.com ==> owa.domain1.com
thru Outlook connection status we can identify which CAS the user is connecting to.
Case Scenario:
We wanted to achieve Site Resiliency (a.k.a DR) to our exchange setup in the Primary Office. we choose the branch office to be this DR site for our Exchange services in the primary office.
We prepared a new AD DC + DNS + GC (srv3.domain1.com) in branch office in AD site Branch-Site with dedicated IP of branch office range along.
We prepared a new Exchange 2013 server (srv3.domain1.com) in Branch-Site with branch site IP range to be CAS+MBX roles. we joined the srv3.domain1.com to DAG of the primary office. we added 3rd copy of the databases existing in primary office and got replicated successfully to srv3.domain1.com.
also same virtual directory names we configured on srv3.domain1.com similar to what is configured for srv1/2.domain1.com
Issue:
the strange behavior after deploying the 3rd exchange server srv3.domain1.com in the branch office site, here is that the local LAN users of branch office (whose user accounts belong to AD domain domain2.com and have mailboxes under branch exchange setup DAB of srv1/2.domain2.com with https://owa.domain2.com), now these outlook LAN clients connect to https://owa.domain1.com (which is hosted over WAN on primary DC) which is hosted in the primary office data center. we don't want our branch users outlook clients to connect over Internet WAN link to the primary exchange CAS (https://owa.domain1.com). these outlook clients used normally to connect to the branch exchange CAS owa.domain2.com.
Required to achieve:
We want srv3.domain1.com CAS+MBX as DR server to switch over to it from primary office to it in case of primary DC is down and to keep the existing branch users connecting normally to their exchange setup owa.domain2.com and NOT to use the owa.domain1.com by any means
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
After going through the detailed description in your post, I tried wrapping things up and created the picture below based my personal understanding of your current environment. Feel free to let me know if I have misunderstood anything.
We want srv3.domain1.com CAS+MBX as DR server to switch over to it from primary office to it in case of primary DC is down
As regards to your requirement for the site reselience in case of the failure of primary DC, from the perspective of Exchange server side, noticed that the new added server(srv3.domain1.com) is playing as DC and Exchange 2013 server at the same time, right? If this is the case, it's actually not supported according to the official document below:
Installing Exchange on a domain controller is not recommended
"Running Exchange 2013 on a clustered node that is also an Active Directory domain controller isn't supported."
Then please understand that under "office-exchange-server-deployment" we mainly focus on general questions related to Exchange server and I personally am not that familar with Active Directory resilience, so I'd recommend asking this particular query using some AD related tags as well to confirm if this is a supported and correct deployment.
When it comes to the issue that after the 3rd exchange server srv3.domain1.com was added into the branch site, mailboxes belong to domain2.com is connecting over WAN link to the primary exchange CAS (https://owa.domain1.com), considering that the 3rd Exchange server is also a domain controller, I am assuming if it's possible that the servers in domain2.com are for any reason communicating with the new DC rather than its original dc in branch site. So for this situation, as mentioned earlier, I'd suggest first trying to confirm if the configuration is a right way for AD site resilieance and it won't interrupt the current communication between servers.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
hi @ YukiSun-MSFT,
thank you for summarizing the setup in this graphic. All components are correct except for the AD+DNS+GC. The AD DC+DNS+GC server is a separate server newly prepared in the branch-site for domain1.com and of course having a dedicated IP address of the range of Branch-Site IP scheme. You might call it srv-dc-branch.domain1.com.
so the 3rd exchange server (CAS+MBX) which belongs to Primary-DAG and hosted in the branch-site is NOT running any Domain Services roles.
The AD DC+DNS+GC server is a separate server newly prepared in the branch-site for domain1.com and of course having a dedicated IP address of the range of Branch-Site IP scheme.
Thanks for the clarification and sorry for my misunderstanding.
As the issue started after the 3rd exchange server (CAS+MBX) , how about trying to test by temporarily shutting down the 3rd Exchange server(in non-business hours) and see if the users in branch-site still connect to the primary exchange CAS (https://owa.domain1.com)?
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
yes, i tried this too. also i stopped the IIS altogether. but still the outlook clients still connect to owa.domain1.com/mapi.
the workaround i reached till now just to alleviate the situation is that i changed ALL Exchange URLs values of the srv3.domain1.com to be owa.domain2.com.
after this change, all outlook client in the branch site are communicating with only the owa.domain2.com.
Appreciate it for the response and glad to know that it works after changing the Exchange URLs values of the srv3.domain1.com to be owa.domain2.com.
And below are some links I found during my research which also indicate it's the correct approach to set the Exchange urls of the new Exchange server to be the same as the other servers in the same site(branch site):
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
thanks @Yuki Sun-MSFT for the link you provided.
it seems this is the proper way to fix the situation described above.