管理数据库可用性组Managing database availability groups

适用于: Exchange Server 2013Applies to: Exchange Server 2013

数据库可用性组(DAG)是一组最高为16个 Microsoft Exchange Server 2013 的邮箱服务器,可从数据库、服务器或网络故障中自动执行数据库级恢复。A database availability group (DAG) is a set of up to 16 Microsoft Exchange Server 2013 Mailbox servers that provides automatic, database-level recovery from a database, server, or network failure. DAG 使用连续复制和部分 Windows 故障转移群集技术,提供高可用性和网站恢复。DAGs use continuous replication and a subset of Windows failover clustering technologies to provide high availability and site resilience. DAG 中的邮箱服务器相互进行故障监视。Mailbox servers in a DAG monitor each other for failures. 邮箱服务器添加到 DAG 后,它会与 DAG 中的其他服务器协同工作,提供从数据库故障中自动执行数据库级恢复的功能。When a Mailbox server is added to a DAG, it works with the other servers in the DAG to provide automatic, database-level recovery from database failures.

创建 DAG 时,DAG 最初是空的。将第一个服务器添加到 DAG 时,将为 DAG 自动创建故障转移群集。此外,还将启动监视服务器的网络或故障的基础结构。然后,使用故障转移群集检测信号机制和群集数据库来跟踪和管理有关 DAG 可能快速更改的信息,比如数据库装入状态、复制状态和最后装入位置。When you create a DAG, it's initially empty. When you add the first server to a DAG, a failover cluster is automatically created for the DAG. In addition, the infrastructure that monitors the servers for network or server failures is initiated. The failover cluster heartbeat mechanism and cluster database are then used to track and manage information about the DAG that can change quickly, such as database mount status, replication status, and last mounted location.

创建 DAGCreating DAGs

DAG 创建方法是在 Exchange 管理中心 (EAC) 中使用"新建数据库可用性组"向导,或在 Exchange 命令行管理程序中运行 New-DatabaseAvailabilityGroup cmdlet。A DAG can be created using the New Database Availability Group wizard in the Exchange admin center (EAC), or by running the New-DatabaseAvailabilityGroup cmdlet in the Exchange Management Shell. 创建 DAG 时,请提供 DAG 名称、可选见证服务器和见证目录设置。When creating a DAG, you provide a name for the DAG, and optional witness server and witness directory settings. 此外,还可以为 DAG 分配一个或多个 IP 地址,方法为使用静态 IP 地址,或使用动态主机配置协议 (DHCP) 为 DAG 自动分配必要的 IP 地址。In addition, you can assign one or more IP addresses to the DAG, either by using static IP addresses or by allowing the DAG to be automatically assigned the necessary IP addresses using Dynamic Host Configuration Protocol (DHCP). 您可以使用DatabaseAvailabilityGroupIpAddresses参数将 IP 地址手动分配给 DAG。You can manually assign IP addresses to the DAG by using the DatabaseAvailabilityGroupIpAddresses parameter. 如果省略此参数,DAG 会尝试使用网络中的 DHCP 服务器来获取 IP 地址。If you omit this parameter, the DAG attempts to obtain an IP address by using a DHCP server on your network.

如果要创建将包含运行 Windows Server 2012 R2 的邮箱服务器的 DAG,则还可以选择不使用群集管理访问点来创建 DAG。If you are creating a DAG that will contain Mailbox servers that are running Windows Server 2012 R2, you also have the option of creating a DAG without a cluster administrative access point. 在这种情况下,群集在 Active Directory 中将不会有群集名称对象 (CNO),群集核心资源组也不会包含网络名称资源或 IP 地址资源。In that case, the cluster will not have a cluster name object (CNO) in Active Directory, and the cluster core resource group will not contain a network name resource or an IP address resource.

有关如何创建 DAG 的详细步骤,请参阅创建数据库可用性组For detailed steps about how to create a DAG, see Create a database availability group.

创建 DAG 时,将在 Active Directory 中创建一个空对象,以代表具有指定名称且对象类为 msExchMDBAvailabilityGroup 的 DAG。When you create a DAG, an empty object representing the DAG with the name you specified and an object class of msExchMDBAvailabilityGroup is created in Active Directory.

DAG 使用部分 Windows 故障转移群集技术(如群集检测信号、群集网络和群集数据库),用于存储更改或可能会快速更改的数据,如数据库状态从主动更改为被动(反之亦然),或从装入更改为卸除(反之亦然)。DAGs use a subset of Windows failover clustering technologies, such as the cluster heartbeat, cluster networks, and cluster database (for storing data that changes or can change quickly, such as database state changes from active to passive or the reverse, or from mounted to dismounted or the reverse). 由于 Dag 依赖于 Windows 故障转移群集,因此只能在运行 Windows Server 2008 R2 Enterprise 或 Datacenter 操作系统的 Exchange 2013 邮箱服务器上创建 Windows Server 2012 Standard 或 Datacenter 操作系统,或者 Windows Server 2012 R2 Standard 或 Datacenter 操作系统。Because DAGs rely on Windows failover clustering, they can only be created on Exchange 2013 Mailbox servers running the Windows Server 2008 R2 Enterprise or Datacenter operating system, Windows Server 2012 Standard or Datacenter operating system, or Windows Server 2012 R2 Standard or Datacenter operating system.

备注

由 DAG 创建和使用的故障转移群集必须专用于 DAG。该群集不能用于任何其他高可用性解决方案或任何其他用途。例如,故障转移群集不能用于对其他应用程序或服务进行群集。不支持将某个 DAG 的基础故障转移群集用于该 DAG 以外的用途。The failover cluster created and used by the DAG must be dedicated to the DAG. The cluster can't be used for any other high availability solution or for any other purpose. For example, the failover cluster can't be used to cluster other applications or services. Using a DAG's underlying failover cluster for purposes other than the DAG isn't supported.

DAG 见证服务器和见证目录DAG witness server and witness directory

创建 DAG 时,需要为 DAG 指定一个不超过 15 个字符且在 Active Directory 林中唯一的名称。When creating a DAG, you need to specify a name for the DAG no longer than 15 characters that's unique within the Active Directory forest. 此外,每个 DAG 都会配置有见证服务器和见证目录。In addition, each DAG is configured with a witness server and witness directory. 仅当 DAG 中成员数为偶数时,才使用见证服务器及其目录,且只能用于仲裁目的。The witness server and its directory are used only when there's an even number of members in the DAG and then only for quorum purposes. 无需提前创建见证目录。You don't need to create the witness directory in advance. Exchange 会在见证服务器上自动创建并保护见证目录。Exchange automatically creates and secures the directory for you on the witness server. 目录不应用于 DAG 见证服务器之外的其他任何目的。The directory shouldn't be used for any purpose other than for the DAG witness server.

见证服务器的要求如下:The requirements for the witness server are as follows:

  • 见证服务器不能是 DAG 的成员。The witness server can't be a member of the DAG.

  • 见证服务器必须与 DAG 位于同一个 Active Directory 林中。The witness server must be in the same Active Directory forest as the DAG.

  • 见证服务器必须运行受支持的 Windows Server 版本。The witness server must be running a supported version of Windows Server. 有关详细信息,请参阅Exchange 2013 系统要求For more information, see Exchange 2013 system requirements.

  • 单个服务器可以充当多个 DAG 的见证。A single server can serve as a witness for multiple DAGs. 但是,每个 DAG 都需要其自己的见证目录。However, each DAG requires its own witness directory.

无论将哪个服务器用作见证服务器,如果在预期的见证服务器上启用了 Windows 防火墙,必须为文件和打印机共享启用 Windows 防火墙例外。Regardless of what server is used as the witness server, if the Windows Firewall is enabled on the intended witness server, you must enable the Windows Firewall exception for File and Printer Sharing.

重要

如果您指定的见证服务器不是 Exchange 2013 或 Exchange 2010 服务器,则必须在创建 DAG 之前,将 Exchange 受信任子系统通用安全组(USG)添加到见证服务器上的本地管理员组中。If the witness server you specify isn't an Exchange 2013 or Exchange 2010 server, you must add the Exchange Trusted Subsystem universal security group (USG) to the local Administrators group on the witness server prior to creating the DAG. 需要这些安全权限来确保 Exchange 可以根据需要在见证服务器上创建并共享目录。These security permissions are necessary to ensure that Exchange can create a directory and share on the witness server as needed.
见证服务器使用 SMB 端口 445。The witness server uses SMB port 445.

见证服务器和见证目录不需具有容错能力,也不需使用任何形式的冗余或高可用性。无需对见证服务器使用群集文件服务器或采用其他任何形式的恢复机制。其原因是多方面的。对于大型 DAG(例如,六个成员或更多),只有在发生多个故障时才需要见证服务器。由于六成员 DAG 可以承受多达两个投票者故障,而不会丢失仲裁,因此三个投票者发生故障后才需要见证服务器来维持仲裁。此外,如果故障影响到了当前的见证服务器(例如,由于硬件故障而丢失了见证服务器),则可以使用 Set-DatabaseAvailabilityGroup cmdlet 配置新的见证服务器和见证目录(前提是拥有仲裁)。Neither the witness server nor the witness directory needs to be fault tolerant or use any form of redundancy or high availability. There's no need to use a clustered file server for the witness server or employ any other form of resiliency for the witness server. There are several reasons for this. With larger DAGs (for example, six members or more), several failures are required before the witness server is needed. Because a six-member DAG can tolerate as many as two voter failures without losing quorum, it would take as many as three voters failing before the witness server would be needed to maintain a quorum. Also, if there's a failure that affects your current witness server (for example, you lose the witness server because of a hardware failure), you can use the Set-DatabaseAvailabilityGroup cmdlet to configure a new witness server and witness directory (provided you have a quorum).

备注

如果见证服务器丢失了存储内容,或有人更改了见证目录或共享权限,则还可以使用 Set-DatabaseAvailabilityGroup cmdlet 在原始位置配置见证服务器和见证目录。You can also use the Set-DatabaseAvailabilityGroup cmdlet to configure the witness server and witness directory in the original location if the witness server lost its storage or if someone changed the witness directory or share permissions.

见证服务器放置的注意事项Witness server placement considerations

DAG 的见证服务器放置将取决于业务需求和组织的可用选项。Exchange 2013 支持在 Exchange 之前的版本中不推荐或不可用的新 DAG 配置选项。这些选项包括使用第三个位置,如第三个数据中心、分支机构或 Microsoft Azure 虚拟网络。The placement of a DAG's witness server will depend on your business requirements and the options available to your organization. Exchange 2013 includes support for new DAG configuration options that are not recommended or not possible in previous versions of Exchange. These options include using a third location, such as a third datacenter, a branch office, or a Microsoft Azure virtual network.

下表列出了不同部署方案中见证服务器放置的常规建议。The following table lists general witness server placement recommendations for different deployment scenarios.

部署方案Deployment Scenario 建议Recommendations

在单个数据中心部署单个 DAGSingle DAG deployed in a single datacenter

查找相同数据中心中的见证服务器作为 DAG 成员Locate witness server in the same datacenter as DAG members

在两个数据中心部署单个 DAG;没有其他可用位置Single DAG deployed across two datacenters; no additional locations available

在 Microsoft Azure 虚拟网络上查找见证服务器来启用自动数据中心故障转移,或Locate witness server on a Microsoft Azure virtual network to enable automatic datacenter failover, or

在主数据中心查找见证服务器Locate witness server in primary datacenter

在单个数据中心部署多个 DAGMultiple DAGs deployed in a single datacenter

查找相同数据中心中的见证服务器作为 DAG 成员。其他选项包括:Locate witness server in the same datacenter as DAG members. Additional options include:

  • 为多个 DAG 使用相同的见证服务器Using the same witness server for multiple DAGs

  • 为不同的 DAG 使用 DAG 成员作为见证服务器Using a DAG member to act as a witness server for a different DAG

在两个数据中心中部署多个 DAGMultiple DAGs deployed across two datacenters

在 Microsoft Azure 虚拟网络上查找见证服务器来启用自动数据中心故障转移,或Locate witness server on a Microsoft Azure virtual network to enable automatic datacenter failover, or

在数据中心查找视为每个 DAG 的主服务器的见证服务器。其他选项包括:Locate witness server in the datacenter that is considered primary for each DAG. Additional options include:

  • 为多个 DAG 使用相同的见证服务器Using the same witness server for multiple DAGs

  • 为不同的 DAG 使用 DAG 成员作为见证服务器Using a DAG member to act as a witness server for a different DAG

在两个以上数据中心部署单个或多个 DAGSingle or Multiple DAGs deployed across more than two datacenters

在此配置中,见证服务器应位于您希望大多数仲裁投票位于其中的数据中心。In this configuration, the witness server should be located in the datacenter where you want the majority of quorum votes to exist.

在两个数据中心中部署 DAG 后,Exchange 2013 中的新配置选项将使用第三个位置来托管见证服务器。如果组织具有带有网络基础结构的第三个位置,且该网络基础结构与影响部署了 DAG 的两个数据中心的网络故障分离开来,则可以在此第三个位置部署 DAG 的见证服务器,从而将 DAG 配置为可以自动将数据库故障转移到其他数据中心,以响应数据中心级别的故障事件。如果您的组织只有两个物理位置,则可以使用 Microsoft Azure 虚拟网络作为放置见证服务器的第三个位置。When a DAG has been deployed across two datacenters, a new configuration option in Exchange 2013 is to use a third location for hosting the witness server. If your organization has a third location with a network infrastructure that is isolated from network failures that affect the two datacenters in which your DAG is deployed, then you can deploy the DAG's witness server in that third location, thereby configuring your DAG with the ability automatically failover databases to the other datacenter in response to a datacenter-level failure event. If your organization only has two physical locations, you can use a Microsoft Azure virtual network as a third location to place your witness server.

在 DAG 创建过程中指定见证服务器和见证目录Specifying a witness server and witness directory during DAG creation

创建 DAG 时,必须提供 DAG 的名称。您也可以选择指定见证服务器和见证目录。When creating a DAG, you must provide a name for the DAG. You can optionally also specify a witness server and witness directory.

创建 DAG 时,可以使用以下选项和行为组合:When creating a DAG, the following combinations of options and behaviors are available:

  • 您可以仅指定 DAG 的名称,并将见证服务器见证目录字段保留为空。You can specify only a name for the DAG, and leave the Witness server and Witness directory fields blank. 在这种情况下,向导会在本地 Active Directory 站点中搜索未安装邮箱服务器的客户端访问服务器,并在该服务器上自动创建默认目录(% 系统驱动器%: \ DAGFileShareWitnesses \ <DAGFQDN> )和 default share ( <DAGFQDN> ),并使用该客户端访问服务器作为见证服务器。In this scenario, the wizard searches the local Active Directory site for a Client Access server that doesn't have the Mailbox server installed, and it automatically creates the default directory (%SystemDrive%:\DAGFileShareWitnesses\<DAGFQDN>) and default share (<DAGFQDN>) on that server and uses that Client Access server as the witness server. 例如,请考虑将操作系统安装到驱动器 C 上的见证服务器 CAS3。Contoso.com 域中名为 DAG1 的 DAG 将使用 C: DAGFileShareWitnesses DAG1.contoso.com 的默认见证 \ 目录 \ ,它将作为 \ \ CAS3 \ DAG1.contoso.com 共享。For example, consider the witness server CAS3 on which the operating system has been installed onto drive C. A DAG named DAG1 in the contoso.com domain would use a default witness directory of C:\DAGFileShareWitnesses\DAG1.contoso.com, which would be shared as \\CAS3\DAG1.contoso.com.

  • 可以指定 DAG 的名称、要使用的见证服务器以及要在见证服务器上创建并共享的目录。You can specify a name for the DAG, the witness server that you want to use, and the directory you want created and shared on the witness server.

  • You can specify a name for the DAG and the witness server that you want to use, and leave the Witness directory field blank. In this scenario, the wizard creates the default directory on the specified witness server.You can specify a name for the DAG and the witness server that you want to use, and leave the Witness directory field blank. In this scenario, the wizard creates the default directory on the specified witness server.

  • You can specify a name for the DAG, leave the Witness server field blank, and specify the directory you want created and shared on the witness server. In this scenario, the wizard searches for a Client Access server that doesn't have the Mailbox server installed, and it automatically creates the specified DAG on that server, shares the directory, and uses that Client Access server as the witness server.You can specify a name for the DAG, leave the Witness server field blank, and specify the directory you want created and shared on the witness server. In this scenario, the wizard searches for a Client Access server that doesn't have the Mailbox server installed, and it automatically creates the specified DAG on that server, shares the directory, and uses that Client Access server as the witness server.

DAG 形成后,最初使用多数节点仲裁模型。将第二个邮箱服务器添加到 DAG 后,仲裁将自动更改为多数节点和文件共享仲裁模型。发生此更改后,DAG 的群集将开始使用见证服务器来维持仲裁。如果见证目录不存在,Exchange 会自动创建该目录并将其共享,使 DAG 的 CNO 计算机帐户具有对该共享的完全控制权限。When a DAG is formed, it initially uses the Node Majority quorum model. When the second Mailbox server is added to the DAG, the quorum is automatically changed to a Node and File Share Majority quorum model. When this change occurs, the DAG's cluster begins using the witness server for maintaining quorum. If the witness directory doesn't exist, Exchange automatically creates it, shares it, and provisions the share with full control permissions for the CNO computer account for the DAG.

备注

不支持使用属于分布式文件系统 (DFS) 命名空间的文件共享。Using a file share that's part of a Distributed File System (DFS) namespace isn't supported.

如果创建 DAG 之前在见证服务器上启用了 Windows 防火墙,那么防火墙可能会阻止创建 DAG。Exchange 使用 Windows Management Instrumentation (WMI) 在见证服务器上创建目录和文件共享。如果启用了见证服务器上的 Windows 防火墙,但没有针对 WMI 配置防火墙例外,那么 New-DatabaseAvailabilityGroup cmdlet 将会失败,并出现错误。如果指定了见证服务器,但未指定见证目录,则会收到以下错误消息。If Windows Firewall is enabled on the witness server before the DAG is created, it may block the creation of the DAG. Exchange uses Windows Management Instrumentation (WMI) to create the directory and file share on the witness server. If Windows Firewall is enabled on the witness server and there are no firewall exceptions configured for WMI, the New-DatabaseAvailabilityGroup cmdlet fails with an error. If you specify a witness server, but not a witness directory, you receive the following error message.

任务无法在服务器 < 服务器名称上创建默认的见证目录 > 。The task was unable to create the default witness directory on server <Server Name>. 请手动指定见证目录。Please manually specify a witness directory.

如果指定了见证服务器和见证目录,则会收到以下警告消息。If you specify a witness server and witness directory, you receive the following warning message.

无法访问见证服务器“服务器名称”上的文件共享。Unable to access file shares on witness server 'ServerName'. 更正此问题之前,数据库可用性组很容易发生故障。Until this problem is corrected, the database availability group may be more vulnerable to failures. 可以使用 Set-DatabaseAvailabilityGroup cmdlet 再次尝试该操作。You can use the Set-DatabaseAvailabilityGroup cmdlet to try the operation again. 错误:找不到网络路径。Error: The network path was not found.

如果在创建 DAG 之后但未添加服务器之前启用了见证服务器上的 Windows 防火墙,那么防火墙可能会阻止添加或删除 DAG 成员。如果启用了见证服务器上的 Windows 防火墙,但没有针对 WMI 配置防火墙例外,那么 Add-DatabaseAvailabilityGroupServer cmdlet 将会显示下列警告消息。If Windows Firewall is enabled on the witness server after the DAG is created but before servers are added, it may block the addition or removal of DAG members. If Windows Firewall is enabled on the witness server and there are no firewall exceptions configured for WMI, the Add-DatabaseAvailabilityGroupServer cmdlet displays the following warning message.

无法在见证服务器"ServerName"上创建文件共享见证目录 "c:\dagfilesharewitnesses\ DAG_FQDN"。Failed to create file share witness directory 'C:\DAGFileShareWitnesses\DAG_FQDN' on witness server 'ServerName'. 更正此问题之前,数据库可用性组很容易发生故障。Until this problem is corrected, the database availability group may be more vulnerable to failures. 可以使用 Set-DatabaseAvailabilityGroup cmdlet 再次尝试该操作。You can use the Set-DatabaseAvailabilityGroup cmdlet to try the operation again. 错误:在服务器"ServerName"上出现 WMI 异常: RPC 服务器不可用。Error: WMI exception occurred on server 'ServerName': The RPC server is unavailable. (异常来自 HRESULT:0x800706BA)(Exception from HRESULT: 0x800706BA)

要解决前面的错误和警告,请执行下列操作之一:To resolve the preceding error and warnings, do one of the following:

  • 在见证服务器上手动创建见证目录和共享,并为该目录和共享的 DAG 完全控制权分配 CNO。Manually create the witness directory and share on the witness server, and assign the CNO for the DAG full control for the directory and share.

  • 在 Windows 防火墙中启用 WMI 例外。Enable the WMI exception in Windows Firewall.

  • 禁用 Windows 防火墙。Disable Windows Firewall.

DAG 成员身份DAG membership

创建 DAG 之后,可以使用 EAC 中的 "管理数据库可用性组" 向导或在命令行管理程序中使用add-databaseavailabilitygroupserveradd-databaseavailabilitygroupserver cmdlet,在 dag 中添加或删除服务器。After a DAG has been created, you can add servers to or remove servers from the DAG using the Manage Database Availability Group wizard in the EAC, or using the Add-DatabaseAvailabilityGroupServer or Remove-DatabaseAvailabilityGroupServer cmdlets in the Shell. 若要详细了解如何管理 DAG 成员身份,请参阅 管理数据库可用性组成员身份For detailed steps about how to manage DAG membership, see Manage database availability group membership.

备注

作为 DAG 成员的每个邮箱服务器也是 DAG 使用的基础群集中的一个节点。因此,在任何时候,邮箱服务器都只能是一个 DAG 的成员。Each Mailbox server that's a member of a DAG is also a node in the underlying cluster used by the DAG. As a result, at any one time, a Mailbox server can be a member of only one DAG.

如果添加到 DAG 的邮箱服务器没有安装故障转移群集组件,则用于添加服务器的方法(例如, Add-DatabaseAvailabilityGroupServer cmdlet 或管理数据库可用性组向导)会安装故障转移群集功能。If the Mailbox server being added to a DAG doesn't have the failover clustering component installed, the method used to add the server (for example, the Add-DatabaseAvailabilityGroupServer cmdlet or the Manage Database Availability Group wizard) installs the failover clustering feature.

将第一个邮箱服务器添加到 DAG 时,将发生以下操作:When the first Mailbox server is added to a DAG, the following occurs:

  • 安装 Windows 故障转移群集组件(如果尚未安装)。The Windows failover clustering component is installed, if it isn't already installed.

  • 使用 DAG 名称创建故障转移群集。此故障转移群集由 DAG 独占使用,并且此群集必须专用于 DAG。不支持将此群集用于任何其他用途。A failover cluster is created using the name of the DAG. This failover cluster is used exclusively by the DAG, and the cluster must be dedicated to the DAG. Use of the cluster for any other purpose isn't supported.

  • 在默认计算机容器中创建 CNO。A CNO is created in the default computers container.

  • DAG 的名称和 IP 地址在域名系统 (DNS) 中注册为主机 (A) 记录。The name and IP address of the DAG is registered as a Host (A) record in Domain Name System (DNS).

  • 服务器添加到 Active Directory 中的 DAG 对象中。The server is added to the DAG object in Active Directory.

  • 使用装入到所添加服务器中的数据库的信息更新群集数据库。The cluster database is updated with information on the databases mounted on the added server.

在大型或多站点环境中,尤其是 DAG 扩展为多个 Active Directory 站点的环境中,必须等待包含第一个 DAG 成员的 DAG 对象 Active Directory 复制完成。如果在您的环境中未复制此 Active Directory 对象,则添加第二个服务器可能会导致为该 DAG 创建一个新的群集和新的 CNO。这是因为从添加的第二个成员的角度来看,该 DAG 对象看起来内容为空,因此即使这些对象已经存在,仍会导致 Add-DatabaseAvailabilityGroupServer cmdlet 为该 DAG 创建群集和 CNO。若要验证是否已复制了包含第一个 DAG 服务器的 DAG 对象,请在要添加的第二个服务器上使用 Get-DatabaseAvailabilityGroup cmdlet 来验证已添加的第一个服务器是否作为该 DAG 的成员列出。In a large or multiple site environment, especially those in which the DAG is extended to multiple Active Directory sites, you must wait for Active Directory replication of the DAG object containing the first DAG member to complete. If this Active Directory object isn't replicated throughout your environment, adding the second server may cause a new cluster (and new CNO) to be created for the DAG. This is because the DAG object appears empty from the perspective of the second member being added, thereby causing the Add-DatabaseAvailabilityGroupServer cmdlet to create a cluster and CNO for the DAG, even though these objects already exist. To verify that the DAG object containing the first DAG server has been replicated, use the Get-DatabaseAvailabilityGroup cmdlet on the second server being added to verify that the first server you added is listed as a member of the DAG.

将第二个及后续服务器添加到 DAG 时,将发生以下操作:When the second and subsequent servers are added to the DAG, the following occurs:

  • 服务器加入 DAG 的 Windows 故障转移群集中。The server is joined to the Windows failover cluster for the DAG.

  • 仲裁模型自动进行调整:The quorum model is automatically adjusted:

    • 对于成员数为奇数的 DAG 采用多数节点仲裁模型。A Node Majority quorum model is used for DAGs with an odd number of members.

    • 对于成员数为偶数的 DAG 采用多数节点和文件共享仲裁模型。A Node and File Share Majority quorum model is used for DAGs with an even number of members.

  • 需要时,Exchange 将自动创建见证目录和共享。The witness directory and share are automatically created by Exchange when needed.

  • 服务器添加到 Active Directory 中的 DAG 对象中。The server is added to the DAG object in Active Directory.

  • 使用已装入数据库的信息更新群集数据库。The cluster database is updated with information about mounted databases.

备注

自动更改仲裁模型。The quorum model change should happen automatically. 如果仲裁模型没有自动更改为正确的模型,则可以运行仅包含 Identity 参数的 Set-DatabaseAvailabilityGroup cmdlet 来更正 DAG 仲裁设置。However, if the quorum model doesn't automatically change to the proper model, you can run the Set-DatabaseAvailabilityGroup cmdlet with only the Identity parameter to correct the quorum settings for the DAG.

预先暂存 DAG 的群集名称对象Pre-staging the cluster name object for a DAG

CNO 是在 Active Directory 中创建的一个计算机帐户,与群集名称资源相关联。群集名称资源与 CNO 绑定,该 CNO 是支持 Kerberos 的对象,充当群集标识并提供群集的安全上下文。在将第一个成员添加到该 DAG 时形成了 DAG 基础群集以及该群集的 CNO。将第一个服务器添加到 DAG 时,远程 Powershell 将与正在添加的邮箱服务器上的 Microsoft Exchange 复制服务取得联系。如果还未安装故障转移群集功能,Microsoft Exchange 复制服务将安装该功能,并开始群集创建过程。Microsoft Exchange 复制服务在 LOCAL SYSTEM 安全上下文中运行,并且群集创建也正是在此上下文中执行。The CNO is a computer account created in Active Directory and associated with the cluster's Name resource. The cluster's Name resource is tied to the CNO, which is a Kerberos-enabled object that acts as the cluster's identity and provides the cluster's security context. The formation of the DAG's underlying cluster and the CNO for that cluster is performed when the first member is added to the DAG. When the first server is added to the DAG, remote PowerShell contacts the Microsoft Exchange Replication service on the Mailbox server being added. The Microsoft Exchange Replication service installs the failover clustering feature (if it isn't already installed) and begins the cluster creation process. The Microsoft Exchange Replication service runs under the LOCAL SYSTEM security context, and it's under this context in which cluster creation is performed.

警告

如果您的 DAG 成员运行 Windows Server 2012,则必须在将第一个服务器添加到 DAG 中之前预先暂存 CNO。如果您的 DAG 成员运行 Windows Server 2012 R2,并且创建的 DAG 没有群集管理访问点,那么将不会创建 CNO,并且不需要为 DAG 创建 CNO。If your DAG members are running Windows Server 2012, you must pre-stage the CNO prior to adding the first server to the DAG. If your DAG members are running Windows Server 2012 R2, and you create a DAG without a cluster administrative access point, then a CNO will not be created, and you do not need to create a CNO for the DAG.

如果计算机帐户的创建环境受限,或者计算机帐户创建于默认计算机容器之外的其他容器中,则可以预先暂存并设置 CNO。您可为 CNO 创建和禁用计算机帐户,然后执行以下操作之一:In environments where computer account creation is restricted, or where computer accounts are created in a container other than the default computers container, you can pre-stage and provision the CNO. You create and disable a computer account for the CNO, and then either:

  • 向您要添加到 DAG 的第一个邮箱服务器的计算机帐户分配对该计算机帐户的完全控制权限。Assign full control of the computer account to the computer account of the first Mailbox server you're adding to the DAG.

  • 向 Exchange 受信任子系统 USG 分配对该计算机帐户的完全控制权限。Assign full control of the computer account to the Exchange Trusted Subsystem USG.

向您要添加到 DAG 的第一个邮箱服务器的计算机帐户分配对该计算机帐户的完全控制权限,可确保 LOCAL SYSTEM 安全上下文能够管理预先暂存的计算机帐户。也可改为向 Exchange 受信任子系统 USG 分配对该计算机帐户的完全控制权限,因为该 Exchange 受信任子系统 USG 包含了域中所有 Exchange 服务器的计算机帐户。Assigning full control of the computer account to the computer account of the first Mailbox server you're adding to the DAG ensures that the LOCAL SYSTEM security context will be able to manage the pre-staged computer account. Assigning full control of the computer account to the Exchange Trusted Subsystem USG can be used instead because the Exchange Trusted Subsystem USG contains the machine accounts of all Exchange servers in the domain.

有关如何预先暂存和设置 DAG 的 CNO 的详细步骤,请参阅为数据库可用性组预留群集名称对象For detailed steps about how to pre-stage and provision the CNO for a DAG, see Pre-stage the cluster name object for a database availability group.

从 DAG 中删除服务器Removing servers from a DAG

可以使用 EAC 中的 "管理数据库可用性组向导" 或命令行管理程序中的add-databaseavailabilitygroupserver cmdlet 将邮箱服务器从 DAG 中删除。Mailbox servers can be removed from a DAG by using the Manage Database Availability Group wizard in the EAC or the Remove-DatabaseAvailabilityGroupServer cmdlet in the Shell. 将邮箱服务器从 DAG 中删除之前,必须先从服务器中删除所有复制的邮箱数据库。Before a Mailbox server can be removed from a DAG, all replicated mailbox databases must first be removed from the server. 如果试图从 DAG 中删除带有复制的邮箱数据库的邮箱服务器,任务将失败。If you attempt to remove a Mailbox server with replicated mailbox databases from a DAG, the task fails.

在某些情况下,必须先将邮箱服务器从 DAG 中删除才能执行特定操作。There are scenarios in which you must remove a Mailbox server from a DAG before performing certain operations. 这些情况包括:These scenarios include:

  • 执行服务器恢复操作:如果属于 DAG 成员的邮箱服务器丢失,或者因其他原因失败且不可恢复且需要替换,则可以使用Setup/m: RecoverServer开关执行服务器恢复操作。Performing a server recovery operation: If a Mailbox server that's a member of a DAG is lost, or otherwise fails and is unrecoverable and needs replacement, you can perform a server recovery operation using the Setup /m:RecoverServer switch. 但是,必须先使用带有ConfigurationOnly参数的ADD-DATABASEAVAILABILITYGROUPSERVER cmdlet 从 DAG 中删除服务器,然后才能执行恢复操作。However, before you can perform the recovery operation, you must first remove the server from the DAG using the Remove-DatabaseAvailabilityGroupServer cmdlet with the ConfigurationOnly parameter.

  • 删除数据库可用性组:在某些情况下,您可能需要删除 DAG (例如,禁用第三方复制模式时)。Removing the database availability group: There may be situations in which you need to remove a DAG (for example, when disabling third-party replication mode). 如果需要删除 DAG,必须先删除 DAG 中的所有服务器。If you need to remove a DAG, you must first remove all servers from the DAG. 如果试图删除包含任何成员的 DAG,任务会失败。If you attempt to remove a DAG that contains any members, the task fails.

配置 DAG 属性Configuring DAG properties

将服务器添加到 DAG 之后,可以使用 EAC 或命令行管理程序配置 DAG 的属性,包括 DAG 使用的见证服务器和见证目录以及分配给 DAG 的 IP 地址。After servers have been added to the DAG, you can use the EAC or the Shell to configure the properties of a DAG, including the witness server and witness directory used by the DAG, and the IP addresses assigned to the DAG.

可配置的属性包括:Configurable properties include:

  • 见证服务器:要为文件共享见证托管文件共享的服务器的名称。Witness server: The name of the server that you want to host the file share for the file share witness. 我们建议您指定客户端访问服务器作为见证服务器。We recommend that you specify a Client Access server as the witness server. 这样系统可以根据需要自动对此共享进行配置、安全设置和使用,并使邮件管理员可以知道见证服务器的可用性。This enables the system to automatically configure, secure, and use the share, as needed, and enables the messaging administrator to be aware of the availability of the witness server.

  • 见证目录:将用于存储文件共享见证数据的目录的名称。Witness directory: The name of a directory that will be used to store file share witness data. 系统将自动在指定的见证服务器上创建此目录。This directory will automatically be created by the system on the specified witness server.

  • 数据库可用性组 ip 地址:必须向 dag 分配一个或多个 ip 地址,除非 DAG 成员运行的是 Windows Server 2012 R2,而您正在创建不带 IP 地址的 dag。Database availability group IP addresses: One or more IP addresses must be assigned to the DAG, unless the DAG members are running Windows Server 2012 R2 and you are creating a DAG without an IP address. 或者,可以使用手动分配的静态 IP 地址配置 DAG 的 IP 地址,或在组织中使用 DHCP 服务器自动将它们分配给 DAG。Otherwise, the DAG's IP addresses can be configured using manually assigned static IP addresses, or they can be automatically assigned to the DAG using a DHCP server in your organization.

使用命令行管理程序,可以配置 EAC 中不可用的 DAG 属性,例如 DAG IP 地址、网络加密和压缩设置、网络发现、用于复制的 TCP 端口、备用见证服务器和见证目录设置,以及启用数据中心激活协调模式。The Shell enables you to configure DAG properties that aren't available in the EAC, such as DAG IP addresses, network encryption and compression settings, network discovery, the TCP port used for replication, and alternate witness server and witness directory settings, and to enable Datacenter Activation Coordination mode.

有关如何配置 DAG 属性的详细步骤,请参阅配置数据库可用性组属性For detailed steps about how to configure DAG properties, see Configure database availability group properties.

DAG 网络加密DAG network encryption

通过利用 Windows Server 操作系统的加密功能,DAG 支持加密。DAG 在 Exchange 服务器之间使用 Kerberos 身份验证。Microsoft Kerberos 安全支持提供程序 (SSP) EncryptMessage 和 DecryptMessage API 可处理 DAG 网络通信的加密。Microsoft Kerberos SSP 支持多种加密算法。(有关完整列表,请参阅 Kerberos 协议扩展的第 3.1.5.2 节"加密类型")。Kerberos 身份验证握手会选择列表中支持的最强加密协议:通常为高级加密标准 (AES) 256 位,可能还包含基于 SHA 哈希的消息身份验证代码 (HMAC) 以维持数据的完整性。有关详细信息,请参阅 HMACDAGs support the use of encryption by leveraging the encryption capabilities of the Windows Server operating system. DAGs use Kerberos authentication between Exchange servers. Microsoft Kerberos security support provider (SSP) EncryptMessage and DecryptMessage APIs handle encryption of DAG network traffic. Microsoft Kerberos SSP supports multiple encryption algorithms. (For the complete list, see section 3.1.5.2, "Encryption Types" of Kerberos Protocol Extensions). The Kerberos authentication handshake selects the strongest encryption protocol supported in the list: typically Advanced Encryption Standard (AES) 256-bit, potentially with a SHA Hash-based Message Authentication Code (HMAC) to maintain integrity of the data. For details, see HMAC.

网络加密是 DAG 的属性,而非 DAG 网络的属性。Network encryption is a property of the DAG and not a DAG network. 您可以使用命令行管理程序中的set-databaseavailabilitygroup CMDLET 配置 DAG 网络加密。You can configure DAG network encryption using the Set-DatabaseAvailabilityGroup cmdlet in the Shell. 下表显示 DAG 网络通信的可能加密设置。The possible encryption settings for DAG network communications are shown in the following table.

DAG 网络通信加密设置DAG network communication encryption settings

设置Setting 说明Description

禁用Disabled

未使用网络加密。Network encryption isn't used.

已启用Enabled

所有 DAG 网络上都使用了网络加密,用于复制和种子设定。Network encryption is used on all DAG networks for replication and seeding.

InterSubnetOnlyInterSubnetOnly

在不同子网间进行复制时,将在 DAG 网络上使用网络加密。这是默认设置。Network encryption is used on DAG networks when replicating across different subnets. This is the default setting.

SeedOnlySeedOnly

所有 DAG 网络上都使用了网络加密,仅用于种子设定。Network encryption is used on all DAG networks for seeding only.

DAG 网络压缩DAG network compression

DAG 支持内置压缩。启用压缩时,DAG 网络通信使用 XPRESS(LZ77 算法的 Microsoft 实现)。有关详细信息,请参阅 Deflate 算法说明,及线路格式协议规范中的第 3.1.4.11.1.2.1 节"LZ77 压缩算法"。这与众多 Microsoft 协议中使用的压缩类型相同,尤其是 Microsoft Outlook 和 Exchange 之间的 MAPI RPC 压缩。DAGs support built-in compression. When compression is enabled, DAG network communication uses XPRESS, which is the Microsoft implementation of the LZ77 algorithm. For details, see An Explanation of the Deflate Algorithm and section 3.1.4.11.1.2.1 "LZ77 Compression Algorithm" of Wire Format Protocol Specification. This is the same type of compression used in many Microsoft protocols, in particular, MAPI RPC compression between Microsoft Outlook and Exchange.

与网络加密一样,网络压缩也是 DAG 的属性,而非 DAG 网络的属性。As with network encryption, network compression is also a property of the DAG and not a DAG network. 您可以使用命令行管理程序中的set-databaseavailabilitygroup CMDLET 配置 DAG 网络压缩。You configure DAG network compression by using the Set-DatabaseAvailabilityGroup cmdlet in the Shell. 下表显示 DAG 网络通信的可能压缩设置。The possible compression settings for DAG network communications are shown in the following table.

DAG 网络通信压缩设置DAG network communication compression settings

设置Setting 说明Description

已禁用Disabled

未使用网络压缩。Network compression isn't used.

已启用Enabled

所有 DAG 网络上都使用了网络压缩,用于复制和种子设定。Network compression is used on all DAG networks for replication and seeding.

InterSubnetOnlyInterSubnetOnly

在不同子网间进行复制时,将在 DAG 网络上使用网络压缩。这是默认设置。Network compression is used on DAG networks when replicating across different subnets. This is the default setting.

SeedOnlySeedOnly

所有 DAG 网络上都使用了网络压缩,仅用于种子设定。Network compression is used on all DAG networks for seeding only.

DAG 网络DAG networks

DAG 网络包含一个或多个用于复制流量或 MAPI 流量的子网。每个 DAG 包含最多一个 MAPI 网络,以及零个或多个复制网络。A DAG network is a collection of one or more subnets used for either replication traffic or MAPI traffic. Each DAG contains a maximum of one MAPI network and zero or more replication networks.

单网络适配器配置Single network adapter configurations

在单网络适配器配置中,同一网络同时用于 MAPI 流量和复制流量。In single network adapter configurations, the same network is used for both MAPI and replication traffic. 为了降低复杂性,为 Exchange 服务器推荐了一个网络适配器配置,因此可以在同一网络上同时具有 MAPI 和复制流量。To reduce complexity, a single network adapter is the recommended configuration for Exchange servers, so it's OK to have both MAPI and replication traffic on the same network.

双网络适配器配置Dual network adapter configurations

通常情况下,只有当增加的网络流量有可能使单网络适配器饱和时,才需要使用双网络适配器。Typically, you only need to use dual network adapters where the increased network traffic has the potential to saturate a single network adapter.

在双网络适配器配置中,通常有一个网络专用于复制流量,另一个网络主要用于 MAPI 流量。还可以向每个 DAG 成员添加网络适配器,并将其他 DAG 网络配置为复制网络。In dual network adapter configurations, one network is typically dedicated for replication traffic, and the other network is used primarily for MAPI traffic. You can also add network adapters to each DAG member and configure additional DAG networks as replication networks.

备注

使用多个复制网络时,无法指定网络使用的优先级顺序。Exchange 会从复制网络组中随机选择一个复制网络用于日志传送。When using multiple replication networks, there's no way to specify an order of precedence for network use. Exchange randomly selects a replication network from the group of replication networks to use for log shipping.

在 Exchange 2010 中,在许多情况下需要手动配置 DAG 网络。默认情况下,在 Exchange 2013 中,由系统自动配置 DAG 网络。因为您可以创建或修改 DAG 网络,所以必须首先通过运行以下命令启用手动 DAG 网络控制:In Exchange 2010, manual configuration of DAG networks was necessary in many scenarios. By default in Exchange 2013, DAG networks are automatically configured by the system. Before you can create or modify DAG networks, you must first enable manual DAG network control by running the following command:

Set-DatabaseAvailabilityGroup <DAGName> -ManualDagNetworkConfiguration $true

启用手动 DAG 网络配置后,您可以使用命令行管理程序中的 set-databaseavailabilitygroupnetwork CMDLET 创建 DAG 网络。After you've enabled manual DAG network configuration, you can use the New-DatabaseAvailabilityGroupNetwork cmdlet in the Shell to create a DAG network. 有关如何创建 DAG 网络的详细步骤,请参阅 创建数据库可用性组网络For detailed steps about how to create a DAG network, see Create a database availability group network.

您可以使用命令行管理程序中的set-databaseavailabilitygroupnetwork CMDLET 配置 DAG 网络属性。You can use the Set-DatabaseAvailabilityGroupNetwork cmdlet in the Shell to configure DAG network properties. 有关如何配置 DAG 网络属性的详细步骤,请参阅 配置数据库可用性组网络属性For detailed steps about how to configure DAG network properties, see Configure database availability group network properties. 需要配置每个 DAG 网络的必需和可选参数:Each DAG network has required and optional parameters to configure:

  • 网络名称: DAG 网络的唯一名称,最大为128个字符。Network name: A unique name for the DAG network of up to 128 characters.

  • 网络说明: DAG 网络的可选描述,最高为256个字符。Network description: An optional description for the DAG network of up to 256 characters.

  • 网络子网:使用IPAddress/位掩码格式输入的一个或多个子网(例如,对于 internet 协议版本4(IPv4)子网为 192.168.1.0/24); 2001: DB8:0: C000::/64 for internet 协议版本6(IPv6)子网)。Network subnets: One or more subnets entered using a format of IPAddress/Bitmask (for example, 192.168.1.0/24 for Internet Protocol version 4 (IPv4) subnets; 2001:DB8:0:C000::/64 for Internet Protocol version 6 (IPv6) subnets).

  • 启用复制:在 EAC 中,选中复选框以将 DAG 网络专用于复制流量并阻止 MAPI 流量。Enable replication: In the EAC, select the check box to dedicate the DAG network to replication traffic and block MAPI traffic. 清除此复选框可以阻止使用 DAG 网络进行通信复制,并启用 MAPI 通信。Clear the check box to prevent replication from using the DAG network and to enable MAPI traffic. 在命令行管理程序中,使用set-databaseavailabilitygroupnetwork cmdlet 中的ReplicationEnabled参数来启用和禁用复制。In the Shell, use the ReplicationEnabled parameter in the Set-DatabaseAvailabilityGroupNetwork cmdlet to enable and disable replication.

备注

在 MAPI 网络上禁用复制并不保证系统不会将 MAPI 网络用于复制。当配置的所有复制网络都脱机、出现故障或由于其他原因而不可用,只有 MAPI 网络保留(该网络配置为禁用复制)时,系统使用 MAPI 网络进行复制。Disabling replication for the MAPI network doesn't guarantee that the system won't use the MAPI network for replication. When all configured replication networks are offline, failed, or otherwise unavailable, and only the MAPI network remains (which is configured as disabled for replication), the system uses the MAPI network for replication.

系统创建的初始 DAG 网络(例如 MapiDagNetwork 和 ReplicationDagNetwork01)基于群集服务枚举的子网。每个 DAG 成员都必须具有相同数目的网络适配器,并且每个网络适配器都必须具有唯一子网上的 IPv4 地址(也可以具有 IPv6 地址)。多个 DAG 成员可以具有相同子网上的 IPv4 地址,但是特定 DAG 成员中的每个网络适配器和 IP 地址对必须处于唯一子网上。此外,只有用于 MAPI 网络的适配器才应配置有默认网关。复制网络不应配置有默认网关。The initial DAG networks (for example, MapiDagNetwork and ReplicationDagNetwork01) created by the system are based on the subnets enumerated by the Cluster service. Each DAG member must have the same number of network adapters, and each network adapter must have an IPv4 address (and optionally, an IPv6 address as well) on a unique subnet. Multiple DAG members can have IPv4 addresses on the same subnet, but each network adapter and IP address pair in a specific DAG member must be on a unique subnet. In addition, only the adapter used for the MAPI network should be configured with a default gateway. Replication networks shouldn't be configured with a default gateway.

例如,请考虑 DAG1,这是一个两成员 DAG,其中每个成员都有两个网络适配器(一个专用于 MAPI 网络,另一个用于复制网络)。下表中显示了示例 IP 地址配置设置。For example, consider DAG1, a two-member DAG where each member has two network adapters (one dedicated for the MAPI network and the other for a replication network). Example IP address configuration settings are shown in the following table.

示例网络适配器设置Example network adapter settings

服务器网络适配器Server-network adapter IP 地址/子网掩码IP address/subnet mask 默认网关Default gateway

EX1 (MAPI)EX1-MAPI

192.168.1.15/24192.168.1.15/24

192.168.1.1192.168.1.1

EX1(复制)EX1-Replication

10.0.0.15/2410.0.0.15/24

不适用Not applicable

EX2 (MAPI)EX2-MAPI

192.168.1.16192.168.1.16

192.168.1.1192.168.1.1

EX2(复制)EX2-Replication

10.0.0.1610.0.0.16

不适用Not applicable

在下面的配置中,在 DAG 中配置了两个子网:192.168.1.0 和 10.0.0.0。在将 EX1 和 EX2 添加到 DAG 时,会枚举这两个子网,并会创建两个 DAG 网络:MapiDagNetwork (192.168.1.0) 和 ReplicationDagNetwork01 (10.0.0.0)。这些网络的配置如下表所示。In the following configuration, there are two subnets configured in the DAG: 192.168.1.0 and 10.0.0.0. When EX1 and EX2 are added to the DAG, two subnets will be enumerated and two DAG networks will be created: MapiDagNetwork (192.168.1.0) and ReplicationDagNetwork01 (10.0.0.0). These networks will be configured as shown in the following table.

单子网 DAG 的枚举 DAG 网络设置Enumerated DAG network settings for a single-subnet DAG

名称Name 子网Subnets 接口Interfaces 启用了 MAPI 访问MAPI access enabled 启用了复制Replication enabled

MapiDagNetworkMapiDagNetwork

192.168.1.0/24192.168.1.0/24

EX1 (192.168.1.15)EX1 (192.168.1.15)

EX2 (192.168.1.16)EX2 (192.168.1.16)

TrueTrue

TrueTrue

ReplicationDagNetwork01ReplicationDagNetwork01

10.0.0.0/2410.0.0.0/24

EX1 (10.0.0.15)EX1 (10.0.0.15)

EX2 (10.0.0.16)EX2 (10.0.0.16)

FalseFalse

TrueTrue

若要完成作为专用复制网络的 ReplicationDagNetwork01 的配置,请通过运行下面的命令为 MapiDagNetwork 禁用复制。To complete the configuration of ReplicationDagNetwork01 as the dedicated replication network, disable replication for MapiDagNetwork by running the following command.

Set-DatabaseAvailabilityGroupNetwork -Identity DAG1\MapiDagNetwork -ReplicationEnabled:$false

在为 MapiDagNetwork 禁用了复制之后,Microsoft Exchange 复制服务将 ReplicationDagNetwork01 用于连续复制。如果 ReplicationDagNetwork01 遇到故障,则 Microsoft Exchange 复制服务会恢复为使用 MapiDagNetwork 进行连续复制。这由系统主动进行,以维持高可用性。After replication is disabled for MapiDagNetwork, the Microsoft Exchange Replication service uses ReplicationDagNetwork01 for continuous replication. If ReplicationDagNetwork01 experiences a failure, the Microsoft Exchange Replication service reverts to using MapiDagNetwork for continuous replication. This is done intentionally by the system to maintain high availability.

DAG 网络和多子网部署DAG networks and multiple subnet deployments

在上面的示例中,即使 DAG 使用了两个不同的子网(192.168.1.0 和 10.0.0.0),DAG 仍被视为单子网 DAG,因为每个成员都使用相同的子网构成 MAPI 网络。当 DAG 成员将不同的子网用于 MAPI 网络时,DAG 称为“多子网 DAG”**。在多子网 DAG 中,合适的子网会自动与每个 DAG 网络关联。In the preceding example, even though there are two different subnets in use by the DAG (192.168.1.0 and 10.0.0.0), the DAG is considered a single-subnet DAG because each member uses the same subnet to form the MAPI network. When DAG members use different subnets for the MAPI network, the DAG is referred to as a multi-subnet DAG. In a multi-subnet DAG, the proper subnets are automatically associated with each DAG network.

例如,请考虑 DAG2,这是一个两成员 DAG,其中每个成员都有两个网络适配器(一个专用于 MAPI 网络,另一个用于复制网络),并且每个 DAG 成员位于独立 Active Directory 站点中,其 MAPI 网络处于不同的子网上。下表中显示了示例 IP 地址配置设置。For example, consider DAG2, a two-member DAG where each member has two network adapters (one dedicated for the MAPI network and the other for a replication network), and each DAG member is located in a separate Active Directory site, with its MAPI network on a different subnet. Example IP address configuration settings are shown in the following table.

多子网 DAG 的示例网络适配器设置Example network adapter settings for a multi-subnet DAG

服务器网络适配器Server-network adapter IP 地址/子网掩码IP address/subnet mask 默认网关Default gateway

EX1 (MAPI)EX1-MAPI

192.168.0.15/24192.168.0.15/24

192.168.0.1192.168.0.1

EX1(复制)EX1-Replication

10.0.0.15/2410.0.0.15/24

不适用Not applicable

EX2 (MAPI)EX2-MAPI

192.168.1.15192.168.1.15

192.168.1.1192.168.1.1

EX2(复制)EX2-Replication

10.0.1.1510.0.1.15

不适用Not applicable

在下面的配置中,在 DAG 中配置了四个子网:192.168.0.0、192.168.1.0、10.0.0.0 和 10.0.1.0。在将 EX1 和 EX2 添加到 DAG 时,会枚举这四个子网,但是仅创建两个 DAG 网络:MapiDagNetwork (192.168.0.0, 192.168.1.0) 和 ReplicationDagNetwork01 (10.0.0.0, 10.0.1.0)。这些网络的配置如下表所示。In the following configuration, there are four subnets configured in the DAG: 192.168.0.0, 192.168.1.0, 10.0.0.0, and 10.0.1.0. When EX1 and EX2 are added to the DAG, four subnets will be enumerated, but only two DAG networks will be created: MapiDagNetwork (192.168.0.0, 192.168.1.0) and ReplicationDagNetwork01 (10.0.0.0, 10.0.1.0). These networks will be configured as shown in the following table.

多子网 DAG 的枚举 DAG 网络设置Enumerated DAG network settings for a multi-subnet DAG

名称Name 子网Subnets 接口Interfaces 启用了 MAPI 访问MAPI access enabled 启用了复制Replication enabled

MapiDagNetworkMapiDagNetwork

192.168.0.0/24192.168.0.0/24

192.168.1.0/24192.168.1.0/24

EX1 (192.168.0.15)EX1 (192.168.0.15)

EX2 (192.168.1.15)EX2 (192.168.1.15)

TrueTrue

TrueTrue

ReplicationDagNetwork01ReplicationDagNetwork01

10.0.0.0/2410.0.0.0/24

10.0.1.0/2410.0.1.0/24

EX1 (10.0.0.15)EX1 (10.0.0.15)

EX2 (10.0.1.15)EX2 (10.0.1.15)

FalseFalse

TrueTrue

DAG 网络和 iSCSI 网络DAG networks and iSCSI networks

默认情况下,DAG 将执行所有已检测到并配置为供基础群集使用的网络的发现。这包括作为对一个或多个 DAG 成员使用 iSCSI 存储的结果的所有 Internet SCSI (iSCSI) 网络。最佳做法是,iSCSI 存储应使用专用的网络和网络适配器。这些网络不应由 DAG 或其群集管理,也不应用作 DAG 网络(MAPI 或复制)。相反,应手动禁止 DAG 使用这些网络,使之专用于 iSCSI 存储通信。若要禁止检测 iSCSI 网络并将其用作 DAG 网络,请使用 Set-DatabaseAvailabilityGroupNetwork cmdlet 配置 DAG 以忽略当前检测到的任何 iSCSI 网络,如此示例所示:By default, DAGs perform discovery of all networks detected and configured for use by the underlying cluster. This includes any Internet SCSI (iSCSI) networks in use as a result of using iSCSI storage for one or more DAG members. As a best practice, iSCSI storage should use dedicated networks and network adapters. These networks shouldn't be managed by the DAG or its cluster, or used as DAG networks (MAPI or replication). Instead, these networks should be manually disabled from use by the DAG, so they can be dedicated to iSCSI storage traffic. To disable iSCSI networks from being detected and used as DAG networks, configure the DAG to ignore any currently detected iSCSI networks using the Set-DatabaseAvailabilityGroupNetwork cmdlet, as shown in this example:

Set-DatabaseAvailabilityGroupNetwork -Identity DAG2\DAGNetwork02 -ReplicationEnabled:$false -IgnoreNetwork:$true

此命令还会禁止群集使用该网络。虽然 iSCSI 网络会继续显示为 DAG 网络,但是在运行上面的命令之后不会将它们用于 MAPI 或复制通信。This command will also disable the network for use by the cluster. Although the iSCSI networks will continue to appear as DAG networks, they won't be used for MAPI or replication traffic after running the above command.

配置 DAG 成员Configuring DAG members

作为 DAG 成员的邮箱服务器的某些属性特定于高可用性,应按照以下各节所述配置这些属性:Mailbox servers that are members of a DAG have some properties specific to high availability that should be configured as described in the following sections:

  • Automatic database mount dialAutomatic database mount dial

  • Database copy automatic activation policyDatabase copy automatic activation policy

  • Maximum active databasesMaximum active databases

自动数据库装入拨号Automatic database mount dial

AutoDatabaseMountDial 参数指定数据库故障转移后的自动数据库装入行为。The AutoDatabaseMountDial parameter specifies the automatic database mount behavior after a database failover. 您可以使用set-mailboxserver Cmdlet 将AutoDatabaseMountDial参数配置为以下任何值:You can use the Set-MailboxServer cmdlet to configure the AutoDatabaseMountDial parameter with any of the following values:

  • BestAvailability:如果指定此值,则当复制队列长度小于或等于12时,数据库会在故障转移后立即自动装入。BestAvailability: If you specify this value, the database automatically mounts immediately after a failover if the copy queue length is less than or equal to 12. 复制队列长度是需要复制的被动副本识别的日志数量。The copy queue length is the number of logs recognized by the passive copy that needs to be replicated. 如果复制队列长度大于 12,则数据库不会自动装入。If the copy queue length is more than 12, the database doesn't automatically mount. 在复制队列长度小于或等于 12 时,Exchange 会尝试将剩余日志复制到被动副本中,并装入数据库。When the copy queue length is less than or equal to 12, Exchange attempts to replicate the remaining logs to the passive copy and mounts the database.

  • GoodAvailability:如果指定此值,则当复制队列长度小于或等于6时,数据库将在故障转移后立即自动装入。GoodAvailability: If you specify this value, the database automatically mounts immediately after a failover if the copy queue length is less than or equal to six. 复制队列长度是需要复制的被动副本识别的日志数量。The copy queue length is the number of logs recognized by the passive copy that needs to be replicated. 如果复制队列长度大于 6,则数据库不会自动装入。If the copy queue length is more than six, the database doesn't automatically mount. 在复制队列长度小于或等于 6 时,Exchange 会尝试将剩余日志复制到被动副本中,并装入数据库。When the copy queue length is less than or equal to six, Exchange attempts to replicate the remaining logs to the passive copy and mounts the database.

  • Lossless:如果指定此值,则在将主动副本上生成的所有日志复制到被动副本之前,数据库不会自动装入。Lossless: If you specify this value, the database doesn't automatically mount until all logs generated on the active copy have been copied to the passive copy. 此设置还会使活动管理器最佳副本选择算法基于数据库副本的激活首选项值(而不是其副本队列长度),对进行激活的潜在候选对象进行排序。This setting also causes the Active Manager best copy selection algorithm to sort potential candidates for activation based on the database copy's activation preference value and not its copy queue length.

默认值为 GoodAvailabilityThe default value is GoodAvailability. 如果指定 BestAvailabilityGoodAvailability ,并且无法将活动副本中的所有日志复制到正在激活的被动副本中,则可能会丢失某些邮箱数据。If you specify either BestAvailability or GoodAvailability, and all the logs from the active copy can't be copied to the passive copy being activated, you may lose some mailbox data. 但是,安全网络功能(默认启用)将通过重新提交安全网络队列中的邮件来帮助防止大多数数据丢失。However, the Safety Net feature (which is enabled by default) helps protect against most data loss by resubmitting messages that are in the Safety Net queue.

示例:配置自动数据库装入拨号Example: configuring automatic database mount dial

以下示例使用的AutoDatabaseMountDial设置来配置邮箱服务器 GoodAvailabilityThe following example configures a Mailbox server with an AutoDatabaseMountDial setting of GoodAvailability.

Set-MailboxServer -Identity EX1 -AutoDatabaseMountDial GoodAvailability

数据库副本自动激活策略Database copy automatic activation policy

DatabaseCopyAutoActivationPolicy 参数指定所选邮箱服务器上邮箱数据库副本可用的自动激活类型。The DatabaseCopyAutoActivationPolicy parameter specifies the type of automatic activation available for mailbox database copies on the selected Mailbox servers. 您可以使用set-mailboxserver Cmdlet 将DatabaseCopyAutoActivationPolicy参数配置为以下任何值:You can use the Set-MailboxServer cmdlet to configure the DatabaseCopyAutoActivationPolicy parameter with any of the following values:

  • Blocked:如果指定此值,则无法在选定的邮箱服务器上自动激活数据库。Blocked: If you specify this value, databases can't be automatically activated on the selected Mailbox servers.

  • IntrasiteOnly:如果指定此值,则允许在同一 Active Directory 站点中的服务器上激活数据库副本。IntrasiteOnly: If you specify this value, the database copy is allowed to be activated on servers in the same Active Directory site. 这可以防止跨站点故障转移或激活。This prevents cross-site failover or activation. 此属性适用于传入邮箱数据库副本(例如,正被制作成主动副本的被动副本)。This property is for incoming mailbox database copies (for example, a passive copy being made an active copy). 对于在另一个 Active Directory 站点中处于活动状态的数据库副本,无法在此邮箱服务器上为其激活数据库。Databases can't be activated on this Mailbox server for database copies that are active in another Active Directory site.

  • Unrestricted:如果指定此值,在所选邮箱服务器上激活邮箱数据库副本没有任何特殊限制。Unrestricted: If you specify this value, there are no special restrictions on activating mailbox database copies on the selected Mailbox servers.

示例:配置数据库副本自动激活策略Example: configuring database copy automatic activation policy

以下示例使用的DatabaseCopyAutoActivationPolicy设置配置邮箱服务器 BlockedThe following example configures a Mailbox server with a DatabaseCopyAutoActivationPolicy setting of Blocked.

Set-MailboxServer -Identity EX1 -DatabaseCopyAutoActivationPolicy Blocked

最大的活动数据库数Maximum active databases

MaximumActiveDatabases 参数(也与 Set-MailboxServer cmdlet 一起使用)指定可以在邮箱服务器上装入的数据库数。The MaximumActiveDatabases parameter (also used with the Set-MailboxServer cmdlet) specifies the number of databases that can be mounted on a Mailbox server. 可以配置邮箱服务器以确保单个邮箱服务器不会过载,从而满足部署要求。You can configure Mailbox servers to meet your deployment requirements by ensuring that an individual Mailbox server doesn't become overloaded.

MaximumActiveDatabases参数配置为包含整数的整数数值。The MaximumActiveDatabases parameter is configured with a whole number numeric value. 达到最大数时,如果出现故障转移或切换,将不会激活服务器上的数据库副本。When the maximum number is reached, the database copies on the server won't be activated if a failover or switchover occurs. 如果这些副本在服务器上已处于活动状态,则服务器不允许装入数据库。If the copies are already active on a server, the server won't allow databases to be mounted.

示例:配置最大的活动数据库数Example: configuring maximum active databases

下面的示例将邮箱服务器配置为支持最多 20 个活动数据库。The following example configures a Mailbox server to support a maximum of 20 active databases.

Set-MailboxServer -Identity EX1 -MaximumActiveDatabases 20

对 DAG 成员执行维护Performing maintenance on DAG members

在对 DAG 成员执行任何类型的软件或硬件维护之前,应首先将 DAG 成员置于维护模式。Before performing any type of software or hardware maintenance on a DAG member, you should first place the DAG member into maintenance mode. 这包括将所有活动数据库从服务器上移出,并阻止活动数据库移动到服务器。This involves moving all active databases off the server and blocking active databases from moving to the server. 它还确保了服务器上可能的所有关键 DAG 支持功能(例如,主活动管理器(PAM)角色)移动到另一台服务器,并阻止其移回服务器。It also ensures that all critical DAG support functionality that may be on the server (for example, the Primary Active Manager (PAM) role) is moved to another server and blocked from moving back to the server. 具体来说,应执行以下任务:Specifically, you should perform the following tasks:

  1. 若要开始耗尽传输队列的过程,请运行Set-ServerComponentState <ServerName> -Component HubTransport -State Draining -Requester MaintenanceTo begin the process of draining the transport queues, run Set-ServerComponentState <ServerName> -Component HubTransport -State Draining -Requester Maintenance

  2. 若要启动传输队列的排出,请运行Restart-Service MSExchangeTransportTo initiate the draining of the transport queues, run Restart-Service MSExchangeTransport

  3. 若要开始耗尽所有统一消息呼叫的过程,请运行Set-ServerComponentState <ServerName> -Component UMCallRouter -State Draining -Requester MaintenanceTo begin the process of draining all Unified Messaging calls, run Set-ServerComponentState <ServerName> -Component UMCallRouter -State Draining -Requester Maintenance

  4. 若要将本地队列中等待传递的邮件重定向到由目标参数指定的邮箱服务器,请运行Redirect-Message -Server <ServerName> -Target <MailboxServerFQDN>To redirect messages pending delivery in the local queues to the Mailbox server specified by the Target parameter, run Redirect-Message -Server <ServerName> -Target <MailboxServerFQDN>

  5. 若要暂停群集节点,从而阻止节点成为 PAM,请运行Suspend-ClusterNode <ServerName>To pause the cluster node, which prevents the node from being and becoming the PAM, run Suspend-ClusterNode <ServerName>

  6. 若要将 DAG 成员上当前托管的所有活动数据库移动到其他 DAG 成员,请运行Set-MailboxServer <ServerName> -DatabaseCopyActivationDisabledAndMoveNow $TrueTo move all active databases currently hosted on the DAG member to other DAG members, run Set-MailboxServer <ServerName> -DatabaseCopyActivationDisabledAndMoveNow $True

  7. 若要阻止服务器承载活动数据库副本,请运行Set-MailboxServer <ServerName> -DatabaseCopyAutoActivationPolicy BlockedTo prevent the server from hosting active database copies, run Set-MailboxServer <ServerName> -DatabaseCopyAutoActivationPolicy Blocked

  8. 若要将服务器置于维护模式,请运行Set-ServerComponentState <ServerName> -Component ServerWideOffline -State Inactive -Requester MaintenanceTo place the server into maintenance mode, run Set-ServerComponentState <ServerName> -Component ServerWideOffline -State Inactive -Requester Maintenance

要验证服务器是否准备好进行维护,则执行以下任务:To verify that a server is ready for maintenance, perform the following tasks:

  1. 若要验证是否已将服务器置于维护模式,请运行Get-ServerComponentState <ServerName> | ft Component,State -AutosizeTo verify the server has been placed into maintenance mode, run Get-ServerComponentState <ServerName> | ft Component,State -Autosize

  2. 若要验证服务器是否未承载任何活动数据库副本,请运行Get-MailboxServer <ServerName> | ft DatabaseCopy* -AutosizeTo verify the server is not hosting any active database copies, run Get-MailboxServer <ServerName> | ft DatabaseCopy* -Autosize

  3. 若要验证节点是否已暂停,请运行Get-ClusterNode <ServerName> | flTo verify that the node is paused, run Get-ClusterNode <ServerName> | fl

  4. 若要验证是否已耗尽所有传输队列,请运行Get-QueueTo verify that all transport queues have been drained, run Get-Queue

在维护完成并且 DAG 成员准备好返回到服务后,您可以通过执行以下任务使 DAG 成员脱离维护模式并将其重新投入生产:After the maintenance is complete and the DAG member is ready to return to service, you can take the DAG member out of maintenance mode and put it back into production by performing the following tasks:

  • 若要指定服务器不处于维护模式,请运行Set-ServerComponentState <ServerName> -Component ServerWideOffline -State Active -Requester MaintenanceTo designate that the server is out of maintenance mode, run Set-ServerComponentState <ServerName> -Component ServerWideOffline -State Active -Requester Maintenance

  • 若要允许服务器接受统一消息呼叫,请运行Set-ServerComponentState <ServerName> -Component UMCallRouter -State Active -Requester MaintenanceTo allow the server to accept Unified Messaging calls, run Set-ServerComponentState <ServerName> -Component UMCallRouter -State Active -Requester Maintenance

  • 若要恢复群集中的节点并为服务器启用完整的群集功能,请运行Resume-ClusterNode <ServerName>To resume the node in the cluster and enable full cluster functionality for the server, run Resume-ClusterNode <ServerName>

  • 若要允许数据库在服务器上变为活动状态,请运行Set-MailboxServer <ServerName> -DatabaseCopyActivationDisabledAndMoveNow $FalseTo allow databases to become active on the server, run Set-MailboxServer <ServerName> -DatabaseCopyActivationDisabledAndMoveNow $False

  • 若要删除自动激活块,请运行Set-MailboxServer <ServerName> -DatabaseCopyAutoActivationPolicy UnrestrictedTo remove the automatic activation blocks, run Set-MailboxServer <ServerName> -DatabaseCopyAutoActivationPolicy Unrestricted

  • 若要启用传输队列并允许服务器接受和处理邮件,请运行Set-ServerComponentState <ServerName> -Component HubTransport -State Active -Requester MaintenanceTo enable the transport queues and allow the server to accept and process messages, run Set-ServerComponentState <ServerName> -Component HubTransport -State Active -Requester Maintenance

  • 若要恢复传输活动,请运行Restart-Service MSExchangeTransportTo resume transport activity, run Restart-Service MSExchangeTransport

要验证服务器是否准备好在生产中使用,则执行以下任务:To verify that a server is ready for production use, perform the following tasks:

  • 若要验证服务器是否为非维护模式,请运行Get-ServerComponentState <ServerName> | ft Component,State -AutosizeTo verify the server is not maintenance mode, run Get-ServerComponentState <ServerName> | ft Component,State -Autosize

  • 如果您正在安装 Exchange 更新,并且更新过程失败,它可能会将一些服务器组件保留为非活动状态,这将显示在上述 Set-servercomponentstate cmdlet 的输出中。If you are installing an Exchange update, and the update process fails, it can leave some server components in an inactive state, which will be displayed in the output of the above Get-ServerComponentState cmdlet. 要解决此问题,请运行以下命令:To resolve this, run the following commands:

  • Set-ServerComponentState <ServerName> -Component ServerWideOffline -State Active -Requester Functional

  • Set-ServerComponentState <ServerName> -Component Monitoring -State Active -Requester Functional

  • Set-ServerComponentState <ServerName> -Component RecoveryActionsEnabled -State Active -Requester Functional

关闭 DAG 成员Shutting down DAG members

Exchange 2013 高可用性解决方案与 Windows 关闭进程集成在一起。如果 DAG 的装入数据库复制到了一个或多个 DAG 成员,则当管理员或应用程序对 DAG 中的 Windows 服务器启动关闭进程时,系统会在允许关闭进程完成前先尝试激活此装入数据库的另一个副本。The Exchange 2013 high availability solution is integrated with the Windows shutdown process. If an administrator or application initiates a shutdown of a Windows server in a DAG that has a mounted database that's replicated to one or more DAG members, the system attempts to activate another copy of the mounted database prior to allowing the shutdown process to complete.

但是,此新行为并不能保证要关闭的服务器上的所有数据库都将遇到 lossless 激活。However, this new behavior doesn't guarantee that all of the databases on the server being shut down will experience a lossless activation. 因此,最佳做法是在关闭 DAG 成员服务器之前先执行服务器切换。As a result, it's a best practice to perform a server switchover prior to shutting down a server that's a member of a DAG.

在 DAG 成员上安装更新Installing updates on DAG members

在 DAG 成员服务器上安装 Microsoft Exchange Server 2013 更新是相对简单的过程。在 DAG 成员服务器上安装更新时,一些服务将在安装过程中停止,包括所有 Exchange 服务以及群集服务。对 DAG 成员应用更新的一般过程如下所示:Installing Microsoft Exchange Server 2013 updates on a server that's a member of a DAG is a relatively straightforward process. When you install an update on a server that's a member of a DAG, several services are stopped during the installation, including all Exchange services and the Cluster service. The general process for applying updates to a DAG member is as follows:

  1. 按照上述步骤将 DAG 成员置于维护模式中。Use the steps described above to put the DAG member in maintenance mode.

  2. 安装更新。Install the update.

  3. 按照上述步骤使 DAG 成员脱离维护模式并将其重新投入生产。Use the steps described above to take the DAG member out of maintenance mode and put it back into production.

  4. (可选)使用 RedistributeActiveDatabases.ps1 脚本在 DAG 间重新平衡主动数据库副本。Optionally, use the RedistributeActiveDatabases.ps1 script to rebalance the active database copies across the DAG.

可以从 Microsoft 下载中心下载 Exchange 2013 的最新更新。You can download the latest update for Exchange 2013 from the Microsoft Download Center.