A lot of organizations that deploy multi-site database availability groups do so with the intention of using one site for normal production operations, and one for disaster recovery. This design usually leads to a desire to control where database copies can automatically activate, or failover to, when there is a problem with the active copy.
Consider a scenario in which four DAG members have been deployed, with two in the primary site and two in the disaster recovery site. I’ve illustrated a single database with four copies, but in reality there could be several more databases as well. Only one database is required to demonstrate this scenario though, so let’s keep it simple. By default, the database DB01 can failover to any of the available DAG members automatically, including the DR site.
If that is not desirable for the organization, then activation policies on the mailbox servers are commonly used to block automatic activation of the database copies in the DR site.
[PS] C:\> Set-MailboxServer –Identity DR-EXCH01 -DatabaseCopyAutoActivationPolicy Blocked [PS] C:\> Set-MailboxServer –Identity DR-EXCH02 -DatabaseCopyAutoActivationPolicy Blocked
This doesn’t prevent manual activation of course, so administrators can still make their own decision to “fail over to DR” when necessary.
The problem with the configuration above is that it greatly reduces the number of available database copies for automatic recovery of service in the event of a failure. If DB01 is active on PR-EXCH01 and needs to fail over, and PR-EXCH02 happens to be unhealthy for some reason or is down for planned maintenance, then there’s nowhere for the database to fail over to, and it will go offline instead. Furthermore, even if you do manually switchover to DR-EXCH02 for example, the database is still blocked from failing over to DR-EXCH02 if a second issue arises.
To combat that, some organizations set the DR site to use activation policies of IntrasiteOnly.
[PS] C:\> Set-MailboxServer –Identity DR-EXCH01 -DatabaseCopyAutoActivationPolicy IntrasiteOnly [PS] C:\> Set-MailboxServer –Identity DR-EXCH02 -DatabaseCopyAutoActivationPolicy IntrasiteOnly
That solves one of the two problems, but is still not ideal, in my opinion.
If you’re willing to accept database failing over to the DR site when necessary to maintain service availability, but you prefer the databases be active in the primary site, then you can leave the activation policies set to Unrestricted and set the DatabaseCopyActivationDisabledAndMoveNow property to $true instead. This allows databases to fail over, but they will automatically move back to a healthy database copy on a healthy server that has DatabaseCopyActivationDisabledAndMoveNow set to $false (and is also configured with an activation policy of Unrestricted) when one becomes available, usually within a few minutes.
[PS] C:\>Set-MailboxServer DR-EXCH01 -DatabaseCopyActivationDisabledAndMoveNow $true -DatabaseCopyAutoActivationPolicy Unrestricted [PS] C:\>Set-MailboxServer DR-EXCH02 -DatabaseCopyActivationDisabledAndMoveNow $true -DatabaseCopyAutoActivationPolicy Unrestricted
Hi, we facing a issue in DAG, previously we having two member in dag and recently we add new member from dr location. now db can move and activated from exchange01 to dr exchange and dr to exchange02, cant activate on exchange02, but when we shutdown exchange01, db moved to exchange02 and mount successfully as exchange01 up, they move backed. we not able to activate on exchnage02. can you help for find cause and remedy for same
Hi Paul,
Should the Dr side also have a witness server?
Thanks
Hi
Thank you very much for your scientific and beauty content that you have shared with us We have read your material and we have made great use of your beautiful material. Hope Cheney’s partner will help everyone.
Hi
Thanks for your great information we were looking for such goodies.
excellent post.. !
Hi Paul,
I have two sites, Primary Site and DRC Site.
EXC01 and EXC02 in Primary Site.
DRCEXC01 and DRCEXC02 in DRC Site.
I have one DAG with all member server exchange.
I set DatabaseCopyAutoActivationPolicy ‘IntrasiteOnly’ in server DRC.
I can manually switchover from Primary Site to DRC Site. But status of Database Copy in Server DRC ‘DisconnectedAndResynchronizing’ and also index state is failed.
What should I do?
Thanks.
Hi Paul:
I have two sites, A-Site and B-Site
A-MBS01,A-MBS02 in A-Site
B-MBS01,B-MBS02 in B-Site
All Server Memberof same DAG
I set DatabaseCopyAutoActivetionPolicy IntrasiteOnly
When All Server well, I can manually switchover DB01 from A-site to B-Site
but if A-MBS01 shutdown together with A-MBS02,will prompt the index to fail. I can’t Manually switchover DB01 to B-Site
what should I do?
Thank for you help
Question —
If you run this on an Exchange 2016 server:
Set-MailboxServer -Identity XX –DatabaseCopyAutoActivationPolicy Blocked
Then run:
Get-DatabaseAvailabilityGroup -Status | FL Name,ServersInMaintenance
It displays that the server is in Maintenance Mode?
Setting the DatabaseCopyAutoActivation Policy back to Unrestricted displays that nothing is in maintenance mode.
Running the same CMDlets on an Exchange 2010 server shows nothing is in Maintenance Mode.
Odd?
Hello Paul,
I have a question, whether to use this method or the method described in your other article: https://www.practical365.com/exchange-server/exchange-server-2013-lagged-database-copies-action/ Using the command: Suspend-MailboxDatabaseCopy -ActivationOnly
Which is better?
Thanks!
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Neither is better or worse, they are for different scenarios.
Suspending a lagged database copy from activation is applicable to lagged copy scenarios if you want to prevent your lagged copies from auto-activating.
Setting activation policies on a mailbox server is used to control whether or not any database copy on that server can activate.
Hi Paul,
I recently setup DAG on Exchange 2016, on both servers pop & pop BackEnd services are started and running. External URL on virtual directories configured. exported cert from first server (EX01) and imported on second server(Ex02), tested, it is working perfectly.
My Problem is-
When DB01 active on EX01 and passive on EX02, I am able to connect mailbox via pop-995, but not if DB01 active on EX02 and passive on EX01.
Can you please help me?
Thanks
Hello Paul,
Nice article!
I want to restrict one database from auto activating on one server out of 4. How can i achieve this?
Thank you in advance.
Regards,
Sachin
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
You can suspend a database copy from auto-activation by following these instructions:
https://technet.microsoft.com/en-us/library/dd298046(v=exchg.160).aspx
Thanks Paul.
Great…
Hi Paul, great stuff! You’re my go-to source for Exchange info. Great Pluralsight courses too! In the IntrasiteOnly example, I’m curious why you left the primary datacenter servers Unrestricted instead of setting them InstrasiteOnly as well.
I’m sorry about that – I’ll try to learn from some of your suggestions.
Thanks for taking your time to reply.
Great post – lot of useful information !
Question: What if the 2 datacenters is used as DR for each other – how do I best block auto failover for each database, still being able to do a manual failover ?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Do you have one DAG or two DAGs?
I have 1 DAG – with servers spread all over the world.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Then I don’t understand your scenario. DAGs are typically deployed in datacenter pairs, in either an Active/Active configuration, or an Active/Passive configuration.
If it’s Active/Active, both datacenters are able to host active database copies at any time, and usually no activation blocks are used in this case.
If it’s Active/Passive, one datacenter is designated the “primary”, and one the “secondary” or “DR”. It is the servers in the secondary/DR datacenter that have the activation blocks applied *only if* the organization wants to prevent automatic failovers.
Thanks for your reply.
I’m new to Exchange, and still have at lot to learn – your blog comes in handy here 🙂
If I have an Office in Singapore and Washington with databases replicated from each Office to Amsterdam (for DR and backup) – how would you design it ?
Should I have a separate Exchange server for each database in Amsterdam, and then two separate DAG clusters ?
Thanks for helping the Exchange noob 🙂
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
You’re mixing up some terminology there. If you’re a beginner to these topics then I think some training or study is going to be of more benefit to you than a conversation in these comments. Start with a book or some online training from Pluralsight, or watch some Microsoft Virtual Academy courses to get started.
Great page for database copies with disaster recovery.
Great explanation!
Very useful article to plan DR.Thanks
Great stuff
Thanks
Paul, unless I’m missing something I think you meant to set the activation policy in your preferred configuration as Unrestricted and not IntrasiteOnly.
This should be:
Set-MailboxServer DR-EXCH01 -DatabaseCopyActivationDisabledAndMoveNow $true -DatabaseCopyAutoActivationPolicy Unrestricted
Set-MailboxServer DR-EXCH02 -DatabaseCopyActivationDisabledAndMoveNow $true -DatabaseCopyAutoActivationPolicy Unrestricted
True
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Copy/paste error. Fixed now, thanks.