Single AD site with DR Exchange 2010

Not open for further replies.


I am having an issue.. I think I am reading too much...

We have a single AD site. We have a production environment and a DR environment(currently no exch server) during our upgrade from 2003-2010 I am thinking of this

Production location

FSW server

2 DC's

2 exch servers 1 & 2(each with all roles on them)


DR site


FSW alt

Exch Server 3 (all roles)


For site resilency and HA

Have HLB- CAS array pointing to all 3 servers-

SAN cert. HLB .. external DNS namespace and internal DNS names space. ( in the event of a HLB failure I would have to create DNS record pointing directly to CAS server that is online)

DAG on each Exch server Exch 1 active Exch 2 and 3 Passive copies

Enable DAC so that if the link between our location goes down we could make sure split brain type thing doesn't occur (not sure if I need to do this or not)

few questions:

1. Is this going to be a pain to maintain and in the event of a failure recover? I believe I would have to do *over.

2. How would I provide site resilency for my OWA, Mobile Clients and Outlook Anywhere clients?

3. Am I missing anything?

Ed Crowley [MVP]

If you have a CAS array pointing to all three servers, some requests will go to the DR site during normal operations. Is that what you want? Do you want databases to activate at the DR site automatically without you making the decision to make it happen? If you lose the complete primary site, you're not going to have a node majority at the DR site in any case, so you're going to have to manually intervene to force a quorum before you'll have restoration of service, so I would think you'd want to go ahead and just design it for manual activation.

I would judge that you do need DAC with your arrangement.

Myself, I'm a but squeamish about allowing Exchange to fail over automatically to DR sites because I've seen it happen too much unexpectedly, occasionaly resulting in ugliness. Granted most of that experience is with Exchange 2007, but the clustering components under Windows Server remain the same even if Exchange is more sophisticated now.

Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Steve Goodman


I agree with Ed on the points above.

Yep, you probably need DAC. I'd suggest you do not have a single CAS array namespace across sites, that isn't generally recommended. That doesn't mean you can't/shouldn't change DNS records over in the event of DR so clients can connect as normal, though. As Ed says you will need to sort out quorum and start up the DAG in the DR site, so there is manual work to do anyway, so if changing DNS records is part of your plan it should be fairly straightforward.

There's some good info here that may help with your planning and understanding: Datacenter Switchovers


Steve Goodman
Check out my Blog for more Exchange info or find me on Twitter


Thank you both for your responses.

This is what we have

1 AD domain:

Prod location :

ex. IP

2 DC's

2 exchange servers (2003) 1 BE 1 FE

DR location : we have same domain using VLAN and a WAN connecting to the DR location the domain name is the same IP

1 DC

Exchange 2010 Upgrade Scenario

T his is what I think i should have:


2 DC's

1 HLB containing both CAS servers roles in prod location

2 exch servers each with 3 roles HT/CAS/MB

1 Witness (on a member server)

Site Resiliency and HA :1 CAS Array (using your suggestion) CAS Array only includes the 2 CAS servers in my prod enviornment

Site Resiliency and HA for HT : 3 HT servers, 2 in Production and 1 in DR, (would love to find a way to have mail not use HT in DR unless there was a disaster or failure but I have not found a way to do that).

MB role: Use DAG have 1 MB hold active copy and 1 MB hold passive copy (so can do maintainence and in the event of a server failing)

(use DAC so don't have db come automatically online, )

DR location : still use same domain name same ip on VLAN

1 DC

1 alt witness server

1 DR EXCH server(all 3 roles)

CAS role (i guess I would not have it apart of the array just have a dns name and IP and not use it unless there was a disaster or issue w/prod environment)

MB role would be a part of DAG from production environment but hold passive copy

FSW server on a member server

SAN Cert for have names under it like:,,

Would I just put on my smarthost in the DMZ a MX record for the other domain in my DR w/ a higher priority like 500 or something? for connecting from outside the company like through OWA, mobile or RPC/https?

Is there anything I am missing? or do you have any suggestions on how I could do this better and eaiser? I am trying to keep is as simple as possible.

Thank you so much for taking the time to read this and for helping me. Hopefully I got everything.


Ed Crowley [MVP]

I'm not sure what you're asking about your smarthost in the DMZ. You don't need anything like that for OWA or Outlook Anywhere.

As to what you're missing, you're expecting a lot if you expect a forum like this to design your Exchange solution for you. But what you have laid out should work and be relatively minimalist for I think you're trying to achieve. Understand that you posted your solution and not your design criteria here.

Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."


Hi Xroadtrips,
Ed gave some good suggestion.
Your design seems good, some other information for you:
1. you do not need the smarthost in your DMZ, but I want to verify what the purpose that you want to deploy a smarthost? Then we could explain that why you do not need it
2. are there any users in the DR, do they use the exchange email system?
3. you need a proxy for the CAS, such as ISA/tmg, and so on
4. if you has three members in the DAG, you do not need the FSW server
There are many good information in the technet, you could easily get them.



Okay I can't do my design apparently it will cost too much. Buying 2 servers and having one just be basically for redundancy and HA didn't go over well. I disagree with the decision but ... anyway if I can justify buying the 2 new servers and using the second one, make it virtual, and use it for some other servers we are upgrading and just putting the mailbox server role and reusing an older server we have for the DR site hosting all the roles I would have 3 servers total- 1 new server with all the roles, 1 new server virtualized with other types of servers on it and the MB server role and the old server at the other (DR) location with all 3 roles. The reason for having 3 MB servers is because of DAG and because of the fact that when I run updates I am concerned about moving the active and passive database and having something bad happen and having the only other copy be on the server that is not onsite concerns me as it is not easy for me to get to. Would something like this work? The connection between sites is relatively fast and we are a small company. I have read a lot of articles but i like asking people with real world experience . Thanks so much
Not open for further replies.