In one of my previous blogs about Exchange 2013 we talked about how we can install Exchange 2013 using the cmdline.

As you may know there have been made several changes to Exchange related to high availability and site resilience. In this blog we will build a test environment which makes it possible to test the concept of geo DNS.

Let’s start with explaining what geo DNS is. Geo DNS is a system which returns IP-addresses to the client depending on their location. This location is determined by their IP address. Using geo DNS you will get the option to send clients to the datacenter for their region.

Below a graphical overview of our lab environment which we are going to build:

Server Role IP
DC01 Domain Controller
DC02 Domain Controller
EX01 Exchange 2013 Multirole server
EX02 Exchange 2013 Multirole server
GEODNS Windows Server with only the DNS role installed

I will assume the following prerequisites are met:

  • Both DC’s are in place and replication between them works correctly
  • Both Exchange 2013 Multirole servers are installed using my previous blog or one of the many other blogs which are available on the internet
  • The GEODNS server contains a basic OS and the DNS role is installed

Let’s start with the GEODNS server you may think does Windows offer this functionality? But for real world scenarios you will most likely use one of the DNS servers from vendors offering the service.

To make our GEODNS server ready the only thing we will have to do is add some DNS records which point to the servers in both datacenters. In the table below you will find an overview of the DNS records we will create:

Record IP</p></td> </tr></p></td> </tr> </tbody> </table>

As you can see we will create the records twice, one per IP. So how will the Windows DNS server answer? By default it will use Round Robin to provide the answers:


When we peform the same answer we will get this answer:


But there’s a nice feature of Windows DNS we can use for our geo DNS solution called netmask ordering. Using this feature we can arrange that the IP of the server which matches the client subnet is returned as the first answer if round robin has been disabled.

For example when we do an nslookup from a machine which is placed in the 192.168.3 segment we will get the following answer:


For all operating systems make sure the following registry key is in place:

DWORD = OverrideDefaultAddressSelection 


Value data: = 0

This will enable the netmasking feature. Besides this disable round robin on the server. Disabling the round robin feature on a server can be done by opening the DNS MMC and getting the properties of the server. Select the Advanced tab and uncheck the Enable round robin option. Restarting DNS maybe necessary to activate the change.

Let’s assume we perform the same action as in the previous example and see what happens:


Next time you perform the same query you will get the following answer:


So to summarize the configuration part:

  • Disable round robin
  • Create/modify the registry key
  • Create the necessary DNS records
  • Perform some tests from a client to see if it works

Now we have completed the configuration of the geo DNS server we can continue with configuring Exchange 2013.

Configuration of the Exchange 2013 environment can be split up in a few parts:

  • Configuring the Database Availability Group (DAG)
  • Configure the CAS role

Let’s start with the DAG. Since we only have two Exchange servers we will need to select a third server to act as Witness-server to get quorum in the cluster. In this scenario we have selected DC01 to be the witness-server. Before creating the DAG make sure the Exchange Trusted Subsystem is a member of the administrators group. In production environments it is not recommend to use a DC for this purpose

In this scenario we have multiple sites which are well connected. But in some scenarios you might have some replication latency. If this is the case pre-stage the Cluster Name Object (CNO). This because else you might see that a second CNO is created which will cause issues.

Because this is not the case in our scenario we could skip this step but I thought it would be nice to explain how you can create it:

  • Open Active Directory Users and Computers (ADUC)
  • Browse to the OU which you like to contain the object
  • Create a new computer account an give it the DAG name as the computername
  • Disable the computer account
  • Ensure the advanced options are enabled in ADUC
  • Get the properties of the computer account
  • Select the security tab
  • Add the Exchange Trusted Subsystem security group or the computer account of the first DAG node
  • Give the group/account full control

Once the CNO object has been created and replication has occurred we can execute the cmdlet to create the DAG:

New-DatabaseAvailabilityGroup -Name DAG01 -WitnessServer DC01 -WitnessDirectory C:\DAG01 DatabaseAvailabilityGroupIpAddresses,

This cmdlet will create a DAG called DAG01 and will configure DC01 to be set as the witness server. During this process the directory and share are created on DC01.

Now the DAG has been created we can add both servers to the DAG:

Add-DatabaseAvailabilityGroupServer -Identity DAG01 -MailboxServer EX01

Followed by:

Add-DatabaseAvailabilityGroupServer -Identity DAG01 -MailboxServer EX02

Once these two steps have been performed and both servers are successfully added to the DAG it’s time to configure the additional database copies:

In our scenario we want to configure the following:

Database Server Activation Preference
MBDB01 EX01 1
MBDB01 EX02 2
MBDB02 EX01 2
MBDB02 EX02 1

To create the configuration as listed above we will use the Exchange Management Shell (EMS). Configuring the additional database copies can be done by using the Add-MailboxDatabaseCopy cmdlet:

Add-MailboxDatabaseCopy -Identity MBDB01 -MailboxServer EX02 -ActivationPreference 2

Add-MailboxDatabaseCopy -Identity MBDB02 -MailboxServer EX01 -ActivationPreference 2

After running the cmdlet it’s just a matter of time before the seeding process completes. Please verify that the second copy of each database has the status healthy to confirm the process has completed.

So to summarize the steps above:

  • Create the CNO object
  • Create the DAG
  • Add the servers to the DAG
  • Create the additional database copies

With this step we have completed the Mailbox role side.

Here ends the first part of setting up a geo DNS solution in a test lab. In this part we did setup the GEODNS server and had a look at netmasking feature from the DNS server. We finished this part with configuring the Database Availability Group.

In the next part we will continue with configuring both Client Access Servers and after that it’s time to perform some testing.


Johan Veldhuis