Introduction
In this post, I’ll demonstrate how to move the file share witness from one server to another for an Exchange 2016 Database Availability Group. The instructions are the same for Exchange 2013 and will work for both an IP-Less/AD-Detached DAG or a DAG with an Administrative Access Point.
Confirm quorum configuration
If you have any nodes down, make sure that your file share witness (FSW) is not the required vote to keep your cluster up. If you move the FSW and there is a problem then you could risk your cluster going offline as you will always need a majority of voters online (unless you’re using Dynamic Quorum but more on this in another post).
Confirm all nodes are up
In this DAG, we have two DAG members which are using a FSW as the third voter. We should to confirm that both nodes are up before we move the FSW.
Get-ClusterNode
Here we see that all cluster nodes are up. Let’s move on to the next step.
Where is the current file share witness?
You can use the Get-DatabaseAvailabilityGroup command with the -Status switch to confirm which server is used as a witness server and the path to the witness directory on that server. It will also show you which witness share is in use which is useful for multi-site DAGs where you have an alternate witness configured.
Get-DatabaseAvailabilityGroup -Status | fl *witness*
As above, the FSW is on our file server, LITFS01. We will move it to LITFS02.
Assign file share witness server permissions
Before we can move the FSW, we need to ensure that Exchange has the required permissions on the new witness server in order for it to create the witness directory and share. To do this, we need to add the “Exchange Trusted Subsystem” AD group to the local administrators group on the server we are moving the FSW to – in this case, LITFS02:
Move the file share witness to another server
Now that You can move the FSW to any server running Server 2003 or later in the same AD forest as the DAG members but moving it to a domain controller is not recommended because you’ll need to assign more permissions than required.
To move the FSW to a directory of C:DAG01-Witness on server LITFS02 for the Database Availability Group DAG01, run this command:
Set-DatabaseAvailabilityGroup -Identity DAG01 -WitnessServer LITFS02 -WitnessDirectory C:DAG01-Witness
You can now see the new directory has been created on LITFS02:
…..and we can confirm that the FSW has been moved:
Get-DatabaseAvailabilityGroup -Status | fl *witness*
Now that’s confirmed, we can go ahead and delete the witness directory from the original witness server, LITFS01.
Conclusion
In this post, we’ve gone through the steps required to confirm our quorum and witness server configuration and we’ve then moved the file share witness to another server.
For more information on Database Availability Group setup, see here.
For more information on Database Availability Group troubleshooting, see here.