Exchange 2019 Disaster Recovery – Part 1

In this series of blog post, I would like to share the steps for the Exchange 2019 disaster recovery. In the event of a hardware or software failure, multiple database copies in a DAG enable high availability with fast failover and little or no data loss. It’s important to keep the Exchange environment up and running without any interruptions to the Email services when a failure happens to the production site or datacentre. The first part of the article would cover the steps for preparing the Exchange environment across 2 Active directory sites hosted in Microsoft Azure Cloud. Please refer here for hosting production environment on Azure IaaS.

Below is the infrastructure setup with all the servers being Windows 2019 standard,

Server Name	Server Role	Site	IP Address	Azure Region	VNET	Subnet
DC	Active directory Primary Domain controller with Certificate Authority	Prod	10.0.0.5	UAE North	Dev-VNET	Prod
ADC	Additional Domain controller	DR	10.0.1.4	UAE North	Dev-VNET	DR
EXCH1	Exchange 2019 CU7 Mailbox	Prod	10.1.0.4	West Europe	Exch-VNET	ProdExch
EXCH2	Exchange 2019 CU7 Mailbox	DR	10.2.0.4	North Europe	DRExch-VNET	DRExch
Client	Windows 10		192.168.0.4	UK South	Client-VNET	Client

Please find the below considerations:

It is not recommended to install the Certificate Authority in the domain controller in a production environment
VM’s are built in different regions due to the limitation of vCPU’s in Azure Trial account
Minimum resources were used to build Exchange 2019 but please follow the recommendations as mentioned here in the production environment
Load balancer is not being used in this deployment

In this article, I will cover the Exchange 2019 CU7 installation and configuration using command prompt/PowerShell and will share the information of other services like Active directory, etc.

Active Directory Domain Details:

Active Directory Certificate Authority Details:

Azure IaaS details:

Because the VM’s are built across multiple regions, multiple VNET’s were created. It is important to allow communication between the VNET’s and creating the required Network Security Groups for Azure VM’s. I have already shared the steps involved in configuring VNET peering in this post

VNET peering:

$VNET1 = Get-AzVirtualNetwork -Name “Dev-VNET”

$VNET2 = Get-AzVirtualNetwork -Name “Exch-VNET”

Add-AzVirtualNetworkPeering -Name ‘LinkADToExchPR’ -VirtualNetwork $VNET1 -RemoteVirtualNetworkId $VNET2.Id

Add-AzVirtualNetworkPeering -Name ‘LinkPRToAD’ -VirtualNetwork $VNET2 -RemoteVirtualNetworkId $VNET1.Id

Likewise, all the VNET’s are peered between each other for communication

Network Security Groups:

Below are the rules which are created for the DC VM for the communication between the Exchange servers and Domain controllers. Similar set of rules were also created on the Exchange VM’s to allow communication between the Exchange servers.

Please note: It’s not recommended to have firewall between Domain controllers and between Exchange & Domain controllers.

Exchange 2019 CU7 Installation:

Pre-requisites

.NET Framework 4.8
Visual C++ Redistributable Package for Visual Studio 2012
Visual C++ Redistributable Package for Visual Studio 2013

Unified Communications Managed API 4.0.
Windows Roles and Features

Install-WindowsFeature Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS