How to Configure the File Share Witness

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic explains how to enable and configure a Majority Node Set (MNS) quorum with file share witness for cluster continuous replication (CCR). This topic also explains how to create and assign permissions for the file share used by the file share witness.

Note

The file share witness configuration is ignored when the number of nodes in the cluster changes from two to three or from two to one. The procedure must be repeated when the cluster reverts to a single node.

The file share name is stored in a property on the Majority Node Set resource. The default name is Majority Node Set; however, you can change the name.

Before You Begin

The file share for the file share witness can be hosted on any computer running a Windows Server operating system. However, we recommend that you use a Hub Transport server in the Active Directory directory service site containing the cluster nodes to host it. This allows an Exchange administrator to have full and complete control over the share (and the server hosting the share).

The MNS quorum with file share witness enables the deployment of only two clustered computers to support a CCR pair and still provides full redundancy. These procedures should be performed after the second node is added to the cluster and before the clustered mailbox server is installed.

To perform the following procedures, the account you use must be delegated membership in the local Administrator group. For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.

In the following procedures:

  • <ShareUNCPath> refers to the UNC path for the file share, (for example, \\E2K7HUB1\MNS_FSW_E2K7CCR).

  • <CMSName> refers to the name of the clustered mailbox server (for example, E2K7CCR).

  • <Directory> refers to the full path to the directory being shared (for example, C:\MNS_FSW_DIR_E2K7CCR).

  • <CSA> is the Cluster service account.

  • <ClusterName> is the name of the cluster itself (for example, EXCLUS1).

When specifying the preceding parameters in your commands, do not include the <> characters (for example, use EXCLUS1, not <EXCLUS1>).

Procedure

To create and secure the file share for the file share witness

  1. Create a directory that will be used for the share by running the following command at a command prompt:

    mkdir <Directory>
    

    Note

    We recommend using the following naming convention for the directory name: "MNS_FSW_DIR_<CMSName>"

  2. Create the share by running the following command:

    net share <shareName>=<Directory> /GRANT:<CSA>,FULL
    

    Note

    We recommend using the following naming convention for the share name: "MNS_FSW_<CMSName>"

  3. Assign permissions to the share by running the following command:

    cacls <Directory> /G BUILTIN\Administrators:F <CSA>:F
    
  4. While logged on using the Cluster service account, verify that the share is accessible from the first cluster node. Use Windows Explorer, or another application, to verify that the share is available by opening the file share. If you use anything other than the Cluster service account, you will get an access denied message.

To configure the MNS quorum to use the file share witness

  1. To set the property, run the following command from a command prompt:

    Cluster <ClusterName> res "Majority Node Set" /priv MNSFileShare=<ShareUNCPath>
    
  2. When the command run in Step 1 is complete, a warning message is produced. The message indicates that the resource must be restarted to have the change take effect. The following is a sample of the output that is generated from the Step 1 command:

    Cluster <ClusterName> res "Majority Node Set" /priv MNSFileShare=<ShareUNCPath>

    System warning 5024 (0x000013a0).

    The properties were stored but not all changes will take effect until the next time the resource is brought online.

    Note

    If the share is not available or cannot be accessed, an access denied error may be produced.

    Note

    Depending on your permissions, you may need to use the Cluster service account to access the share from your session. The test for access is done by the Cluster service, which will have access to a share with the proper permission settings.

  3. Run the following command to restart the resource and implement the change:

    Cluster <ClusterName> group "Cluster Group" /move
    

    The previous command will result in output similar to the following:

    Moving resource group 'Cluster Group'

    Group                     Node          Status

    Cluster Group   <NodeName>    Online

  4. Repeat the command in Step 3 to complete the configuration.

  5. To check the value of the file share property, run the following command:

    Cluster <ClusterName> res "Majority Node Set" /priv