Home > DAG, Exchange, Exchange 2010, Microsoft, Windows 2008 > Using a none-Exchange 2010 server as an File Share Witness

Using a none-Exchange 2010 server as an File Share Witness


Typically when clustering the Exchange 2007 mailbox role, you would use one of the HT servers as a witness.


However with 2010 you are no longer required to move the HT/CAS roles onto separate servers – so where to place it?


Obviously the “official” MS answer would probably be to install an additional HT server into your organisation, but why when you have perfectly fine other servers in place?


I placed mine on the customers vSphere vCentre server. It’s always up, and is key to their environment, so I have no worries about it being neglected.


However when creating a DAG, I got an error message telling me that it could not enable the Share as it didn’t have permissions.


*** Ok – so this is where it gets confusing. Pre-SP1 (as pointed out in the comments by Devin) only required the following step;

1) Add the “Exchange Trusted Subsystems” group to the local administrative group on the server (if you are using a DC you will have to add it to the BUILTIN\administrators group, which I would prefer not to personally)


However, in an SP1 environment it looks like you also have to add the server you are attempting to use as a FSW to the “Exchange Servers” group. I have posted on Devin’s blog (http://www.thecabal.org/2009/12/busting-the-exchange-trusted-subsystem-myth/#comment-3282) to see if there can be any clarity on this matter – but it does seem like something changed in SP1.


Re-create the DAG (delete the one you got an error with) and voila, your selected server is now a witness to your DAG 😉

  1. December 17, 2009 at 12:59 am


  2. October 12, 2010 at 5:47 pm

    Actually, step 1 is a myth — you only need step 2. See http://www.thecabal.org/2009/12/busting-the-exchange-trusted-subsystem-myth/ for more details.

    Devin L. Ganger, Exchange MVP

  3. August 16, 2011 at 7:58 pm

    So, something did change in SP1, but it’s a bug that causes a spurious error message. If you just put the ETS group in the local Administrators group and go on with DAG creation, you will get the error message *but* if you look, you’ll see the file share gets created anyway.

    More info soon.

    • August 18, 2011 at 1:04 pm

      ‘Tis a bit bizzare 🙂

      Keep me up to date Devin 🙂

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: