Using a none-Exchange 2010 server as an File Share Witness
Typically when clustering the Exchange 2007 mailbox role, you would use one of the HT servers as a witness.
However with 2010 you are no longer required to move the HT/CAS roles onto separate servers – so where to place it?
Obviously the “official” MS answer would probably be to install an additional HT server into your organisation, but why when you have perfectly fine other servers in place?
I placed mine on the customers vSphere vCentre server. It’s always up, and is key to their environment, so I have no worries about it being neglected.
However when creating a DAG, I got an error message telling me that it could not enable the Share as it didn’t have permissions.
*** Ok – so this is where it gets confusing. Pre-SP1 (as pointed out in the comments by Devin) only required the following step;
1) Add the “Exchange Trusted Subsystems” group to the local administrative group on the server (if you are using a DC you will have to add it to the BUILTIN\administrators group, which I would prefer not to personally)
However, in an SP1 environment it looks like you also have to add the server you are attempting to use as a FSW to the “Exchange Servers” group. I have posted on Devin’s blog (http://www.thecabal.org/2009/12/busting-the-exchange-trusted-subsystem-myth/#comment-3282) to see if there can be any clarity on this matter – but it does seem like something changed in SP1.
Re-create the DAG (delete the one you got an error with) and voila, your selected server is now a witness to your DAG 😉