Can’t add a Server to the DAG that’s in another site

I was working in my lab testing out Exchange 2013 and I ran into an issue that stopped me from adding servers in another site to my DAG.  I was able to resolve the issue and thought it might help other people that still use and love TMG!

Here’s a little bit of detail about my lab.


I had a DAG in London that I wanted to add the members in Redmond to.  I have four networks, two used for MAPI and two used for replication.  The TMG was serving as the router/firewall between the two locations.  I had an Access Rule that allowed All Outbound traffic to travel between the two locations on both networks since they are on a private WAN.  I also had a route configured on the TMG to route the two MAPI and REPL networks.

I was running into an issue when trying to add the Redmond nodes.  The error I was getting was:

A server-side database availability group administrative operation failed. Error Windows Failover Clustering timed out while trying to validate server ‘RED-15EXCH01’. If this is in a disjoint DNS namespace, the DNS suffixes for all servers in the database availability group must be present on every server..

I wasn’t running a disjoined namespace, DNS was working, and my network cards were configured correctly so I assumed it had to be something with the TMG server since I could add nodes that were in the same site.

To resolve the issue I modified the access rule between the two MAPI networks.

Go to the Properties of the Access Rule and click on the Protocols tab and click on Filtering button and select Configure RPC protocol.


Under that you should see a check box.  Uncheck it and then save and publish your config.


After making that change I was able to add all nodes to the DAG.

I know TMG is discontinued, and I’m very sad about that, but I still use it in my lab cause I miss it so much!

I hope this helps and if you have any questions, please add a comment.


  1. Comment by ali:

    waiting for your new Articals on exchange. you really knows how to catch hearts of people by yours words.

  2. Comment by fernando:

    good morning, excellent article. I have a question
    add a new server to the DAG, it is necessary to amend the certificate

    • Jerrid Williams
      Comment by Jerrid Williams:

      Hey Fernando,
      You shouldn’t have to amend the certificate if you planned your namespace correctly. Specifically, you shouldn’t put server names on your certificate, which is why I could see people amending certificates when adding nodes to a DAG.
      I hope this helps and thanks for the question and comments!


  3. Comment by Ledi:

    Hi Jerrid ! Thank you for your articles . A little suggestion from you: On the Main Site I have a DAG (SMTP01,SMTP02 with Exchange 2013). For being full protected from any future problem Do you think that is better to 1- Create a new DAG-BACKUP at the Backup Site with 2 other servers SMTP01-BACKUP,SMTP02-BACKUP or 2-on the backup site Add a New Exchange Server and Add it to the DAG1 ?