Special considerations when installing the application in a Microsoft Exchange database availability group
April 2, 2024
ID 49503
Kaspersky Security can be installed on servers included in a Microsoft Exchange Database Availability Group (DAG). In this case, the Security Server and Management Console must be installed together on each Microsoft Exchange server belonging to the DAG. You can also install Management Console on any other computer in your enterprise network for remote management of Security Servers.
The application automatically identifies a DAG during installation. The order in which the application is installed on nodes within a DAG is irrelevant.
The specifics of Kaspersky Security installation in the DAG are as follows:
- A single database must be used for all DAG nodes. To do this, specify a single database during Kaspersky Security installation on all nodes of the DAG.
- The account used to perform the installation procedure must be authorized to write to the Active Directory configuration section.
- If a firewall is enabled on the DAG servers, the Kaspersky Security for Microsoft Exchange Servers service must be added to the list of trusted applications on each server within the DAG. This is necessary to ensure the interaction between Kaspersky Security and Backup.
While the previous version of the application is being upgraded on all servers of the DAG, we recommend that you avoid connecting to these servers using the Management Console, or editing the application settings. Doing so may cause the update to end in an error, which may result in application malfunctions. If the connection needs to be established during an update, before connecting make sure that the Security Server version matches the version of the Management Console used for establishing the connection.
When the application is installed on all servers of a DAG, most of the application settings are stored in Active Directory, and all the DAG servers use those settings. Kaspersky Security automatically detects active servers and applies the Active Directory settings to them. However, the individual settings of the Microsoft Exchange Server have to be defined manually for each server. Examples of individual settings of the Microsoft Exchange Server include: anti-virus protection settings for the Hub Transport role, anti-spam scan settings, Backup settings, settings of the Anti-Spam and Anti-Virus reports for the Hub Transport role, and Anti-Spam database update settings.
Using profiles to configure DAG servers has the following particularities:
- You can add DAG servers to a profile only all at once.
- When a DAG is added to a profile, all servers and all their roles (including the Hub Transport role) are added to this profile.
- You can remove DAG servers from a profile only all at once.
After Kaspersky Security is uninstalled from DAG servers, the configuration is stored in Active Directory and can be used to reinstall the application.
