Introduction to Azure Site Recovery for Windows Server 2019

Azure Site Recovery (ASR) is Microsoft’s cloud-based disaster recovery service that replicates workloads running on physical and virtual Windows Server 2019 machines to Azure, providing automated failover to Azure VMs when the primary site is unavailable. Unlike backup solutions that restore from a point-in-time copy, ASR maintains continuous replication with recovery point objectives (RPO) as low as 30 seconds for VMware/Hyper-V VMs and approximately 1 hour for physical servers. Recovery time objectives (RTO) as low as 2 hours are achievable with ASR automation. ASR also supports site-to-site replication for Hyper-V environments replicating to a secondary datacenter. This guide covers the full workflow for protecting a Windows Server 2019 physical server with Azure Site Recovery, including initial replication, test failover, and actual failover procedures.

Azure Site Recovery Architecture for Physical Servers

For physical Windows Server 2019 machines, ASR uses the following components: Recovery Services Vault (stores replication metadata and orchestrates failover), Configuration Server (a Windows Server VM or physical machine running the ASR Unified Setup, deployed on-premises to coordinate replication), Process Server (embedded in the Configuration Server for small deployments, handles replication data compression and upload to Azure), Master Target Server (handles replication data during failback from Azure to on-premises), and the Mobility Service Agent (installed on each protected Windows Server 2019 machine, captures write I/O and sends it to the Process Server).

Setting Up the Recovery Services Vault

Create a Recovery Services Vault in Azure for ASR. The vault region should be your failover target region — choose a region geographically separate from your on-premises datacenter for true DR protection:

Connect-AzAccount
New-AzResourceGroup -Name "asr-dr-rg" -Location "West US 2"
New-AzRecoveryServicesVault -ResourceGroupName "asr-dr-rg" -Name "prod-asr-vault" -Location "West US 2"

$vault = Get-AzRecoveryServicesVault -Name "prod-asr-vault"
Set-AzRecoveryServicesVaultContext -Vault $vault

In the Azure Portal, open the vault and navigate to Site Recovery > Prepare Infrastructure. Select Not managed by Azure as the machine location, VMware/Physical as the machine type, and Azure as the replication target. Download the Recovery Services Vault credentials file — this will be needed during Configuration Server setup.

Deploying the Configuration Server

The Configuration Server must be a Windows Server 2019 or 2016 machine with at minimum 8 cores, 16 GB RAM, and 600 GB disk space. It acts as the replication coordination hub. Download the ASR Unified Setup installer from the Azure Portal (Site Recovery > Prepare Infrastructure > Download). Run the installer on the designated Configuration Server machine:

MicrosoftAzureSiteRecoveryUnifiedSetup.exe

In the setup wizard, select Install the configuration server and process server. Accept the prerequisites (MySQL, .NET Framework). On the Vault Registration page, browse to the vault credentials file downloaded from the Azure Portal. Set the passphrase for secure communication between ASR components — store this passphrase securely. Complete the installation. After setup, the Configuration Server registers with the Azure vault and appears in Site Recovery > Configuration Servers.

Installing the Mobility Service Agent on Windows Server 2019

The Mobility Service must be installed on each Windows Server 2019 machine to be protected. Install it using ASR push installation (from the Configuration Server) or manually. For manual installation, download the Mobility Service installer from the Configuration Server at:

\MobSvcWindowsMicrosoftAzureSiteRecoveryMobilityServiceInstaller.exe

Run the installer on the Windows Server 2019 target machine as Administrator:

MicrosoftAzureSiteRecoveryMobilityServiceInstaller.exe /q /x:C:TempMobility_Agent
C:TempMobility_AgentUnifiedAgent.exe /Role "MS" /InstallLocation "C:Program Files (x86)Microsoft Azure Site Recovery" /Platform "VmWare" /Silent /CSType "CS" /CSIp "" /CSHttpsPort 443 /CSPassphrase "YourPassphrase"

The agent registers with the Configuration Server and appears in Site Recovery > Protected Items after enabling replication for the machine.

Enabling Replication for a Windows Server 2019 Machine

In the Azure Portal, navigate to the Recovery Services Vault > Site Recovery > Step 2: Replicate application > Source. Set Source to On-Premises, Source location to the Configuration Server, Machine type to Physical Machines, and Process Server to the Configuration Server (default for small deployments). Click OK and add the machines: enter the IP address and OS type (Windows) for each server to protect. Configure the target settings: subscription, resource group for failed-over VMs, Azure virtual network and subnet, storage account for replication data, availability set if required, and VM size for the Azure VM that will be created on failover. Configure replication policy: RPO threshold (30 minutes by default), recovery point retention (24 hours by default), app-consistent snapshot frequency (every 4 hours by default). Click Enable Replication. Initial replication (full disk sync) begins immediately.

Monitoring Replication Status

Monitor replication progress in the vault under Replicated Items. Each protected server shows its replication health (Normal, Warning, Critical), replication state (Enabling protection, Protected, Failover committed), and the current RPO (recovery point age). View detailed replication information and events for a specific server by clicking on it and viewing the Replication Health dashboard.

Check replication state via PowerShell:

$vault = Get-AzRecoveryServicesVault -Name "prod-asr-vault"
Set-AzRecoveryServicesVaultContext -Vault $vault
Get-AzRecoveryServicesAsrReplicationProtectedItem -ProtectionContainer (Get-AzRecoveryServicesAsrProtectionContainer -Fabric (Get-AzRecoveryServicesAsrFabric) | Select-Object -First 1) | Select-Object FriendlyName, ProtectionState, ReplicationHealth, LastSuccessfulTestFailoverTime

Performing a Test Failover

Test failovers validate your DR capability without impacting production. In the vault > Replicated Items, select the protected server and click Test Failover. Select a recovery point (latest processed for lowest RTO, or a specific app-consistent point). Select an isolated Azure virtual network — use a test VNet that is not connected to production systems to avoid IP conflicts. Click OK. ASR creates a new Azure VM from the replicated data. When the VM is running, verify applications are functional by connecting via RDP or running application-specific health checks. Click Cleanup test failover when done — ASR deletes the test VM and releases resources.

Executing an Actual Failover

In a real disaster scenario, execute the failover from the vault > Replicated Items > Failover. Select a recovery point. Optionally shut down the source machine before failover if it is still accessible (to capture the latest data and minimize data loss). Click Failover. ASR creates the Azure VM with the failed-over data. After confirming the failover is successful, click Commit to finalize the failover and clean up replication state. Once the original infrastructure is restored, configure failback: re-protect the Azure VM (reverse replication to on-premises), then failback when ready to return workloads to the primary site.