Home » Exchange Server » Getting Started with Exchange Server 2010 Client Access Server Arrays

Getting Started with Exchange Server 2010 Client Access Server Arrays

An often misunderstood feature of Exchange Server 2010 is the Client Access server array, or CAS array.

In Exchange Server 2007 the Client Access server role was introduced to perform a similar role to the Exchange 2003 Front-End server, in that it was responsible for accepting client connections for services such as Outlook Web Access, ActiveSync, Outlook Anywhere, and other web services. However a mailbox user still connected directly to the Exchange 2007 Mailbox server for mailbox and public folder access.

Exchange 2007 Client Access server
Exchange 2007 Client Access server

In Exchange Server 2010 the Client Access server role was expanded to include a new service called the RPC Client Access Service. This service allows Outlook clients to connect via MAPI/RPC to the Client Access server for mailbox access, however they do still connect directly to mailbox servers for public folder access.

Exchange 2010 Client Access server role
Exchange 2010 Client Access server role

This new RPC Client Access service delivers several benefits to the organization:

  • Connections to mailbox resources are made via a common path
  • Connection throttling and other rules can be applied to mailbox connectivity
  • The end user experience during Mailbox server failovers and mailbox moves is improved
  • The RPC Client Access service can be made highly available

Basic Requirements of a Client Access Server Array

Although a CAS array is often assumed to be highly available, it is important to realise that it is not the Client Access Server array itself that delivers high availability.

The Client Access Server array is simply an object in Active Directory that associates a DNS name with the RPC Client Access Service for a particular AD Site.

Therefore to create a CAS array you only need to:

  1. Create the CAS Array object in Active Directory
  2. Configure a DNS record for the CAS Array name pointing to an IP address for a Client Access server
  3. Configure the RPCClientAccessServer attribute on the mailbox databases in that site

Creating a Client Access Server Array

CAS Array objects are created using the Exchange Management Shell and the New-ClientAccessArray cmdlet. In this example a CAS Array is created with:

  • a name of “cas-headoffice”
  • a FQDN of “outlook-ho.exchangeserverpro.net”
  • the AD Site of “HeadOffice”

If you are running a single AD Site in your organization the CAS Array name and FQDN can be anything you like, however if you’re running multiple sites then you will need to put some thought into a naming standard for your CAS Arrays so that each one is unique.

Configuring the DNS Record for the Client Access Server Array

The next step is to configure a DNS A record for the FQDN you specified when creating the CAS Array object.

DNS A record for the Exchange 2010 CAS Array
DNS A record for the Exchange 2010 CAS Array

Configure the RPCClientAccessServer Attribute on Mailbox Databases

The final step is to configure the mailbox databases with the correct RPCClientAccessServer attribute. It is this attribute that Outlook looks up to determine which RPC Client Access Server to connect to for a given mailbox.

The attribute is set automatically when the mailbox database is created to either:

  • The CAS Array name if one already exists in the AD Site
  • The FQDN of a Client Access server in the AD Site

You can see from this that it is wise to configure the CAS Array object first before creating mailbox databases, or at the very least creating the CAS Array object and updating the mailbox databases before deploying mailbox users to those databases.

You can check the existing settings by running the Get-MailboxDatabase cmdlet.

To update the RPCClientAccessServer attribute for a mailbox database run the Set-MailboxDatabase cmdlet.

High Availability for Exchange 2010 Client Access Server Arrays

As I mentioned earlier one of the benefits of the CAS Array is that is enables the RPC Client Access Server service to be made highly available.

The configuration of the CAS Array itself is the same, however instead of pointing the DNS record at the IP address of a single Client Access server you would point it at the virtual IP of a load balanced array of servers.

Exchange 2010 load balanced CAS Array
Exchange 2010 load balanced CAS Array

The load balancing can be achieved in multiple ways:

Best Practices for Exchange Server 2010 CAS Arrays

Because of the behaviour of the mailbox databases and their RPCClientAccessServer attributes, and how this is handled by different Outlook versions, it is considered best practice to:

  • Always configure CAS Arrays in your Exchange 2010 sites
  • Configure the CAS Array before you provision mailbox databases or mailbox users to Exchange 2010 in that site

Microsoft themselves recommend this as a best practice.

We recommend that you create a Client Access server array even if you only have a single Client Access server within your organization.

This has several benefits, such as:

  • making it easy to scale out the CAS Array name to multiple Exchange 2010 Client Access servers
  • making it simpler to replace a Client Access server with a new one of a different name
  • migrating the MAPI endpoint to future versions of Exchange Server
Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server

171 comments

  1. Rowell says:

    You mention that it is wise to create the CAS array object before creating the mailbox databases. What if you already have an Exchange environment in place and want to implement a CAS array for high availability of the RPC Client Access Server?

    • Implement the CAS array as normal, then update the RPCClientAccessServer attribute on the mailbox databases. You’ll then need to use a script or other method to get the Outlook profiles to update to the new name.

          • Jerome Saliga says:

            Thanks for the comment. It’s strange that I haven’t encountered this issue at a client a long time ago. But I have run into one now on a current project at a SMB account with 250 seats. After doing a few Google searches I found several good articles on how to deal with Outlook in this scenario.

          • Jerome Saliga says:

            Just as a follow up the way I dealt with this issue was to force Outlook Anywhere on the internal network and not bother with creating a CAS Array and updating Outlook profiles. The Exchange 2010 server had plenty of processing headroom. After reviewing the options with my client it was decided that forcing Outlook Anywhere was the best choice. We had no issues with the change and I was able to install and configure Exchange 2013 for co-existence and the project was successfully completed. This may not be a good option in your specific situation but it worked out very well for me and my client.

  2. Dave Purscell says:

    Excellent article. Looks like I will be drilling into some of the other Related Articles to answer some of the questions that this one produced.

  3. Valentin Tsvetkov says:

    Hello,

    I’d like to add something in the part with the recommendations. It appears that the scenario with Windows NLB is not reliable and MS don’t recommend it for production environments. They said it many times on the last TechEd sessions in 2011.

  4. Vikas says:

    Hi Paul,

    Can you share script or method to update existing outlook profile to recieved failover features.

    recenetly i have added HUB/CAS node in CASARRAY in Exchange 2010 and now i want all users profile to get recieve features of failover. I changed Database RPCClientAccess attribute but still users are getting connect to single node only instead of CASARRAY.domain.com.

    • David Wong says:

      Has anyone figured out the answer to this? Is there a script to run to update Outlook profile? Thanks, -David

      • Jose G Ortega C says:

        New-ClientCasArray -Site “SiteName” -FQDN “DnsFQDNName” -name “DnsFQDNName”

        Get-MailboxDatabase | Set-MailboxDatabase -RpcServerName “DnsFQDNName”

  5. Chuck says:

    In a small environment, is it possible to setup the CAS array on two Exchange servers that will also host the hub and mailbox roles configured as a DAG? Essentially getting high availability with only two servers?

      • Chuck says:

        So setting up the CAS array and specifying the DAG FQDN which point to both servers won’t work? Figures, nothing is ever easy. Any recommendation for a hardware load balancer for a fairly small network of ~200 workstations and no Internet connectivity?

        • “So setting up the CAS array and specifying the DAG FQDN which point to both servers won’t work?”

          You’re mixing terminology. The CAS Array has its own DNS entry. That DNS entry resolves to an IP address, whether it be the IP address of a single Client Access server, or it could be the virtual IP address provided by some load balancing technology (either NLB or Hardware LB).

          The CAS Array, in the sense of Exchange 2010 and how Outlook clients connect, performs the role of “RPC Client Access Server”, which is the RPC/MAPI endpoint that Outlook clients on the network connect to for their mailbox access.

          Although the DAG does have its own DNS entry, clients don’t point to it.

          Edit: take a look at Kemp for load balancers, they have affordable low-end options including virtual appliances.

        • Chuck says:

          First let me say thank you so much for the great site and your quick replies. Been doing a bunch of reading and see that the best solution is to get 2 more licenses so I can have 2 CAS/HUB servers load balanced and 2 mailbox servers in a DAG. And from teched I see that it’s recommended to use hardware load balancing in a single arm SNAT config instead of WNLB; more pain. I just keep coming back to the idea that since setting up a DAG on 2 servers that have the CAS/HUB/MBX roles result in the two servers being configured in a failover cluster with the DAG virtual IP and FQDN why wouldn’t it be possible to assing that same FQDN to the CAS array so that when a failover occurs the CAS array would resolve to the active server? I know that using failover clustering was ok with IIS in server 2000 but no longer recommended in server 2003. At this point I’m either looking at trying to get funding for a load balencer and more licenses, testing using the DAG FQDN for the CAS array, or deploying as non highly available for now. Any thoughts on deploying a single CAS/HUB and MBX server with an upgrade later vs. waiting a few months to get extra licenses and a load balancer?

        • “the best solution is to get 2 more licenses so I can have 2 CAS/HUB servers load balanced and 2 mailbox servers in a DAG”

          NLB isn’t necessarily the *best* option, it is just one option. I recommend watching this presentation from TechEd which should help with your decision making:

          http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/EXL307

          ” I just keep coming back to the idea that since setting up a DAG on 2 servers that have the CAS/HUB/MBX roles result in the two servers being configured in a failover cluster with the DAG virtual IP and FQDN why wouldn’t it be possible to assing that same FQDN to the CAS array so that when a failover occurs the CAS array would resolve to the active server?”

          Because it doesn’t work that way. Even when Exchange roles are combined on the same server you need to still consider each role separately.

          The CAS array name and IP are separate entities to the DAG name and IP. They can’t be the same.

          “testing using the DAG FQDN for the CAS array”

          Let me save you the trouble – it won’t work.

          “Any thoughts on deploying a single CAS/HUB and MBX server with an upgrade later vs. waiting a few months to get extra licenses and a load balancer?”

          Yes, this is completely fine. The bare minimum you should do is create the CAS Array object, create the DNS entry for it, and point that DNS entry at a Client Access server. It doesn’t need to be a load-balanced Client Access server, later on you can update the DNS to point to a load-balanced IP address instead and it will work seamlessly.

          Same goes with the Mailbox servers. You can deploy single Mailbox servers and run them in production and then later create a DAG and add those servers as members of the DAG, again it is a seamless change. Microsoft refers to this as “incremental deployment”.

          Some of these concepts don’t make total sense until you’ve run through the deployment yourself, so I do recommend you play around in a test lab and experience the setup of CAS Arrays and DAGs first hand.

          Just remember, each server role operates independently even when combined on a single server. CAS Arrays and DAGs are separate entities – they can exist independently of each other, or they can exist in combination with each other, but they remain separate.

      • Chuck says:

        Oh, let me also explain. These two servers are virtual on a 3 node Hyper-V cluster. Might make load balancing them a little harder. Guess I need to get two more Exchange licenses and setup 2 CAS servers in an NLB config or will a hardware load balancer work with virtual machines?

        • There’s nothing about virtualization that impacts the ability to use NLB or a hardware load balancer.

          If you’re going to virtualize your Exchange just go and read the best practices guidance from Microsoft, which is detailed and important.

      • Chuck says:

        Thanks again for all your help. After several hundred pages of reading today, and meticulously removing the 2 servers I created (wow what a pain removing the last arbitration mailboxes), I think I understand what is going on here. Please confirm if you will. A CAS array is nothing more than an AD object that you create to point to an IP address. Wow, that is a very misleading name. You have to actually create an NLB array and then create the CAS array and point it at the NLB virtual IP address. Assuming that is correct, I need to create the first server with a CAS and HT role. Add NLB along with setting up AD and DNS stuff. Then create a server with the MB role. At a very high level of course? Nothing like a Friday to try it all again after wasting the rest of the week. Wish I had a test lab; kind of scary doing this stuff on the live network.

        • You’re on the right track. And you’re also discovering that it isn’t always as simple as just uninstalling and trying again. I cannot recommend strongly enough that you do some practice in a test lab first. This is not something to be learning by messing around in live production environments.

          To answer your other point, yes I think the term “CAS Array” has caused a lot of confusion for people these last couple of years. I am expecting to see the terminology change in the next version of Exchange Server to make things clearer.

      • amit says:

        Paul if I have 2 HUB/CAS & 2MBX IN DAG For geographical locations Site A has different smtp domain site b has different smtp domain Can we achive mutiple locations with different Cas array .
        Well internet facing as hub /cas role will be in NLB mails for respective locations and MX will be pointed to ISP Antispam which will forward mails to respective sites HUB servers

  6. Daphne Vink says:

    Paul,

    I cannot find anything about CAS arrays and multiple DAG’s. We have a large organization with 4 DAG’s within one AD site (44 multi role Exchange servers).
    I know I can have only one CAS array per site, but is there also a limitation on the amount of DAG’s within one CAS array?
    I guess it is not related and therefore not an issue but I want to be sure about it.

  7. Eric says:

    Paul,

    We currently have a single site, single CAS/HUB server (no array). RPCClientAccessServer points to hostname of CAS/HUB server. What’s the recommended approach to create a CAS array? Add second CAS/HUB and create array? Or add two new CAS/HUB’s and create array with them and then decommission original CAS/HUB?

    We would like to do this without changing RPCClientAccessServer attribute. I would think that would rule out the first approach (using current CAS/HUB server and adding second C/H sever and creating array) as the RPCClientAccessServer points to FQDN of first C/H. We wouldn’t be able to point CAS array name to same name as first C/H server, correct?

    Thanks for any input you may have.

  8. Leo says:

    Nice one.

    Also, CAS array is tied to per AD site hence it doesn’t cross the bounder of its own AD site.

    Would CAS array still function if one of CAS array member located at the at the branch office linked by persistent VPN whereby the Exchange server has the same network address of the CAS array in the head office?

    • The “members” attribute of the CAS Array object (as seen when you run Get-ClientAccessArray) is a bit misleading. You should only think of it as “the Client Access servers that are in the AD site for this CAS Array”. It actually has no bearing whatsoever on the HA or load balancing.

      If you can load balance the IP address associated with your CAS Array across multiple physical sites then it will work, but it brings into play a lot of additional concerns such as latency and reliability of the link between the sites. It also complicates some failure scenarios.

  9. Jed Peters says:

    Great article. I have been trying to figure out a better way to handle datacenter swithcover/failover on the CAS side. I have 2 sites with a single server with all roles on each. I know a cas array can only be created in a single AD site, I was wondering if I could do this between production and DR sites if I were to make a single AD site instead of the now two AD sites. The cas server role would still resolve to two different IP subnets and not sure if that is a limitation..
    Objective would be to make datacenter failover easier so that I would not have to change the rpccleintaccesarry setting manually.

  10. Danushka says:

    Dear Paul,
    I have setup NLB cas array and woking fine in LAN but I am not able to access cas array from my remote site.

    can you help me to resolve this issue.

    Thanks
    Danushka

  11. Prashant says:

    HI Danushka,

    I have configured 2 exch 2013 on 2 diff’nt windows box’s.And i need to map this 2 exch mail database to one of my vip address..Please find the below details.

    1.ipadd : 192.168.0.1 (ADS,DNS)
    2.ipadd : 192.168.0.2 (Member of domain,Exch 2013)
    3.ipadd : 192.168.0.3 (Member of domain.Exch 2013)
    4. ipadd : 192.168.0.4 (VIP address)..I need to map 192.168.0.2.& 192.168.0.3 mail database to 192.168.0.4 (This is my vip address).Please let me know..

    Regards,
    Prashant

      • Prashant says:

        Hi Paul,

        Please find below erroer.
        PS C:Program FilesMicrosoftExchange ServerV15Scripts> Get-MailboxDatabase
        Get-MailboxDatabase : The term ‘Get-MailboxDatabase’ is not recognized as the name of a cmdlet, function, script file,
        or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and
        try again.
        At line:1 char:1
        + Get-MailboxDatabase
        + ~~~~~~~~~~~~~~~~~~~
        + CategoryInfo : ObjectNotFound: (Get-MailboxDatabase:String) [], CommandNotFoundException
        + FullyQualifiedErrorId : CommandNotFoundException

  12. Prashant says:

    Hi Paul,

    Thanks for Suggestions.But getting.

    [PS] C:Program FilesMicrosoftExchange ServerV15Scripts>New-ClientAccessArray -Fqdn vip.lb.cas.com -Site Default-Fir
    st-Site-Name
    New-ClientAccessArray : The term ‘New-ClientAccessArray’ is not recognized as the name of a cmdlet, function, script
    file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
    and try again.
    At line:1 char:1
    + New-ClientAccessArray -Fqdn vip.lb.cas.com -Site Default-First-Site-Name
    + ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (New-ClientAccessArray:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
    Regards,
    Prashant

  13. Prashant says:

    Hi Paul,

    I am trying out this below cmd.

    Get-ClientAccessArray

    New-ClientAccessArray -Fqdn xyz.com -Site Default-First-Site-Name

    Get-MailboxDatabase | Set-MailboxDatabase -RpcClientAccessServer
    xyz.com

    Set-MailboxDatabase cmdlet with –Identity ‘mailbox database name’

    Regards,
    Prashant

  14. Danushka says:

    Dear Paul,
    we are going to install exchange 2010 on exchange 2007 environment for our company and I have some doubt about installation of exchange 2010.
    we Purchased HP DL 380 G8 server (8core/32GB). kindly advise what would be the best implementation from below options

    Option 1
    Windows 2012 Hyper-V – HOST
    TWO VMs
    1.Windows 2008 R2 64bit standard with exchange 2010 (CAS/HT)
    2.Windows 2008 R2 64bit Enterprise with exchange 2010 (MBX)

    Option 2
    Single windows 2008 R2 64bit Enterprise with exchange 2010 CAS/HT/MBX

    Kindly advise.

    Thanks
    Dansuhka

  15. Jinu says:

    Hi All,
    Let me just bring my issue with KEMP, we are new to KEMP Load Balancer and finding some issue in getting the cas array work in branch office and vpn users.
    Kindly find my infrastructure as below,
    Mailbox Server 2 No’s
    CAS Server – 2 No;s
    Load Balancer – 1 No;s ( VM)
    My outlook in LAN network is working perfect with KEMP LB, but i have issue with accessing outlook from my branch Office and VPN users. We are able to ping the LB IP and virtual server and all exchange servers.
    But or mailbox are not resolving.
    Kindly help me to solve the issue., we are planning to KEMP LB 2200 Hardware once we finish setup.
    LAN Subnet 192.168.2.0/24
    Branch Office – 192.168.27.0/24
    Kindly help us to fix this issue and looking for solution or Trouble shooting tips.
    Regards,
    Jinu

  16. Ravi Kumar says:

    Hi Paul,

    I have upgrade my active directory from window server 2003 to server 2012. and I am using exchange server 2013 but I have facing some issue with outlook 2010,outlook 2013.When I am manually configure exchange accounts on my outlook 2010 its giving error “cannot open your default email folder. You must connect to Microsoft exchange with the current profiles before you can synchronize your folders with your outlook data file (.ost)”. But its working with OWA and pop3 but not working with outlook. I have try everything like I turn off cached Exchange mode, setting the email account to not cache does not resolve the issue and I get error message – “Cannot open your default e-mail folders. The file (pathprofile name).ost is not an Outlook data file (.ost) again. Very odd since it creates its own .ost file when you run it for the first time.

    I have also check RPCClientAccessServer and its pointing to right mailbox database but no luck and outlook only work in RPC over https, but not working when you configure it manually. Can you please help me on this issue.
    Any help would be greatly appreciate

  17. Doug says:

    Hi Paul,

    We currently only have one Active Directory site. However, we will soon be creating another Active Directory site. I am planning on moving one of my existing Client Access Servers to the new Site. Will I be able to remove that server from the current Client Access Array and add it to the new array in the new site? If so, are there any special cmdlets I need to run or will it update itself once it’s in the new IP space and DNS is updated accordingly?

    Thank you,

    Doug

  18. Rebecca Leonard says:

    Regarding “still connect directly to mailbox servers for public folder access”. So does this mean that if the server with the primary copy of the mailbox database in a DAG is down, it doesn’t matter if you have a CAS Array as far as public folders are concerned? You can send/receive mail thanks to the CAS Array object, a hardware load balancer and a DAG setup, but not access the public folders?

    • There’s a bunch of mixed concepts in that question.

      1) Public folders are not part of a DAG, though they can exist on a mailbox server that is a DAG member. If a server hosting a public folder database goes down, and there are no other PF replicas available, then PFs are unavailable.

      2) Outlook clients communicate directly with the mailbox server for public folders, not via the CAS array.

      3) CAS Array (or Client Access server for that matter) is not responsible for send/receive mail flow. That is the role of the Hub Transport server.

      • Rebecca Leonard says:

        Paul –
        Thanks so much for your reply. Yes, I should have been much more specific. What I’m finding is that in our environment, we have two Exchange 2010 servers that hold the CAS, HT & Mailbox (in DAG) roles. We have a hardware load balancer for the CAS Array address. If I shut down the server that holds the primary copy of a mailbox database, due to the DAG and the timeout setting on my load balancer, Outlook stays connected and I can still send/receive messages. However, Outlook continues to freeze because it is trying to connect to the public folders (I can see that by looking at the Connection Status dialog). I just thought that was odd and makes Outlook a little unusable in that situtation?

        • Rebecca Leonard says:

          In this case, the public folders are not down. Simply the primary mailbox server, even though it is a member of a DAG. Am I correct in understanding that Outlook will always try to connect to the public folders via the primary mailbox server for whatever database your mailbox is on? In that case, it wouldn’t matter if the public folders were up or down. Am I confused?

        • Outlook will connect directly to the mailbox server that hosts the public folders regardless of where the mailbox is hosted.

          If you bring up Outlook’s “Connection Status” box (CTRL+Right Click the Outlook icon in the system tray) you’ll see the connections that have been established.

  19. Paul says:

    Hi Paul,

    The resource is great, however I can’t find the specific information I need anywhere, currently the environment is:

    2 x CAS, HT and MBD roles installed on 2 DC’s

    I want to get these removed and have 2 x CAS/HT Servers and 2 x MBD Servers all on Member Servers rather than DCs

    the existing CAS aren’t configured in an Array and hopefully will be decommissioned in the future.

    I have setup a new Server with CAS and HT roles installed and want to set it as an array.

    my questions are:

    1. What settings do I need to copy across to the new CAS/HT server from the old CAS/HT server?

    2. Do I need to copy the certificates across and install them?

    3. Setting it as an CAS array will existing accounts loose connectivity?

    Any help would be much appreciated.

    Regards,
    Paul

    • 1. It depends which services you’re running via the load balancer. For RPC/MAPI there is nothing really to configure. But if you also plan to load balance OWA, ActiveSync etc then you should make sure they are configured consistently (eg same authentication settings, external URLs).

      2. For RPC/MAPI purposes there is no certificate required. But again if you plan to load balance other services that run on HTTPS then yes, each server needs an SSL cert with the correct names on it. That can be the same cert or two different certs.

      3. No.

      • Paul says:

        Hi Paul,

        Thanks for the response, really helpful.

        1. Yes, I’m planning to load balance OWA, ActiveSync etc

        2. Yes, again will be load balancing https services such as Outlook Anywhere.

        Was originally looking at doing the CAS across two virtual servers and the DAG across two virtual servers so 4 virtual servers in total, however have just read the Kemp Load Balancing article and if cost isn’t prohibitive I may look to do the load balancing that way.

        3. Excellent, thanks

        Regards,
        Paul

      • Jason Stevens says:

        Regarding the RPCendpoint of an Internal Outlook client with Outlook Anywhere enabled on the CAS. From what I understand when OA is enabled it sets EXPR as the primary outlook provider which for outlook clients enables OA/RPCoverHTTPS through AutoDiscover. It leaves connect as TCP for fast connections off so by default Outlook should not connect using HTTPS to the CAS. However I had a situation/client where internal outlook clients were getting SSL warnings because the SCP URI and internalurl’s were the server.local name,their internal AD domain was.local and did not have a signed SSL for their internal domain. Clearly the Outlook client was connecting to the CAS with HTTPS.

        I have not been able to 100% determine if the RPC endpoint as listed in the Outlook Client’s account Server field is the CAS server/CAS array as specified under the mailbox database -rpcclientaccessserver or the -AutoDiscoverServiceInternalURI as listed under -clientaccessserver or the -internalurl as specified under the different vdir’s of the CAS or where autodiscover picks up the RPC endpoint and then configures outlook to connect to the CAS.

        http://support.microsoft.com/kb/940726

        In my issue to resolve the .local SSL issue I followed the above MSKB, created a casarray with an external name “mail.domain.com”, setup split DNS,, assigned it to my mailboxdatabase -rpcclientaccessserver, changed the SCP/CAS URI and all CAS internal/external URL’s with the same name (because I don’t know where outlook is connecting to (rpc endpoint) and while that is not best practices (casarray name should not be externally accessible) everything is working, external OA clients are not slow in connecting, clients seamless connect whether internal or external, autodiscover works internal external.

        I sure hope I can get some clarity in this matter, I have not found any official TechNet articles that answer this issue clearly.

        Thanks
        Jason

  20. Jinu says:

    Hi All,

    can any help me if any setting need to do for accessing public folder in a setup where we use KEMP Load Balancer.
    Right now we are not able to access public folder ( Exchange 2010 Public Folder)
    Regards,
    Jinu

  21. Jason Reynolds says:

    Paul,

    For a site with a single CAS server I’m assuming that I’d have the CAS Array pointing directly at that CAS server? I have about 18 sites that have to be migrated from E2k3 to E2k10.

  22. AKhil Chopra says:

    HI Paul,

    First i would life to thanks you for your website which gives us good technical knowledge.

    My question to you. Can we create multiple cassarray name with same side

    e.g 1) DATABASE – Microsoft
    CASSARRAY name- outlook.microosft.com
    Site – USA
    2) DATABASE – Microsoft1
    CASSARRAY name- outlook1.microosft.com
    Site – LONDON

    Please see the above example and confirm me would be possible or not.

    PLEASE SEND THE ANSWER ON MAY EMAIL ADDRESS IF POSSIBLE – akhil.system@gmail.com

    Regards,
    Akhil Chopra

    • espadmin says:

      A CAS Array exists within a single AD Site. You can have one CAS Array per AD Site. You can have multiple CAS Arrays in your organization for different sites. They must all have unique names.

      • AKhil Chopra says:

        thanks paul

        But when we will switch our site to DR then the cassary will remain same with switched databases.

        But DR sites has its own cassarry of new datatbases if we create or already running, so automatically we have two cassarry on same side

        Post if i ma wrong

        • I can only go by the information you provide when you ask a question. Your first question seemed like a scenario of running multiple, separate Exchange sites. Now it seems like you’re asking about running a primary and a DR site.

          Designing for DR scenarios is a little different and its not something I can just give you a quick tip about because it is very important. I would encourage you to go look at some of the detailed documentation on TechNet for designing for DR.

  23. les says:

    Hi Paul,

    Great document by the way.

    I have a question for you?

    I have multiple sites configured in AD with site1 being my main DC and site2 being my DR site. Site 1 as four CAS servers defined in the CAS array and if I look at the CAS config I see the four servers defined there as members.

    My second site (Site2 which is used for DR ) also as four CAS servers in the site but they do not appear on the members list when the CASARRAY is in site 1.

    I have eight mailbox servers configured in a single DAG across both sites My clients point to a CAS array name which is an A record in DNS which resolves to a Citrix netscaler. The Citrix netscaler then load balances the connections across the four CAS servers in the curent live site.

    Site 2 (DR) also as a citric netscaler and it is configured with the four CAS servers in the DR site. When we fail service over to the DR site we also run the “Set-ClientAccessArray CASARRAYNAME -Site site2” and we cange the A record for CASARRAYNAME to now point to the IP address of the netscaler in the second site.

    My question is this, if I didn’t run the “Set-ClientAccessArray CASARRAYNAME -Site site2” what would be the resulting problem?

  24. Indraneel Nandoskar says:

    Hi All,
    I am in a learning phase and testing the CASArray concept in my test environment. I have the setup as below
    Two sites : site A and B
    site A: DC + two MBX servers + one HUB server + 2 CAS
    site B : ADC + one CAS + one HUB + two MBX
    DAG is configured and running successfully.

    I wanted to create CAS Array hence, I installed NLB in two CAS servers. Created the case array. Then I decided to test it for one database hence I changed the RPCclientAccessServer attribute of one database. Then I configured the outlook profile using autodiscover. the profile was configured. However I get the error message while opening the outlook profile

    When I change the RPCclientAccessServer back to my original cas server FQDN, I can configure the profile and open it successfully. I even can send / receive emails.

    What could be the issue ? any luck ?

  25. Michael Walsh says:

    Hi all,

    a question on the DAG set up. Must I absolutely have two NICS (Primary + Secondary) on each DAG member?

    Or will it work with just having one in each Server all on the same IP network.

    Thanks.

    Michael

    • Replication NICs/networks are not mandatory. A DAG will work and is supported to run with just one NIC/network for all client and replication traffic. Obviously this becomes an issue in larger environments where there is more replication traffic occuring.

  26. Brian Wing says:

    Hey Paul,
    I’m in the middle of a troubleshooting session with MS after enabling online archive mailboxes. It appears that our CAS array may not be working as expected. From monitoring CPU utilization one node is hammered and the other is flatlined at near 0% utilization.

    My question is this, is there any way to monitor which clients are connected to which host in the CAS array? I haven’t found much. I think the solution will be to move away from the NLB clustering to a true hardware load balancer, but in the meantime I was hoping you might have some insight into how to check on the connections to the individual CAS nodes.

    Thanks much,
    Brian

    • Brian Wing says:

      Paul, I think I might have answered this one myself. I see in the resource monitor if I check the RPCClientAccess service checkbox and look at the network section it shows the connection on that service.

      Thanks for the post BTW.

      Best regards
      Brian

  27. Les says:

    Hi Brian,

    EXMON is a tool grovided by MS which you install on the CAS servers and then run. It will come up and show you which users are connected to the CAS server and also things like the client version and the connection latency.

    Having read above the first thing I would do if I was you is check to see if both your CAS servers are able to take client connection. If your CAS Array name was CAS01 simply make a host entry on one of your client machines with CAS01 and the IP address of one of the Client access servers. Launch Outlook and see if you get a connection. Then move on to to the second CAS server and again check the connection. If both CAS servers take connection without issue the next thing would be to check you load balancer is configured correctly. We’d need to get more info of you regards the type of NLB your using but it sounds like it may be a Windows NLB which to be honest is not the best solution.

    Let me know how the above checks go.

  28. Navishkar Sadheo says:

    Hi Paul

    had a question, if a create a CAS array at a site comprising of 2 CAS servers without NLB or HLB.

    if one of the servers in that array went down, will outlook clients automatically connect to the next server in that CAS array??

    • The CAS array name resolves to an IP address. Without a load balancer that IP address will be for one server only. If that server goes down, the CAS array namespace goes down. You would need to change the DNS record to another server’s IP address to restore service. That is not a good HA solution.

    • Yes, that is how Exchange 2010 Client Access server high availability works.

      The CAS Array is namespace that resolves to a single IP address that points to a load balancer (whether that is NLB or a hardware/virtual load balancer), which distributes the traffic across multiple Client Access servers.

      Without a load balancer the single IP address can only be for one Client Access server. If that server goes down your Outlook clients will be unable to connect.

  29. Yurok says:

    Great article, thank you!

    I have two servers in a CAS array and need to add another one. We’ve shut one of them down after several unsuccessful WNLB fail-over tries; we’ll be using Citrix Netscaler to load-balance client traffic.

    1. Can you recommend any articles to follow for steps/best practices on adding a CAS server?
    2. Same for removing a CAS server from the array/domain.

    Both concepts seems simple; I just wanted to know if there are any caveats.

    Regards,
    Yurok

  30. We recommend that you create a Client Access server array even if you only have a single Client Access server within your organization.

    même si le client a oublé cette recommandation, la redirection des profiles Outlook vers le nouveau serveur reste faisable sous certaines conditions

    Merci

  31. Jeremy Steger says:

    Paul, great write up as always.
    Quick question. When I setup our Exchange environment I was not very familiar with CAS arrays, etc. and as such my CAS Array fqdn = exchangevs.domain.com with 2 CAS members. My F5 NLB fqdn is: exchangevs.domain.com as well. And all of my services OWA, etc. are https://exchangevs.domain.com/owa , etc. The fqdn internally resolves to the F5 NLB’s internal interface and external to the external interface. My question, Am I in serious trouble with this setup? Do I need to change the CAS Array’s fqdn to say: cas.domain.com and only set the internal DNS to resolve it? What issues would I expect to have If I did this?
    Thanks,
    Jeremy

  32. Kelvin S says:

    It’s a great article of yours and I have followed your article to the “T”. The issue I’m getting is Outlook 2010 clients are unable to connect to CAS Array. MAPI endpoint and RpcTcpPort has been configured according to this technet article http://technet.microsoft.com/en-us/library/ee332317(v=exchg.141).aspx#CASarray. Is there anyway/tools to trace where has gone wrong with during Outlook connectivity? Outlook Clients are able to connect to individual HTCAS directly and once it does, the CAS Array name will appear as server but when Outlook is restarted, it just fails to connect to server.

  33. George Howarth says:

    Hi Paul

    Great article and easy to follow and understand – I have “inherited” the setup described below and have a couple of questions hopefully you might be able to help with

    The setup is currently

    Site A 192.168.12.0 /22

    2 x AD
    1 x Exch2010 server running CAS, HT, DB

    Site B 192.168.0.0 /23

    2 x AD
    1 x Exch2010 server running CAS, HT, DB

    Both Site A and B are in the same domain.local AD structure, Default First Site Name and both Exch2010 DB are members of a DAG

    Currently there is no CAS array setup so some Outlook users is Site A connect to Exch2010 in Site B and vice-versa

    My Questions are as follows –
    1 – Would I be able to setup a CAS array even though both Exch2010 servers are on different subnets?
    2 – Can I create a CAS array or not if the DB are setup in a DAG – not sure but I’m guessing not?

    Any help / pointers would be appreciated as stated I have inherited the current setup and been asked to improve it / scrap it and start again without any mail flow issues to end users – a bit of a baptism of fire

    Ta

    George

    • 1. The CAS Array name resolves to an IP address. That IP address can be on a load balancer. That load balancer can load balance between servers in different subnets. This applies to hardware/virtual load balancers only (which is the recommended approach for CAS HA anyway)

      2. Whether the databases are involved in a DAG or not has no bearing on the CAS Array. What you may be thinking of there is that you cannot form an NLB cluster using multi-role servers that are also members of a DAG. NLB is not recommended anyway, so with a hardware/virtual load balancer you can quite happily load balance multi-role servers that are also DAG members.

  34. Jonathan says:

    Paul,

    Concerning the FQDN for the CASArray, I’ve seen that it’s not wise to use the same FQDN that you use for your external connections (owa, activesync, etc) (i.e. https://webmail.mydomain.org/). It’s recommended to use a domain name that’s not published out to the internet. If the CASArray FQDN is different than my public site address, that shouldn’t cause any major communication problems correct? Outlook should only care about the RPCClientAccessServer setting on the DB. It shouldn’t care about my autodiscoverinternalURI address should it?

    Also, should the FQDN for the CASArray match the NLB FQDN? Or does Exchange care about that consistency at all?

    JB

    • Correct. CAS Array namespace should be unique and not externally accessible.

      CAS Array FQDN can be different to other namespaces, eg cas.something.net vs webmail.companyname.com

      I’ve always made CAS FQDN and NLB FQDN the same.

  35. ER says:

    I am looking to migrate my existing exchange 2010 server to new hardware. I have been researching a bunch of different sites on the easiest way to do this. The only thing that I have done so far is build the second server and install exchange (same release as live). The information I came across said to create a CAS Array before moving my mailboxes or the mailboxes will not auto update. My question is this and it may be dumb… When setting up the DNS entry do I enter the IP of the new server for the array object?

  36. Rob Mulder says:

    it’s an a-record in internal DNS: casarray.domain.local = 10.100.10.10.
    Then I did: New-ClientAccessArray -Name CASARRAY -Fqdn casarray.domain.local -Site “Office1”

    • Yes, and is there anything active at that IP address?

      There’s nothing Exchange-specific about being able to ping something. Is there anything on that IP? Can you ping/tracert/etc from other hosts? Can it ping itself? Can you ping from local subnets but not remote subnets? Is there any firewalls in the way?

  37. Rob Mulder says:

    No, there I nothing on that IP besides the CAS Array…
    I have no loadbalancer……
    I think I need loadbalancing or DNS Pinpoint Zone for the CAS Array to work?

    • The CAS Array is just an object representing the RPCClientAccessServer that clients should connect to for accessing mailboxes. When you add the DNS record it has to point to an IP that actually exists on the network. So if you’ve pointed it to an IP that isn’t actually assigned to something then pings will simply time out.

      The IP address that the CAS Array name resolves to in DNS either needs to be the IP address of a Client Access server (if there is only one CAS in the site), or a load balanced IP address (often referred to as a VIP or Virtual IP) that distributes traffic amongst multiple CAS.

  38. Rob Mulder says:

    I figured that…. but maybe you can add this information under ‘Configuring the DNS Record for the Client Access Server Array’ in the article…?

    • The article already makes this clear. The section “BASIC REQUIREMENTS OF A CLIENT ACCESS SERVER ARRAY” explains what is required. The later section on high availability explains what to do for multi-CAS/HA scenarios.

  39. Roy Bene says:

    Hi, Paul.

    Thanks for this article. I have a question, however, as my scenario is a little different. I currently have a DAG with 3 nodes. I will be setting up a CAS array on the new server. This new server will be replacing a current DAG node, and will also be the primary Exchange server. If I do not need load balancing, and simply wish to install 1 CAS array, can it be on the DAG node with no problems? My DNS entry will be KKCAS.mydomain.com (internal domain name).

    Once this is all installed and I evict the old Exchange server node (then shut it down), I will need to repair the Outlook profiles to get it to connect to the new CAS name, correct? Or will Autodiscover pick it up? Is there an easier way to do this?

    Thanks in advance, sir.

    -Roy

  40. Garrett Michael Hayes says:

    Thanks for another great article. (Exchange Server Pro is the first thing I look for in search results.)

    I inherited an existing DAG, so I don’t know the configuration “history”, and I’m still groping my way through. Looking at some changes going forward, and I’m wondering if I’m misunderstanding something fundamental here about CAS and CAS arrays.

    The DAG has two servers, EX1 and EX2 with a shared IP (let’s say 10.10.10.101, 102 and 103 for EX1, EX2 and DAG respectively) Both servers have CAS, Hub and Mailbox roles installed.

    Mailboxes are stored for access at mail.domain.local, and that DNS record points to EX1 at 10.10.10.101.

    However, I added a host file record on a test machine pointing mail.domain.local to 10.10.10.103 – the DAG address, and Outlook was just peachy keen happy about that.

    There’s a network setup in Windows Failover Cluster Manager, with the relevant addresses defined for MAPI traffic.

    Does this mean the setup have failover capability? I’m not concerned about load balancing – just whether clients can reach the mailboxes if one server is offline.

  41. Rob Pelletier says:

    Thanks for making this simple – Microsoft hasn’t figured out how to do that yet!
    I have just installed a new Exch2010 server in an environment with an existing Exch2010 server. The final objective will be to have the new one do all the work, and old one will be retired (old hardware).
    So, I create my CASArray. I guess the DNS record should point to the old server at first, then point to the new one? Maybe change that address once the mailboxes have been moved?
    I will go back and read the article again before doing anything, but I am also curious: once the CASArray is configured and in DNS, etc. will I need to go to each Outlook client and point to it (they are pointing to oldexch.domain.local currently).

    • Rob Pelletier says:

      Ignore my last questions. Another reading of your article was all it took to answer them.

      Thanks again, Paul. Great article!

  42. Stome007 says:

    Dear Pual,
    I am still misunderstanding on DNS pointing, it mean if we have no Virtual IP (load balance) we can not use CAS array right?

    • You should always create the CAS Array.

      If you have multiple Client Access servers and no load balancer then you should at least point the CAS Array DNS record at one of the CAS IP addresses.

      But you won’t have a true high availability solution. If you have multiple CAS then you should also invest in a load balancer. They are not expensive.

  43. Stome007 says:

    Dear Pual,

    I have problem with outlook connect to CAS array it said can not open profile …ost is not an outlook profile ….

    Here my exchange environment:

    I have DAG witch consist two member (EXC01 and EXC02) TEST.LOCAL

    First, I have one mailboxdatabse named “ICT” witch conncted to EXC01.TEST.LOCAL as rpcaccessserver then I create a CAS array name mail.test.local.

    After then I update then mailboxdatabase “ICT” connect to CAS array mail.test.local
    “Set-MailboxDatabase ICT -RpcClientAccessServer mail.test.local”.

    in my outlook client working very well to CAS array mail.test.local but when the fist server EXC01 down the outlook is disconected , and if we create a new profile it was error as I mention above but we can connect through by OWA .

    Regard,
    Stome007

        • Stome007 says:

          Dear Pual,

          Yeas, Both exchange server were install all role.

          What is the problem that outlook can not connect to EXC02 event I had updated RpcClientAccessServer to EXC02?
          but it can reach mailbox vai OWA.

          Brg, Stome007

        • I can’t see your configuration but it sounds a bit messed up to me, or perhaps you’re just not explaining it clearly. Here’s what I think you need.

          You have two servers, EXC01 and EXC02. All of the Client Access namespaces (OWA, ActiveSync, EWS, Autodiscover, etc) on both servers should be configured the same (eg, webmail.test.local). Both servers should also have the same SSL certificate installed.

          You should also have a CAS Array created for that site. The name of the CAS Array should be different from the Client Access namespaces above. If you’ve used webmail.test.local, for example, then the CAS Array could be mail.test.local or outlook.test.local or casarray.test.local.

          The RPCClientAccessServer attribute of the mailbox database should be configured to the same name as the CAS Array. Once this has been configured you don’t need to change it again.

          The DNS records for both the Client Access namespace *and* the CAS Array name should resolve to a load balancer that distributes traffic between both Exchange servers.

          If you do not have a load balancer then they should resolve to one of the Exchange servers. You should set the TTL value for those DNS records to something low like 5 minutes or 1 minute.

          If that server goes down, assuming the Client Access configuration is all correct and the DAG is failing over correctly, the only thing you should have to do is update the DNS record so that it resolves to the Exchange server that is still online.

  44. Tan Pham says:

    Hi Paul,
    It’s really a nice Article. I’m planing to configure an Array for my Exchange environment. I have all Outlook client connect to a CAS server name “mail.ourdomain.com” internally. What would happen if i setup an array name the same as the server FQDN “mail.ourdomain.com”?
    Cause I don’t want to make any impact to outlook clients.
    Please give advices.
    Thanks,
    Tan Pham ( Vietnam)

    • Tan Pham says:

      Hi Paul
      Additional information that, All of the Client Access namespaces (OWA, ActiveSync, EWS, Autodiscover, etc) is pointing to “mail-siteA.ourdomain.com”
      Regards,
      Tan Pham

  45. Phil Goldwasser says:

    Hi Paul, as always I cannot build Exchange servers without your website! I want to follow up on the last comment. Currently my client has one exchange 2010 server. His business is expanding rapidly and he has purchased three more servers. We are going to have two CAS boxes and two DAG boxes. Currently the url for the email is mail.xyz.com. I understand that we cannot just use mail.xyz.com for the new CAS Array that I need to create. But if I basically took email down for a night, would it be possible for me to change the name on the current server to say CAS1.xyz.com and build my other CAS server as CAS2.xyz.com, and then I would be free to use mail.xyz.com on for my array. The issue that there are hundreds of email boxes in scores of offices scattered all over New York State. I want to avoid a major effort of having to make changes on every copy of Outlook out there.

    What do you think?

    • You can’t rename an Exchange server, so rule out any plan that involves renaming the server itself.

      Note also that the CAS Array name must be different from other names such as Outlook Anywhere or OWA.

      You should already have a CAS Array defined, even for a single server deployment. If you don’t, then you’ll need to create one so you can have HA for Client Access. Profile updates in Outlook can be scripted/automated, if that is a problem for you.

      • Phil Goldwasser says:

        We will look for the scripting, however, I am trying to make it as easy as possible. I don’t want to change the server name. The server is called xyzexch.xyz.local. However, mail.xyz.com is the DNS setting for outlook. I would like to be able to continue to use mail.xyz.com on all of the machines. Right now in outlook on the first page when we set up for servername I use xyzexch.local. In the Outlook proxy setup, I use mail.xyz.com. Once I set up the CAS array I assume that I instead of xyzexch.xyz.local I will have to use the new CAS array object name. Is that correct? And then in the proxy setting I will still be able to use mail.xyz.com, is that also correct?

          • Phil Goldwasser says:

            I’m beginning to think this is getting a bit over my head. Forget about the new KEMP LoadMaster we just got (hardware). So I have a few hundred outlook clients out there connecting to my current single Exchange server. I think my first step before I deploy any more servers or my loadmaster is to create the CAS array. My current server is called xyzexch.xyz.local. My CAS name will be xyzmail.xyz.local. My Outlook clients (all of them remote using outlook anywhere) are all pointing to xyzexch.xyz.local as the servername so I assume they all need to change to xyzmail.xyz.local. Is that correct? This will not happen through autodiscover on its own, at least I do not think so. The exchange proxy settings are all set to mail.xyz.com, and I think that will stay the same. So ultimately, I need to find a way to change the servername from xyzexch to xyzmail. Right?

          • The Exchange proxy setting is the Outlook Anywhere namespace.

            Definitely the first thing you should do is create the CAS Array object, DNS record (point it to one CAS if you don’t have a load balancer yet), and update the RPCClientAccessServer attribute on your databases.

            The CAS Array namespace must be different to any other namespace, must not be externally resolvable, and is only used by internally connected clients. Externally connected clients will continue to use Outlook Anywhere.

            When everything is in place, Autodiscover will configure any newly created Outlook profile correctly. Under some circumstances it will also update existing ones, but you’ll need to test that in your situation. Worst case scenario you would need to script or manually update profiles to take advantage of load balancing/HA. If they’re connecting via Outlook Anywhere they’ll get HA regardless of what the server name looks like in their profile.

  46. Phil Goldwasser says:

    All of the outlook clients are using Outlook anywhwere I believe. There is one office with a site to site VPN to the datacenter, so for them, we might have to make some changes. I think I understand this now. Thanks!

  47. Saaj says:

    Great article as always Paul, really appreciate the time you take to read through the comments and respond.

    I am a little puzzled about what firewall changes I need to make in order to get my OWA, ActiveSync, etc to work properly once my CAS array has been configured. I realize that the CAS array should not be accessible externally, so I have created a unique namespace of outlook.domain.com which is only accessible internally. My client access namespace is mail.domain.com which currently has an external IP mapping to one of my server’s NIC for OWA, OA, ActiveSync etc to work. We have split DNS for mail.domain.com. You mentioned that both CAS array and external namespace DNS can point to the same IP which makes sense. While configuring the firewall rules for OWA etc for external access, should I point external IP for mail.domain.com to NLB VIP or one of the CAS server’s NIC? I would have thought NLB VIP to make use of HA but then that would mean I am also exposing the NLB VIP/CAS array IP externally by opening ports 80, 443 etc right? Or am I getting things mixed up here? Either way, your input would be greatly appreciated.

    Many Thanks.

    • The CAS Array *namespace* can’t be externally accessible. In other words, it should not resolve in public DNS.

      The CAS Array can share a VIP with other services. So you can point your firewall rule to the load balanced VIP.

      OWA, OA, ActiveSync operate on port 443 (HTTPS). They do not operate on port 80, so there is no need to open port 80.

  48. kd says:

    Hi Paul,

    I have 2 exchange 2010 server with CAS/HT/MBX role installed each on a single domain.
    Both Servers are members of DAG, currently the active database sits on ex01 if ex01 fails the passive database in ex02 will be the active but then my clients are unable to connect to their mailbox, I would like to ask for your advise. Thanks and regards

      • kd says:

        Hi Paul,

        Thanks for your reply. So this is how it goes, if my primary exchange server (EX01) with DB01 goes down it will failover to EX02 with DB02, should I set the RPC Client access to EX02 and update the Host A record on the local DNS and point it to EX02? or should I point it to DAG IP?

        Thank you so much!

        Regards,
        KD

        • No, that’s not how it works.

          You establish the CAS Array object and namespace once, and in DNS it resolves to a load balanced IP address. The RPClientAccessServer is configured on the databases once and doesn’t change.

          Your load balancer handles the distribution of traffic between servers, and adjusts for any server outages.

          The DAG IP is not a client endpoint and the CAS Array namespace should not resolve to that IP address.

  49. Phil Goldwasser says:

    Hi Paul. I decided to set up a test lab to work on this in advance and I have some interesting results. I want to get your comments before I consider to do this in production.

    My lab consists of three machines:
    A 2013 server running Exchange 2010 sp3 named exch01
    A Windows 10 machine running Outlook 2010 which is local to the server named win10local
    A Windows 2003 server running Outlook 2010 which is remote to the server named 2003remote.
    Domain is called test.local

    My internal and external namespaces for all services is mail.lifstaging.co. MX records point that to my test server. Internal and External DNS points mail.lifestaging.co to my server. Firewall is forwarding 443 and 25 to my server.

    Exchange 2010 is a basic install and was able to send email in and out of the internet. I set up a free 90 day SSL certificate for mail.lifestaging.co and then was able to connect from both the win10local machine as well as the 2003remote machine.

    So far so good.

    I followed your instructions above and I created a CAS array object:

    New-ClientAccessArray -Name “cas-lifestaging” -Fqdn “outlook.lifestaging.com” -Site “Default-First-Site-Name”

    Since I only have one server for this test, I set my internal DNS to have outlook.lifestaging.co resolve to the ip address of exch01.

    Next I did
    Set-MailboxDatabase “Mailbox Database 0142386586” -RpcClientAccessServer “outlook.lifestaging.co”

    No errors from any of that.

    I started outlook on win10local and it connected with no issue. Connection status still showed exch01.test.local as the servername and the proxy info was set to mail.lifestaging.co. I was able to edit the servername and I changed it to outlook.lifestaging.co and that worked like a charm. I then created a new profile using outlook.lifestaging.co as the servername and mail.lifestaging.co as the proxy server name and it worked. Just to see what would happen, I set a new profile using the servername exch01.test.local with the proxy server mail.lifestaging.co and lo and behold, it changed the server name to outlook.lifestaging.co.

    I then started outlook on 2003remote and it connected up. I checked the connection status and I noticed that it had a connection to both exch01.test.local AND to outlook.lifestaging.co. I thought that interesting. I went to edit the profile and it had changed the server name from exch01.test.local to outlook.lifestaging.co. That was not what I expected to happen there, but I was happy to see it happen.

    So I learned a couple of things in this test. When I do this in production, I will likely have to edit all of the outlook profiles for the dozen or so machines that are local to the server. The remaining 150 or so outlook clients will seemingly change their servername by themselves. Of course I have only tested this on Outlook 2010. I know there is some Outlook 2003 out there, and I am guessing that for those machines, I will have to do this all manually.

    So my plan for production is to create the CAS array object and have it point to the single existing Exchange server just like I did in the test. We will wait a week or so to make sure that everyone’s profile has the new CAS array object in the servername field. Once that is done, I can add my second CAS box to the CAS array and configure my kemp load balancer. Does that sound like a good plan?

    Finally, I am also creating a new DAG. All of the mailboxes are on the existing exchange server. I will add two new servers each only having the mailbox server role and create four databases in the DAG and then move the users to the new Databases.

    One last question, and I think it does not matter too much either way, but I could do the DAG first or I could do it after I create the CAS array and do the load balancing. Which way would you recommend. When I started thinking about this project, I thought to do it last, but now I am thinking perhaps I should do it first.

    Thanks for all of your help and for your amazing website!

    • Yes, you can point the CAS Array DNS entry to a single server’s IP address until you’ve got a load balancer VIP to point it at.

      If you’re deploying a DAG anyway consider deploying multi-role servers, so that you have fewer servers to manage. That is the recommended practice.

      The DAG can be first or last, your choice. Consider that if you want to do proper testing of the DAG (eg cut power to a node to confirm failover works) it’s better to have it all set up and tested in advance before you put any prod mailboxes on their.

      • Phil Goldwasser says:

        Thanks! I had recommended multi-role servers, but this seemed more highly available to the powers that be. Not my call to make, and it is one of those things where the budget was there and they wanted to spend it.

          • Phil Goldwasser says:

            You wont believe this, but the client read about Exchange 2016 and wants to migrate! So I am scrapping all of my original plan and I am going to build three Exchange 2016 servers. I will create a DAG between them, but it looks like CAS array is not in the picture anymore. Is that correct? I still have my KEMP load balancer. So what is the replacement for the CAS array now? I tried to find this on yout site, but I did not locate the info.

  50. Mridul Anand says:

    Hi Paul,
    Great article!
    can we point the dns record to one of the cas servers if load balancers are not deployed?
    wat will be the cons if I do so? and in case of a failure will it be redirected to another cas server assuming that cas array has dns record pointing to EX1.contoso.com and my cas array has two members ex1 and ex2, if ex1 goes down then?

    • If you don’t have a load balancer then yes, point it at one of the CAS. If that CAS goes down you’ll need to update that DNS record manually. A load balancer is obviously recommended so that you get proper HA.

  51. Sunil says:

    Hi paul,

    we have 4 CAS server those are associated with CASSARRAY name, But we want to remove one cas server out of CASSARRAY name .

    Would it be possible , if yes then let us know.

  52. Kutub says:

    Hi Paul,
    Thank you, your articles have been of great help.
    i have a scenario where – there are 3 CAS/HT servers as CASarray with NLB and 3 MB as DAG. all are running on virtual servers windows 2008 R2 as guest & host. we are now migrating to the new host and i did copied/exported existing one of the CAS server to new host windows 2012 R2. CAS server booted fine without any error and everything seems to be working except it was not able to find ADsite automatically and event viewer error 2604. to resolve it, i have added a manual registry entry site name (HKLMsystemcurrentControlSetservicesnetlogonparemeters). now topology related 2604 error no longer appearing. but i am having issue with Outlook 2010/2013 connecting to this migrated CAS always shows status as “trying to connect” and those stations are even not able to open webmail!
    That migrated CAS is able to send/receive email and even restarting an outlook makes a brief connection and send/receive new email and them immediately goes into “trying to connect”.
    please see if you can help me out on it!

    • “i did copied/exported existing one of the CAS server to new host windows 2012 R2”

      I suspect that is what has broken the server. I’m not sure whether that is supported for Exchange VMs or not, and it sounds like something that could easily cause a problem.

  53. Timm says:

    Following your directions here, I implemented a CAS Array for each server in each of my 4 sites. Single server in each site, so only one server is in each CAS Array. Ever since implementing the CAS Array, a smattering of users (I’d say about 20%) get the error “The Microsoft Exchange Administrator has made a change that requires you quit and restart Outlook.” even though no changes have been made to the users mailbox. The client is connecting to the correct CAS server. As far as I can tell it might be due to public folders, but I don’t have any non-cas servers that host public folders (single server in every site so I can’t just move the Public Folders to a non-CAS server like some solutions suggest). I’m at a loss for what else the issue might be. Any further suggestions?

    • Timm says:

      I ended up paying $500 to Microsoft who basically told me to either move my Public Folders to a server that doesn’t have a CAS role (not an option unless microsoft was going to give me a free license of exchange) or to remove the CAS array.
      Moral of the story, think twice about implementing a CAS array if you are in an environment where your public folders can’t be on their own server.

  54. Zohaib says:

    dear paul,

    can we have multiple CAS array is single AD Site, i have requirement in which i have to test Hardware Load Balancer and only allow some users to pass through it. can it be possible

Leave a Reply

Your email address will not be published. Required fields are marked *