An often misunderstood feature of Exchange Server 2010 is the Client Access server array, or CAS array.
In Exchange Server 2007 the Client Access server role was introduced to perform a similar role to the Exchange 2003 Front-End server, in that it was responsible for accepting client connections for services such as Outlook Web Access, ActiveSync, Outlook Anywhere, and other web services. However a mailbox user still connected directly to the Exchange 2007 Mailbox server for mailbox and public folder access.
In Exchange Server 2010 the Client Access server role was expanded to include a new service called the RPC Client Access Service. This service allows Outlook clients to connect via MAPI/RPC to the Client Access server for mailbox access, however they do still connect directly to mailbox servers for public folder access.
This new RPC Client Access service delivers several benefits to the organization:
- Connections to mailbox resources are made via a common path
- Connection throttling and other rules can be applied to mailbox connectivity
- The end user experience during Mailbox server failovers and mailbox moves is improved
- The RPC Client Access service can be made highly available
Basic Requirements of a Client Access Server Array
Although a CAS array is often assumed to be highly available, it is important to realise that it is not the Client Access Server array itself that delivers high availability.
The Client Access Server array is simply an object in Active Directory that associates a DNS name with the RPC Client Access Service for a particular AD Site.
Therefore to create a CAS array you only need to:
- Create the CAS Array object in Active Directory
- Configure a DNS record for the CAS Array name pointing to an IP address for a Client Access server
- Configure the RPCClientAccessServer attribute on the mailbox databases in that site
Creating a Client Access Server Array
CAS Array objects are created using the Exchange Management Shell and the New-ClientAccessArray cmdlet. In this example a CAS Array is created with:
- a name of “cas-headoffice”
- a FQDN of “outlook-ho.exchangeserverpro.net”
- the AD Site of “HeadOffice”
[PS] C:\>New-ClientAccessArray -Name cas-headoffice -Fqdn outlook-ho.exchangeserverpro.net -Site HeadOffice Name Site Fqdn Members ---- ---- ---- ------- cas-headoffice HeadOffice outlook-ho.exchangeserverpr... {HO-EX2010-MB1, HO-EX2010-MB2}
If you are running a single AD Site in your organization the CAS Array name and FQDN can be anything you like, however if you’re running multiple sites then you will need to put some thought into a naming standard for your CAS Arrays so that each one is unique.
Configuring the DNS Record for the Client Access Server Array
The next step is to configure a DNS A record for the FQDN you specified when creating the CAS Array object.
Configure the RPCClientAccessServer Attribute on Mailbox Databases
The final step is to configure the mailbox databases with the correct RPCClientAccessServer attribute. It is this attribute that Outlook looks up to determine which RPC Client Access Server to connect to for a given mailbox.
The attribute is set automatically when the mailbox database is created to either:
- The CAS Array name if one already exists in the AD Site
- The FQDN of a Client Access server in the AD Site
You can see from this that it is wise to configure the CAS Array object first before creating mailbox databases, or at the very least creating the CAS Array object and updating the mailbox databases before deploying mailbox users to those databases.
You can check the existing settings by running the Get-MailboxDatabase cmdlet.
[PS] C:\>Get-MailboxDatabase | select name,rpcclientaccessserver | ft -auto Name RpcClientAccessServer ---- --------------------- MB-HO-01 HO-EX2010-MB1.exchangeserverpro.net MB-HO-02 HO-EX2010-MB1.exchangeserverpro.net MB-BR-01 BR-EX2010-MB.exchangeserverpro.net MB-HO-03 HO-EX2010-MB1.exchangeserverpro.net RDB-HO-01 HO-EX2010-MB1.exchangeserverpro.net
To update the RPCClientAccessServer attribute for a mailbox database run the Set-MailboxDatabase cmdlet.
[PS] C:\>Set-MailboxDatabase MB-HO-01 -RpcClientAccessServer outlook-ho.exchangeserverpro.net
High Availability for Exchange 2010 Client Access Server Arrays
As I mentioned earlier one of the benefits of the CAS Array is that is enables the RPC Client Access Server service to be made highly available.
The configuration of the CAS Array itself is the same, however instead of pointing the DNS record at the IP address of a single Client Access server you would point it at the virtual IP of a load balanced array of servers.
The load balancing can be achieved in multiple ways:
- By deploying a Windows Network Load Balancing (NLB) cluster for the Client Access Servers
- By deploying a virtual or hardware-based load balancer appliance
Best Practices for Exchange Server 2010 CAS Arrays
Because of the behaviour of the mailbox databases and their RPCClientAccessServer attributes, and how this is handled by different Outlook versions, it is considered best practice to:
- Always configure CAS Arrays in your Exchange 2010 sites
- Configure the CAS Array before you provision mailbox databases or mailbox users to Exchange 2010 in that site
Microsoft themselves recommend this as a best practice.
We recommend that you create a Client Access server array even if you only have a single Client Access server within your organization.
This has several benefits, such as:
- making it easy to scale out the CAS Array name to multiple Exchange 2010 Client Access servers
- making it simpler to replace a Client Access server with a new one of a different name
- migrating the MAPI endpoint to future versions of Exchange Server
Hi Paul,
Confirm you confirm if our CAS servers can access to the public ?
We have TMG server 2010 to access to the public but now we have problema in local TMG servers that cannot install new certificate from Digicert.
Can we configure CAS servers to access to the public with the virtual name ?
Hi Paul,
One question, I have two servers A and B in the CasArray outlook.lab.local group; after the migration to 2016 I should disassemble the old exchange 2010…. the correct procedure can be this one.
1) remove the cas
2. remove the dag
3) delete the two standalone servers
How do I remove the case?
Thank you very much
Antonio
Hi Paul,
Urgently need your help please!
We have Two AD sites, and planning to implement a multi site DAG
In Site1 we have :
SRV1 – MBX,CAS,HUB
SRV2 – MBX,CAS,HUB
SRV3 – MBX
In Site2 we have
SRV1 – MBX,CAS,HUB
SRV2 – MBX,CAS,HUB
We do not! have any CAS array.
If our Site1 fails completely (NO CAS, MBX, HT), how do we point outlook connections to Site2 ?
Could you please check and advise.
Hi Paul,
Lets say there is a hardware load balancer and 2 exchange servers both with their CAS server. The CAS array ip will be pointing to the VIP of the load balancer.
Im interested in knowing how exactly does the CAS array work? For example does the mail come in to the CAS array first so that it determines which mailbox database the mail goes? then it goes through the load balancer round robin to determine which CAS it goes to?
Or maybe it goes through the load balancer first then end up in CAS servers… and somehow CAS array is involved.
I am totally confused as to the relationship and procedure between the CAS, CAS array and load balancer.
Thank you for your time.
The Real Person!
The Real Person!
CAS is a server role for client access (Outlook, OWA, ActiveSync, etc). The CAS role is not involved in mail flow.
CAS Array is a pointer for one specific type of client access (RPC). It isn’t involved in mail flow.
The load balancer’s job is to receive client traffic and distribute it evenly to the available CAS servers. The load balancer can handle the load balancing of RPC traffic (CAS Array), as well as other client traffic such as OWA, ActiveSync, etc.
dear paul,
can we have multiple CAS array is single AD Site, i have requirement in which i have to test Hardware Load Balancer and only allow some users to pass through it. can it be possible
The Real Person!
The Real Person!
There can only be one CAS Array per site. However, where the CAS Array name resolves to is controlled using DNS. So you can use a hosts file to have some users connect to a different IP for testing purposes.
https://www.practical365.com/testing-connectivity-and-dns-changes-with-a-hosts-file/
Following your directions here, I implemented a CAS Array for each server in each of my 4 sites. Single server in each site, so only one server is in each CAS Array. Ever since implementing the CAS Array, a smattering of users (I’d say about 20%) get the error “The Microsoft Exchange Administrator has made a change that requires you quit and restart Outlook.” even though no changes have been made to the users mailbox. The client is connecting to the correct CAS server. As far as I can tell it might be due to public folders, but I don’t have any non-cas servers that host public folders (single server in every site so I can’t just move the Public Folders to a non-CAS server like some solutions suggest). I’m at a loss for what else the issue might be. Any further suggestions?
I ended up paying $500 to Microsoft who basically told me to either move my Public Folders to a server that doesn’t have a CAS role (not an option unless microsoft was going to give me a free license of exchange) or to remove the CAS array.
Moral of the story, think twice about implementing a CAS array if you are in an environment where your public folders can’t be on their own server.
Hi Paul,
Thank you, your articles have been of great help.
i have a scenario where – there are 3 CAS/HT servers as CASarray with NLB and 3 MB as DAG. all are running on virtual servers windows 2008 R2 as guest & host. we are now migrating to the new host and i did copied/exported existing one of the CAS server to new host windows 2012 R2. CAS server booted fine without any error and everything seems to be working except it was not able to find ADsite automatically and event viewer error 2604. to resolve it, i have added a manual registry entry site name (HKLMsystemcurrentControlSetservicesnetlogonparemeters). now topology related 2604 error no longer appearing. but i am having issue with Outlook 2010/2013 connecting to this migrated CAS always shows status as “trying to connect” and those stations are even not able to open webmail!
That migrated CAS is able to send/receive email and even restarting an outlook makes a brief connection and send/receive new email and them immediately goes into “trying to connect”.
please see if you can help me out on it!
The Real Person!
The Real Person!
“i did copied/exported existing one of the CAS server to new host windows 2012 R2”
I suspect that is what has broken the server. I’m not sure whether that is supported for Exchange VMs or not, and it sounds like something that could easily cause a problem.
Hi paul,
we have 4 CAS server those are associated with CASSARRAY name, But we want to remove one cas server out of CASSARRAY name .
Would it be possible , if yes then let us know.
Hi Paul,
Great article!
can we point the dns record to one of the cas servers if load balancers are not deployed?
wat will be the cons if I do so? and in case of a failure will it be redirected to another cas server assuming that cas array has dns record pointing to EX1.contoso.com and my cas array has two members ex1 and ex2, if ex1 goes down then?
The Real Person!
The Real Person!
If you don’t have a load balancer then yes, point it at one of the CAS. If that CAS goes down you’ll need to update that DNS record manually. A load balancer is obviously recommended so that you get proper HA.
Hi Paul. I decided to set up a test lab to work on this in advance and I have some interesting results. I want to get your comments before I consider to do this in production.
My lab consists of three machines:
A 2013 server running Exchange 2010 sp3 named exch01
A Windows 10 machine running Outlook 2010 which is local to the server named win10local
A Windows 2003 server running Outlook 2010 which is remote to the server named 2003remote.
Domain is called test.local
My internal and external namespaces for all services is mail.lifstaging.co. MX records point that to my test server. Internal and External DNS points mail.lifestaging.co to my server. Firewall is forwarding 443 and 25 to my server.
Exchange 2010 is a basic install and was able to send email in and out of the internet. I set up a free 90 day SSL certificate for mail.lifestaging.co and then was able to connect from both the win10local machine as well as the 2003remote machine.
So far so good.
I followed your instructions above and I created a CAS array object:
New-ClientAccessArray -Name “cas-lifestaging” -Fqdn “outlook.lifestaging.com” -Site “Default-First-Site-Name”
Since I only have one server for this test, I set my internal DNS to have outlook.lifestaging.co resolve to the ip address of exch01.
Next I did
Set-MailboxDatabase “Mailbox Database 0142386586” -RpcClientAccessServer “outlook.lifestaging.co”
No errors from any of that.
I started outlook on win10local and it connected with no issue. Connection status still showed exch01.test.local as the servername and the proxy info was set to mail.lifestaging.co. I was able to edit the servername and I changed it to outlook.lifestaging.co and that worked like a charm. I then created a new profile using outlook.lifestaging.co as the servername and mail.lifestaging.co as the proxy server name and it worked. Just to see what would happen, I set a new profile using the servername exch01.test.local with the proxy server mail.lifestaging.co and lo and behold, it changed the server name to outlook.lifestaging.co.
I then started outlook on 2003remote and it connected up. I checked the connection status and I noticed that it had a connection to both exch01.test.local AND to outlook.lifestaging.co. I thought that interesting. I went to edit the profile and it had changed the server name from exch01.test.local to outlook.lifestaging.co. That was not what I expected to happen there, but I was happy to see it happen.
So I learned a couple of things in this test. When I do this in production, I will likely have to edit all of the outlook profiles for the dozen or so machines that are local to the server. The remaining 150 or so outlook clients will seemingly change their servername by themselves. Of course I have only tested this on Outlook 2010. I know there is some Outlook 2003 out there, and I am guessing that for those machines, I will have to do this all manually.
So my plan for production is to create the CAS array object and have it point to the single existing Exchange server just like I did in the test. We will wait a week or so to make sure that everyone’s profile has the new CAS array object in the servername field. Once that is done, I can add my second CAS box to the CAS array and configure my kemp load balancer. Does that sound like a good plan?
Finally, I am also creating a new DAG. All of the mailboxes are on the existing exchange server. I will add two new servers each only having the mailbox server role and create four databases in the DAG and then move the users to the new Databases.
One last question, and I think it does not matter too much either way, but I could do the DAG first or I could do it after I create the CAS array and do the load balancing. Which way would you recommend. When I started thinking about this project, I thought to do it last, but now I am thinking perhaps I should do it first.
Thanks for all of your help and for your amazing website!
The Real Person!
The Real Person!
Yes, you can point the CAS Array DNS entry to a single server’s IP address until you’ve got a load balancer VIP to point it at.
If you’re deploying a DAG anyway consider deploying multi-role servers, so that you have fewer servers to manage. That is the recommended practice.
The DAG can be first or last, your choice. Consider that if you want to do proper testing of the DAG (eg cut power to a node to confirm failover works) it’s better to have it all set up and tested in advance before you put any prod mailboxes on their.
Thanks! I had recommended multi-role servers, but this seemed more highly available to the powers that be. Not my call to make, and it is one of those things where the budget was there and they wanted to spend it.
The Real Person!
The Real Person!
Baffling. Why not buy 3 servers instead of 4 and do a three node DAG, even “more highly available” than a 2+2 topology. Or spend the extra on a better load balancer.
You wont believe this, but the client read about Exchange 2016 and wants to migrate! So I am scrapping all of my original plan and I am going to build three Exchange 2016 servers. I will create a DAG between them, but it looks like CAS array is not in the picture anymore. Is that correct? I still have my KEMP load balancer. So what is the replacement for the CAS array now? I tried to find this on yout site, but I did not locate the info.
Hi Paul,
I have 2 exchange 2010 server with CAS/HT/MBX role installed each on a single domain.
Both Servers are members of DAG, currently the active database sits on ex01 if ex01 fails the passive database in ex02 will be the active but then my clients are unable to connect to their mailbox, I would like to ask for your advise. Thanks and regards
The Real Person!
The Real Person!
My advice is to read the article above. If you’ve got a more specific question I’m happy to try and answer it.
Hi Paul,
Thanks for your reply. So this is how it goes, if my primary exchange server (EX01) with DB01 goes down it will failover to EX02 with DB02, should I set the RPC Client access to EX02 and update the Host A record on the local DNS and point it to EX02? or should I point it to DAG IP?
Thank you so much!
Regards,
KD
The Real Person!
The Real Person!
No, that’s not how it works.
You establish the CAS Array object and namespace once, and in DNS it resolves to a load balanced IP address. The RPClientAccessServer is configured on the databases once and doesn’t change.
Your load balancer handles the distribution of traffic between servers, and adjusts for any server outages.
The DAG IP is not a client endpoint and the CAS Array namespace should not resolve to that IP address.
Great article as always Paul, really appreciate the time you take to read through the comments and respond.
I am a little puzzled about what firewall changes I need to make in order to get my OWA, ActiveSync, etc to work properly once my CAS array has been configured. I realize that the CAS array should not be accessible externally, so I have created a unique namespace of outlook.domain.com which is only accessible internally. My client access namespace is mail.domain.com which currently has an external IP mapping to one of my server’s NIC for OWA, OA, ActiveSync etc to work. We have split DNS for mail.domain.com. You mentioned that both CAS array and external namespace DNS can point to the same IP which makes sense. While configuring the firewall rules for OWA etc for external access, should I point external IP for mail.domain.com to NLB VIP or one of the CAS server’s NIC? I would have thought NLB VIP to make use of HA but then that would mean I am also exposing the NLB VIP/CAS array IP externally by opening ports 80, 443 etc right? Or am I getting things mixed up here? Either way, your input would be greatly appreciated.
Many Thanks.
The Real Person!
The Real Person!
The CAS Array *namespace* can’t be externally accessible. In other words, it should not resolve in public DNS.
The CAS Array can share a VIP with other services. So you can point your firewall rule to the load balanced VIP.
OWA, OA, ActiveSync operate on port 443 (HTTPS). They do not operate on port 80, so there is no need to open port 80.
Excellent, thanks Paul. My CAS array namespace outlook.domain.com does not resolve externally.
Just to confirm, the external IP for mail.domain.com can be NAT’d to the CAS array IP?
Thanks again.
The Real Person!
The Real Person!
Yes.
All of the outlook clients are using Outlook anywhwere I believe. There is one office with a site to site VPN to the datacenter, so for them, we might have to make some changes. I think I understand this now. Thanks!
Hi Paul, as always I cannot build Exchange servers without your website! I want to follow up on the last comment. Currently my client has one exchange 2010 server. His business is expanding rapidly and he has purchased three more servers. We are going to have two CAS boxes and two DAG boxes. Currently the url for the email is mail.xyz.com. I understand that we cannot just use mail.xyz.com for the new CAS Array that I need to create. But if I basically took email down for a night, would it be possible for me to change the name on the current server to say CAS1.xyz.com and build my other CAS server as CAS2.xyz.com, and then I would be free to use mail.xyz.com on for my array. The issue that there are hundreds of email boxes in scores of offices scattered all over New York State. I want to avoid a major effort of having to make changes on every copy of Outlook out there.
What do you think?
The Real Person!
The Real Person!
You can’t rename an Exchange server, so rule out any plan that involves renaming the server itself.
Note also that the CAS Array name must be different from other names such as Outlook Anywhere or OWA.
You should already have a CAS Array defined, even for a single server deployment. If you don’t, then you’ll need to create one so you can have HA for Client Access. Profile updates in Outlook can be scripted/automated, if that is a problem for you.
We will look for the scripting, however, I am trying to make it as easy as possible. I don’t want to change the server name. The server is called xyzexch.xyz.local. However, mail.xyz.com is the DNS setting for outlook. I would like to be able to continue to use mail.xyz.com on all of the machines. Right now in outlook on the first page when we set up for servername I use xyzexch.local. In the Outlook proxy setup, I use mail.xyz.com. Once I set up the CAS array I assume that I instead of xyzexch.xyz.local I will have to use the new CAS array object name. Is that correct? And then in the proxy setting I will still be able to use mail.xyz.com, is that also correct?
The Real Person!
The Real Person!
You shouldn’t need to enter anything in Outlook during profile setup, because Autodiscover should be handling all that for you.
I’m beginning to think this is getting a bit over my head. Forget about the new KEMP LoadMaster we just got (hardware). So I have a few hundred outlook clients out there connecting to my current single Exchange server. I think my first step before I deploy any more servers or my loadmaster is to create the CAS array. My current server is called xyzexch.xyz.local. My CAS name will be xyzmail.xyz.local. My Outlook clients (all of them remote using outlook anywhere) are all pointing to xyzexch.xyz.local as the servername so I assume they all need to change to xyzmail.xyz.local. Is that correct? This will not happen through autodiscover on its own, at least I do not think so. The exchange proxy settings are all set to mail.xyz.com, and I think that will stay the same. So ultimately, I need to find a way to change the servername from xyzexch to xyzmail. Right?
The Real Person!
The Real Person!
The Exchange proxy setting is the Outlook Anywhere namespace.
Definitely the first thing you should do is create the CAS Array object, DNS record (point it to one CAS if you don’t have a load balancer yet), and update the RPCClientAccessServer attribute on your databases.
The CAS Array namespace must be different to any other namespace, must not be externally resolvable, and is only used by internally connected clients. Externally connected clients will continue to use Outlook Anywhere.
When everything is in place, Autodiscover will configure any newly created Outlook profile correctly. Under some circumstances it will also update existing ones, but you’ll need to test that in your situation. Worst case scenario you would need to script or manually update profiles to take advantage of load balancing/HA. If they’re connecting via Outlook Anywhere they’ll get HA regardless of what the server name looks like in their profile.
Hi Paul,
It’s really a nice Article. I’m planing to configure an Array for my Exchange environment. I have all Outlook client connect to a CAS server name “mail.ourdomain.com” internally. What would happen if i setup an array name the same as the server FQDN “mail.ourdomain.com”?
Cause I don’t want to make any impact to outlook clients.
Please give advices.
Thanks,
Tan Pham ( Vietnam)
Hi Paul
Additional information that, All of the Client Access namespaces (OWA, ActiveSync, EWS, Autodiscover, etc) is pointing to “mail-siteA.ourdomain.com”
Regards,
Tan Pham
The Real Person!
The Real Person!
The CAS Array name should not be the same as your HTTPS services (such as OWA), and it should not be the same as the server’s real name. It should have its own unique name.
Thanks Paul,
I’m gonna search how to update Outlook client profile with new array.
Regards,
Tan Pham
Thanks and very appreciated with your guideline.
Brg, Stome007
Dear Pual,
I have problem with outlook connect to CAS array it said can not open profile …ost is not an outlook profile ….
Here my exchange environment:
I have DAG witch consist two member (EXC01 and EXC02) TEST.LOCAL
First, I have one mailboxdatabse named “ICT” witch conncted to EXC01.TEST.LOCAL as rpcaccessserver then I create a CAS array name mail.test.local.
After then I update then mailboxdatabase “ICT” connect to CAS array mail.test.local
“Set-MailboxDatabase ICT -RpcClientAccessServer mail.test.local”.
in my outlook client working very well to CAS array mail.test.local but when the fist server EXC01 down the outlook is disconected , and if we create a new profile it was error as I mention above but we can connect through by OWA .
Regard,
Stome007
The Real Person!
The Real Person!
What does mail.test.local resolve to in DNS?
I used DNS round robin point to EXC01 and EX02, but event thought I point to EXC02 but still get error.
Regard,
The Real Person!
The Real Person!
DNS round robin is not going to work for Exchange 2010.
Are both of your Exchange servers multi-role? (they have all roles, Client Access, Hub Transport, Mailbox installed)?
Dear Pual,
Yeas, Both exchange server were install all role.
What is the problem that outlook can not connect to EXC02 event I had updated RpcClientAccessServer to EXC02?
but it can reach mailbox vai OWA.
Brg, Stome007
The Real Person!
The Real Person!
I can’t see your configuration but it sounds a bit messed up to me, or perhaps you’re just not explaining it clearly. Here’s what I think you need.
You have two servers, EXC01 and EXC02. All of the Client Access namespaces (OWA, ActiveSync, EWS, Autodiscover, etc) on both servers should be configured the same (eg, webmail.test.local). Both servers should also have the same SSL certificate installed.
You should also have a CAS Array created for that site. The name of the CAS Array should be different from the Client Access namespaces above. If you’ve used webmail.test.local, for example, then the CAS Array could be mail.test.local or outlook.test.local or casarray.test.local.
The RPCClientAccessServer attribute of the mailbox database should be configured to the same name as the CAS Array. Once this has been configured you don’t need to change it again.
The DNS records for both the Client Access namespace *and* the CAS Array name should resolve to a load balancer that distributes traffic between both Exchange servers.
If you do not have a load balancer then they should resolve to one of the Exchange servers. You should set the TTL value for those DNS records to something low like 5 minutes or 1 minute.
If that server goes down, assuming the Client Access configuration is all correct and the DAG is failing over correctly, the only thing you should have to do is update the DNS record so that it resolves to the Exchange server that is still online.
Dear Pual,
I am still misunderstanding on DNS pointing, it mean if we have no Virtual IP (load balance) we can not use CAS array right?
The Real Person!
The Real Person!
You should always create the CAS Array.
If you have multiple Client Access servers and no load balancer then you should at least point the CAS Array DNS record at one of the CAS IP addresses.
But you won’t have a true high availability solution. If you have multiple CAS then you should also invest in a load balancer. They are not expensive.
Thanks for your explanation. Regard, Stome007
Thanks for making this simple – Microsoft hasn’t figured out how to do that yet!
I have just installed a new Exch2010 server in an environment with an existing Exch2010 server. The final objective will be to have the new one do all the work, and old one will be retired (old hardware).
So, I create my CASArray. I guess the DNS record should point to the old server at first, then point to the new one? Maybe change that address once the mailboxes have been moved?
I will go back and read the article again before doing anything, but I am also curious: once the CASArray is configured and in DNS, etc. will I need to go to each Outlook client and point to it (they are pointing to oldexch.domain.local currently).
Ignore my last questions. Another reading of your article was all it took to answer them.
Thanks again, Paul. Great article!
Thanks for another great article. (Exchange Server Pro is the first thing I look for in search results.)
I inherited an existing DAG, so I don’t know the configuration “history”, and I’m still groping my way through. Looking at some changes going forward, and I’m wondering if I’m misunderstanding something fundamental here about CAS and CAS arrays.
The DAG has two servers, EX1 and EX2 with a shared IP (let’s say 10.10.10.101, 102 and 103 for EX1, EX2 and DAG respectively) Both servers have CAS, Hub and Mailbox roles installed.
Mailboxes are stored for access at mail.domain.local, and that DNS record points to EX1 at 10.10.10.101.
However, I added a host file record on a test machine pointing mail.domain.local to 10.10.10.103 – the DAG address, and Outlook was just peachy keen happy about that.
There’s a network setup in Windows Failover Cluster Manager, with the relevant addresses defined for MAPI traffic.
Does this mean the setup have failover capability? I’m not concerned about load balancing – just whether clients can reach the mailboxes if one server is offline.
The Real Person!
The Real Person!
No, do not point any CAS namespaces at the DAG IP. The DAG IP is not a client endpoint.
Hi, Paul.
Thanks for this article. I have a question, however, as my scenario is a little different. I currently have a DAG with 3 nodes. I will be setting up a CAS array on the new server. This new server will be replacing a current DAG node, and will also be the primary Exchange server. If I do not need load balancing, and simply wish to install 1 CAS array, can it be on the DAG node with no problems? My DNS entry will be KKCAS.mydomain.com (internal domain name).
Once this is all installed and I evict the old Exchange server node (then shut it down), I will need to repair the Outlook profiles to get it to connect to the new CAS name, correct? Or will Autodiscover pick it up? Is there an easier way to do this?
Thanks in advance, sir.
-Roy
The Real Person!
The Real Person!
I’m confused why you’ve got multiple servers but aren’t planning to have HA for CAS. Why is that?
I figured that…. but maybe you can add this information under ‘Configuring the DNS Record for the Client Access Server Array’ in the article…?
The Real Person!
The Real Person!
The article already makes this clear. The section “BASIC REQUIREMENTS OF A CLIENT ACCESS SERVER ARRAY” explains what is required. The later section on high availability explains what to do for multi-CAS/HA scenarios.
No, there I nothing on that IP besides the CAS Array…
I have no loadbalancer……
I think I need loadbalancing or DNS Pinpoint Zone for the CAS Array to work?
The Real Person!
The Real Person!
The CAS Array is just an object representing the RPCClientAccessServer that clients should connect to for accessing mailboxes. When you add the DNS record it has to point to an IP that actually exists on the network. So if you’ve pointed it to an IP that isn’t actually assigned to something then pings will simply time out.
The IP address that the CAS Array name resolves to in DNS either needs to be the IP address of a Client Access server (if there is only one CAS in the site), or a load balanced IP address (often referred to as a VIP or Virtual IP) that distributes traffic amongst multiple CAS.
it’s an a-record in internal DNS: casarray.domain.local = 10.100.10.10.
Then I did: New-ClientAccessArray -Name CASARRAY -Fqdn casarray.domain.local -Site “Office1”
The Real Person!
The Real Person!
Yes, and is there anything active at that IP address?
There’s nothing Exchange-specific about being able to ping something. Is there anything on that IP? Can you ping/tracert/etc from other hosts? Can it ping itself? Can you ping from local subnets but not remote subnets? Is there any firewalls in the way?
I created the DNS record (casarray.domain.local) and CASarray.
I cannot ping to the casarray.
is this normal??
The Real Person!
The Real Person!
Is there anything active at that IP address?
I am looking to migrate my existing exchange 2010 server to new hardware. I have been researching a bunch of different sites on the easiest way to do this. The only thing that I have done so far is build the second server and install exchange (same release as live). The information I came across said to create a CAS Array before moving my mailboxes or the mailboxes will not auto update. My question is this and it may be dumb… When setting up the DNS entry do I enter the IP of the new server for the array object?
I just want to make sure I get it correct the first time…
Pingback: smithing money making
Hi Paul,
How to test a New CAS array for only one user?
The Real Person!
The Real Person!
Move a mailbox onto a database that is configured with the RPCClientAccessServer pointing at the CAS Array name.
Paul,
Concerning the FQDN for the CASArray, I’ve seen that it’s not wise to use the same FQDN that you use for your external connections (owa, activesync, etc) (i.e. https://webmail.mydomain.org/). It’s recommended to use a domain name that’s not published out to the internet. If the CASArray FQDN is different than my public site address, that shouldn’t cause any major communication problems correct? Outlook should only care about the RPCClientAccessServer setting on the DB. It shouldn’t care about my autodiscoverinternalURI address should it?
Also, should the FQDN for the CASArray match the NLB FQDN? Or does Exchange care about that consistency at all?
JB
The Real Person!
The Real Person!
Correct. CAS Array namespace should be unique and not externally accessible.
CAS Array FQDN can be different to other namespaces, eg cas.something.net vs webmail.companyname.com
I’ve always made CAS FQDN and NLB FQDN the same.
Should the CAS Array FQDN and the TLD for the AutoDiscoverServiceInternalUri link match as well?
Hi Paul
Great article and easy to follow and understand – I have “inherited” the setup described below and have a couple of questions hopefully you might be able to help with
The setup is currently
Site A 192.168.12.0 /22
2 x AD
1 x Exch2010 server running CAS, HT, DB
Site B 192.168.0.0 /23
2 x AD
1 x Exch2010 server running CAS, HT, DB
Both Site A and B are in the same domain.local AD structure, Default First Site Name and both Exch2010 DB are members of a DAG
Currently there is no CAS array setup so some Outlook users is Site A connect to Exch2010 in Site B and vice-versa
My Questions are as follows –
1 – Would I be able to setup a CAS array even though both Exch2010 servers are on different subnets?
2 – Can I create a CAS array or not if the DB are setup in a DAG – not sure but I’m guessing not?
Any help / pointers would be appreciated as stated I have inherited the current setup and been asked to improve it / scrap it and start again without any mail flow issues to end users – a bit of a baptism of fire
Ta
George
The Real Person!
The Real Person!
1. The CAS Array name resolves to an IP address. That IP address can be on a load balancer. That load balancer can load balance between servers in different subnets. This applies to hardware/virtual load balancers only (which is the recommended approach for CAS HA anyway)
2. Whether the databases are involved in a DAG or not has no bearing on the CAS Array. What you may be thinking of there is that you cannot form an NLB cluster using multi-role servers that are also members of a DAG. NLB is not recommended anyway, so with a hardware/virtual load balancer you can quite happily load balance multi-role servers that are also DAG members.
It’s a great article of yours and I have followed your article to the “T”. The issue I’m getting is Outlook 2010 clients are unable to connect to CAS Array. MAPI endpoint and RpcTcpPort has been configured according to this technet article http://technet.microsoft.com/en-us/library/ee332317(v=exchg.141).aspx#CASarray. Is there anyway/tools to trace where has gone wrong with during Outlook connectivity? Outlook Clients are able to connect to individual HTCAS directly and once it does, the CAS Array name will appear as server but when Outlook is restarted, it just fails to connect to server.
Paul, great write up as always.
Quick question. When I setup our Exchange environment I was not very familiar with CAS arrays, etc. and as such my CAS Array fqdn = exchangevs.domain.com with 2 CAS members. My F5 NLB fqdn is: exchangevs.domain.com as well. And all of my services OWA, etc. are https://exchangevs.domain.com/owa , etc. The fqdn internally resolves to the F5 NLB’s internal interface and external to the external interface. My question, Am I in serious trouble with this setup? Do I need to change the CAS Array’s fqdn to say: cas.domain.com and only set the internal DNS to resolve it? What issues would I expect to have If I did this?
Thanks,
Jeremy
We recommend that you create a Client Access server array even if you only have a single Client Access server within your organization.
même si le client a oublé cette recommandation, la redirection des profiles Outlook vers le nouveau serveur reste faisable sous certaines conditions
Merci
Great article, thank you!
I have two servers in a CAS array and need to add another one. We’ve shut one of them down after several unsuccessful WNLB fail-over tries; we’ll be using Citrix Netscaler to load-balance client traffic.
1. Can you recommend any articles to follow for steps/best practices on adding a CAS server?
2. Same for removing a CAS server from the array/domain.
Both concepts seems simple; I just wanted to know if there are any caveats.
Regards,
Yurok
but what if there are 2 cas servers in the array??
The Real Person!
The Real Person!
Yes, that is how Exchange 2010 Client Access server high availability works.
The CAS Array is namespace that resolves to a single IP address that points to a load balancer (whether that is NLB or a hardware/virtual load balancer), which distributes the traffic across multiple Client Access servers.
Without a load balancer the single IP address can only be for one Client Access server. If that server goes down your Outlook clients will be unable to connect.
Hi Paul
had a question, if a create a CAS array at a site comprising of 2 CAS servers without NLB or HLB.
if one of the servers in that array went down, will outlook clients automatically connect to the next server in that CAS array??
The Real Person!
The Real Person!
The CAS array name resolves to an IP address. Without a load balancer that IP address will be for one server only. If that server goes down, the CAS array namespace goes down. You would need to change the DNS record to another server’s IP address to restore service. That is not a good HA solution.
Hi Brian,
EXMON is a tool grovided by MS which you install on the CAS servers and then run. It will come up and show you which users are connected to the CAS server and also things like the client version and the connection latency.
Having read above the first thing I would do if I was you is check to see if both your CAS servers are able to take client connection. If your CAS Array name was CAS01 simply make a host entry on one of your client machines with CAS01 and the IP address of one of the Client access servers. Launch Outlook and see if you get a connection. Then move on to to the second CAS server and again check the connection. If both CAS servers take connection without issue the next thing would be to check you load balancer is configured correctly. We’d need to get more info of you regards the type of NLB your using but it sounds like it may be a Windows NLB which to be honest is not the best solution.
Let me know how the above checks go.
Hey Paul,
I’m in the middle of a troubleshooting session with MS after enabling online archive mailboxes. It appears that our CAS array may not be working as expected. From monitoring CPU utilization one node is hammered and the other is flatlined at near 0% utilization.
My question is this, is there any way to monitor which clients are connected to which host in the CAS array? I haven’t found much. I think the solution will be to move away from the NLB clustering to a true hardware load balancer, but in the meantime I was hoping you might have some insight into how to check on the connections to the individual CAS nodes.
Thanks much,
Brian
Paul, I think I might have answered this one myself. I see in the resource monitor if I check the RPCClientAccess service checkbox and look at the network section it shows the connection on that service.
Thanks for the post BTW.
Best regards
Brian
Hi all,
a question on the DAG set up. Must I absolutely have two NICS (Primary + Secondary) on each DAG member?
Or will it work with just having one in each Server all on the same IP network.
Thanks.
Michael
The Real Person!
The Real Person!
Replication NICs/networks are not mandatory. A DAG will work and is supported to run with just one NIC/network for all client and replication traffic. Obviously this becomes an issue in larger environments where there is more replication traffic occuring.
Only if you intend to open OWA etc externally
Sounds good.
Thanks.
Michael.
No problem
Hi there,
thanks for the great info. Quick question.
Do I need SSL Certs on the CAS members?
Thanks again.
Michael
The Real Person!
The Real Person!
Yes.
Hi Michael,
If you intend to allow access to Outlook anywhere from the outside world you will require an external certificate. Remember to include all the SAN names in your certificate request like autodiscover,CAS Server name, any name used for the load balancing. If there is a chance you may be adding a second CAS server then include that name in the SAncertificate that way you won’t need to buy a new certificate when you add your next CAS server. Once loaded remember to assign the services to the certificate (IMAP,POP and IIS) you may not be using all these if so deselct the once you don’t want.
GoDaddy do really cheap certificates for this.
The Real Person!
The Real Person!
Coincidentally I just published an article last night on how to avoid using server hostnames in your SAN certificate.
https://www.practical365.com/avoiding-exchange-2013-server-names-ssl-certificates/
Have you configured cross site connection? see this link:-
http://blogs.technet.com/b/exchange/archive/2012/05/30/rpc-client-access-cross-site-connectivity-changes.aspx
Hi All,
I am in a learning phase and testing the CASArray concept in my test environment. I have the setup as below
Two sites : site A and B
site A: DC + two MBX servers + one HUB server + 2 CAS
site B : ADC + one CAS + one HUB + two MBX
DAG is configured and running successfully.
I wanted to create CAS Array hence, I installed NLB in two CAS servers. Created the case array. Then I decided to test it for one database hence I changed the RPCclientAccessServer attribute of one database. Then I configured the outlook profile using autodiscover. the profile was configured. However I get the error message while opening the outlook profile
When I change the RPCclientAccessServer back to my original cas server FQDN, I can configure the profile and open it successfully. I even can send / receive emails.
What could be the issue ? any luck ?
Pingback: Creación nuevo CasArray | clusternocluster
Great article! I have a hardware load balancer in front of my CAS/mbox server. I want autodiscover to send outlook clients to the load balancer and NOT the server itself. I have some non-domain joined PCs so I can’t do it via scp. Would a CAS array with a VIP pointing to the load balancer do the trick? Or maybe another way?
Hi Paul,
Great document by the way.
I have a question for you?
I have multiple sites configured in AD with site1 being my main DC and site2 being my DR site. Site 1 as four CAS servers defined in the CAS array and if I look at the CAS config I see the four servers defined there as members.
My second site (Site2 which is used for DR ) also as four CAS servers in the site but they do not appear on the members list when the CASARRAY is in site 1.
I have eight mailbox servers configured in a single DAG across both sites My clients point to a CAS array name which is an A record in DNS which resolves to a Citrix netscaler. The Citrix netscaler then load balances the connections across the four CAS servers in the curent live site.
Site 2 (DR) also as a citric netscaler and it is configured with the four CAS servers in the DR site. When we fail service over to the DR site we also run the “Set-ClientAccessArray CASARRAYNAME -Site site2” and we cange the A record for CASARRAYNAME to now point to the IP address of the netscaler in the second site.
My question is this, if I didn’t run the “Set-ClientAccessArray CASARRAYNAME -Site site2” what would be the resulting problem?
Pingback: How to Install an Exchange Server 2010 Client Access Server Array using Windows Network Load Balancing | Server Management 24x7 ! This tutorial will demonstrate the steps for deploying Exchange Server 2010 as a Client Access Server array using Windows NLB
Hi Paul,
Are there any recommendations/best practices as to the number of servers you make Internet facing vs. non-internet facing? Specifically, I’ve got 4 multi role servers (CAS/HUB/MBX) per AD site. Should they ALL be internet facing? Only a couple? I can’t find any guidance on this.
Thank you,
Doug
HI Paul,
First i would life to thanks you for your website which gives us good technical knowledge.
My question to you. Can we create multiple cassarray name with same side
e.g 1) DATABASE – Microsoft
CASSARRAY name- outlook.microosft.com
Site – USA
2) DATABASE – Microsoft1
CASSARRAY name- outlook1.microosft.com
Site – LONDON
Please see the above example and confirm me would be possible or not.
PLEASE SEND THE ANSWER ON MAY EMAIL ADDRESS IF POSSIBLE – akhil.system@gmail.com
Regards,
Akhil Chopra
A CAS Array exists within a single AD Site. You can have one CAS Array per AD Site. You can have multiple CAS Arrays in your organization for different sites. They must all have unique names.
thanks paul
But when we will switch our site to DR then the cassary will remain same with switched databases.
But DR sites has its own cassarry of new datatbases if we create or already running, so automatically we have two cassarry on same side
Post if i ma wrong
The Real Person!
The Real Person!
I can only go by the information you provide when you ask a question. Your first question seemed like a scenario of running multiple, separate Exchange sites. Now it seems like you’re asking about running a primary and a DR site.
Designing for DR scenarios is a little different and its not something I can just give you a quick tip about because it is very important. I would encourage you to go look at some of the detailed documentation on TechNet for designing for DR.
Paul,
For a site with a single CAS server I’m assuming that I’d have the CAS Array pointing directly at that CAS server? I have about 18 sites that have to be migrated from E2k3 to E2k10.
The Real Person!
The Real Person!
Yes, you can just point the CAS Array DNS record at the IP of the single CAS in that site.
Excelent Article Paul ! ! ! It really heps me out ! !
Thanks !
Hi Paul, Thanks for your artical, i have a issue with setup OWA and want to know about autodiscovery, i got setup as below,
CAS Servers – 2no;s
MB Servers – 2 No’s
KEMP Load Balancer 2200 1 nos
CAS Array FQDNS – Outlook.localdomainname.com
Cas Internal OWA URL is – localcasserverFQDNS/OWA ( For Cas1 its https://cas01.localdomain.comowa and on cas2 its https://cas02.localdomain.comowa )
Cas External OWA URL is – mail.publicdomain.com/OWA
Query
1. What should be mine internal URL for OWA.
2. What is difference between CAS Array FQDNS and NLB FQDNS.
3. Autodicovery what should be the URL.
Kindly help me out, i am not able to figure out, i tried CAS array FQDN for inernal owa url, but its not working.
Regards,
Jinu
Hi All,
can any help me if any setting need to do for accessing public folder in a setup where we use KEMP Load Balancer.
Right now we are not able to access public folder ( Exchange 2010 Public Folder)
Regards,
Jinu
The Real Person!
The Real Person!
Public Folder connections are made directly to the server, not via the CAS Array.
Pingback: Understanding Exchange Server 2010 Client Access Server Arrays | augi.ath.cx
Hi Paul,
The resource is great, however I can’t find the specific information I need anywhere, currently the environment is:
2 x CAS, HT and MBD roles installed on 2 DC’s
I want to get these removed and have 2 x CAS/HT Servers and 2 x MBD Servers all on Member Servers rather than DCs
the existing CAS aren’t configured in an Array and hopefully will be decommissioned in the future.
I have setup a new Server with CAS and HT roles installed and want to set it as an array.
my questions are:
1. What settings do I need to copy across to the new CAS/HT server from the old CAS/HT server?
2. Do I need to copy the certificates across and install them?
3. Setting it as an CAS array will existing accounts loose connectivity?
Any help would be much appreciated.
Regards,
Paul
The Real Person!
The Real Person!
1. It depends which services you’re running via the load balancer. For RPC/MAPI there is nothing really to configure. But if you also plan to load balance OWA, ActiveSync etc then you should make sure they are configured consistently (eg same authentication settings, external URLs).
2. For RPC/MAPI purposes there is no certificate required. But again if you plan to load balance other services that run on HTTPS then yes, each server needs an SSL cert with the correct names on it. That can be the same cert or two different certs.
3. No.
Hi Paul,
Thanks for the response, really helpful.
1. Yes, I’m planning to load balance OWA, ActiveSync etc
2. Yes, again will be load balancing https services such as Outlook Anywhere.
Was originally looking at doing the CAS across two virtual servers and the DAG across two virtual servers so 4 virtual servers in total, however have just read the Kemp Load Balancing article and if cost isn’t prohibitive I may look to do the load balancing that way.
3. Excellent, thanks
Regards,
Paul
Regarding the RPCendpoint of an Internal Outlook client with Outlook Anywhere enabled on the CAS. From what I understand when OA is enabled it sets EXPR as the primary outlook provider which for outlook clients enables OA/RPCoverHTTPS through AutoDiscover. It leaves connect as TCP for fast connections off so by default Outlook should not connect using HTTPS to the CAS. However I had a situation/client where internal outlook clients were getting SSL warnings because the SCP URI and internalurl’s were the server.local name,their internal AD domain was.local and did not have a signed SSL for their internal domain. Clearly the Outlook client was connecting to the CAS with HTTPS.
I have not been able to 100% determine if the RPC endpoint as listed in the Outlook Client’s account Server field is the CAS server/CAS array as specified under the mailbox database -rpcclientaccessserver or the -AutoDiscoverServiceInternalURI as listed under -clientaccessserver or the -internalurl as specified under the different vdir’s of the CAS or where autodiscover picks up the RPC endpoint and then configures outlook to connect to the CAS.
http://support.microsoft.com/kb/940726
In my issue to resolve the .local SSL issue I followed the above MSKB, created a casarray with an external name “mail.domain.com”, setup split DNS,, assigned it to my mailboxdatabase -rpcclientaccessserver, changed the SCP/CAS URI and all CAS internal/external URL’s with the same name (because I don’t know where outlook is connecting to (rpc endpoint) and while that is not best practices (casarray name should not be externally accessible) everything is working, external OA clients are not slow in connecting, clients seamless connect whether internal or external, autodiscover works internal external.
I sure hope I can get some clarity in this matter, I have not found any official TechNet articles that answer this issue clearly.
Thanks
Jason
Your articles are very well written, thank you for a great resource.
Regarding “still connect directly to mailbox servers for public folder access”. So does this mean that if the server with the primary copy of the mailbox database in a DAG is down, it doesn’t matter if you have a CAS Array as far as public folders are concerned? You can send/receive mail thanks to the CAS Array object, a hardware load balancer and a DAG setup, but not access the public folders?
The Real Person!
The Real Person!
There’s a bunch of mixed concepts in that question.
1) Public folders are not part of a DAG, though they can exist on a mailbox server that is a DAG member. If a server hosting a public folder database goes down, and there are no other PF replicas available, then PFs are unavailable.
2) Outlook clients communicate directly with the mailbox server for public folders, not via the CAS array.
3) CAS Array (or Client Access server for that matter) is not responsible for send/receive mail flow. That is the role of the Hub Transport server.
Paul –
Thanks so much for your reply. Yes, I should have been much more specific. What I’m finding is that in our environment, we have two Exchange 2010 servers that hold the CAS, HT & Mailbox (in DAG) roles. We have a hardware load balancer for the CAS Array address. If I shut down the server that holds the primary copy of a mailbox database, due to the DAG and the timeout setting on my load balancer, Outlook stays connected and I can still send/receive messages. However, Outlook continues to freeze because it is trying to connect to the public folders (I can see that by looking at the Connection Status dialog). I just thought that was odd and makes Outlook a little unusable in that situtation?
The Real Person!
The Real Person!
If your public folders are down Outlook will have problems, simple as that. You’ll need to look at providing HA/resilience for your public folders as well.
In this case, the public folders are not down. Simply the primary mailbox server, even though it is a member of a DAG. Am I correct in understanding that Outlook will always try to connect to the public folders via the primary mailbox server for whatever database your mailbox is on? In that case, it wouldn’t matter if the public folders were up or down. Am I confused?
The Real Person!
The Real Person!
Outlook will connect directly to the mailbox server that hosts the public folders regardless of where the mailbox is hosted.
If you bring up Outlook’s “Connection Status” box (CTRL+Right Click the Outlook icon in the system tray) you’ll see the connections that have been established.
Hello Paul, We have removed all replicas of one of the public folder database and dismounted, but some of the mails still looks for that particular server and stucks in queue. Can you advise, here, Please.
Hi Paul,
We currently only have one Active Directory site. However, we will soon be creating another Active Directory site. I am planning on moving one of my existing Client Access Servers to the new Site. Will I be able to remove that server from the current Client Access Array and add it to the new array in the new site? If so, are there any special cmdlets I need to run or will it update itself once it’s in the new IP space and DNS is updated accordingly?
Thank you,
Doug
The Real Person!
The Real Person!
I’m not sure actually. I assume it automatically adjusts for the change, but I’ve never tested it.
Hi Paul,
I have upgrade my active directory from window server 2003 to server 2012. and I am using exchange server 2013 but I have facing some issue with outlook 2010,outlook 2013.When I am manually configure exchange accounts on my outlook 2010 its giving error “cannot open your default email folder. You must connect to Microsoft exchange with the current profiles before you can synchronize your folders with your outlook data file (.ost)”. But its working with OWA and pop3 but not working with outlook. I have try everything like I turn off cached Exchange mode, setting the email account to not cache does not resolve the issue and I get error message – “Cannot open your default e-mail folders. The file (pathprofile name).ost is not an Outlook data file (.ost) again. Very odd since it creates its own .ost file when you run it for the first time.
I have also check RPCClientAccessServer and its pointing to right mailbox database but no luck and outlook only work in RPC over https, but not working when you configure it manually. Can you please help me on this issue.
Any help would be greatly appreciate
Hi All,
Let me just bring my issue with KEMP, we are new to KEMP Load Balancer and finding some issue in getting the cas array work in branch office and vpn users.
Kindly find my infrastructure as below,
Mailbox Server 2 No’s
CAS Server – 2 No;s
Load Balancer – 1 No;s ( VM)
My outlook in LAN network is working perfect with KEMP LB, but i have issue with accessing outlook from my branch Office and VPN users. We are able to ping the LB IP and virtual server and all exchange servers.
But or mailbox are not resolving.
Kindly help me to solve the issue., we are planning to KEMP LB 2200 Hardware once we finish setup.
LAN Subnet 192.168.2.0/24
Branch Office – 192.168.27.0/24
Kindly help us to fix this issue and looking for solution or Trouble shooting tips.
Regards,
Jinu
The Real Person!
The Real Person!
Have you contacted Kemp support? I’m sure they’d love to help you get your new load balancers up and running.
Yes, i am i think they are not working today, i may get a answer by tomorrow.
Excellent article…
Dear Paul,
we are going to install exchange 2010 on exchange 2007 environment for our company and I have some doubt about installation of exchange 2010.
we Purchased HP DL 380 G8 server (8core/32GB). kindly advise what would be the best implementation from below options
Option 1
Windows 2012 Hyper-V – HOST
TWO VMs
1.Windows 2008 R2 64bit standard with exchange 2010 (CAS/HT)
2.Windows 2008 R2 64bit Enterprise with exchange 2010 (MBX)
Option 2
Single windows 2008 R2 64bit Enterprise with exchange 2010 CAS/HT/MBX
Kindly advise.
Thanks
Dansuhka
Hi Paul,
I am trying out this below cmd.
Get-ClientAccessArray
New-ClientAccessArray -Fqdn xyz.com -Site Default-First-Site-Name
Get-MailboxDatabase | Set-MailboxDatabase -RpcClientAccessServer
xyz.com
Set-MailboxDatabase cmdlet with –Identity ‘mailbox database name’
Regards,
Prashant
Hi Paul,
Thanks for Suggestions.But getting.
[PS] C:Program FilesMicrosoftExchange ServerV15Scripts>New-ClientAccessArray -Fqdn vip.lb.cas.com -Site Default-Fir
st-Site-Name
New-ClientAccessArray : The term ‘New-ClientAccessArray’ is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At line:1 char:1
+ New-ClientAccessArray -Fqdn vip.lb.cas.com -Site Default-First-Site-Name
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (New-ClientAccessArray:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Regards,
Prashant
HI Danushka,
I have configured 2 exch 2013 on 2 diff’nt windows box’s.And i need to map this 2 exch mail database to one of my vip address..Please find the below details.
1.ipadd : 192.168.0.1 (ADS,DNS)
2.ipadd : 192.168.0.2 (Member of domain,Exch 2013)
3.ipadd : 192.168.0.3 (Member of domain.Exch 2013)
4. ipadd : 192.168.0.4 (VIP address)..I need to map 192.168.0.2.& 192.168.0.3 mail database to 192.168.0.4 (This is my vip address).Please let me know..
Regards,
Prashant
The Real Person!
The Real Person!
Read the part of the article about the RPCClientAccessServer attribute.
Hi Paul,
Please find below erroer.
PS C:Program FilesMicrosoftExchange ServerV15Scripts> Get-MailboxDatabase
Get-MailboxDatabase : The term ‘Get-MailboxDatabase’ is not recognized as the name of a cmdlet, function, script file,
or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and
try again.
At line:1 char:1
+ Get-MailboxDatabase
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-MailboxDatabase:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
The Real Person!
The Real Person!
Use the Exchange Management Shell.
Dear Paul,
I have setup NLB cas array and woking fine in LAN but I am not able to access cas array from my remote site.
can you help me to resolve this issue.
Thanks
Danushka
The Real Person!
The Real Person!
Read this and perform the netsh configuration it describes:
https://www.practical365.com/how-to-install-an-exchange-server-2010-client-access-server-array
Thanks Paul,
I did it as you mentioned by site. cas array ip able ping from my remote site
thanks for support.
Regards,
Danushka
Great article. I have been trying to figure out a better way to handle datacenter swithcover/failover on the CAS side. I have 2 sites with a single server with all roles on each. I know a cas array can only be created in a single AD site, I was wondering if I could do this between production and DR sites if I were to make a single AD site instead of the now two AD sites. The cas server role would still resolve to two different IP subnets and not sure if that is a limitation..
Objective would be to make datacenter failover easier so that I would not have to change the rpccleintaccesarry setting manually.
Pingback: Exchange 2010 Load Balancing with the Kemp LoadMaster VLM-100
Excellent article.
How can I update my user’s outlook profile after creating CAS array?
Thank You..
I have 4 cas/hub/mb servers all load balanced behind and F5, and obviously already have a cas array. My question is, if I install a standalone cas only server and not put it behind the F5, are there any issues with that? Clients don’t still try to connect to it do they?
Reason I ask is that we have been troubleshooting Commvault performace of the individual mailbox backups, brick level basically, and their suggestion was to try creating a stand alone cas server just for CV’s use? I don’t think it will cause any issues but wasn’t a hundred% sure.
Paul,
I have a client that has a limited portion of Exchange in their DR plan…in fact, it is just their HUB servers. These are not multi-role servers, they only want the HUB functionality for the SMTP connector, so that servers and their applications can send through it. When the HUB’s come up, all the necessary services do not start (transport, being one), and the HUB looks for a particular CAS server. Since it cannot be found, the EMC will not open. Is there a way to stop that process?
Nice one.
Also, CAS array is tied to per AD site hence it doesn’t cross the bounder of its own AD site.
Would CAS array still function if one of CAS array member located at the at the branch office linked by persistent VPN whereby the Exchange server has the same network address of the CAS array in the head office?
The Real Person!
The Real Person!
The “members” attribute of the CAS Array object (as seen when you run Get-ClientAccessArray) is a bit misleading. You should only think of it as “the Client Access servers that are in the AD site for this CAS Array”. It actually has no bearing whatsoever on the HA or load balancing.
If you can load balance the IP address associated with your CAS Array across multiple physical sites then it will work, but it brings into play a lot of additional concerns such as latency and reliability of the link between the sites. It also complicates some failure scenarios.
Paul,
I’m trying to plan out a migration from Exchange 2007 to 2010 – so looking to get this right before I begin.
Just to add a little complexity to the questions (not really I’m stuck on how to do this) – I have two AD sites, looking to implement a DAG across the pair of them,. To that I want to have three CAS servers on one Site (Site A) and two on the other (Site B). The traffic can be managed from three hardware load balancers (loaded to preference Site A as two of the load balancers are there – they’re f5s)
My clients connect internally via Citrix – based in the Site A(I have no users or Citrix in Site B) I have Exchange Active Sync clients accessing from the internet. Site B is predominantly for DR should the need arise.
Do I need to use NLB at all or can I add all the CAS servers from both sites to one CAS array – and use the F5 load balancers to manager the traffic to the virtual IP? Or am I going to run into iussues because all the servers are not on the same AD site. (if not will I be looking at two CAS arrays and using the load balancers to “flip” the traffic if and when there is a DR scenario) – I assume that if I am using two arrays then I am looking at having to do some namespace configuration in DNS in the event of a Site failover being needed.
As I have both internal and external clients will I be having issues with redirecting my internal clients – my F5 is in the DMZ – so is there an easier way to avoid pushing the users in and out to get where they ned to go? (I’m guessing there isn’t a simplistic way for this)
I am thinking it might be an idea to try to make my AD all one site (logically) and have some networking gurus do some clever stuff – though I’m dubious as to whether I can get hundreds of other servers to fit that model
Fortunately it’s only Active Sync that is presented externally…
Help, suggustions – answers all welcome
Thanks
Dominic
Paul,
We currently have a single site, single CAS/HUB server (no array). RPCClientAccessServer points to hostname of CAS/HUB server. What’s the recommended approach to create a CAS array? Add second CAS/HUB and create array? Or add two new CAS/HUB’s and create array with them and then decommission original CAS/HUB?
We would like to do this without changing RPCClientAccessServer attribute. I would think that would rule out the first approach (using current CAS/HUB server and adding second C/H sever and creating array) as the RPCClientAccessServer points to FQDN of first C/H. We wouldn’t be able to point CAS array name to same name as first C/H server, correct?
Thanks for any input you may have.
Paul,
I cannot find anything about CAS arrays and multiple DAG’s. We have a large organization with 4 DAG’s within one AD site (44 multi role Exchange servers).
I know I can have only one CAS array per site, but is there also a limitation on the amount of DAG’s within one CAS array?
I guess it is not related and therefore not an issue but I want to be sure about it.
The Real Person!
The Real Person!
A DAG doesn’t exist “within” a CAS Array, they are separate entities. Yes, you can have multiple DAGs, it is not a 1:1 relationship with CAS Arrays.
Pual Can we have mutiple internet facing CAS array
The Real Person!
The Real Person!
The CAS Array relates to the RPC Client Access Server, which is for internal RPC/MAPI connectivity only. It isn’t an internet-facing service.
Paul if I have 2 HUB/CAS & 2MBX IN DAG For geographical locations Site A has different smtp domain site b has different smtp domain Can we achive mutiple locations with different Cas array .
Well internet facing as hub /cas role will be in NLB mails for respective locations and MX will be pointed to ISP Antispam which will forward mails to respective sites HUB servers
In a small environment, is it possible to setup the CAS array on two Exchange servers that will also host the hub and mailbox roles configured as a DAG? Essentially getting high availability with only two servers?
The Real Person!
The Real Person!
Yes, but you need to use a hardware load balancer. NLB can’t be used on DAG members.
So setting up the CAS array and specifying the DAG FQDN which point to both servers won’t work? Figures, nothing is ever easy. Any recommendation for a hardware load balancer for a fairly small network of ~200 workstations and no Internet connectivity?
The Real Person!
The Real Person!
“So setting up the CAS array and specifying the DAG FQDN which point to both servers won’t work?”
You’re mixing terminology. The CAS Array has its own DNS entry. That DNS entry resolves to an IP address, whether it be the IP address of a single Client Access server, or it could be the virtual IP address provided by some load balancing technology (either NLB or Hardware LB).
The CAS Array, in the sense of Exchange 2010 and how Outlook clients connect, performs the role of “RPC Client Access Server”, which is the RPC/MAPI endpoint that Outlook clients on the network connect to for their mailbox access.
Although the DAG does have its own DNS entry, clients don’t point to it.
Edit: take a look at Kemp for load balancers, they have affordable low-end options including virtual appliances.
First let me say thank you so much for the great site and your quick replies. Been doing a bunch of reading and see that the best solution is to get 2 more licenses so I can have 2 CAS/HUB servers load balanced and 2 mailbox servers in a DAG. And from teched I see that it’s recommended to use hardware load balancing in a single arm SNAT config instead of WNLB; more pain. I just keep coming back to the idea that since setting up a DAG on 2 servers that have the CAS/HUB/MBX roles result in the two servers being configured in a failover cluster with the DAG virtual IP and FQDN why wouldn’t it be possible to assing that same FQDN to the CAS array so that when a failover occurs the CAS array would resolve to the active server? I know that using failover clustering was ok with IIS in server 2000 but no longer recommended in server 2003. At this point I’m either looking at trying to get funding for a load balencer and more licenses, testing using the DAG FQDN for the CAS array, or deploying as non highly available for now. Any thoughts on deploying a single CAS/HUB and MBX server with an upgrade later vs. waiting a few months to get extra licenses and a load balancer?
The Real Person!
The Real Person!
“the best solution is to get 2 more licenses so I can have 2 CAS/HUB servers load balanced and 2 mailbox servers in a DAG”
NLB isn’t necessarily the *best* option, it is just one option. I recommend watching this presentation from TechEd which should help with your decision making:
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/EXL307
” I just keep coming back to the idea that since setting up a DAG on 2 servers that have the CAS/HUB/MBX roles result in the two servers being configured in a failover cluster with the DAG virtual IP and FQDN why wouldn’t it be possible to assing that same FQDN to the CAS array so that when a failover occurs the CAS array would resolve to the active server?”
Because it doesn’t work that way. Even when Exchange roles are combined on the same server you need to still consider each role separately.
The CAS array name and IP are separate entities to the DAG name and IP. They can’t be the same.
“testing using the DAG FQDN for the CAS array”
Let me save you the trouble – it won’t work.
“Any thoughts on deploying a single CAS/HUB and MBX server with an upgrade later vs. waiting a few months to get extra licenses and a load balancer?”
Yes, this is completely fine. The bare minimum you should do is create the CAS Array object, create the DNS entry for it, and point that DNS entry at a Client Access server. It doesn’t need to be a load-balanced Client Access server, later on you can update the DNS to point to a load-balanced IP address instead and it will work seamlessly.
Same goes with the Mailbox servers. You can deploy single Mailbox servers and run them in production and then later create a DAG and add those servers as members of the DAG, again it is a seamless change. Microsoft refers to this as “incremental deployment”.
Some of these concepts don’t make total sense until you’ve run through the deployment yourself, so I do recommend you play around in a test lab and experience the setup of CAS Arrays and DAGs first hand.
Just remember, each server role operates independently even when combined on a single server. CAS Arrays and DAGs are separate entities – they can exist independently of each other, or they can exist in combination with each other, but they remain separate.
Oh, let me also explain. These two servers are virtual on a 3 node Hyper-V cluster. Might make load balancing them a little harder. Guess I need to get two more Exchange licenses and setup 2 CAS servers in an NLB config or will a hardware load balancer work with virtual machines?
The Real Person!
The Real Person!
There’s nothing about virtualization that impacts the ability to use NLB or a hardware load balancer.
If you’re going to virtualize your Exchange just go and read the best practices guidance from Microsoft, which is detailed and important.
Thanks again for all your help. After several hundred pages of reading today, and meticulously removing the 2 servers I created (wow what a pain removing the last arbitration mailboxes), I think I understand what is going on here. Please confirm if you will. A CAS array is nothing more than an AD object that you create to point to an IP address. Wow, that is a very misleading name. You have to actually create an NLB array and then create the CAS array and point it at the NLB virtual IP address. Assuming that is correct, I need to create the first server with a CAS and HT role. Add NLB along with setting up AD and DNS stuff. Then create a server with the MB role. At a very high level of course? Nothing like a Friday to try it all again after wasting the rest of the week. Wish I had a test lab; kind of scary doing this stuff on the live network.
The Real Person!
The Real Person!
You’re on the right track. And you’re also discovering that it isn’t always as simple as just uninstalling and trying again. I cannot recommend strongly enough that you do some practice in a test lab first. This is not something to be learning by messing around in live production environments.
To answer your other point, yes I think the term “CAS Array” has caused a lot of confusion for people these last couple of years. I am expecting to see the terminology change in the next version of Exchange Server to make things clearer.
I paul can i have Mutiple Cas array internet Facing in single forest single domain architecture
Hi Paul,
Can you share script or method to update existing outlook profile to recieved failover features.
recenetly i have added HUB/CAS node in CASARRAY in Exchange 2010 and now i want all users profile to get recieve features of failover. I changed Database RPCClientAccess attribute but still users are getting connect to single node only instead of CASARRAY.domain.com.
Has anyone figured out the answer to this? Is there a script to run to update Outlook profile? Thanks, -David
New-ClientCasArray -Site “SiteName” -FQDN “DnsFQDNName” -name “DnsFQDNName”
Get-MailboxDatabase | Set-MailboxDatabase -RpcServerName “DnsFQDNName”
Pingback: Ehlo.ws – Exchange related blog - ExchangeServerPro.com – Getting Started with Exchange Server 2010 Client Access Server Arrays
Hello,
I’d like to add something in the part with the recommendations. It appears that the scenario with Windows NLB is not reliable and MS don’t recommend it for production environments. They said it many times on the last TechEd sessions in 2011.
The Real Person!
The Real Person!
NLB isn’t as good (in many ways) as a proper load balancer, that is correct.
This is a very good TechEd presentation on the topic:
http://channel9.msdn.com/Events/TechEd/Australia/Tech-Ed-Australia-2011/EXL304
Excellent article. your articles are awesome . Please keep it up.
Excellent article. Looks like I will be drilling into some of the other Related Articles to answer some of the questions that this one produced.
You mention that it is wise to create the CAS array object before creating the mailbox databases. What if you already have an Exchange environment in place and want to implement a CAS array for high availability of the RPC Client Access Server?
The Real Person!
The Real Person!
Implement the CAS array as normal, then update the RPCClientAccessServer attribute on the mailbox databases. You’ll then need to use a script or other method to get the Outlook profiles to update to the new name.
do you have an example how to update the Outlook profiles to the new name?
The Real Person!
The Real Person!
No I don’t. I’m sure there would be examples floating around on the web somewhere.
Wouldn’t autodiscover take care of this??
The Real Person!
The Real Person!
No, it doesn’t. If it did then this wouldn’t have been such a hassle for so many customers all these years.
Thanks for the comment. It’s strange that I haven’t encountered this issue at a client a long time ago. But I have run into one now on a current project at a SMB account with 250 seats. After doing a few Google searches I found several good articles on how to deal with Outlook in this scenario.
Just as a follow up the way I dealt with this issue was to force Outlook Anywhere on the internal network and not bother with creating a CAS Array and updating Outlook profiles. The Exchange 2010 server had plenty of processing headroom. After reviewing the options with my client it was decided that forcing Outlook Anywhere was the best choice. We had no issues with the change and I was able to install and configure Exchange 2013 for co-existence and the project was successfully completed. This may not be a good option in your specific situation but it worked out very well for me and my client.
Pingback: Exchange Server 2010 Client Access Server Arrays « JC’s Blog-O-Gibberish
Pingback: Exchange Server 2010 Clustering
Pingback: Poll: Should CAS Arrays be Deployed in all Exchange 2010 Sites?
Pingback: How to Install an Exchange Server 2010 Client Access Server Array