A reader wrote to me and asks:

I just setup two addtional mailbox servers and made them members of a DAG. I also have my original Exchange 2010 server which has all my roles on it. How can i move all my mailbox databases to these other servers so I can then create a CAS Array with my original and another new server?

To think about how best to answer this I drew up a quick diagram of the current environment, as I interpret it from that email.

Existing environment with Typical Exchange 2010 Server and new DAG
Existing environment with Typical Exchange 2010 Server and new DAG

There are several ways the desired outcome could be achieved, but the one that I would recommend as the simplest and least likely to experience a problem is as follows.

First, establish a single-node CAS array using the new server.  See How to Install an Exchange 2010 CAS Array for details.  While following that procedure during the creation of the NLB cluster skip the part where the second server is added to the NLB cluster, but complete all of the other steps.  The new server should also be installed as Hub Transport server if you don’t have any other servers that you plan to use as dedicated Hub Transports.

Configure the desired mailbox databases on the DAG members.  See Exchange Server 2010 Database Availability Group Installation Step by Step for how to set up the DAG.  If the mailbox databases were already created before the CAS array was created then you’ll need to update their RPCClientAccessServer attribute.  See this article for details.

Next, migrate the front end services (eg SMTP traffic, OWA, ActiveSync, Outlook Anywhere) from the existing server to the new Exchange 2010 CAS array.  Then, migrate the mailboxes and public folders from the existing server to the new Exchange 2010 DAG.

Migrate from the existing Exchange 2010 server to the new CAS array and DAG
Migrate from the existing Exchange 2010 server to the new CAS array and DAG

Now that all of the production data and services have been removed from the original server you can transition its role into a Client Access/Hub Transport server, configure it to match the other CAS/HT server, and join it to the NLB cluster.  You can also remove the Mailbox server role from the server.

Modify the server roles from Typical to Client Access/Hub Transport and join to the CAS Array
Modify the server roles from Typical to Client Access/Hub Transport and join to the CAS Array

When that has been completed you will have achieved your desired outcome of a high availability Exchange 2010 environment using a CAS Array and Database Availability Group.

Exchange Server 2010 High Availability environment with a CAS array and DAG
Exchange Server 2010 High Availability environment with a CAS array and DAG

Would you approach this another way?  Let us know in the comments below.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.


  1. John

    Here is an odd one, we have a CAS Array working properly (2 Servers) and 2 Mailbox servers…. Exactly as shown in your last Visio diagram.

    What is the best, fastest and easiest process to revert this setup back into a Single Exchange Server ?

    All feedback much appreciated.

  2. Phil

    Thanks… That makes sense now.

  3. Phil

    I have this same situation (single Exchange 2010 server with all roles). Do I understand your strategy correctly in that I will need three new servers (one to create the CAS array, and two for DAG? Then move the existing server into the CAS array afterwards?

    1. Avatar photo
      Paul Cunningham

      If you have a single Exchange 2010 server with all the roles installed today, then the best path for you is to build a second server with all roles installed. You can then add a load balancer to the solution for CAS high availability, and make both servers members of a DAG for mailbox high availability.

      1. Phil

        I thought you could not have a load balancer on the same server as those running DAG?

        1. Phil

          More specifically this:

          Two or more Exchange Server 2010 Client Access Servers can be configured as a CAS array using NLB as long they are not also installed as Mailbox servers that are members of a Database Availability Group (DAG).

          I’m confused.

        2. Avatar photo
          Paul Cunningham

          NLB is a feature of Windows Server. It is correct that NLB can’t be used if the servers are also DAG members. It can be used if the CAS roles are installed on separate servers.

          However, I don’t recommend using NLB. It is not a good load balancing solution for Exchange. I recommend you use a third party load balancer or virtual load balancer from a vendor such as Kemp or F5. This will be a good investment for your future because Exchange 2013 and beyond make NLB an even worse choice than it already is.

          Using NLB will mean a minimum of 4 Exchange servers. Using a load balancer will mean a minimum of 2 Exchange servers + the load balancer, a much better solution.

          So, my recommendation is as before.

      2. Phil

        Another question; can the new CAS array and DAG co-exist with the original Exchange 2010 server? What I mean is, can I build the new CAS array create the new DAG and test the migration of an email account to the new DAG database all the while having the original Exchange server online? What I want to test is the Outlook client after it is moved to the DAG to make sure the Outlook clients move to the new CAS array automatically.


          1. Phil

            I decided to go with Kemp, I have the CAS Array built and configured, but am now stuck at how to point the CAS on the new exchange server to the Kemp virtual CAS Array. The instructions I’ve seen don’t make complete sense to me. I want to make sure I get this piece correct before I create the DAG.

            Any clarity you can provide would be greatly appreciated.


  4. Dendy

    Hi Paul,

    I’m currently have one mail server running exchange 2010. can Cas Array name can be created same as server name ?

    For instance, I have exchange server named “servername01.domain.local” and I want to create Cas Array with name “servername.domain.local” so that I don’t need to change outlook profile.

    Advise me on this

    1. Avatar photo
      Paul Cunningham

      No, the CAS Array name should not be a real server name. It also should not match the URLs used for other services such as OWA or ActiveSync. It should be a unique DNS alias.

  5. TN

    Hi Paul,

    Great site!

    I need some guidance here. I currently have two 2010 mail servers, running all roles and in a DAG. One is always active and the other is in a passive mode.

    I would like to add a third server to handle the CAS and hub transport roles. Somewhere along the way, someone told me that I would need a fourth server to run these same roles. Is this true?

  6. John Whitmore

    Hi Paul,
    Great website
    I have 1 Exchange server 2010 SP2. I want to add a second server and migrate the mailbox’s to it. Therefore creating a frontend/backend setup.
    Q1. Can I install all the roles on my new server but only actually use the Mailbox role. I was thinking in case of emergency I could migrate other roles quicker. Can the roles be installed and not used?
    2. Does this second server need Hub Transport as well? Or can my frontend existing server do the sending to the new server for a users mailbox. How will the second server send email out. How will it go back to the frontend server. My environment does not need a DAG. The servers are running on VMware also so there is redundancy without having multiple servers.


    1. Avatar photo
      Paul Cunningham

      If you’re going to have two servers why not have a DAG instead?

      Two multi-role servers in a DAG is a reasonable HA deployment. VMware offers you very little in terms of actual application HA.

  7. Faisal

    Hi Paul,

    very nice article,

    I implemented this every thing is working fine except two issues,

    3 CAS/HTS in a CAS array,,

    CAS array VIP

    2 Mailbox server

    active sync, outlook any where all working fine except I have a printer(all in one, scanner etc) which is connected through network and when we scan documents, it email them to our mailbox but for smtp settings if I use CAS array VIP its not connecting and giving us error but if I use any server ip address its working perfectly fine.

    2nd issue is all external emails(internet emails) coming to only one server their is no load balancing, if that server down then 2nd server accepting emails.

    their is nating on my router so if I am on same network then I can telnet CAS array VIP but if i am outside the network or in any remote site I can telnet to the router ip address. not the cas array vip but can telnet to individual servers.

    could you please help me out in this situation.

    1. Avatar photo
      Paul Cunningham

      Depends how you’ve configured your load balancer. If its not accepting SMTP (TCP 25) traffic then that would explain why you’re having that problem.

      1. Faisal

        Thanks Paul,

        but I am using windows server 2008 r2 NLB cluster with default rules.
        do we need to create rules for specific port or default is ok. what are the best practices for that?

        I worked on that and found that issue was with NATing and after sorting out NATing issue its working fine now but it comes up with another issue which is “Receive connecter for internet traffic” and “Receive connector for local traffic” not working on same ports if I keep port TCP 25 then only internet traffic is coming but CAS Array not accepting local traffic and when I change internal port to another like 587 then its working fine.

  8. David Kennedy

    We have a situation similar to the original post. We have one Exchange 2010 server housing all the roles and one, large database. There are 2 legacy Exchange 2003 servers that are set to be retired. One of those has a few mailboxes that we’ll need to move. The existing Exchange 2010 server is a VM and is redundant using a product called VMEX. We’d like to setup 2, new physical servers with Exchange 2010 and create a DAG using those servers. We’d like to create multiple databases on the DAG and move the mailboxes from the existing database to the new databases on the DAG. Once we have the mailboxes moved we could delete the database on the original server. We’re not overly concerned about a CAS array since the current Exchange server is redundant.

    Is this scenario possible? Where would we point the witness server in this configuration? I don’t think we can use the original Exchange 2010 server because it houses a database.


    1. Avatar photo
      Paul Cunningham

      The FSW can be any server as long as it isn’t a member of the DAG for which it is performing the FSW role.

  9. Danushka

    Dear Paul,

    Hope you are doing fine. thanks for support.

    I have issue on Outlook Anywhere in DAG environment.

    all 3 servers are running on CAS/MB/HUB and CAS/HUB pointed to the LB. everything working fine so far. 2 in HA and 1 in DR location.

    my issue is if I restart the first server and it is mapping 2 server in HO and working find all expect outlook anywhere. but if i put back to same primary server all are working fine including outlook anywhere.

    can you let me know what could be the issue while second server load that OA is not working ?



    1. Avatar photo
      Paul Cunningham

      I would guess the OA configuration on the two servers is different.

  10. Faisal

    Hi Paul,

    I am a bit confused on this

    “migrate the front end services (eg SMTP traffic, OWA, ActiveSync, Outlook Anywhere) from the existing server to the new Exchange 2010 CAS array.

    migrate the mailboxes and public folders from the existing server to the new Exchange 2010 DAG”

    How we can migrate these services from old server to new server. I am stuck here, your help is required.


  11. Faisal

    Hi Paul,

    how we can achieve this?

    “Next, migrate the front end services (eg SMTP traffic, OWA, ActiveSync, Outlook Anywhere) from the existing server to the new Exchange 2010 CAS array. Then, migrate the mailboxes and public folders from the existing server to the new Exchange 2010 DAG.”

  12. deba mohamed


    my exchange 2010 server containing CAS and HUB role must be out of the DAG (the DAG contain only the 02 exchange 2010 servers containing mailbox roles).

  13. deba mohamed


    I need your help Paul,

    I have one exchange 2010 server whith CAS, HUB and Mailbox roles and i have to migrate to DAG,
    my DAG contains 2 exchange 2010 server with Mailbox role and 01 exchange 2010 server with CAS and HUB roles,

      1. deba mohamed

        actually i have one exchange 2010 server with CAS, HUB ans Mailbox roles intall on it

        and i have one exchange 2010 server with only mailbox role.

        the tow server are in a DAG.

        if i unmount mailbox database one the first server, the cleint can connect, receive and send message normally but if i turn of the first server they cant do any think

        question1: how can i move the CAS and HUB services from server 1 to a third server?

        1. deba mohamed

          thank you Paul, its very OK for moving CAS role from one server to other.

          questions: how to move HUB role to another server ? ( the same server as CAS role)

        2. Avatar photo
          Paul Cunningham

          Install the new server. Change the Source Transport Server on your Send Connector to the new server. Change your firewall NAT so that port TCP 25 goes to the new server, or if you are routing your email in via an antispam appliance just change that to point to the new Hub Transport server’s IP address.

          Remember to verify that the firewall allows the new server to send outbound email over port TCP 25.

          You should also check for Receive Connectors that need to be recreated on the new server, and update any internal DNS aliases used for SMTP to point to the new server.

        3. deba mohamed


          in general, can i change the ip adress of my exchange 2010 server?

        4. deba mohamed

          please paul please:

          i need more détail for moving HUB role to another server (step by step please and if there are a print screens ) thank you.

  14. Jill

    Thank you!

  15. Jill

    I am new to the MIS department where I work. The Exchange 2010 server was set up before I came and the rest of the team does not know how it was set up. No-one knows if it was configured for HA and no-one knows how to check (if there is a way to check). I do know that they are using NAS for the backups, other than that we are all hoping things go well during the new hard drive install. I would like to know if there is a way to look at it and see how the previous networking employee set this up. I appreciate your time,

    Thank you

  16. Kerry Mullin

    Hi Paul

    I have an Exchange 2010 server running all of the services on the same server. I also have active directory on this same server. It is Windows 2008 R2 OS. One day I opened up the Management Console and some thing changed. I was no longer able to make any changes. All I could see was the following: Organization Configuration. When I clicked on it I got the “You dont have sufficient permissions to view this data” message. Also Recepient Configuration. Underneath that was Mailbox, Distribution Group and Mail Contact. I was able to see the information in these sections but could not make changes (ie. Add a user mailbox). I am logged in as the administrator so checked the permission of the administrator and found the administrator was still a member of the Exchange “Organization Management” group. I searched the web for days looking for a solution but cannot find one. I visited your site numerous times searching for an answer so I thought I would just ask you directly. Any help would be appreciated.



  17. Craig Posting

    Hi Paul,

    In this post you provided steps from migrating from a single exchange 2010 server to multiple or HA setup on exchange 2010. Do you also have steps from a single exchange 2010 to multiple servers on exchange 2013 so doing the same you did above but adding on the upgrade of 2013 in there as well.

    Thank you


    1. Avatar photo
      Paul Cunningham

      No I don’t have an Exchange 2013 upgrade guide ready yet. Later this year I might.

  18. Paul

    Paul – Greetings from Another Paul

    Do you have a site or info on the SSL Cert setup for a CAS Array? Looking for information on what Certs will be needed for a valid CA and what servers they need to go on.

    My thought was that you need a valid cert for your CAS Array, something like mail.myorg.com and then you need to install the same cert on all CAS Array servers? (Assuming typical Exchange Cert setup with multiname to account for autodiscover, etc).

  19. Oleg

    Paul, one more question.
    After creation CAS Array will the connection Microsoft Outlook to first single CAS Server broken?
    Especially Microsoft Outlook 2003.


    1. Avatar photo
      Paul Cunningham

      No it won’t be broken, it will continue to work fine. In fact that is an issue you will need to address. Existing Outlook profiles won’t automatically update to use the CAS Array, as long as the CAS they’re already pointing at remains available. You’ll either need to manually update the profiles, or write a script to automatically update them.

      1. Oleg

        Thanks, Paul! Greetings from Ukraine!

      2. Oleg

        >>You’ll either need to manually update the profiles, or write a script to automatically update them.
        I create new mailboxdatabases with new RPCClientAccessServer attribute and then move there mailboxes for minimal possible discomfort of users.

  20. Oleg

    Hi, Paul!
    Some questions.
    In this situation, can I create CAS Array in the same AD Site?
    Commandlet New-ClientAccessArray by array creation get all CAS Role severs from AD Site or all CAS Role Servers under NLB?


      1. Oleg

        ok, I have in A site one CAS, I need to make CAS Array within this A site and migrate client access to this CAS Array.
        The question is, can I make CAS Array in the same A site?
        What is the behavior of cmdlet New-ClientAccessArray?
        Does cmdlet make this CAS Array with all CAS’s from site or with all CAS’s under NLB?

        1. Avatar photo
          Paul Cunningham

          You can create a CAS Array in a site that doesn’t already have a CAS Array. There can be only one CAS Array per site.

          All Client Access servers in that site will appear as “members” of the CAS Array automatically. However that is not important because the “members” of a CAS Array has no bearing on any load balancing or HA that the CAS Array provides.

          HA/load balancing of a CAS Array only occurs when you implement NLB or hardware load balancing and point the DNS record of the CAS Array at that load-balanced IP address.

          Some more reading:

  21. Leo

    At Graeme, what is the database name showing of the user’s from EMC? If it is CAS array name, Outlook should pull it when you create a new Outlook profile.

  22. Graeme Clark

    Hi Paul,

    I’ve got this to work, but we have a problem that existing client Outlook profiles aren’t updated and still point at the old CAS server instead of the CAS array even after repointing the RPCClientAccessServer value. We thought starting Outlook with the /cleanprofile switch might do it but, rather annoyingly, that switch has been removed from Outlook 2010.

    Do you know if there is a recommended way to update the Outlook profiles to point at the CAS array?

    Thanks in advance,

  23. ronald

    Hi is it possible to make the Client Access/Hub transport server and Mailbox server in one? So that I only use two server for high availability for mailbox and CA?


    1. Avatar photo
      Paul Cunningham

      You can install all those roles on a single server, its known as a Typical install. However if you want a Mailbox server to be a member of a DAG, it can’t also be a member of a Windows NLB cluster that is configured as a CAS Array. But if you’re using a hardware load balancer for the CAS Array, yes all those roles can co-exist even on DAG members.

      Make sense?

      1. bryan changaris

        I currently run 1 Exg 2010/w all 3 roles – server and 1 Exg 2003 server .. I am planning/would like to install 2 new high-end physical servers. I want keep 1 server in one site SITEA, and the other one to be used for high availabilty in another site SITEB. i will migrage all previous users mailboxes to the new servers once everything is done. Do you have or know of step by step intructions for the basic install/setup i want to do?

      2. Avatar photo
        Paul Cunningham

        Hi Bryan,

        If you’re planning to make the two new servers members of a DAG then be aware that you can’t also make them members of a Windows NLB cluster for HA of the CAS services. So you would need to look at hardware load balancers to provide HA for CAS (using a CAS Array).

        Since you’re also talking about stretching the DAG across multiple sites there is some important considerations. I’d suggest reading this series from MSExchange.org:

Leave a Reply