niltd
asked on
RPC Client access question - Exchange 2010
Hi,
I've inherited an Exchange 2010 system with 2 servers in a DAG with each running all the Exchange roles (XNG01 and XNG02). I had to reboot XNG02 yesterday and everyone's Outlook started prompting for credentials and upon further investigation I saw that XNG02 is the RPCCLientAccessServer for all the databases in the DAG.
My predecessor hasn't configured a CAS Array and if I create one now and change the RPCCLientAccessServer value on the databases i'll have to reconfigure everyone's Outlook profiles too which i'm trying to avoid.
Is there a workaround I can do via DNS where I can add an alternative entry for XNG02 pointing to XNG01's IP address so if XNG02 goes down it'll redirect to XNG01 and users will just have to close and re-open Outlook?
I've inherited an Exchange 2010 system with 2 servers in a DAG with each running all the Exchange roles (XNG01 and XNG02). I had to reboot XNG02 yesterday and everyone's Outlook started prompting for credentials and upon further investigation I saw that XNG02 is the RPCCLientAccessServer for all the databases in the DAG.
My predecessor hasn't configured a CAS Array and if I create one now and change the RPCCLientAccessServer value on the databases i'll have to reconfigure everyone's Outlook profiles too which i'm trying to avoid.
Is there a workaround I can do via DNS where I can add an alternative entry for XNG02 pointing to XNG01's IP address so if XNG02 goes down it'll redirect to XNG01 and users will just have to close and re-open Outlook?
see, this is one time task and you must to do it on priority. I think when you mention RPC client access array on DBs and once it get replicated properly, so user just need to restart the Outlook as onwards Outlook 2007 versions autodiscover discover exchange configuration each and everytime when outlook starts.
Now you must do NLB between both CAS servers and create one DNS record with NLB virtual IP. NLB name should be RPC Client access array. in case you have HLB then there is no need of NLB you can create virtual IP on HLB as well.
https://technet.microsoft.com/en-us/library/ff625247(v=exchg.141).aspx
NLB article : http://www.msexchange.org/articles-tutorials/exchange-server-2010/high-availability-recovery/load-balancing-exchange-2010-client-access-servers-using-hardware-load-balancer-solution-part1.html
Now you must do NLB between both CAS servers and create one DNS record with NLB virtual IP. NLB name should be RPC Client access array. in case you have HLB then there is no need of NLB you can create virtual IP on HLB as well.
https://technet.microsoft.com/en-us/library/ff625247(v=exchg.141).aspx
NLB article : http://www.msexchange.org/articles-tutorials/exchange-server-2010/high-availability-recovery/load-balancing-exchange-2010-client-access-servers-using-hardware-load-balancer-solution-part1.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here is the GPO option details:
https://support.microsoft.com/en-us/kb/2612922
I assume srv record option can be used in your case. However, you need to test it.
https://support.microsoft.com/en-us/kb/2612922
I assume srv record option can be used in your case. However, you need to test it.
Simon Seems you did not work with DR env. in Exchange 2010, please refer below article. Outlook 2007/2010 detects RPC Client access changes on every start by autodiscover.
http://blogs.technet.com/b/exchange/archive/2012/05/30/rpc-client-access-cross-site-connectivity-changes.aspx
Refer Figure #3 with specified lines (In the event that the old RPC endpoint becomes inaccessible, Outlook 2007/2010 would update its settings (Outlook 2003, on the other hand, would not as it does not leverage Autodiscover). At any time you could force Outlook to use the new RPC endpoint by forcing a profile repair.)
I am working with an org where we have multiple site infra and we are doing same thing without any issue.
http://blogs.technet.com/b/exchange/archive/2012/05/30/rpc-client-access-cross-site-connectivity-changes.aspx
Refer Figure #3 with specified lines (In the event that the old RPC endpoint becomes inaccessible, Outlook 2007/2010 would update its settings (Outlook 2003, on the other hand, would not as it does not leverage Autodiscover). At any time you could force Outlook to use the new RPC endpoint by forcing a profile repair.)
I am working with an org where we have multiple site infra and we are doing same thing without any issue.
Amit read the second link in my first post.
A CAS array object does not load balance your traffic
A CAS array object does not service Autodiscover, OWA, ECP, EWS, IMAP, POP, or SMTP
A CAS array object's fqdn does not need to be part of your SSL certificate
A CAS array object should not be resolvable via DNS by external clients
A CAS array object should not be configured or changed after creating Exchange 2010 mailbox databases and moving mailboxes into the databases
A CAS array object should be configured even if you only have one CAS or a single multi-role server.
Amit you are correct as per best practices. but problem is here his design team did not do it before. Now if this is the time to do it so it needs more effort but still I also mentioned one thing if autodiscover is published properly internally/Externally and we change CAS array on any server it effects on outlook without manual intervention. Yes sometime it happens outlook does not take effect but these are rare chances. if anyone says outlook 2007/2010 does not take this change automatic then there is no benefit of Exchange high availability. Even in Exchange 2013 CAS just authenticate Outlook rest part is done by Exchange mailbox servers and when mailbox DBs get failed over on any other server it get automatic updated after outlook restarts.
@Amit Kumar Goyal - that is cross site.
Your answer implies that the change to an RPC CAS Array is picked up by the clients automatically, which is not, unless you go across site. There is nothing in this question to suggest this is a cross site DAG.
"..still I also mentioned one thing if autodiscover is published properly internally/Externally and we change CAS array on any server it effects on outlook without manual intervention. Yes sometime it happens outlook does not take effect but these are rare chances."
I have to disagree with that.
The change will not be picked up by the clients without intervention. That is because the change isn't seen unless a full Autodiscover cycle goes through. That only happens if the original end point is no longer valid.
http://blogs.technet.com/b/exchange/archive/2012/03/28/demystifying-the-cas-array-object-part-2.aspx
"The profile will not update itself because the client will not receive an ecWrongServer response from CAS. It will not receive this response because any CAS is a valid connection point for any mailbox database via RPC (over TCP) so clients can survive datacenter switchover/failover events without being reconfigured and all an admin has to do is flip the CAS array object DNS record to point to a surviving pool of CAS. Currently the only way to fix mailbox profiles would be a manual profile repair within Outlook, by publishing an Office PRF file via GPO (not going to work for non-domain joined machines), or by decommissioning the CAS server named in the users’ profiles so the endpoint is no longer available. This last option should (test test test!!) trigger a full profile repair by Autodiscover in Outlook 2007 or Outlook 2010."
Fortunately the CAS array has gone away in Exchange 2013 and later.
Simon.
Your answer implies that the change to an RPC CAS Array is picked up by the clients automatically, which is not, unless you go across site. There is nothing in this question to suggest this is a cross site DAG.
"..still I also mentioned one thing if autodiscover is published properly internally/Externally and we change CAS array on any server it effects on outlook without manual intervention. Yes sometime it happens outlook does not take effect but these are rare chances."
I have to disagree with that.
The change will not be picked up by the clients without intervention. That is because the change isn't seen unless a full Autodiscover cycle goes through. That only happens if the original end point is no longer valid.
http://blogs.technet.com/b/exchange/archive/2012/03/28/demystifying-the-cas-array-object-part-2.aspx
"The profile will not update itself because the client will not receive an ecWrongServer response from CAS. It will not receive this response because any CAS is a valid connection point for any mailbox database via RPC (over TCP) so clients can survive datacenter switchover/failover events without being reconfigured and all an admin has to do is flip the CAS array object DNS record to point to a surviving pool of CAS. Currently the only way to fix mailbox profiles would be a manual profile repair within Outlook, by publishing an Office PRF file via GPO (not going to work for non-domain joined machines), or by decommissioning the CAS server named in the users’ profiles so the endpoint is no longer available. This last option should (test test test!!) trigger a full profile repair by Autodiscover in Outlook 2007 or Outlook 2010."
Fortunately the CAS array has gone away in Exchange 2013 and later.
Simon.
I agree to Simon 110%.
I am still not agree with Simon, because when we will change RPC client access array on database then existing CAS name will not work on outlook, it will try to update profile itself automatic.
"I am still not agree with Simon, because when we will change RPC client access array on database then existing CAS name will not work on outlook, it will try to update profile itself automatic. "
Still you are wrong.
Changing the name on the database has no effect on the client unless you are changing the CAS array itself.
By default the name will be one of the CAS role holders, and that will continue to work because it is still valid. It only changes if the name goes away for some reason triggering a full Autodiscover.
I don't understand why you are arguing with me - whatever you are seeing you must be mistaken. The quote I have provided above is from the MS Exchange team and is also based on my own extensive experience. I am an Exchange MVP and the lead MS Exchange expert on this site with a combined points total of over 30 million.
Sorry to @niltd for having this on your question - but I have to correct where incorrect advice is being given.
Simon.
Still you are wrong.
Changing the name on the database has no effect on the client unless you are changing the CAS array itself.
By default the name will be one of the CAS role holders, and that will continue to work because it is still valid. It only changes if the name goes away for some reason triggering a full Autodiscover.
I don't understand why you are arguing with me - whatever you are seeing you must be mistaken. The quote I have provided above is from the MS Exchange team and is also based on my own extensive experience. I am an Exchange MVP and the lead MS Exchange expert on this site with a combined points total of over 30 million.
Sorry to @niltd for having this on your question - but I have to correct where incorrect advice is being given.
Simon.
This should end all confusion for Amit kumar Goyal.
http://clintboessen.blogspot.fr/2012/03/changing-rpcclientaccessserver-how.html
This is Simon Article for his own site.
http://blog.sembee.co.uk/post/RPC-Client-Access-Array.aspx
http://clintboessen.blogspot.fr/2012/03/changing-rpcclientaccessserver-how.html
This is Simon Article for his own site.
http://blog.sembee.co.uk/post/RPC-Client-Access-Array.aspx
Let me come back to @niltd question. In your case this will be the right answer:
Create the CAS Array. Create new DB, set the CAS Array and move the mailbox from current DB to new DB. That will make Outlook to update profile automatically. You can do a test, before done mass move.
Create the CAS Array. Create new DB, set the CAS Array and move the mailbox from current DB to new DB. That will make Outlook to update profile automatically. You can do a test, before done mass move.
ASKER
Thanks Simon (and Amit) for clarifying what needs to be done.
Good to hear that. Though you selected Simon answer. However the right answer to this question is the first post, I gave.
More to read here:
http://exchangeserverpro.com/exchange-server-2010-cas-array/
http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx