We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Exchange 2010 - Outlook 2010

Medium Priority
859 Views
Last Modified: 2012-05-11
Hi Experts,

In Outlook, I am connected to our Exchange 2010 server. The mailbox database exists on the DAG.

The DAG exists as:

2x 2010 Exchange servers
1x TMG cluster

This is used to handle the requests for the VIP used for the 2 cas servers.

Exchange.domain.com points to the TMG and this in turn publishes the resources.

Each Exchange 2010 Server has 3 Roles installed,

Mailbox
CAS
HUB

As far as I'm aware, this configuration is supported if you have a HW load balancer, in which I do.

When I open Outlook and check which server my profile is bound to (under account settings).

I am seeing 'server1' instead of the DAG address.
http://gurustop.net/wp-content/uploads/2010/04/image21.png

This is the option I'm on about.

This shows a single Exchange server.
Shouldn't this show the DAG?

I've set up my account using Autodiscover and these are the settings I got.

Thanks
Mark
Comment
Watch Question

Rajith EnchiparambilOffice 365 & Exchange Architect

Commented:
The exchange server name will be the CAS array name if you have one. It is recommended you have one.

Create a CAS array
Change all databases to have the CAS array as the RPCClientAccessServer.

That's it.

Author

Commented:
Hi there,

I've configured the new cas array with the same A record as I use to connect through Outlook Web App.

However, when I try to use autodiscover to set up a new profile, it is currently failing at the very last tick, trying to log on to server.

When I click ok to see the details, it has put in the address as I hoped above, mail.domain.com as the server name and my email address is showing as "SMTP=mark.surname@domain.com"

Have you seen this before?

I added the new-casarray and with the correct AD site (currently set to default-site-name) and mail.domain.com

any ideas?

Author

Commented:
Oh yeah, i've also set the DAG database using this example:

Set-MailboxDatabase DB -RpcClientAccessServer “mail.domain.com”
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:

You'll need to use an internally resolving name for the CAS array. I usually pick outlook.domain.local, and create an A record for this name in internal DNS which maps to the VIP of the load balancer.

The rationale is that an external Outlook client would always be able to resolve a public name for the CAS array externally, thereby assuming Exchange is local and attempt to connect over MAPI (RPC). RPC ports are not and should not be exposed to the Internet, so the connection will fail.

With an internal name, an external Outlook client cannot resolve it, so communicates over Outlook Anywhere (RPC over HTTPS) over port 443 to tunnel into the network.

-Matt

Author

Commented:
Thanks, that's worked fine.

However, I know this is off-topic...

But as all clients were showing 'server1' as the name in their Outlook, I assume our BES server was connecting to the same CAS for access to the maiboxes. This would mean it had direct access to the CAS without having to go through the TMG and this worked perfectly.

Now that the name i've given it is mail.domain.local, which points to the Exchange Array NLB on the TMG. This TMG only publishes Exchange RPC over HTTPS method of connecting to the mailboxes. It looks like my BES server is unable to connect through this method.

Is that right?
If so, is there a way around this?
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:

Yes, TMG will only ever proxy the Outlook Anywhere traffic, not MAPI.

What I would suggest is associating the mail.domain.local with the VIP of the HW load balancer instead, not the TMG array. The hardware load balancer will be able to proxy MAPI to a CAS server.

What you do on the TMG is up to you. However, the community's current standpoint tends to be to add each Exchange CAS server separately to the TMG and then have the TMG array do its own load balancing between each CAS server too. This is configured when you publish the Exchange services.

-Matt

Author

Commented:
Sorry, I'm not sure what you mean.

The HW load balancer is our TMG.

We have created an Internal VIP and an external VIP on the TMG specifically for publishing the Outlook Anywhere traffic both internally and externally.

Are you saying I need to create another VIP and point mail.domain.local at this VIP with this VIP just being an NLB for the 2 cas servers?

If thats right, can you point me in the right directions for doing that please.

Thanks,
Mark
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:

Okay - that certainly clarifies matters. I thought you had a TMG array AND a separate HW load balancer.

I haven't worked with BES in a long time, so I'm a little rusty on the details. Everywhere I work now uses iPhones. Do you feed the BES the FQDN of the CAS server/array it talks to, or does it intelligently read this from the RpcClientAccessServer value?

The problem you have is the TMG will never publish or load balance MAPI traffic. It will handle HTTPS, which is used for Outlook Anywhere and therefore Outlook will work with the proper configuration. BES requires MAPI and therefore cannot be routed through the TMG.

If the BES does have its own setting (again, I can't remember) then you will need to either point it to just one of the CAS servers, or purchase a second HW load balancer to sit between the CAS array and Exchange - which can load balance MAPI traffic.

My last comment was referring to using one of these devices. They are fairly inexpensive. If you did have a dedicated device, I would recommend associating mail.domain.local with that device rather than the TMG, since it will then load balance Outlook MAPI traffic too.

N.B. You can't use WNLB on your existing Exchange cluster servers. This is an issue with multi-roled Exchange DAG members. WNLB cannot co-exist with Windows Failover Clustering, which is used by the DAG. You either have to have 4 servers - 2 mailbox, 2 Hub / CAS - or a hardware load balancer to handle the load balancing.

-Matt

Author

Commented:
It indeed pulls out the RpcClientAccessServer value, I have tried putting in the servername directly into the profile tester, however Exchange changes it to the Rpc name I put in, so doesnt look like a way around that.

I was thinking about pulling out the hub/cas roles from the server and building 2 new VMs for these and simply load balancing them. I don't think it's possible otherwise!

Thanks for your time Matt.
Site Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.