Exchange 2010 - Outlook 2010

Hi Experts,

In Outlook, I am connected to our Exchange 2010 server. The mailbox database exists on the DAG.

The DAG exists as:

2x 2010 Exchange servers
1x TMG cluster

This is used to handle the requests for the VIP used for the 2 cas servers. points to the TMG and this in turn publishes the resources.

Each Exchange 2010 Server has 3 Roles installed,


As far as I'm aware, this configuration is supported if you have a HW load balancer, in which I do.

When I open Outlook and check which server my profile is bound to (under account settings).

I am seeing 'server1' instead of the DAG address.

This is the option I'm on about.

This shows a single Exchange server.
Shouldn't this show the DAG?

I've set up my account using Autodiscover and these are the settings I got.

LVL 15
Who is Participating?

I suspected it was pulling out the RpcClientAccessServer value.

In that case, you have two options. First is, as you stated, two VMs on two different boxes for CAS / Hub Transport which can then use NLB to load balance MAPI traffic as well as HTTPS traffic.

You can even load balance port 25 for inbound SMTP to the Exchange environment, but only for incoming traffic (such as port 25 passing through the firewall from outside). Load balancing port 25 cannot be used for internal hub transport to hub transport communications as this will break the transport process.

The other option is to keep what you have but to buy a dedicated hardware load balancer.

>> Thanks for your time Matt.

You're welcome. I'm glad we go to the bottom of the CAS array and failover in the end!

Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
The exchange server name will be the CAS array name if you have one. It is recommended you have one.

Create a CAS array
Change all databases to have the CAS array as the RPCClientAccessServer.

That's it.
MarkMichaelAuthor Commented:
Hi there,

I've configured the new cas array with the same A record as I use to connect through Outlook Web App.

However, when I try to use autodiscover to set up a new profile, it is currently failing at the very last tick, trying to log on to server.

When I click ok to see the details, it has put in the address as I hoped above, as the server name and my email address is showing as ""

Have you seen this before?

I added the new-casarray and with the correct AD site (currently set to default-site-name) and

any ideas?
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

MarkMichaelAuthor Commented:
Oh yeah, i've also set the DAG database using this example:

Set-MailboxDatabase DB -RpcClientAccessServer “”

You'll need to use an internally resolving name for the CAS array. I usually pick outlook.domain.local, and create an A record for this name in internal DNS which maps to the VIP of the load balancer.

The rationale is that an external Outlook client would always be able to resolve a public name for the CAS array externally, thereby assuming Exchange is local and attempt to connect over MAPI (RPC). RPC ports are not and should not be exposed to the Internet, so the connection will fail.

With an internal name, an external Outlook client cannot resolve it, so communicates over Outlook Anywhere (RPC over HTTPS) over port 443 to tunnel into the network.

MarkMichaelAuthor Commented:
Thanks, that's worked fine.

However, I know this is off-topic...

But as all clients were showing 'server1' as the name in their Outlook, I assume our BES server was connecting to the same CAS for access to the maiboxes. This would mean it had direct access to the CAS without having to go through the TMG and this worked perfectly.

Now that the name i've given it is mail.domain.local, which points to the Exchange Array NLB on the TMG. This TMG only publishes Exchange RPC over HTTPS method of connecting to the mailboxes. It looks like my BES server is unable to connect through this method.

Is that right?
If so, is there a way around this?

Yes, TMG will only ever proxy the Outlook Anywhere traffic, not MAPI.

What I would suggest is associating the mail.domain.local with the VIP of the HW load balancer instead, not the TMG array. The hardware load balancer will be able to proxy MAPI to a CAS server.

What you do on the TMG is up to you. However, the community's current standpoint tends to be to add each Exchange CAS server separately to the TMG and then have the TMG array do its own load balancing between each CAS server too. This is configured when you publish the Exchange services.

MarkMichaelAuthor Commented:
Sorry, I'm not sure what you mean.

The HW load balancer is our TMG.

We have created an Internal VIP and an external VIP on the TMG specifically for publishing the Outlook Anywhere traffic both internally and externally.

Are you saying I need to create another VIP and point mail.domain.local at this VIP with this VIP just being an NLB for the 2 cas servers?

If thats right, can you point me in the right directions for doing that please.


Okay - that certainly clarifies matters. I thought you had a TMG array AND a separate HW load balancer.

I haven't worked with BES in a long time, so I'm a little rusty on the details. Everywhere I work now uses iPhones. Do you feed the BES the FQDN of the CAS server/array it talks to, or does it intelligently read this from the RpcClientAccessServer value?

The problem you have is the TMG will never publish or load balance MAPI traffic. It will handle HTTPS, which is used for Outlook Anywhere and therefore Outlook will work with the proper configuration. BES requires MAPI and therefore cannot be routed through the TMG.

If the BES does have its own setting (again, I can't remember) then you will need to either point it to just one of the CAS servers, or purchase a second HW load balancer to sit between the CAS array and Exchange - which can load balance MAPI traffic.

My last comment was referring to using one of these devices. They are fairly inexpensive. If you did have a dedicated device, I would recommend associating mail.domain.local with that device rather than the TMG, since it will then load balance Outlook MAPI traffic too.

N.B. You can't use WNLB on your existing Exchange cluster servers. This is an issue with multi-roled Exchange DAG members. WNLB cannot co-exist with Windows Failover Clustering, which is used by the DAG. You either have to have 4 servers - 2 mailbox, 2 Hub / CAS - or a hardware load balancer to handle the load balancing.

MarkMichaelAuthor Commented:
It indeed pulls out the RpcClientAccessServer value, I have tried putting in the servername directly into the profile tester, however Exchange changes it to the Rpc name I put in, so doesnt look like a way around that.

I was thinking about pulling out the hub/cas roles from the server and building 2 new VMs for these and simply load balancing them. I don't think it's possible otherwise!

Thanks for your time Matt.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.