[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Publi folder access in exchange server 2010 ?

Posted on 2015-02-09
15
Medium Priority
?
89 Views
Last Modified: 2015-02-19
Hi people,

When my client or workstation Outlook accessing the Public folder in my mailbox server, does it go through the CAS server role or directly to the Mailbox server role ?

My Normal email access and Activesync is handled by NLB of the CAS/HT role.

Because I need to set the hardware load balancer access and I'm confused what to do.
0
Comment
15 Comments
 
LVL 3

Assisted Solution

by:Sudhir Bidye
Sudhir Bidye earned 400 total points
ID: 40597896
Microsoft Outlook still connects directly to the Mailbox server to access Public Folder databases. If a client tries to connect to a Mailbox server for public folder access, the RPC Client Access service (MsExchangeRpc) answers the RPC endpoint. If the endpoint is on a server that has the Mailbox server role installed, the RPC Client Access service will only allow public folder logons and will provide a referral to a Client Access server or a Client Access server array. If the endpoint is on a Client Access server or Client Access server array, it will allow only Private folder logons and will provide a referral to a Mailbox server for public folder access.

Reference Article :
https://technet.microsoft.com/en-us/library/ee332317%28v=exchg.141%29.aspx

http://www.msexchange.org/articles-tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-exchange-2010-part2.html
0
 
LVL 7

Expert Comment

by:dsnegi_25dec
ID: 40597908
Your Answer :  Public folder request will go directly to mailbox .
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40598010
ok so in this case in the event of CAS/HT server role offline, the Public folder can still be accessed by the Outlook client ?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40598011
I need to create a firewall rule for a static TCP port using a hardware load balancer, so in this case, do I need to specify the mailbox server IP address and port or do I still need to open firewall rule to the Mailbox server with the static TCP port ?
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 1600 total points
ID: 40598293
Hey ITSystemEngineer,

No you do not need to open up your firewall to your mailbox servers. The hardware load balancer should only point to the CAS/HT servers for client access and mail flow.

Even though the client does go directly to the Mailbox server for Public Folders, it does talk to CAS first to determine which Mailbox Server it should talk to. So the CAS server still does an initial lookup for the client.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40598316
Ah I see, so where in tech net I can see and learn more about the way it works ? Is that mention somewhere in Technet ?

I need to learn more so that I fully understand the flow.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40598326
I have set the static tcp port on the HT/CAS for the email flow and also the Mailbox server for the Public Folder server.

And based on your explanation, in this case I just need to set or point the Hardware NLB to the HT/CAS array (NLB virtual IP address)
Is that correct ?
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 1600 total points
ID: 40598460
Right. The NLB just needs to have the IPs of the CAS/HUB servers. I assume CAS/HUB are the same servers?

Looking for an article now.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40599423
Yes that's true i have two servers configure as HT/CAS and now IT is configured as NLB CASarray using Windows NLB. I'm now setting up another hardware load balancer infrintmof these two servers and wondering about the firewall rule to the mailbox servers for the public folder access.
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 1600 total points
ID: 40599440
Right. You don't need to publish your mailbox servers through the firewall. Just your CAS/HUB servers. CAS will proxy these connections for an external user with Outlook Anywhere (RPC over HTTPS).

So are you ripping out Windows NLB and replacing it with the hardware load balancer? You don't need both. (You still need the CAS Array of course).
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40599524
yes, that's correct. I'm starting to decommission the WNLB and started using the hardware Load balancer (Riverbed SteelApp) for my HT/CASarray.

so In this case yes, I'll point:

port TCP/25
TCP/443 a
static TCP port for AddressBook, Exchange RPC and PublicFolder

from the Hardware Load Balancer to the HT/CAS array VIP.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40617936
Hi Gareth, is that the correct way to do it ?
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 1600 total points
ID: 40618012
Yes, point 25 and 443 to your Hardware Load Balancer. The load balancer would they have the IPs (and all the Health Checks) for each CAS/HUB server.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40618021
ok, so no need to publish the Mailbox Server nodes to the Load balancer then ?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40618801
Nope.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
MS Outlook undoubtedly is the most widely used email client.Its user-friendliness, cost effectiveness, and availability with Microsoft Office Suite make it the most popular email application.  Its compatibility with Microsoft applications like Exch…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month18 days, 12 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question