Solved

Publi folder access in exchange server 2010 ?

Posted on 2015-02-09
15
65 Views
Last Modified: 2015-02-19
Hi people,

When my client or workstation Outlook accessing the Public folder in my mailbox server, does it go through the CAS server role or directly to the Mailbox server role ?

My Normal email access and Activesync is handled by NLB of the CAS/HT role.

Because I need to set the hardware load balancer access and I'm confused what to do.
0
Comment
15 Comments
 
LVL 3

Assisted Solution

by:Sudhir Bidye
Sudhir Bidye earned 100 total points
Comment Utility
Microsoft Outlook still connects directly to the Mailbox server to access Public Folder databases. If a client tries to connect to a Mailbox server for public folder access, the RPC Client Access service (MsExchangeRpc) answers the RPC endpoint. If the endpoint is on a server that has the Mailbox server role installed, the RPC Client Access service will only allow public folder logons and will provide a referral to a Client Access server or a Client Access server array. If the endpoint is on a Client Access server or Client Access server array, it will allow only Private folder logons and will provide a referral to a Mailbox server for public folder access.

Reference Article :
https://technet.microsoft.com/en-us/library/ee332317%28v=exchg.141%29.aspx

http://www.msexchange.org/articles-tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-exchange-2010-part2.html
0
 
LVL 7

Expert Comment

by:dsnegi_25dec
Comment Utility
Your Answer :  Public folder request will go directly to mailbox .
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
ok so in this case in the event of CAS/HT server role offline, the Public folder can still be accessed by the Outlook client ?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
I need to create a firewall rule for a static TCP port using a hardware load balancer, so in this case, do I need to specify the mailbox server IP address and port or do I still need to open firewall rule to the Mailbox server with the static TCP port ?
0
 
LVL 30

Accepted Solution

by:
Gareth Gudger earned 400 total points
Comment Utility
Hey ITSystemEngineer,

No you do not need to open up your firewall to your mailbox servers. The hardware load balancer should only point to the CAS/HT servers for client access and mail flow.

Even though the client does go directly to the Mailbox server for Public Folders, it does talk to CAS first to determine which Mailbox Server it should talk to. So the CAS server still does an initial lookup for the client.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Ah I see, so where in tech net I can see and learn more about the way it works ? Is that mention somewhere in Technet ?

I need to learn more so that I fully understand the flow.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
I have set the static tcp port on the HT/CAS for the email flow and also the Mailbox server for the Public Folder server.

And based on your explanation, in this case I just need to set or point the Hardware NLB to the HT/CAS array (NLB virtual IP address)
Is that correct ?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 400 total points
Comment Utility
Right. The NLB just needs to have the IPs of the CAS/HUB servers. I assume CAS/HUB are the same servers?

Looking for an article now.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Yes that's true i have two servers configure as HT/CAS and now IT is configured as NLB CASarray using Windows NLB. I'm now setting up another hardware load balancer infrintmof these two servers and wondering about the firewall rule to the mailbox servers for the public folder access.
0
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 400 total points
Comment Utility
Right. You don't need to publish your mailbox servers through the firewall. Just your CAS/HUB servers. CAS will proxy these connections for an external user with Outlook Anywhere (RPC over HTTPS).

So are you ripping out Windows NLB and replacing it with the hardware load balancer? You don't need both. (You still need the CAS Array of course).
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
yes, that's correct. I'm starting to decommission the WNLB and started using the hardware Load balancer (Riverbed SteelApp) for my HT/CASarray.

so In this case yes, I'll point:

port TCP/25
TCP/443 a
static TCP port for AddressBook, Exchange RPC and PublicFolder

from the Hardware Load Balancer to the HT/CAS array VIP.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Hi Gareth, is that the correct way to do it ?
0
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 400 total points
Comment Utility
Yes, point 25 and 443 to your Hardware Load Balancer. The load balancer would they have the IPs (and all the Health Checks) for each CAS/HUB server.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
ok, so no need to publish the Mailbox Server nodes to the Load balancer then ?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Nope.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now