RPC Client access question - Exchange 2010

Hi,

I've inherited an Exchange 2010 system with 2 servers in a DAG with each running all the Exchange roles (XNG01 and XNG02). I had to reboot XNG02 yesterday and everyone's Outlook started prompting for credentials and upon further investigation I saw that XNG02 is the RPCCLientAccessServer for all the databases in the DAG.

My predecessor hasn't configured a CAS Array and if I create one now and change the RPCCLientAccessServer value on the databases i'll have to reconfigure everyone's Outlook profiles too which i'm trying to avoid.

Is there a workaround I can do via DNS where I can add an alternative entry for XNG02 pointing to XNG01's IP address so if XNG02 goes down it'll redirect to XNG01 and users will just have to close and re-open Outlook?
niltdAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
You are right. It is recommend to configure before setting up mailbox dB's. It is better you configure it now, It might involve some work for you. I might use a GPO to push it. Do you have any HLB?

More to read here:
http://exchangeserverpro.com/exchange-server-2010-cas-array/
http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
0
Amit KumarCommented:
see, this is one time task and you must to do it on priority. I think when you mention RPC client access array on DBs and once it get replicated properly, so user just need to restart the Outlook as onwards Outlook 2007 versions autodiscover discover exchange configuration each and everytime when outlook starts.

Now you must do NLB between both CAS servers and create one DNS record with NLB virtual IP. NLB name should be RPC Client access array. in case you have HLB then there is no need of NLB you can create virtual IP on HLB as well.


https://technet.microsoft.com/en-us/library/ff625247(v=exchg.141).aspx

NLB article : http://www.msexchange.org/articles-tutorials/exchange-server-2010/high-availability-recovery/load-balancing-exchange-2010-client-access-servers-using-hardware-load-balancer-solution-part1.html
0
Simon Butler (Sembee)ConsultantCommented:
" I think when you mention RPC client access array on DBs and once it get replicated properly, so user just need to restart the Outlook as onwards Outlook 2007 versions autodiscover discover exchange configuration each and everytime when outlook starts. "

That is wrong.
An RPC CAS array is not picked up by the clients automatically by Autodiscover. To get clients to use an RPC CAS Array address you need to repair the Outlook profile. It will only be used automatically by NEW Outlook profiles.

"Now you must do NLB between both CAS servers and create one DNS record with NLB virtual IP."

That is also incorrect. You do not have to create a NLB of any description to use an RPC CAS Array. Furthermore, the Windows NLB is not recommended for use with Exchange.

The problem with creating a DNS entry for the other server in DNS is that it will cause problems with AD, particularly when the server comes back up. It may not start properly and cause further problems with Exchange.

Create the CAS Array, then get the users to repair the profile themselves. Even if you only get a 60% success rate, that is better than nothing. Then get helpdesk or whoever to check any machine they have to touch for any reason at all.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

AmitIT ArchitectCommented:
Here is the GPO option details:
https://support.microsoft.com/en-us/kb/2612922

I assume srv record option can be used in your case. However, you need to test it.
0
Amit KumarCommented:
Simon Seems you did not work with DR env. in Exchange 2010, please refer below article. Outlook 2007/2010 detects RPC Client access changes on every start by autodiscover.

http://blogs.technet.com/b/exchange/archive/2012/05/30/rpc-client-access-cross-site-connectivity-changes.aspx

Refer Figure #3 with specified lines (In the event that the old RPC endpoint becomes inaccessible, Outlook 2007/2010 would update its settings (Outlook 2003, on the other hand, would not as it does not leverage Autodiscover). At any time you could force Outlook to use the new RPC endpoint by forcing a profile repair.)

I am working with an org where we have multiple site infra and we are doing same thing without any issue.
0
AmitIT ArchitectCommented:
Amit read the second link in my first post.
A CAS array object does not load balance your traffic
A CAS array object does not service Autodiscover, OWA, ECP, EWS, IMAP, POP, or SMTP
A CAS array object's fqdn does not need to be part of your SSL certificate
A CAS array object should not be resolvable via DNS by external clients
A CAS array object should not be configured or changed after creating Exchange 2010 mailbox databases and moving mailboxes into the databases
A CAS array object should be configured even if you only have one CAS or a single multi-role server.
0
Amit KumarCommented:
Amit you are correct as per best practices. but problem is here his design team did not do it before. Now if this is the time to do it so it needs more effort but still I also mentioned one thing if autodiscover is published properly internally/Externally and we change CAS array on any server it effects on outlook without manual intervention. Yes sometime it happens outlook does not take effect but these are rare chances. if anyone says outlook 2007/2010 does not take this change automatic then there is no benefit of Exchange high availability. Even in Exchange 2013 CAS just authenticate Outlook rest part is done by Exchange mailbox servers and when mailbox DBs get failed over on any other server it get automatic updated after outlook restarts.
0
Simon Butler (Sembee)ConsultantCommented:
@Amit Kumar Goyal - that is cross site.
Your answer implies that the change to an RPC CAS Array is picked up by the clients automatically, which is not, unless you go across site. There is nothing in this question to suggest this is a cross site DAG.

"..still I also mentioned one thing if autodiscover is published properly internally/Externally and we change CAS array on any server it effects on outlook without manual intervention. Yes sometime it happens outlook does not take effect but these are rare chances."

I have to disagree with that.
The change will not be picked up by the clients without intervention. That is because the change isn't seen unless a full Autodiscover cycle goes through. That only happens if the original end point is no longer valid.

http://blogs.technet.com/b/exchange/archive/2012/03/28/demystifying-the-cas-array-object-part-2.aspx

"The profile will not update itself because the client will not receive an ecWrongServer response from CAS. It will not receive this response because any CAS is a valid connection point for any mailbox database via RPC (over TCP) so clients can survive datacenter switchover/failover events without being reconfigured and all an admin has to do is flip the CAS array object DNS record to point to a surviving pool of CAS. Currently the only way to fix mailbox profiles would be a manual profile repair within Outlook, by publishing an Office PRF file via GPO (not going to work for non-domain joined machines), or by decommissioning the CAS server named in the users’ profiles so the endpoint is no longer available. This last option should (test test test!!) trigger a full profile repair by Autodiscover in Outlook 2007 or Outlook 2010."

Fortunately the CAS array has gone away in Exchange 2013 and later.

Simon.
0
AmitIT ArchitectCommented:
I agree to Simon 110%.
0
Amit KumarCommented:
I am still not agree with Simon, because when we will change RPC client access array on database then existing CAS name will not work on outlook, it will try to update profile itself automatic.
0
Simon Butler (Sembee)ConsultantCommented:
"I am still not agree with Simon, because when we will change RPC client access array on database then existing CAS name will not work on outlook, it will try to update profile itself automatic. "

Still you are wrong.

Changing the name on the database has no effect on the client unless you are changing the CAS array itself.
By default the name will be one of the CAS role holders, and that will continue to work because it is still valid. It only changes if the name goes away for some reason triggering a full Autodiscover.

I don't understand why you are arguing with me - whatever you are seeing you must be mistaken. The quote I have provided above is from the MS Exchange team and is also based on my own extensive experience. I am an Exchange MVP and the lead MS Exchange expert on this site with a combined points total of over 30 million.

Sorry to @niltd for having this on your question - but I have to correct where incorrect advice is being given.

Simon.
0
AmitIT ArchitectCommented:
This should end all confusion for Amit kumar Goyal.

http://clintboessen.blogspot.fr/2012/03/changing-rpcclientaccessserver-how.html

This is Simon Article for his own site.
http://blog.sembee.co.uk/post/RPC-Client-Access-Array.aspx
0
AmitIT ArchitectCommented:
Let me come back to @niltd  question. In your case this will be the right answer:

Create the CAS Array. Create new DB, set the CAS Array and move the mailbox from current DB to new DB. That will make Outlook to update profile automatically. You can do a test, before done mass move.
0
niltdAuthor Commented:
Thanks Simon (and Amit) for clarifying what needs to be done.
0
AmitIT ArchitectCommented:
Good to hear that. Though you selected Simon answer. However the right answer to this question is the first post, I gave.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.