Thursday, April 1, 2010

RPC Client Access and how Exchange 2010 Utilize this Service.

In order to understand how Exchange 2010 is redundant when setting up with DAG we need to see couple key changes build into Exchange 2010. For detailed information I recommend start reading from Henrik Walter great blog series

Uncovering the new RPC Client Access Service in Exchange 2010 (Part 1)”

There is part2, part3 and part4 it pretty much talks about everything.

RPC Client Access Service & Understanding RPC Client Access

http://technet.microsoft.com/en-us/library/ee332317.aspx

In Exchange 2010 RPC Client access handles the processing from MAPI clients (outlook). This wasn’t the case with Exchange 2007, Outlook clients connected directly to MB server in Exchange 2007.

Imagine MAPI client connecting directly your server called mail1 (exchange 2007) what happens when or if mail1 goes down? Where will outlook users connect now?

In Exchange 2010 MAPI clients wont connect to mailbox servers directly to get to their mailboxes, instead they connect to RPC Client access service Which talks to AD and Mailbox Server=Mailbox Database.

If you read Henrik Articles you will see fallowing statement

  • MAPI Clients (Outlook Users)-------------Connect to--------NSPI endpoint on the CAS Server
  • NSPI endpoint -------------------talks to Active Directory via AD Driver.

So you got the picture, MAPI client no longer connecting to MAILBOX server instead they connect to NSPI endpoint on the CAS server, which talk to Active directory.

  • Remember DSProxy so the NSPI endpoint ended up replacing it.

Exchange 2010 mailbox database has an attribute called RpcClientAccessServer. When creating a new mailbox database in an Active Directory site where a CAS array has not been created, this attribute will be set to the first CAS server installed in the AD site.

Get-MailboxDatabase <DB name> | fl RpcClientAccessServer

image

image

Now let’s get started go to your DNS server Create A record called outlook.yourdomain.Internal

clip_image002

I used same IP address as my First Exchange Server called mail2 ( CAS,MB,HTS) I have another server called mail3. Both Servers are member of DAG and they have fallowing databases

image

 

clip_image004

So users mailboxes are in one of these databases and as you can see both servers do have healthy copy of database one is active other one is Health meaning waiting to be active if needed.

Now let’s take a look at one of our client outlook properties

clip_image006

So this user is connecting to outlook.smtp25.local which is A record we created in DNS pointing to server called mail2 ( CAS,HTS,MB) server. Remember what we are seeing here is MAPI user is connecting to NSPI endpoint on the CAS server called Mail2 and Mail2 has database called MB1 where this user mailbox reside.

MAPI user (dedealoc)---------Connects to---àAlias name=outlook.smtp25.local=CAS server=Mail2 which has active database called MB1

clip_image008

You can see closely the serve has the mounted database for MB1 is Mail2

clip_image010

Now what happens if MAIL2 goes down? So I am going to shutdown mail2.

Mail2 IP address = 10.10.10.31 which is same as Alias we created outlook.smtp25.local=10.10.10.31

clip_image011

Outlook client is no longer happy because Outlook client is trying to connect to outlook.smtp25.org=10.10.10.31-------à=mail2.smtp25.local=10.10.10.31

As you can see there is not more MAPI traffic among MAPI client and its database.

clip_image012

What happen to MB1 where the user dedealoc mailbox reside, remember the database had two copies mounted copy on mail2 and healthy copy on mail3? Let’s take a quick look, the healthy database become “mounted” automatically on Exchange server called mail3

clip_image014

The problem we have our MAPI client does not know how to get there ?????? we need to help him a little bit. So I connect to DC/DNS server, found the A record called outlook.smtp25.local ,opened properties and I saw the A record we created is pointing to 10.10.10.31 which is Mail2, which is the server we shut down, no wonder the MAPI clients are not getting “mounted copy of “ database called MB1 on another server, which is Mail3

If you remember mail3 IP address is 10.10.10.33 so I am going to simply change this A record as fallows outlook.smtp25.local=10.10.10.33=Mail3=Mounted DataBase MB1 at this time.

From unhappy client workstation let’s see what DNS is showing us

clip_image015

Nice pretty quick isn’t it.

clip_image016

image

 

Now you start asking yourself wait a second why we have to do manual work to make MAPI client work in this example. Now you have learned good enough to understand the entire picture and again Henrik has everything in his blog series with great detailed explanations.

From my notes, pay attention we used only two server and load them with CAS,HTS and MB roles and created DAG.

There are limitation if you setup two server and load them with ( CAS,HTS and MB ) roles.

Summary of limitations

image

So what is the solution to make all automated? you will need load balancer the cheapest ones runs around 2K to 3K and up, as you can see the single point of failure not is the load Balancer itself and you need to double the $$$$ and make the load balancer redundant (-:

image

or use what I have done update the DNS manually or build script can do this for you, remember we just talked about internal MAPI client and you need to think about mail flow coming from outside and how it will flow when one of your server is down? Manual changed on your firewall ( not bad if you consider saving $$$$$ (-: 

Or you can deploy exchange servers similar to this table (-: and yes it will cost more $$$$$

image

Remember good things in life always brings extra cost (-:, beside joke maybe hard block for WNLB maybe will disappear and more improvement will make small deployments happier, but again Cloud needs to get crowded (-: ……….. so how is that going to be possible (-:

Exchange 2010 literally the *BEST* messaging application and so many smart futures , easy deployment  and etc. We truly thankful  to entire Exchange team for their hard work and providing us next generation messaging application.

Cheers,

Best regards,

Oz Casey , Dedeal

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.wordpress.com (Blog

No comments: