Monday, April 30, 2012

Outlook Connection & CAS ARRAY

If you are in the process of moving into Exchange 2010 deployment or designing it most likely you have heard CAS ARRAY. I am going to list basic information you may want to pay attention to make sure you are covered up.

1. MAPI Connections in Exchange 2010 is handled by CAS servers , this is what is called “Middle Tier”

2. Outlook clients wants to connect to its mailbox talks to CAS server, CAS server talks to Mailbox Server behalf of Outlook client.

image

3. Outlook clients talks to mailbox server directly only for public folder data…

4. RPC Client Access service (MsExchangeRpc) answers the RPC endpoint.

5. CAS ARRAY is single contact point for all client connections with in the AD Site.

6. Create CAS ARRAY even though you have single CAS Server.

 

image

 

The way outlook clients connects to their respected mailboxes have changed and come along way in Exchange 2010 and will continue to evolve on next versions.

In Exchange 2010 , when outlook opens up it checks its configured profile and tries to locate Home server property.(msExchHomeServerName) The home Server property returns the Exchange Server name and DNS lookup provides the IP address of the Home server to outlook client, then Outlook established TCP connection on port 135 to

RPC Endpoint mapper the home server.

image

CLIENT ACCESS CAS ARRAY

  • One ARRAY PER AD SITE
  • RPC CAS Array Name , resolvable internally ONLY !!!
  • Array Does not provide any load balancing

If the CAS ARRAY NAME is resolvable from outside , delete the A record if not here is the behavior of outlook client from outside.

Outlook fires up image

First thing it will do, to locate the Home server property specified within the outlook profile and the name resolves in external DNS and Outlook client is handed out External IP, Outlook tries to establish MAPI session on port 135 TCP, since this will fail, outlook will stop working and fall into retry stage, eventually client who is trying to connect will get exhausted and will try HTTPS connection which will let it go trough the firewall and work. This creates significant delay.

So the rule  is simple

Outlook.MyCompany.internal= 10.10.10.100 ( VIP IP ) Internal DNS ONLY !!!!!

Reference:

http://technet.microsoft.com/en-us/library/ee332317.aspx

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

No comments: