MSExchange.org Monthly Newsletter of March 2010 Sponsored by: Red Gate

Welcome to the MSExchange.org newsletter by Henrik Walther, Exchange MVP, MCA: Messaging (Exchange Ranger) Apprentice, MCTS Windows Server 2008, MCITP Exchange 2007, MCSE 2003 Messaging/Security. Each month we will bring you interesting and helpful information on Exchange Server. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: henrik@msexchange.org

1. Exchange 2010 RPC CA service and CAS arrays - Quickfacts!

Welcome to the March edition of the MSE Newsletter! People tend to be a little uncertain when it comes to new technology and it is no different when it comes to the new RPC Client Access (RPC CA) service and Client Access Server (CAS) arrays in Exchange 2010. So my plan this month is to provide you with a kind of quick-fact list over the things I see some confusion about.

So here it comes...

What is RPC CA service?

Among the architectural changes made in Exchange Server 2010 is the introduction of the new RPC Client Access service which changes the client access business logic as we know it. This new service moves Outlook MAPI mailbox connections from the back-end Mailbox servers and directory access from domain controllers/global catalog servers in the data tier to the Client Access servers in the middle tier.

The primary reason why the MAPI endpoint was moved to the CAS server role was to make database failovers and switchovers (aka *overs) more transparent to the end users. Another reason was to provide a single common path for all Exchange clients and allow a higher number of concurrent connections per server as well as a higher number of mailboxes per mailbox server role.

For details see my comprehensive article series on the subject here.

What is a CAS array?

A CAS array is a collection of CAS servers in an Active Directory site. By creating a CAS array all CAS servers in an AD site are represented by a single Active Directory object, which provides a single MAPI endpoint name (i.e. outlook.domain.com). This makes it easier to associate mailbox databases with a set of CAS servers instead of a single CAS server (by specifying the FQDN of the CAS array in the "RpcClientAccessServer" database property). By specifying the FQDN of the CAS array you ensure that a client will use a set of CAS servers instead of one and thereby eliminate a single point of failure. A CAS array works in conjunction with a load balancer solution. For the details again see my comprehensive articles series on the subject.

Is it true that Outlook clients no longer make any connections directly to the Mailbox server in Exchange 2010?

Well not 100% true actually as Outlook clients still connect directly to the Mailbox server role when it comes to public folder access. However it is also the RPC CA service that is being utilized. Both mailboxes and the address book service are accessed via the CAS server role though.

Is Outlook 2007 or Outlook 2010 required in order to be able to connect to the RPC CA service or CAS array?

There used to be a doc bug in the Exchange 2010 documentation that indirectly stated that you could not connect to the RPC CA service or a CAS array using Outlook 2003. However, as I just mentioned, this was a doc bug. Outlook 2003 clients are fully supported, you just need to make sure you either enable RPC encryption in the Outlook profile or disable the RPC encryption requirement on the CAS servers. From a security standpoint, I recommend that you enable RPC encryption in the Outlook profile. You can do this using a group policy. For steps on how to do this see this KB article.

Do I need four Exchange 2010 servers if I want to both use the Database Availability Group functionality to protect mailbox databases and at the same time load balance traffic Client Access server traffic using Windows Network Load Balancing (WNLB) technology?

Yes this is a requirement since you cannot use both WNLB and Failover Clustering on the same machine. This is due to potential port sharing conflicts. However you could deploy two servers with all Exchange 2010 server roles and then use an external software or hardware based load balancer solution. I covered this in more detail in a previous MSE newsletter. I also touched the subject last month, see here.

Would I need to include the CAS array FQDN in the certificate installed on the Client Access servers?

This is a question I have seen very often, and the answer that I give is no. You do not need to include the FQDN (outlook.domain.com) in the SAN/UC certificate as internal Outlook clients connect to Exchange via MAPI over RPC. Although all communication is typically encrypted, a certificate is not used. Just like previous versions of Exchange server, the story is different when it comes to Outlook Anywhere, which connects to the CAS server via HTTPS (more specifically RPC is encapsulated in HTTPS packets).

When using WNLB to load balance Client access server traffic, does the FQDN of the WNLB need to match the FQDN of the CAS array?

This is not a requirement at all. Personally when using WNLB to load balance CAS server traffic, I call the FQDN of the WNLB something like casarray01.domain.com and the FQDN of the CAS array outlook.domain.com and this works just fine for me, as well as being fully supported. As long as the internal DNS record for the CAS array points to the VIP of the WNLB things should super-duper.

Should I use the same FQDN to load balance internal Outlook clients and external Exchange clients (OWA, EAS, Outlook Anywhere etc.)?

It is actually recommended that you do not use the same FQDN for all Exchange clients. I recommend you use something like mail.domain.com for external Exchange clients and outlook.domain.com for internal Outlook clients. Why? Because if you use mail.domain.com for both internal and external clients, if a user for instance takes his laptop to a customer site or with him home, then there will be quite a delay when Outlook tries to connect via RPC over HTTPS. This is because the mail.domain.com FQDN which is resolvable in the DNS will result in Outlook trying to connect via MAPI over RPC before failing over to HTTPS.

When should I change the RpcClientAccessServer property on a mailbox database?

If possible, it is highly recommended that you create the CAS array and specify the FQDN of the CAS array on the mailbox databases (if the CAS array exists it will be used automatically for databases that are created afterwards) before mailboxes are moved to Exchange 2010. If you let Outlook clients connect to let’s say; cas01.domain.com, a similar scenario will occur because you do not know which server FQDN is specified in the RpcClientAccessServer property of a mailbox database, then when you change the property to outlook.domain.com (FQDN for CAS array), Outlook 2007 (and even 2010 in some cases) clients would not change the connection endpoint in the Outlook profile to outlook.domain.com if the old end point is still accessible or even resolvable (which is typically the case as the CAS server still exist in the AD site). Outlook will get the updated information from AutoDiscover but unfortunately will not apply it.

So word of advice is: Create the CAS array before you either create Mailbox databases or move mailboxes to Exchange 2010.

Until next month,

Henrik Walther
Technology Architect/Writer
MCM: Exchange 2007 | MVP: Exchange Architecture
MCTS: Exchange 2010 | MCITP: EMA+EA | MCSE: M+S

Note:
Should you have any ideas for content in future editions of the MSExchange.org newsletter, you are more than welcome to shoot me an e-mail at Henrik@msexchange.org

2. Order Henrik Walther's Exchange Server 2007 book

3. MSExchange.org Learning Zone Articles of Interest

We have a great group of articles in the Learning Zone that will help you get a handle on your most difficult configuration issues. Here are just a few of the newer and more interesting articles:

• Configuring and using display picture in Exchange Server 2010 
• Running Exchange 2010 on Hyper-V R2
• Moving Mailboxes in Exchange 2010 (Part 2) 
• Using Microsoft ForeFront Server Security Management Console (Part 2)
• InBoxer Product Review 
• Moving Mailboxes in Exchange 2010 (Part 1)
• Import - Export Mailboxes  
  

4. KB Articles of the Month

Below you find the Exchange 2003, 2007, and 2010 related KB articles that were published since the last MSE newsletter.

Exchange Server 2010

There are no Exchange 2010 KB articles this month

Exchange Server 2007

• The subject of a confirmation message is garbled for certain languages when a remote device wipe operation is performed in Exchange Server 2007 
• "451 4.4.0 DNS Query Failed" status message in an Exchange Server 2007 Edge Transport server
• A delegate cannot save three settings of Resource Settings for an Exchange Server 2007 resource mailbox in OWA
• A mailbox that was moved from an Exchange Server 2007 server to an Exchange Server 2010 server cannot be accessed by using Outlook
• A SSL certificate validation error is generated on an Exchange Server 2007 server when you run any test commands after you run the Test-SystemHealth command
• An external recipient misses the last occurrence of a recurring meeting request or a recurring appointment that is sent from an Exchange Server 2007 user
• Description of Update Rollup 3 for Exchange Server 2007 Service Pack 2
• Later updates do not match a calendar item that an Exchange Server 2007 user updates by using Exchange ActiveSync on a mobile device
• Read items are marked incorrectly as unread items in an Exchange Server 2007 public folder
• The Edgetransport.exe process crash when it process meeting requests in Exchange Server 2007
• The Exchange Information Store service crashes on a Microsoft Exchange Server 2007 server when a user tries to access a specific calendar item 
• The Exchange Information Store service stops responding on an Exchange Server 2007 server
• The sender address of a forwarded meeting request does not include “on behalf of” as expected in an Exchange Server 2003 organization and an Exchange Server 2007 organization mixed environment
• The synchronization and the reconciliation between Microsoft Office Outlook and a BlackBerry mobile device fails when a mailbox is moved around between two Exchange Server 2007 servers
• You receive an "0x800423f0" error message when you perform system state backups on the passive node of Windows Server 2008-based Exchange Server 2007 CCR clusters 
• You receive an error message when you use ExBPA to schedule a scan on an Exchange Server 2007 SP2 server
• The store.exe process hangs on an Exchange Server 2007 server
• Free/Busy information is not available when Outlook 2007 delivers Exchange e-mail to a .pst file
• On Exchange Server 2007 or on Exchange Server 2010, e-mail messages seem to disappear when you try to move them to a mailbox folder
• SBS2008: No mail flow, Getting Event ID: 10003, Error: The type initializer for 'Microsoft.Mapi.ExRpcPerf' threw an exception 
• You receive an error when you try to create a Unified Messaging Auto Attendant in the Exchange Management Console: "The pilotidentifier 'string value' is not a valid extension" 
• Error: "Trying to connect to Microsoft Exchange Server" results in MAPI_E_LOGON_FAILED
  

Exchange Server 2003

• "Outlook cannot display this view. Unknown Error" error message is generated in Outlook client and Event ID 9667 is logged on an Exchange Server 2003 server
• An error occurs when an Exchange server 2003 user tries to open more than one delegate mailboxes of Exchange Server 2010 in Outlook 2003 
• Error: "Trying to connect to Microsoft Exchange Server" results in MAPI_E_LOGON_FAILED
  

5. MSExchange News of the Month

• Update Rollup 3 for Exchange Server 2007 Service Pack 2 Released
• ENow Announces new Exchange 2010 Monitoring and Reporting Features
• Forefront Identity Manager 2010 has RTM'ed
• Quick look at the Exchange Pre-Deployment Analyzer
• OnTrack PowerControl 6.0 with Exchange 2010 support released
• ENow Announces Platinum Sponsorship of TechMentor Orlando 2010
  

6. Ask Henrik Walther a question

QUESTION:

Do we have a maximum number of mailboxes that we can create in a single Exchange 2010 mailbox database (that has two or more copies)? Or is the limitation here about the maximum recommended size of the database which is 2 TB?

ANSWER:

There is no technical/hard-coded limit for number of mailboxes in a database. You should follow database size best practices which as you indicate is a maximum of 2TB for replicated databases.

Also see this post for details on scalability numbers in Exchange 2010.