Announcement

Collapse
No announcement yet.

Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

    Hi there,

    We have an Exchange 2010 hosted environment (not sure if hosting mode is relevant to this subject) that we wanna expand a bit with HA for the CAS/HT roles.

    Existing setup:
    2 mailbox servers in a DAG.
    1 CAS/HT server acting as FSW for the DAG.

    I want to add a second CAS/HT-server and wondering about the steps involved in doing so. We don't have a CAS array as of now.
    So I will create a CAS Array and use NLB for load balancing, I'm aware that NLB isnt the best option out there.

    To my knowledge the CAS Array is only used for RPC access, so I only put this value on the databases and their "RpcClientAccessServer" attribute. That's it right?
    There will be a NLB for balancing the rest.

    Will there be changes to the existing Outlook profiles? There is no Outlook 2003 clients (since hosting mode doesn't support it) but some Outlook 2007 and mostly Outlook 2010.
    Im not entirely sure that all our customers have an autodiscover record, but those that do have it like this:
    Autodiscover: mail.domain.com ("host offering this service").

    Lets call our upcoming CAS Array for "casarray.company.domain.com". This name isn't needed in the certificate and should NOT be resolvable to external clients, correct?
    After I add this in the internal DNS, A record "casarray.company.domain.com > 192.168.0.1" using this IP for arguments sake. The externally resolvable IP address for mail.domain.com is being forwarded to our current CAS server using NAT, this will be changed to whatever IP address we pick for the NLB.

    Then comes the NLB. Lets call it nlb.domain.com with cluster IP address 192.168.0.1 (CAS array IP).

    What about the rest of the config, any editions to existing config like:
    Get-TransportConfig (InternalSMTPServers attribute? Edit this to use the NLB IP instead?)
    Get-OwaVirtualDirectory?

    "When installing CAS servers, you could get an autodiscover war. Therefore as soon as you have installed them, set the AutodiscoverServiceInternalURI on set-clientaccessserver to the same value."
    Current value (add https:// before oldcasserver, cant use link in this post):
    Get-ClientAccessServer -server oldcasserver1 | fl autodiscoverservice*
    AutoDiscoverServiceInternalURI ldcasserver1fqdn/autodiscover/autodiscover.xmlShould this entry be changed to a new value, the DNS name for the NLB? If I use this name, will it be required in the certificate?

    "Outlook 2007 discovers the Availability service URL using the Autodiscover service. To use network load balancing with the Availability service, you must make changes to your configuration. Specifically, for the Autodiscover and Availability services to work,DNS needs to be configured so that mail.<domain name>.com and autodiscover.<domain name>.com point to the Network Load Balancing (NLB) array*of Client Access servers. In the previous sentence, <domain name> is a placeholder for your domain name."
    From <technet.microsoft.com/en-us/library/aa997237.aspx>
    Current value (add https:// before mail, cant use link in this post):
    Get-WebServicesVirtualDirectory -server oldcasserver | select internalurl,externalurl
    InternalUrl : mail.domain.com/EWS/exchange.asmx
    ExternalUrl :mail.domain.com/EWS/exchange.asmx

    Does these have to be changed to the DNS name of the NLB, for example: nlb.domain.com (Or can the NLB name be the same as the OWA / EWS name?)

    Our certificate contains:
    Mail.domain.com
    Mailboxserver1
    Oldcasserver1
    Mailboxserver2
    Autodiscover.domain.com

    How much of this can I do and still maintain full operability in our Exchange?
    Any help is appreciated to answering my questions or pointing out stuff Iíve forgotten.
    Keep in mind we run Exchange 2010 hosting mode so powershell commands is the way to go for configurering for me.

  • #2
    Re: Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

    Because you don't have a CAS Array FQDN, all outlook clients are now targeted against the server FQDN. As soon as you change the RpcClientAccessServer attribute, clients will be redirected and will act as if the mailbox has been moved to another server. This means the user gets a warning that the admin has changed the configuration and the user needs to restart Outlook. After this the user can work again, but is connected via the CAS Array (and Load balancer). You can check that in the profile settings of Outlook, it is changed. The rehoming of Outlook is one of the reasons a CAS Array is always recommended, even with a single server. Not that that helps you currently, but now you know

    In any case, the CAS Array does not need to be in any certificate as it is only used with MAPI/RPC traffic and not HTTPS. You are also correct that it has to be an internal name only, it should not be resolvable from the internet. This is one way clients can know whether they are internal or external.

    Now the question of NLB. I really dislike Windows NLB (WNLB) and it's something that Microsoft no longer actively recommends. If you seek High Availability it makes more sense to implement a Hardware or Virtual Load Balancer (HLB VLB resp.). Especially if you are a hoster. I tend to use those from KEMP Technologies, because they are relatively cheap and easy to maintain. They also provide more advanced health checking than WNLB and are less complex. WNLB also requires some specific unicast settings, so when virtualized it requires some extra network configuration.

    Now, in your plan you require two CAS/HT and two Mailbox servers. Why not multirole? That will be an option when using an HLB/VLB as load balancer and CAS HA. It could save you an Exchange and Windows server license you could invest in a proper LB.

    On the issue of Web FQDN's, they should point to the Virtual IP of the LB instead of the real IP of the CAS Exchange server. You can reuse the FQDN's, just point the record to another IP. Servernames are not required in the certificates if you use and configured Split DNS correctly. It measn InternalURL and ExternalURLs are the same, but internal point to intern IP's (in this case the to be introduced LB) and when external they resolve to external IP adresses (which are NATted or routed to the Virtual IP of the NLB).

    I would suggest you read up this Exchange configuration, practice these reconfigurations and fallbacks scenario's in a lab several times, until you get the hang of it and are familiar with all concepts. If done correctly and with proper preparations and testing, one could do the switchover (changing the configuration) within an hour, depending on the TTL of DNS records. Users will notice a change (Outlook warns them) and downtime is not unexpected. So, preparing your users, warn them of the maintenance, why you are doing this and what they can expect.

    I do have to note that I might not have been complete in my answer, because I overlooked some detail, didn't have all the information. It's still your responsibility. If you feel uncertain in any way, don't fiddle and see where you end up. Hence my advice of testing and reading up on Exchange 2010 configurations.

    Good luck!

    Comment


    • #3
      Re: Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

      Originally posted by dmstork View Post
      Because you don't have a CAS Array FQDN, all outlook clients are now targeted against the server FQDN. As soon as you change the RpcClientAccessServer attribute, clients will be redirected and will act as if the mailbox has been moved to another server. This means the user gets a warning that the admin has changed the configuration and the user needs to restart Outlook. After this the user can work again, but is connected via the CAS Array (and Load balancer). You can check that in the profile settings of Outlook, it is changed. The rehoming of Outlook is one of the reasons a CAS Array is always recommended, even with a single server. Not that that helps you currently, but now you know
      Sigh, if only it was that easy.
      That doesn't happen.
      You change the setting on the database, nothing happens on the clients. They don't see the change. It requires a visit to the workstation to get them to use the new CAS Array configuration.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

        Originally posted by Sembee View Post
        Sigh, if only it was that easy.
        That doesn't happen.
        You change the setting on the database, nothing happens on the clients. They don't see the change. It requires a visit to the workstation to get them to use the new CAS Array configuration.

        Simon.
        Mhh, did not know that. This is because there was no actual mailbox move performed? Perhaps combined with a mailbox move to another DB with the CAS array as RPCClientAccess? You'll need temporarily twice the current storage, but could beat client reconfiguration...

        Comment


        • #5
          Re: Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

          Originally posted by dmstork View Post
          Mhh, did not know that. This is because there was no actual mailbox move performed? Perhaps combined with a mailbox move to another DB with the CAS array as RPCClientAccess? You'll need temporarily twice the current storage, but could beat client reconfiguration...
          The only way the clients get updated is a move mailbox to another server in another AD site. Same server cross database doesn't work, because the Outlook client connects to the CAS role, not the mailbox role in Exchange 2010.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

            Originally posted by Sembee View Post
            The only way the clients get updated is a move mailbox to another server in another AD site. Same server cross database doesn't work, because the Outlook client connects to the CAS role, not the mailbox role in Exchange 2010.

            Simon.
            Thanks for your input. This is a little worrying news. What kind of editing is needed on the clients? And doesn't the autodiscover help either?
            Our setup is a single AD-site. So I guess that there is no way I can get the clients to configure automatically? Keep in mind we have hosted mode so there is quite a few different companies that gonna need help reconfigure Outlook.

            Is it possible to create a CAS-array, create a new mailboxdatabase, point this to the CAS-array with the 'RpcClientAccessServer' attribute. Without ANY interruptions to the function we deliver to our customers? The other databases will still have their configuration pointing to the single CAS-server. The purpose of this would be to be able to experiment with the moving mailboxes/reconfigure Outlook.

            Dmstork, thank you for your post! I will get back to some of the things you said.

            Comment


            • #7
              Re: Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

              Creating the RPC CAS Array and the database configuration change has no effect on the clients. They will continue to work with their existing configuration because everything is still valid.

              However any NEW Outlook profile will use the new setting.

              For existing Outlook clients, all that you need to do is Repair the Outlook profile. Go in to Accounts in Outlook, select the Exchange account and choose repair. That will force the clients to the new CAS Array address.

              The CAS Array address should be unique to that function, resolve internally only. It should not resolve externally.

              That is it. To move the clients to the new server, simply change the DNS entry.

              If you change the TTL time on the DNS entry to something low, like 10 minutes, any change will take effect very quickly.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

                Originally posted by Sembee View Post
                Creating the RPC CAS Array and the database configuration change has no effect on the clients. They will continue to work with their existing configuration because everything is still valid.

                However any NEW Outlook profile will use the new setting.

                For existing Outlook clients, all that you need to do is Repair the Outlook profile. Go in to Accounts in Outlook, select the Exchange account and choose repair. That will force the clients to the new CAS Array address.

                The CAS Array address should be unique to that function, resolve internally only. It should not resolve externally.

                That is it. To move the clients to the new server, simply change the DNS entry.

                If you change the TTL time on the DNS entry to something low, like 10 minutes, any change will take effect very quickly.

                Simon.
                How come any new Outlook profile will use the CAS array? So if I create a CAS array, without changing the RpcClientAccessServer attribute on the database hosting my mailbox. If I then use autodiscover for my e-mail address will I be pointed to the CAS array instead of the name specified in the attribute mentioned? I was under the impression that any current or new profiles wouldn't retrieve the CAS array name before I changed the settings on the mailboxdatabases?

                Comment


                • #9
                  Re: Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

                  I didn't say that they would use it.

                  I stated that the creation of the array AND the database configuration change will have no effect. All other comments I made were in reference to both of those changes taking place.

                  You really should have had an RPC CAS Array in place from day 1 and I would encourage you to deploy one right now.

                  Simon.
                  --
                  Simon Butler
                  Exchange MVP

                  Blog: http://blog.sembee.co.uk/
                  More Exchange Content: http://exchange.sembee.info/
                  Exchange Resources List: http://exbpa.com/
                  In the UK? Hire me: http://www.sembee.co.uk/

                  Sembee is a registered trademark, used here with permission.

                  Comment


                  • #10
                    Re: Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

                    Oh okay then I understand. So then I can create the CAS array without anyone noticing.

                    Then create a new mailboxdatabase for my experiments with changing the Rpc attribute and simply move my own mailbox and play around with what is needed to make my old profile work.

                    So to make sure:
                    If I create the CAS array.
                    And a new mailboxdatabase with the array as Rpccas

                    Then new Outlook profiles will resolve to the CAS array ONLY if the mailbox is located on the new mailboxdatabase? All other new profiles for mailboxes on the old databases will resolve the single CAS server?

                    Comment


                    • #11
                      Re: Adding new CAS/HT server to existing Exchange 2010 (Hosting mode) environment

                      That is correct.
                      A CAS array is just a DNS entry though, so it is very easy to implement and I don't think I have ever seen it cause a problem except when a typo was made in the host name.

                      Simon.
                      --
                      Simon Butler
                      Exchange MVP

                      Blog: http://blog.sembee.co.uk/
                      More Exchange Content: http://exchange.sembee.info/
                      Exchange Resources List: http://exbpa.com/
                      In the UK? Hire me: http://www.sembee.co.uk/

                      Sembee is a registered trademark, used here with permission.

                      Comment

                      Working...
                      X