Client Access Server per AD Site?

Similar Messages

• Add Client access server with DR MBX to server clients from DR site.

  Hello,
  We have a medium size implementation at our company. It is as below,
  - Two mail box servers (MBX1, MBX2) at production Site.
  - One mail box server (MBXDR01 at DR site (Active))
  - One DAG (name: IDKUDAG ) (MBX1,MBX2 and MBXDR01 are members)
  - Two Client access servers at production site (with MBX1 and MBX2)
  There is a high speed WAN connection between two sites.
  What I need to do, I want to add additional CAS server at DR site as in case of production site maintenance or outage I want to migrate the DBs to DR MBX and the CAS server handle mail
  client’s access.
  Can I add a new server at the DR site with the same configuration as the production site???
  Or there is another solution for this case.
  Please advise.
  Best regards,
  Ahmed Salah
  BR Ahmed Aboutabl

  Hi Ahmed,
  The CAS configuration for Exchange service in the second datacenter can be the same configuration as you mentioned. For example, the same internal&external namespaces for OWA, Autodiscover, EWS, OAB etc. in two datacenters.
  Also make sure the certificate has included all needed namespace for the second site. For your reference, here is an article talked about the details of site resilients:
  https://technet.microsoft.com/en-us/library/dd638129(v=exchg.150).aspx
  http://www.msexchange.org/articles-tutorials/exchange-server-2010/high-availability-recovery/designing-site-resilient-exchange-2010-solution-part1.html
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• Do i need a CAS server per AD site?

  Hi!
  So I have been browsing through a lot of Exchange Server documentation, guides and best practice but I have not found (or misunderstanding) the CAS placement for my situation.
  We are currently in the process of upgrading to Exchange server 2013. As we have an Exchange 2003 only deployment, we will first need to move to Exchange 2010 and get rid of all the Exchange 2003 servers and then move on to Exchange 2013. We have a
  single domain with 21 AD sites. 8 of these sites (Vessels at Sea) are connected by vSat the other 13 of these sites a remote offices with a more stable connection than vSat.
  We want to have a MBX server at every site and what I get from the available documentation on the internet I will also need a HUB server per AD site. What I am not sure about is, do I also need a CAS server per site? What I get from this excerpt:
  "A new service was introduced with Exchange Server 2010 to allow these MAPI connections to be handled by the Client Access
  server. The RPC Client Access service provides data access through a single, common path of the Client Access server, with the exception of public folder requests, which are still made directly to the Mailbox server. This change applies business logic to clients
  more consistently, and provides a better client experience when failover occurs." (ref Understanding RPC Client Access.), is that I also
  need a CAS server per site.
  Can somebody give me any definite insights in this one?
  To summarize the question:
  In a multi site AD with a MBX server per site, do I also need a CAS server per site?
  Your help is much appreciated!
  Regards,
  Erik

  (for Exchange 2010) You need CAS and Hub role in each site where Mailbox role deployed
  Understanding Client Access
  "You must install the Client Access server role in every Exchange organization and every Active Directory site that has the Mailbox server role installed"
  Overview of the Hub Transport Server Role
  "You must deploy a Hub Transport server role in each Active Directory site that contains a Mailbox server role"
  Blog - Smtp25.ru

• Office 365 Streaming Notifications, "One or more subscriptions in the request reside on another Client Access server."

  Hello all,
  I am maintaining a part of our product that requires monitoring mailboxes for events.  This is currently being done by using streaming connections for getting the notifications.  Our solution has been successful for situations with smaller numbers
  of mailboxes, ~200 or less.  However we are seeing some issues when scaling up to say, 5000 mailboxes.
  The error and the sequence leading up to it are as follows:
  Make an Exchange Service Account.
  exchSvc.ConnectionGroupName = someGroupName;
  add to the httpheaders ("X-AnchorMailbox", userSmtp) and ("X-PreferServerAffinity", "true");
  create a new impersonated UserId for the userSmtp address that is our anchor mailbox.
  set the Exchange Service account ImpersonatedUserID to the one we just made.
  ExchangeServiceAccount.SubscribeToStreamingNotifications(new FolderId[] { WellKnownFolderName.Inbox }, _mailEvents);
  to this point everything was successful, saw no error messages.
  we create a second impersonated UserID for a different mailbox, and repeat the process above from that step forward.  Upon the final step, subscribing to the streaming notifications we get the error:
  Exception: Microsoft.Exchange.WebServices.Data.ServiceResponseException: One or more subscriptions in the request reside on another Client Access server. GetStreamingEvents won't proxy in the event of a batch request.
  This is only the second subscription that we are trying to add to this connection, and it is to a different mailbox than the first.
  Can anyone please help point me to where this is going wrong?

  >> Is there a good way to verify the number of subscriptions in a group?
  Not that I know of you should be tracking this in your code there are no server side operations in EWS to even tell you if there are active subscriptions on a mailbox.
  >>The error I am getting is on the second subscription in a new group, just after doing the anchor mailbox so I don't think we are hitting the 200 limit. 
  It's hard to say without seeing your code but it sounds like there is problem with your grouping code. One way to validate this is that with every request you make with the EWS managed API there is a
  RequestId header http://blogs.msdn.com/b/exchangedev/archive/2012/06/18/exchange-web-services-managed-api-1-2-1-now-released.aspx
  you should be able to give that RequestId to the Office365 support people and they should be able to check the EWS Log on the server and tell you more about what's happening (it maybe server side bug). Something doesn't quite add up in that the X-BackEndOverrideCookie
  is what ultimately determines what server the request ends up at and the error is essentially telling you its ending up at the wrong server (have you looked at the headers on the error message?). Is it always one group of users that fails have
  you tried different groups and different combinations etc.
  Cheers
  Glen

• EWS - Office 365 - "One or more subscriptions in the request reside on another Client Access server. GetStreamingEvents won't proxy in the event of a batch request."

  Hello
  My goal is to subscribe for streaming notifications for multiple users in the same time.
  One way to do that is to create multiple  StreamingSubscriptionConnections each one should contain one  StreamingSubscription for each user. The problem with this method is that in Office 365 the maximum
  number of connections opened is 20.
  Another method to solve this problem is by creating one StreamingSubscriptionConnection and then all StreamingSubscriptions for each user to the connection. This method solves the maximum number of connections
  problem and it works fine with exchange onPrimises. But when trying it with Office 365 it will result with the SubscriptionError:
  "One or more subscriptions in the request reside on another Client Access server. GetStreamingEvents won't proxy in the event of a batch request."
  Can anyone help me here ? 

  With Office365 you need to Group your subscriptions and set the Affinityheaders see
  http://msdn.microsoft.com/en-us/library/office/dn458789(v=exchg.150).aspx and
  http://blogs.msdn.com/b/mstehle/archive/2013/07/17/more-affinity-considerations-for-exchange-online-and-exchange-2013.aspx . Take note of the restrictions on the Group and other throttling restrictions if your using only one service account.
  Cheers
  Glen

• Exchange 2013 - Cleaning UP logs files (Client Access Server)

  I have to client access server and it is running out of space
  Is there anywhere in the C:\ drive where I can delete some space (e.g. log files)

  Hello,
  If you refer to C:\inetpub\logs\LogFiles, you can delete them manually or use a Powershell script to delete them.
  Here is the similar thread for your reference.
  http://social.technet.microsoft.com/Forums/exchange/en-US/703dc324-721e-4c52-b43a-263b5543cfda/how-to-control-iis-logs-on-cas-server?forum=exchange2010
  If you refer to other log files, please free let me know.
  If you have any feedback on our support, please click
  here
  Cara Chen
  TechNet Community Support

• Exchange 2013 - Proxy through client access server not working

  Hello All -
  I recently migrated our company to Exchange 2013 and noticed that our email was leaving through the mailbox server. I put a check mark in the Send Connector where it says "Proxy through Client Access Server" and my mail is still coming from the
  mailbox server. How can I go about fixing this problem?
  Environment:
  1 CAS Server
  1 Mailbox Server
  Both server are behind the firewall with only port 25 opened to the CAS. The CAS has a Send Connector to a smart host for all messages.
  Thank you!
  Ryan

  Hi,
  Please check if the outbound messages without smart host are coming from CAS . 
  I doubt it send to the smart host directly if you configure smart host, and not use proxy thogh CAS.
  If you have any feedback on our support, please click
  here
  Wendy Liu
  TechNet Community Support

• Client Access Server Logs that capture Outlook Anywhere Connections

  Do Exchange 2010 Client Access Servers log Outlook Anywhere connections? Since it's RPC over HTTP, I'm thinking these would be in the IIS logs but don't see any entries in those logs that pertain to Outlook Anywhere. What logs contain Outlook Anywhere connections?
  I suspect I have a CAS server that isn't working properly pertaining to OA and need to be able to review some sort of logs to confirm.
  Thanks

  ARay,
  Do the below basic checks-
  Running the Test-OutlookConnectivity cmdlet. The cmdlet tests for Outlook Anywhere (RPC over HTTP) and TCP/IP connections. If the cmdlet
  test fails, the output notes the step that failed.
  Running the Outlook Anywhere connectivity test using the Exchange Remote Connectivity Analyzer (ExRCA). When you run this test, you get a detailed summary showing where the test failed and what steps you can take to fix issues.
  Both tests try to log on through Outlook Anywhere after obtaining server settings from the Autodiscover service. End-to-end verification includes the following:
  Testing for Autodiscover connectivity
  Validating DNS
  Validating certificates (whether the certificate name matches the Web site, whether the certificate has expired, and whether it's trusted)
  Checking that the firewall is set up correctly (ExRCA checks overall firewall setup. The cmdlet tests for Windows firewall configuration.)
  Confirming client connectivity by logging on to the user's mailbox
  Regards,
  ASP20

• Exchange 2010 and Client Access Server Roll

  Hi,
  We have one CAS/HUB server, two mailbox roll servers in a DAG. Both mailbox roll servers have public folder database and both are replicate each other. Now we are going to office365. Now we
  need to install client access roll on public folder database server(mailbox roll server) for office365 users to access the public folder from on premises according to
  http://technet.microsoft.com/en-us/library/dn249373(v=exchg.150).aspx
  We don't want get any problem after installing another CAS server roll. Our users' outlook should not interrupt with new installation. We are not setup client access array here. We are installing
  this for public folders access to office365 mailboxes. How to install and configure?
  Please help us to achieve this.
  Thanks & Regards.

  http://public.wsu.edu/~brians/errors/role.html
  Exchange 2013 doesn't have a public folder database.  If you're asking about an older version of Exchange, the Exchange previous versions forums are here: 
  http://social.technet.microsoft.com/Forums/en-US/category/exchangeserverlegacy
  You shouldn't have any problem installing the CAS role.  To be sure, after installing the server change all the URLs in the virtual directories to point to one of the real CAS servers, and run Set-ClientAccessServer -AutodiscoverServiceInternalUri to
  to a valid Autodiscover URL.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Rich client access server for data

  Hi
  I have a Rich client application and it need to access a web server via http protocol to access large amount of data.
  Any idea what is the best way to do this?
  im think of writing some server side code to generate the data object into XML files and then the client can retrieve the file. (either that or a plain text file...)
  Please advise me what is the best/common practice because this is the first time im doing this.
  thx

  XML can be a good idea, but remember that XML can bloat your data because of all the added tag information. so if you are working with large amounts of data, it can become a huge amount of data. Still you can use SAX to parse the XML on the fly in stead of parsing it into one large DOM tree structure first, which at least is efficient in the resources.
  If you can access the data in small parts, a webservice system might be a better, cleaner and more portable solution.

• Co-Locate Client Access and Edge Transport Role on Same Server?

  Co-Locate Client Access and Edge Transport Role on Same Server?
  Is it possible/supported to install the Edge Transport Server Role on the same machine that the Client Access role is installed on now that 2013 SP1 has added support back in for the Edge Transport Role?
  jon

  No.
  Unless something has radically changed from before...
  EDIT
  No, nothing has changed:
  "If you want to install the Exchange 2013 Mailbox or Client Access roles on a computer, see
  Install Exchange 2013 Using the Setup Wizard. The Edge Transport role can't be installed on the same computer as the Mailbox or Client Access server roles."
  http://technet.microsoft.com/en-us/library/dn635117(v=exchg.150).aspx
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Mailbox server in different sites

  Site: 1 US (1 DC and 1 C,H,M), EX 2010 (primary), SITE 2 MANILA (ADC ) (secondary ) 
  I want to install another EX 2010 in MANILA, for purpose of DAG/Failover and load balancing of mailbox servers by activating few DB in Manila site.
  My Doubt here is
  Once i will activate DB on Manila site, Will mailbox of that DB refer to US site for the CAS services ,
  so if I only place a single MB in Manila with no additional HT and CAS roles, then all of my users will still connect to the Manila site .

  Hi,
  Agree with the above suggestions, CAS role is needed in Manila site.
  For more information about cross-site failover, you can refer to the following article:
  http://blogs.technet.com/b/exchange/archive/2012/05/30/rpc-client-access-cross-site-connectivity-changes.aspx
  when we configure a multi-site DAG, the RPCClientAccessServer property for a given database is typically associated with the RPC Client Access Server array that is
  in the same AD site as the copy of the mailbox database with the lowest activation preference number.
  Thanks,
  Angela Shi
  TechNet Community Support

• Do we have to install Client Access mode if we only want mailboxes

  Do we have to install Client Access Role if we only want mailboxes, if we do not need that role how do we get the ecp web management program which does not install with just the mailbox role

  Hi,
  From your description, I would like to clarify the following things:
  1. Each organization requires at a minimum one Client Access server and one Mailbox server in the Active Directory forest.
  2. Each Active Directory site that contains a Mailbox server should also contain at least one Client Access server.
  For more information, here is an article for your reference.
  Install Exchange 2013 using the Setup wizard
  http://technet.microsoft.com/en-us/library/bb124778(v=exchg.150).aspx
  Hope my clarification can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support
  I used the setup wizard before purchasing everything and during the installation, one question asked by the wizard, was do you want to install on one machine and my answer was yes, ( these are servers that are to replace on premises
  SBS 2003 servers in local charities premises ), I have followed the wizard and still it does not work, I now think the problem might be because I am using different names ( similar to that format used by previous versions of SBS ) for the
  internal name and the external domain name, I am using <servername>.domain.local internal and <sameservername>.domain.org.uk for external, now I am trying an install with the following <servernameinternal>.domain.org.uk and <servernameexternal>.domain.org.uk
  to see if that might be the problem, some of the text in the wizard suggested using the same name for both internal and external domain names, that is a little fraught with danger, I used the same internal and external method on Linux back in the 1990's and
  it caused a few problems. 
  The problem seems to be when I generate a certificate request for the internally installed Certificate Authority then complete it in Exchange ecp, I then add the services and the internal and external names are listed but it does
  not seem to be adding them to the actual Certificate when added to the machine.
  Outlook 2010 will now AutoDiscover as long as I install the certificate before or during the setup, Outlook 2007 will corrupt if I do not install the certificate first, I still have no external access but that might be because I am bench
  testing before taking it to customer premises, although the name of the server is in the public DNS, so it should work, it sends and receives email OK.
   

• Exchange 2007 Client Access and Receive Connector options not available (EMC)

  We have a SBS2008 server with Exchange 2007
  When I open the EMC and go to Server Configuration --> Client Access, none off the options are available (greyed out). OAW, OWA, ActiveSync are working without any problems. Outlook anywhere enabled shows False,when I try to reanable it I get the following
  error message:
  Summary: 1 item(s). 0 succeeded, 1 failed.
  Elapsed time: 00:00:01
  SERVERNAME
  Failed
  Error:
  The Active Directory object for virtual directory 'IIS://SERVERNAME.domainname.local/W3SVC/3/ROOT/Rpc' on 'SERVERNAME' could not be created. This might be because the object already exists in Active Directory. Remove the object from Active Directory, then re-create
  it.
  Unexpected Error
  Warning:
  Outlook Anywhere will be enabled on your Client Access server after a configuration period of approximately fifteen minutes. To verify that Outlook Anywhere has been enabled, check the application event log on server SERVERNAME.
  Exchange Management Shell command attempted:
  enable-OutlookAnywhere -Server 'SERVERNAME' -ExternalHostname 'mail.domainname.net' -DefaultAuthenticationMethod 'Basic' -SSLOffloading $false
  Elapsed Time: 00:00:01
  Also the receive connectors are not visible from EMC, it's just blank under receive connectors, but mails are received without any problems.
  Does someone know a way to resolve this?

  That worked!
  I created a new account and placed it into the Exchange Organization Administrators role, now I'm able to see all the options normally.
  I also re-added the original account to the EOA role but I still don't see the options there. When I go to Organization Configuration I also get the following error message:
  You do not have permissions to read the security descriptors on CN=servername,CN=Server......DC=domainname, DC=local. It was running command 'get-ExchangeAdministrator'
  So it must be a permissions issue. The strange thing is that under Exchange Administrators I can see my account and it has the role Exchange Organization Administrators.

• Exchange 2013 DAG / client access

  Hello
  I'm in the planning of a new Exchange 2013 infrastructure. The infrastructure will be located in a datacenter and should host about 1000 mailboxes. I have read many whitepapers and tutorials, but some things are still unclear to me.
  - Microsoft suggests multi-role servers for this amount of users because client access is no more than a reverse proxy in EX2013. Is this correct? I've read that one users with 200 mails/day needs 8.5 MCycles with only DB and 10.63 MCycles with DB and CAS
  on the same server. So I plan to start with 2 multi-role servers in a DAG. What's your oppinion on this?
  - Client connections: I assume the clients connect to the cluster IP of the DAG. How do they get directed to the server on which their database is online? Does each server need to have the cluster IP and a public IP to which the clients connect?
  - SMTP: As I understand the documentation, mails are sent from the server which the user is active on. (Which makes sense for high availability.) What is best practice regarding the protocol logs? Do the support employees need to search in the files on 2
  servers?
  Thank you very much for your input!

  Hi
  I would use the firewall for load balancing unless there is a technical reason why this is not possible.  NLB is not recommended as it is not service aware - you cannot configure a probe to test OWA is working for example - so if you already have something
  better that would be my choice.
  In the choice between IIS ARR and NLB or CAS and NLB I would go for IIS ARR as this reduces you license costs, but neither of these is better than the appliance/firewall option.
  I've never used NLB for load balancing other than on TMGs so I cannot say what the performance is like behind a firewall, in theory your assumption would be correct.
  The load balancer doesn't make this decision it just spreads the load between the active servers, the CAS role connects the use session to the correct mailbox server:
  http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
  Steve