Exchange 2010 CAS array with Exchange 2013 Mailbox Servers

Similar Messages

• Internal outlook client connectivity in exchange 2010 when coexist with exchange 2013

  Hi all ,
  on my side i would like to clarify few queries.
  Say for instance i am coexisting exchange 2010 with exchange 2013 .Unfortunately if all of my exchange 2013 servers goes down .
  Q1 .On that time will the internal outlook users having their mailboxes on exchange 2010 can be able to connect mailboxes without any issues ? In case if they face any issues what kind of issues will they be? Because why i am asking is we should have pointed
  the autodiscover service to exchange 2013 during coexistence.
  When an user closes and reopens the outlook after whole exchange 2013 environment failure ,outlook will first query the autodiscover service for the profile changes to get it updated on users outlook profile.In such case autodiscover service will not be
  reachable and i wanted to know will that affects the internal client connectivity for outlook users having their mailboxes on exchange 2010.
  Q2. Apart from outlook internal users connectivity ,what kind of exchange services(i.e owa,active sync,pop,external OA and imap) will get affected when whole exchange 2013 environment goes down during coexistence ?
  I have read the below mentioned statement on this awesome blog but still i wanted to clarify with you all on my scenario.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx<o:p></o:p>
  Internal Outlook Connectivity
  For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2010, they will still connect to the Exchange 2010 RPC Client Access array endpoint.
  For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2007, they will still connect directly to the Exchange 2007 Mailbox server instance hosting the mailbox.
  Please share me your suggestions and that would help me a lot .
  Regards
  S.Nithyanandham

  Hi Winnie Liang ,
  Thanks a lot for your reply.
  Scenario  1 : for internal outlook connectivity 
  We have below settings for exchange 2010 autodiscover.
  mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2010 cas serves
  We are going to have below settings for exchange 2013 autodiscover.
  mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2013 cas serves
  During coexistence mail.domain.com will be pointed to exchange 2013 cas servers . I mean to say if we try to resolve the mail.domain.com it will get resolved in to the exchange 2013 cas servers.
  So on such case if anything happened wrong to the new environment or else if entire environment goes down .Do we face any issues while outlook users connect to existing mailboxes in exchange 2010 ?
  Because why i am asking is ,on the below mentioned article i have read all the autodiscover request will go via exchange 2013 cas servers during coexistence.That means all the existing mailboxes in exchange 2010 will also have to query exchange 2013 cas
  servers for autodiscover request.During the whole exchange 2013 environemnt failure whenever the user tries to close and open outlook .Outlook will first queries the autodiscover service for any changes happened on that particular mailbox and it will try to
  get it updated on user profile.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
  Would it be possible to make the exchange 2010 mailbox users to query only the scp points which belongs to the exchange 2010 cas servers for autodiscover request ?
  Scenario 2: For exchange services
  mail.domain.com - will be the namespace for all the exchange 2010 services (i.e owa,activesync,external outlook anywhere,pop,imap)
  mail.domain.com - will be the namespace for all the exchange 2013 services (i.e owa,activesync,external outlook anywhere,pop,imap)
  What about the above services will it get affected during whole exchange 2013 environment failure ?
  Note : We are not facing this issue , i hope everything goes well in my environment while doing coexistence i am just asking this question on my own interest?
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

• External emails not received after shutdown of Exchange 2010 in coexistence with Exchange 2013

  I have exchange 2013 and exchange 2010 in coexistence mode. All mailboxes have been moved to Exchange 2013 and firewall/spamfilters already pointed to Exchange 2013 CAS server. I can receive/send from and to external addresses, however when I shutted down
  the Exchange 2010 all incoming external mails were not received. What could be the cause?

  Start by re-checking how the device that takes the traffic from the external MX IP to internal is configured.
  Sniff the traffic to ensure that it is hitting 2013 directly.
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Exchange 2010 CAS proxy to Exchange 2013 CAS: Use the following link to open this mailbox with the best performance:

  Hello,
  I've installed Exchange 2013 into Exchange 2010 infrastructure
  [ single Exchange 2010 server; single AD site; AD = 2003 ],
  and moved one mailbox [ Test user ] to Exchange 2013.
  When I login internally through 2013 OWA to access mailboxes on 2010, then proxy works fine.
  When I login internally through 2010 OWA to access mailboxes on 2013, then a message appears:
      Use the following link to open this mailbox with the best performance: with link to 2013 OWA...
  What is wrong ?
  I've checked and changed settings by:
  Get-OwaVirtualDirectory, Set-OwaVirtualDirectory
  [PS] C:\work>Get-OwaVirtualDirectory -Identity 'ex10\owa (Default Web Site)' | fl server,name, *auth*,*redir*,*url*
  Server                        : EX10
  Name                          : owa (Default Web Site)
  ClientAuthCleanupLevel        : High
  InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : True
  DigestAuthentication          : False
  FormsAuthentication           : True
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  RedirectToOptimalOWAServer    : True
  LegacyRedirectType            : Silent
  Url                           : {}
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://ex10.contoso.com/owa
  ExternalUrl                   : https://ex10.contoso.com/owa
  [PS] C:\work>Get-OwaVirtualDirectory -Identity 'ex13\owa (Default Web Site)' | fl server,name, *auth*,*redir*,*url*
  Server                        : EX13
  Name                          : owa (Default Web Site)
  ClientAuthCleanupLevel        : High
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : True
  DigestAuthentication          : False
  FormsAuthentication           : False
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  RedirectToOptimalOWAServer    : True
  LegacyRedirectType            : Silent
  Url                           : {}
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://ex13.contoso.com/owa
  ExternalUrl                   :
  best regards Janusz Such

  Hi Janusz Such,
  Based on my knowledge, CAS proxy can only from later version to previous version.
  Some like CAS2013 to CAS2010/2007, CAS2013 to CAS2013. 
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Exchange 2007 CAS Unable To Display 2013 Mailbox Free/Busy to Clients

  Hi,
  I'm in the process of migrating to Exchange 2013 from an Exchange 2007 backend.  I have 2 2007 CAS servers in a Windows NLB named webmail.domain.com, and I'm having a problem with only a single one of those CAS servers being able to display the free/busy
  information of a mailbox residing on a 2013 mailbox server.  The other CAS works fine.
  Both CAS servers are Exchange 2007 SP3.  Both CAS servers have their virtual directories named webmail.domain.com/{vitual direction url}.  I built both servers from the ground up and configured them at the same exact time performing the same steps
  on each.  My 2013 CAS servers are in a Windows NLB for mail.domain.com, and they have all their virtual directories named for mail.domain.com.  These are separate entries in DNS.  Other autodiscover services are working fine.  I have most
  traffic flowing Exchange 2013 now as well.
  I've done compares on the virtual directories for each 2007 CAS, and they appear to be the same.  If I bypass the NLB and just go directly to the casname01/owa, I see free/busy no problem.  If I go to casname02/owa, then free/busy doesn't work
  ONLY for 2013 mailboxes.  It will display 2007 mailbox free/busy fine.  To complicate matters, I still have a 2010 CAS in the environment from a failed O365 pilot.
  Where can I look to begin to troubleshoot this?  Thanks.

  In the App log on the 2007 CAS, I'm seeing an Event ID 4002 from MSExchange Availability (below).  This made me check my 2013 CAS NLB.  It looks like it is one of the 2013 CAS servers in the mail.domain.com NLB that is causing this behavior.  I
  could still use guidance.  Thanks.
  Process 3576[w3wp.exe:/LM/W3SVC/1/ROOT/EWS-1-130366189751718750]: Proxy request IntraSite from Requester:S-1-5-21-2089814041-428609448-1854500012-56527 to https://mail.domain.com/EWS/Exchange.asmx failed. Caller SIDs: S-1-5-21-2089814041-428609448-1854500012-56527.
  The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because
  the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.128.13.38:443
     at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
     at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
     --- End of inner exception stack trace ---
     at System.Web.Services.Protocols.WebClientAsyncResult.WaitForResponse()
     at System.Web.Services.Protocols.WebClientProtocol.EndSend(IAsyncResult asyncResult, Object& internalAsyncState, Stream& responseStream)
     at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
     at Microsoft.Exchange.InfoWorker.Common.Availability.Proxy.Service.EndGetUserAvailability(IAsyncResult asyncResult)
     at Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequest.CompleteRequest(). The request information is ProxyWebRequest type = IntraSite, url = https://mail.domain.com/EWS/Exchange.asmx
  Mailbox list = <NA-Bedford Adriatic Conference Room>SMTP:[email protected], Parameters: windowStart = 1/26/2014 12:00:00 AM, windowEnd = 3/9/2014 12:00:00 AM, MergedFBInterval = 30, RequestedView = MergedOnly
  .. Make sure that Active Directory site/forest containing the user mailbox has at least one local Exchange 2007 server running Exchange Availability service. Turn up logging for MSExchange Availability service and test basic network connectivity.

• Exchange 2010 co-existence with Exchange 2007 issue NDR size Four Times then we send

  Hi All,
  I am facing some strange issues of NDR size four times then we send like if I send 1 MB message to internal OR external recipient then we receive 4 MB NDR.
  Even we send one black mail with subject Test mail of 4 kb then we receive 16 kb NDR is it due to architecture change or something else.
  Everything was fine with Exchange 2007 but facing this issues after we change the mail flow to Ex2010.
  Any help really appreciated
  Regards
  Anand S
  Thanks & Regards Anand Sunka MCSA+CCNA+MCTS

  Hi Anand,
  From your description, the NDR size is four times than original message size. I would like to verify the following thing for troubleshooting:
  How many people has this issue, only one or all the people?
  If only one user has this issue, I recommend you move the user's mailbox to another mailbox database and check the result.
  If all the people have this issue, please enable Pipeline tracing and see if there is any hint. If the issue persists, please install the latest Service Pack and Rollup and check the result.
  Here is an article for your reference.
  Enable Pipeline Tracing
  http://technet.microsoft.com/en-us/library/bb125018(v=exchg.141).aspx
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• Creating a cas array for exising prd mailbox servers

  Hi
  one of the production site in current environment , mbx databases  rpcclientaccess server  set as individual cas servers .
   we want to point these databases to a cas array ,NLB is already created now remaining is cas array and point the database to cassarry fqdn.
  I just want  to know when we do this change , any client re-configuration is required or automatically redirection will happen to cas arary from outlook client.
  Regards

  I just want  to know when we do this change , any client re-configuration is required or automatically redirection will happen to cas arary from outlook client.
  Hi,
  I'm afraid that you need to manual re-configuration from outlook client.
  I recommend you refer to the following article:
  Demystifying the CAS Array Object - Part 2
  5.A CAS array object should not be configured after creating Exchange Server 2010 databases
  The profile will not update itself because the client will not receive an
  ecWrongServer response from CAS. It will not receive this response because any CAS is a valid connection point for any mailbox database via RPC (over TCP) so clients can survive datacenter switchover/failover events without being reconfigured and all
  an admin has to do is flip the CAS array object DNS record to point to a surviving pool of CAS. Currently the only way to fix mailbox profiles would be a manual profile repair within Outlook, by publishing an Office PRF file via GPO (not going to work for
  non-domain joined machines), or by decommissioning the CAS server named in the users’ profiles so the endpoint is no longer available. This last option should (test test test!!) trigger a full profile repair by Autodiscover in Outlook 2007 or Outlook 2010.
  Outlook 2003 is only repairable with a profile repair or a PRF file. Autodiscover will not as of this article’s writing update a profile to a new server name as part of the normal Autodiscover process which updates the Outlook Anywhere configuration and discovers
  EWS URLs for other features such as OOF Management, Free/Busy, and Inbox Rules management.
  Hope this helps!
  Thanks.
  Niko Cheng
  TechNet Community Support

• Exchange 2013 CAS functionality in coexistence with Exchange 2010 CAS

  Hi,
  I am planning to migrate Exchange 2010 to Exchange 2013 for 15000 users. We have a pool of 6 CAS 2010 servers added in a single CAS array. So my question is if we introduce a new CAS 2013 server in same site then will it affect CAS traffic anyway ? If we
  point our HLB to all CAS servers including CAS 2010 and CAS 2013 so will the CAS 2010 servers wil take traffic or is it only CAS 2013 servers who will take traffic. We will be putting same URLs in CAS 2013 same as CAS 2010. I have read lot of MS articles and
  all say that CAS 2013 should be enabled for CAS traffic and it will proxy request to CAS 2010. But I am not sure if we will face any CAS traffic issue whenever we will introduce CAS 2013 servers in same site and traffic will be pointed to CAS 2010 and CAS
  2013 both. Is it possible to add CAS 2013 in Exchange 2010 CAS array ? Please guide. Thanks in advance.

  For mailbox that exist on Exchange 2010, EXCH2013 CAS will proxy the request to an Exchange 2010 Client Access servers that exists within the mailbox’s local site.
  For mailboxes that exist on Exchange 2013, EXCH2013 CAS will proxy the request to the Exchange 2013 Mailbox server that is hosting the active copy of the user’s mailbox which will generate the Autodiscover response.
  -->Is it possible to add CAS 2013 in Exchange 2010 CAS array ? 
  No. CAS Array is no longer exits in Exchange 2013. But concept of a single namespace for Outlook connectivity remains. Please check this and this. In
  your case you dont need to worry as you have a HLB in place it will do the job
  When a new exchange2013 is deployed Outlook Anywhere has been enabled on all Client Access servers within the infrastructure and the mail.contoso.com and autodiscover.contoso.com namespaces have been moved to resolve to Exchange 2013 Client Access server
  infrastructure. In your case it is pointed to both as you have a load balancer in place but the same URL should be configured in exch2013
  Make sure you have exchange2010-SP3  minimum as it is the prerequisite requirement for upgarding EXCh2010 to 2013. 
  Please check the exchange server deployment assistant
  tool for moving mailboxes
  After moving a mailbox check the URLs. Configure autodiscover,EWS,OAB URLs on exchange2013. Please check this as
  well for checking URLs.
  I hope you know MAPI/RPC (RPC over TCP) traffic is now replaced with RPC over HTTP/s instead in exch2013. 
  Thanks
  MAS
  Please don't forget to mark an answer if it answers your question or mark as helpful if it helps

• Exchange 2010 OWA usage in Exchange 2013

  Hi,
  I have Exchange 2010 with Sp3 Currently running in environment, Now we have plan to Migrate it to Exchange 2013.... Total number of mailbox is around 26000.
  Before Migration we want below things to keep in mind...
  1. We want to Use existing exchange 2010 OWA url ( mail.abc.com ), How to accompolish this as it will take couple of months to migrate all mailbox ?
  2. Can i use my Existing Exchange certificate to get the above goal done ?
  3. What will be the steps and pre-requsite to achieve the Goal ?
  An Early reply would be appreciated !! 
  Amit

  Hi Amit 
  First Change SCP of Exchange 2010 CAS VIP to Exchange 2013 CAS VIP.
  Configure external  DNS records accordingly.DNS entries should be pointed to Exchange 2013 CAS from Exchange 2010 CAS.
  Ensure that you are having a seperate name for CAS array from external ews url
  Outlook Anywhere should be enabled and Url should be external URL which points to Exchange 2013.
  Authentication for OUtlook Anywhere should be - NTLM
  for OWA exchange 2010 - FBA and windows 
  Point your new CAS server to the firewall or TMG . Now from exchange 2013 all request will be proxied to 2010 users 
  You cannot use the same certificate . YOu need to add seperate entries as the host name for new servers will vary
  Apply a new certificate with all the required site names included in Exchange 2013 CAS.
  Whats more you can refer my blog as well 
  http://exchangequery.com/2014/05/02/things-to-consider-before-configuring-autodiscover-in-exchange-20102013-coexistence-scenarios/
  Cheers :)
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com

• Exchange 2013 EAC will not run with Exchange 2010 CAS\HT servers shut down.

  Hi Folks,
  A little background - We have just migrated all our user mailboxes and public folders to Office 365 using a hybrid configuration. Now that the migration is essentially finished, I'd like to decommission our on-prem Exchange infrastructure and remove the
  hybrid config. We are using dirsync with password sync to replicate our AD to the cloud.
  I've read that even if you remove your hybrid configuration, it's a good idea to keep one on-prem Exchange server around so you can edit Exchange attribs (such as email addresses) in a supported manner, rather than using ASDI edit, etc.
  To this end, I installed a single Exchange 2013 CA\MBX server. After installation, the EAC worked fine, and I was able to view our on-prem users, groups, etc. Last week, I shut down our two Exchange 2010 CAS\HT servers as a test to see if anything broke
  prior to decommissioning them (these were the hybrid servers as well). After doing so, the Exchange 2013 EAC no longer works for some reason, and behaves in a very bizarre fashion. About once every 20 times or so, it will actually start and run. The other
  times, it just has you enter your creds, then generates an HTTP 500 internal server error after entering them. It seems to make no difference if you attempt to access it by the fqdn, hostname, or localhost right on the box itself. Same behavior on Chrome or
  IE.
  Today as a test, I started up one of the 2010 CAS servers and lo and behold, the 2013 EAC ran without difficulty again. Any idea why this might be so? Thanks for any help,
  Ian

  Hi,
  From your description, I recommend you use the following URL to check if you can access EAC. I see it works for several people about this issue.
  https://<Exchange 2013 CAS FQDN>/ecp?ExchClientVer=15
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• Is it supported to connect Exchange 2013 Mailbox using Exchange 2010 CAS in Co-existence?

  Hi Team,
  I am in the phase of upgrading Exchange 2010 to 2013, and introduced 4 MBX and 2 CAS of 2013 servers in co-existence.
  Only one production mailbox of 2010 moved to 2013. The owa of the mailbox moved to 2013, is working OK internally coz only internally configured, but when I configure outlook using 2010 settings, it got configured but when I open outlook it doesn't
  open and throws an error of some "cannot open set of folders".
  Is it supported to connect Exchange 2013 Mailbox using Exchange 2010 CAS in Co-existence? because I havnt configured 2013 CAS servers yet.
  Kindly share some KB or tip. Any help is appreciated. Thank You.
  Muhammad Nadeem Ahmed Sr System Support Engineer Premier Systems (Pvt) Ltd T. +9221-2429051 Ext-226 F. +9221-2428777 M. +92300-8262627 Web. www.premier.com.pk

  I'll change Adam's wording slightly - you *MUST* install a CAS 13 server into every site where there is a MBX 13 server.
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Decommissioning Exchange 2010 Casarray (contains 2013 Mailbox Servers?)

  I'm in the process of decommissioning exchange 2010. I went to remove the 2010 casarray and see that my 2013 mailbox servers are a part of the array? Can I still remove the array? Do I leave it?

  Hi,
  Please have a look in to the below mentioned article especially the reply from Off2work
  http://social.technet.microsoft.com/Forums/office/en-US/c10550fa-b735-48ee-ad52-a75f0176e1de/cas-array-in-exchange-2013?forum=exchangesvrdeploy
  As an additional info , as per my knowledge there is no use of cas array in exchange 2013 and at the same time exchange 2013 servers will not make use of it even though if it is an member of an casarray in exchange 2010.
  Please reply me if you have any queries .
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

• Exchange 2010 users cannot open Exchange 2013 shared mailbox

  Title says it all.
  We're in the process of migrating 1000+ mailboxes to Exchange 2013. A number of shared mailboxes have been migrated, but those users still on 2010 cannot open them.
  Is this just how it is, or is there a way around it?

  Hi,
  I tested in my lab, if the shared mailbox is on Exchange 2010, I could open this shared mailbox successfully. Then I moved this shared mailbox to Exchange 2013, after that, I couldn’t open it anymore, I got the following error:
  Besides, I tried to open a shared mailbox on Exchange 2013 which was not moved from Exchange 2010, it is the same error message.
  Based on the test, it seems that Exchange 2010 users can’t open shared mailbox on Exchange 2013. So I recommend you move those users to Exchange 2013.
  Best regards,
  Belinda Ma
  TechNet Community Support

• TCP packet out of state: First packet isn't SYN & Outlook is trying to retrieve data from the Microsoft Exchange Server [CAS-ARray]

  We are transitioning from Exchange 2003 to Exchange 2010.  We found Outlook online mode (non-cached mode) have many warning "Outlook is trying to retrieve data from the Microsoft Exchange Server [CAS-ARray]", usually happen when users tried to open
  address book but sometimes even normal operation like click the Send button.  The problem does not affect OWA and extremely rare when Outlook is running in cached mode.  Check the firewall logs, we notice a lot of "TCP Packet Out of State" drops.
  We have a lot from the CAS/HT to DC/GC on TCP_3268 and LDAP.  And the errors are "TCP packet out of state: First packet isn't SYN" with tcp_flags FIN-ACK, PUSH-ACK.
  We also have a lot from CAS/HT to the Outlook Clients on the static RPC port (TCP_59933).   And the errors are "TCP packet out of state: First packet isn't SYN" with tcp_flags FIN-ACK, PUSH-ACK and RST-ACK, ACK.
  This happens even on Outlook 2010 which I though it has TCP Keep Alive implmented to keep the session active within 1 hour. 
  Can somebody tell me if these out-of-state are the cause of our problem?  And how to fix it?
  THANK 1,000,000

  Hello AndyHWC,
  I did some consulting with our CAS team and received the following feedback to your post:
  It is difficult to determine what is causing resets without seeing the captures first hand however, the concern is that you are seeing dropped packets on the firewall logs.  Where is this firewall located?
  Based on the description "Check the firewall logs, we notice a lot of "TCP Packet Out of State" drops." and "We have a lot from the CAS/HT to DC/GC on TCP_3268 and
  LDAP." indicates to me that the firewall is between CAS and GC.  This not supported under any circumstances and would explain the issue they are seeing with clients trying to "retrieve data from the GC".
  If there is not a firewall between the GC and CAS then a Microsoft support engineer would need to have concurrent Netmon Captures from client, CAS, GC during the
  issue to analyze.  If only one GC exists consider adding another GC to handle the client requests and for fault tolerance.
  Also verify that all NIC card drivers are updated to the latest driver version
  More information about firewalls with Exchange 2007/2010
  http://msexchangeteam.com/archive/2009/10/21/452929.aspx
  http://technet.microsoft.com/en-us/library/bb232184(EXCHG.80).aspx
  You can install the Client Access server role on an Exchange 2007 computer that is running any other server roles except for the Edge Transport server role. You
  cannot install the Client Access server role on a computer that is installed in a cluster. Installation of a Client Access server in a perimeter network is not supported.
  http://technet.microsoft.com/en-us/library/dd577077(EXCHG.80).aspx
  “The Installation of a Client Access Server in a Perimeter Network Is Not Supported
  Issue You may want to install an Exchange 2007 Client Access server in a perimeter network. However, this type of installation is not supported in Exchange
  2007.
  Cause The Exchange 2007 Client Access server role is not supported in any configuration in which a firewall is located between the Client Access server
  and a Mailbox server or a domain controller. This includes firewall devices, firewall programs, or any program or device that is designed to restrict traffic between two network locations.
  For correct operation, Client Access servers require typical domain connectivity to domain controllers and global catalog servers. Because any devices
  or programs that restrict or reduce access to domain controllers or global catalog servers may affect the correct operation of the Client Access server, we do not support this type of configuration.
  Resolution To resolve this issue, move the Client Access servers to the internal network. For more information about the ports that Exchange 2007 uses
  for various services, see Data Path Security Reference.”
  Thanks,
  Kevin Ca - MSFT
  Kevin Ca - MSFT

• Catalyst SLB - Exchange 2010 CAS RPC

  Hi.
  We're currently testing out SLB for load balancing a pair of Exchange 2010 CAS servers.  The config seems straightforward enough for single port services like 'Outlook Anywhere' or 'Outlook Web Access' (all on https).
  Does anyone have real life experience with getting straight MAPI Outlook load balancing to work?  According to Microsoft, there's only 3 ports to be concerned with - endpoint mapper, rpc.clientaccess, and address.book.  I've got the latter two set for static across both of these servers, and have 3 appropriate vservers in place pointing to the serverfarm, but a capture shows the process getting hung up on tcp135.  It's as if whatever server the endpoint request is landing on doesn't know what to do with the request.
  Thanks in advance for any replies.

  Hello Jay!
  Take a look at this doc:
  http://www.cisco.com/en/US/docs/solutions/Verticals/mstdcmsftex.html#wp609677
  RPC requires source ip sticky in order to operate correctly through a loadbalancer.  In the doc, they also walk through doing RPC over http/https - however, I have seen configurations where ACE is not L5-L7 that use RPC on port 135 as a L4 rule with sticky and it appears to work ok.
  Regards,
  Chris Higgins