Setting up static ports for Exchange 2010 CAS Server and Mailbox Server
CAS server or Client access server was introduced in Exchange 2007. With Exchange 2010, users/outlook/MAPI clients connect to the RPC Client Access service on the Client Access Server to access mailbox information from a mailbox server.
If you ask me, which is the most important role in exchange 2010 I would say “CAS” “CAS” and only “CAS”. Now the reasons are obvious. Autodiscover, OAB, Availability, Exchange ActiveSync (mobile), Outlook web app, Outlook anywhere access, POP/IMAP and now on top of all this now all Outlook users connect to CAS server too which completes the list. Now, this is the exact reason why Microsoft introduced CAS array so that it’s not just “one” server/role servicing client requests but “an array” of servers which are load balanced and this ensures clients will receive an acknowledgement even if one/several servers are unavailable.
Yes, this means that the mailbox server role sits their holding the physical database and nothing else (well not exactly if we have DAG configured).
Prior to Exchange 2010, DSProxy runs on Exchange (same dsproxy.dll in the /exchsrvr/bin directory) and was responsible for pointing or referring a MAPI client to a GC for directory access. NSPI (Named Service Provider Interface) runs on GC and provides the directory information or GAL information to the MAPI clients. Well, if you are looking for the more detail:
In Exchange 2010, Outlook/MAPI Clients no longer connect directly to a Mailbox server to access their mailbox information. They first connect to the RPC Client Access service residing on the CAS server who instead communicates with AD to fetch account information to contact the mailbox server.
Ok, once more in detail:
In Exchange 2010, Outlook/MAPI Clients connects to an NSPI endpoint on the Client Access Server to fetch directory information and NSPI then talks to the Active Directory via the Active Directory driver. The NSPI endpoint replaces the DSProxy component we spoke about a while back.
Every Exchange 2010 mailbox database has a new inbuilt attribute called RpcClientAccessServer. This is created by default when a database is created. What happens if you create a new database in an AD Site with no CAS array then? In that case, exchange defaults this attribute to the first CAS server installed in the AD site.
To know which one: Get-MailboxDatabase “name of the dB” | ft Name, RpcClientAccessServer
Why do I need RPC Client Access Service and what is the benefit of having it?
There are several advantages packed with the RPC Client Access service.
1. Less downtime for clients during a mailbox failover. This is because all connections are now made through the Client Access servers. When an Exchange 2007 cluster failed over, Outlook clients disconnected for sure till the time the cluster fail over was completed and stores are mounted back. With Exchange 2010, since several CAS servers make up an CAS array, even if one CAS goes down, the client will immediately be redirected to another CAS in the array and with DAG or Database Availability Group, the client is disconnected for only the amount of time it takes for the failover database to be mounted which is about 30-60seconds in real-life scenario’s.
2. With high performance “software/hardware” load balancers in market, for a properly architected array of Client Access servers lets you spread the traffic load over all Client Access servers in the array equally.
3. Another good one is that with CAS Array, all we need is an A record (which is the ip of the array) and if you need to configure Outlook manually (even though it is done automatically with Autodiscover) we can have a name like “outlook.company.com”
4. Again DSProxy is gone and a new Address Book service is responsible for updating certificates and distribution list membership and maintaining delegate information for Outlook clients.
The RPC Client Access Service utilizes the TCP port 135 EndPointMapper on an Exchange 2010 server. This behavior is by design. This port should be open along with the dynamic RPC range TCP 1024-65535 between your internal client network and the CAS Server or arrays and your Mailbox servers.
Below are the steps in configuring static port for internal clients to access their mailbox using CAS server.
On the CAS servers create a DWORD registry key named “TCP/IP Port”
Name: TCP/IP Port
Value: <Set the port value you would prefer for the connection. Open this port on all firewall or any third party load balancer whatever sitting between the client and the server>
### It is recommended to choose a value between 1024-65535; we also need to ensure that the port we are specifying is not used by any other application or device.
### Also open port 135 on your internal firewall or load balancer between your clients and the server along with all the ports required for mailbox connection and directory access.
### If you like to set static port for public folder access we need to set the same key above on the public folder server. This is because outlook talks directly to the RPC Client Access service on the public folder server. Once it is set, restart the Microsoft Exchange RPC Client Access service.
For Exchange 2010 RTM version:
We need to limit the port for clients that connect to the NSPI endpoint for directory access. This is done by modifying Microsoft.exchange.addressbook.service.exe.config located in Exchange server bin folder.
Path: Program files/ExchangeServer/V14/Bin
Key : RpcTcpPort
Value: <Change it to a value that you would like Outlook cleints connecting to the NSPI endpoint for directory access. Open this port on any firewall or any third party load balancer whichever is in betweent he client and the server>
Add key=”RpcTcpPort” value=”50050″
Note: The port we use here “50050” is an example.
After setting the above changes we need to reboot the Client Access Servers to understand the change. In some scenarios we may need to reboot the mailbox as well.
For Exchange 2010 SP1 version:
There is no longer the need to edit the “Microsoft.exchange.addressbook.service.exe.config” file with Exchange 2010 SP1. Instead, this is achieved through registry.
Restart the Microsoft Exchange Address Book service for changed to take effect.
Verify the above connections by typing “netstat -na” command on the internal client machine.
Keywords: RPC Client access service, RPC CAS, How Outlook connects to exchange 2010, Outlook communication with exchange, RPC CAS array, Static port configuration for Exchange 2010, RpcClientAccessServer, Exchange 2010 CAS array, Exchange 2010 RPC Client access service, Exchange 2010 client communication explained