Skip Links

Network World

Tyson Kopczynski

Exchange Server 2010 and RPCClientAccessServer Madness!

What is the RpcClientAccessServer attribute and how might if affect my Exchange Server 2010 deployment?

By tyson.kopczynski on Fri, 08/28/09 - 12:33am.
Newsletter Signup

“A déjà vu is usually a glitch in the Matrix. It happens when they change something.” Needless to say glitches happen a lot with new software and Exchange Server 2010 is no stranger. As we all know, there has been many fundamental changes to how Exchange operates under the hood. In tonight’s post, I would like to zero in on a particular change and a related glitch that I happened to get hit upside the head with. :>)

The change that I’m referring to is MAPI on the Middle Tier (MOMT). In short, this is a new feature (most likely be renamed before RTM) which is designed such that clients will no longer terminate their MAPI connections at a mailbox server. Instead, a MAPI connection is terminated on a Client Access Server, which then proxies the connection back to the correct mailbox server that holds the database. By doing this, in theory the end-user experience is improved because MAPI “access” to their mailboxes is transparent to the actual mailbox database location. Thus, a mailbox server failure or mailbox move should not impact a user’s connection to their mailbox provided another copy of their mailbox is online at the time.

Now, to make all of this wonderful proxy wonderment a reality each mailbox database object has an attribute called RpcClientAccessServer. The information contained in this attribute is what point’s clients back to the MAPI end-point that they should be using. No problem seems easy enough. Well, that’s not entirely true:

  1. The attribute gets set when you create mailbox database.
  2. The attribute does not seem to get updated when a database is moved.
  3. The attribute also does not get updated when the CAS server defined in that attribute is down or removed from the organization.

Err… To illustrate the problem, let’s say that you install one CAS (cas1.abc.com) in a site. You then create a mailbox database on a mailbox server in that same site. The RpcClientAccessServer attribute is then defined as cas1.abc.com. Now, if cas1.abc.com is turned off, or worse removed from the organization all client access to their mailboxes is “interrupted”. Making matters worse, even if I bring up another CAS (cas2.abc.com) the RpcClientAccessServer attribute still needs to be manually updated on each mailbox database to reflect that change.

In other words… issues. However, to be fair, the E2010 product team did try to build in a fix. The idea that they came up with is called a CASArray. Thus using the New-ClientAccessArray cmdlet you can create an object that represents a load balanced array of Client Access servers within a single Active Directory site. I can then define the CASArray as the value for the RpcClientAccessServer attribute. Great! Now, in theory this solves the issue when a single CAS server fails. However, it’s still a little concerning that the RpcClientAccessServer attribute is static and there is no logic built into E2010 to maintain the value in that attribute.

For example: what about in cross-site failover scenario? Hmmmmmm… me wonders!

If you like this, check out some other posts from Tyson:

Or if you want, you can also check out some of Tyson's latest publications:

Lastly, visit the Microsoft Subnet for more news, blogs, and opinions from around the Internet. Or, sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert)

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Hidden Microsoft

With more than ten years of experience in IT, Tyson Kopczynski has become a specialist in Active Directory, Information Assurance, Windows automation, PKI, and IT security practices. Tyson is also the founding author of the Windows PowerShell Unleashed series and has been a contributing author for such books as Microsoft Internet Security and Acceleration (ISA) Server 2006 Unleashed and Microsoft Windows Server 2008 Unleashed. He has also written many detailed technical papers and guides covering various technologies. As a consultant at Convergent Computing, Tyson works with and provides feedback for next generation Microsoft technologies since their inception and has also played a key role in expanding the automation and security practices at CCO. Tyson also holds such certifications as the Certified Information Systems Security Professional (CISSP), the SANS Security Essentials Certification (GSEC) and SANS Certified Incident Handler (GCIH), and the MCTS (Application Platform, Active Directory, and Network Infrastructure).


Certifications:

  • Certified Information Systems Security Professional (CISSP)
  • SANS Security Essentials Certification (GSEC)
  • SANS Certified Incident Handler (GCIH)
  • MCTS (Application Platform, Active Directory, and Network Infrastructure)
  • Microsoft Certified Systems Engineer (MCSE) Security
  • CompTIA Security+

Publications:


Other Stuff:

  • Blogger NetworkWorld.com from June 2007
  • GIAC Advisory Board from 2009
  • SANS GSEC Local Mentor (a long time ago)
  • CompTIA Security+ SME (a long time ago)
  • Judge, Imagine Cup 2005 Int'l IT Competition
  • Judge, Imagine Cup 2007 Int'l IT Competition