RPC Client Access

there are alot of moving pieces here.

 

when you say RPC are you referring to RPC over HTTPS or something different (outlookanywhere)?

 

 

here's what I'm guessing it should look like...(the long road I've been going down).

 

 

For whatever reason, Microsoft really went out of their way to make 2010 complicated. You've got something like 9 different virtual directories, one for each service, outlook address book is broken out into a different virtual directory as is the exchange control panel (options within OWA)...why? I don't know.

 

 

With 2010 you have internal and external URL's for all of these different virtual directories. When you're using a load balancer, I think the internal URL's are worthless...you're going to send all of your clients through the LTM's so that the solution can be load balanced, fault tolerant and highly available...right?

 

 

So the default internal urls are going to be https://myserver.mydomain.com/owa or /rpc or /outlookanywhere

 

You need to leave all of the internal URL's alone and create external URL's for each of the services that you want load balanced. So, owa.mydomain.com, activesync.mydomain.com, outlookanywhere.mydomain.com, exchange.mydomain.com etc.

 

 

Each one of these external URL's are going to get published to autodiscover.

 

Each of these external URL's will become virtual servers on the LTM(s) with their own hostnames/IP addresses.

 

Add each of these to DNS as well as autodiscover.mydomain.com to DNS (you're going to need a virtual server for that as well)

 

 

All depending on whether you're doing SSL offloading or not will determine what kind of connection happens between the LTM and the server. From the client to the LTM you're going to want a cert, I think it's called a Unified Messaging Certificate where you can have multiple subject alternative names for the servers, services etc.

 

 

Now, onto your specific issue, I don't know whether you're trying to do outlook anywhere or if you're trying to do a regular exchange RPC connection...either way I want to say that outlook is going to try to do an autodiscover to find the settings. It goes through a series of checks to try to pull an XML file to determine where the services are located depending on where you are. If you're an external user or an internal user or if you are connecting from an Iphone or a PC or whatever...if you're trying to access activesync or outlookanywhere, autodiscover.xml gives your device the information it needs to locate the server in question to make everything work happily.

 

 

So, make sure your internal/external urls are set, make sure that everything is in DNS, you did the cas array...good.

 

There's an online tester that checks a few things: https://www.testexchangeconnectivity.com/

 

I've logged about 30 hours using this thing.

 

 

Now if you're able to hit the individual server but you can't access it through the LTM, make sure that the pool is up.

 

 

I hope this is helpful to some degree...this is not a fun project by any means, it's a serious pain in the butt and the deployment guide is not a great help (IMO).

 

 

 

 

 

here's what my exch_rpc_virtual_tcp looks like

 

-follow deployment guide to setup exch_rpc_virtual_tcp

 

-dns entry like exchange.mydomain.com or mail.mydomain.com

 

 

there really shouldn't be anything more to it than that for the RPC stuff...that's one of the easier parts. outlookanywhere is another story.

here's what my exch_rpc_virtual_tcp looks like

 

-follow deployment guide to setup exch_rpc_virtual_tcp

 

-dns entry like exchange.mydomain.com or mail.mydomain.com

 

 

there really shouldn't be anything more to it than that for the RPC stuff...that's one of the easier parts. outlookanywhere is another story.

Ken, after creating the client access array, did you associate your pre-existing database with it?

 

 

For instance, if you did:

 

 

New-ClientAccessArray -Name "YourArrayName" -FQDN outlook.xxxx.local -Site "YourSiteName"

 

 

You then have to do:

 

 

Set-MailboxDatabase "Mailbox Database " -RPCClientAccessServer "YourArrayName"

 

 

Otherwise Exchange will continue to return the name of a Client Access server (e.g. CAS01.xxxx.local) as the connection point, which it sounds like it's doing.

 

 

Edit: added to the Set-Mailbox command.

 

 

Ken, thanks for your response.

 

 

I'm not using outlook anywhere, just simple RPC for Outlook client. I think i figured out the issue. I had to create a Forwarding VIP with 0.0.0.0 for Destination and 0 (Any) for Service Port. Once I did that, the outlook client was able to connect to the CAS Array.

 

 

However, I do have a new issue..

 

After I logged onto OWA, I get to the main page where I see all messages however I can’t click on any of the link such as messages, folder (inbox, calendar, etc). I can’t do anything because of the javascript failed. I have no issue connecting directly to the CAS server, but via LTM I’m having issue. Again, I follow exactly from the deployment guide.

 

Are you using SSL offloading or no?

 

 

I have also noticed a few times while working through this that OWA will hang...I've got it working fine now though. SSL offloading is enabled and the OWA virtual directory is set to basic authentication.

Yes, I'm doing SSL offloading and using forms-based authentication with "User name only" I happen to narrow down that HTTP profile is the possible cause. I created HTTP Profile based on the F5 Deployment Guide which doesn’t work. When I changed to the VIP to use the default http profile, it works with no issue. So that tells me that the setting somewhere in the Customized profile is causing the issue. So I disable/enable the setting back-n-forth to narrow down the setting that could cause the issue. It came down to the setting cause “keep accept Encoding”. Then I tried again couples of time to duplicate the issue and I couldn’t. So I can’t really verify if this setting is the main causes cuz everything is working for now on my computer.. If I go to a computer 2 it work, but with computer 3 it won’t work.

exch_owa_http_wanopt profile?

Yes.. with Parent Profile "http-wan-optimized-compression-caching"

I haven't throughly tested everything so I'd hate to jump to any conclusion. I do have profile in place right now and when I get to testing I'll see if it causes any problems. I do think that we had a problem with a different profile, it was throwing errors in the logs so I pulled it out (can't remember which one off of the top of my head).

 

 

Right now I'm working through getting the rest of the services online/public and load balanced and I should be at 100% for testing...a couple more days. I'll let you know anything I come across.

 

 

How many CAS servers are you load balancing? we're doing 3.