High availability and fault tolerance of Client Access Servers (CAS) in Exchange 2013
Starting from version Exchange 2010, developers presented to us very good solution for high availability and fault tolerance of Mailbox Database Servers - Database Availability Group (DAG).
But situation was not so funny with high availability of Client Access Server in Exchange 2010. We had to create CAS-Arrays and NLB-clusters (based on Windows or hardware solutions).
Fortunately, in Exchange 2013 Microsoft gone forward to the brand new solution of providing client access to the service. Actually, now we have "former" Outlook Anywhere, which work for the clients from the Internet, as well as for the clients from the Intranet. Client requests to servers now processed independently of connection, i.e. now it's absolutely not important, which exactly CAS-server respond to the client, because all processings of requests are done at Mailbox servers, and CAS-servers just throw packets hither and thither .
Thanks to this appreach, now there is no need to use NLB-clusters. Outlook client will choose itself to which server to connect.
Despite Microsoft recommendations to install all Exchange roles on every server, in our company I aspire the following solution as more logical and clear to me. On the basis of this scheme I will try to explain how to very simple and convenient implement high availability for CAS servers for Exchange 2013.
We will create two records owa and autodiscover for each CAS-server (4 total). TTL of each record is 5 minutes. As result we are getting DNS Round Robin.
Next we need to set up servers so they will respond for these names. There are list of virtual directories in my previous article External/Internal virtual directories URLs in Exchange 2010 with Powershell which we must to modify. And also then - Outlook Anywhere.
Setting Outlook Anywhere
Lets take a look to the current values.
[PS] C:\Windows\system32>Get-ClientAccessServer ex-cas16-1 | Get-OutlookAnywhere | select identity,*hostname | fl Identity : EX-CAS16-1\Rpc (Default Web Site) ExternalHostname : InternalHostname : ex-cas16-1.domain.local [PS] C:\Windows\system32>Get-ClientAccessServer ex-cas16-2 | Get-OutlookAnywhere | select identity,*hostname | fl Identity : EX-CAS16-2\Rpc (Default Web Site) ExternalHostname : InternalHostname : ex-cas16-2.domain.local
ExternalHostname - empty, а InternalHostname points to the internal servername. Let's fix this.
[PS] C:\Windows\system32>Get-ClientAccessServer ex-cas16-1 | Get-OutlookAnywhere | Set-OutlookAnywhere -InternalHostname owa.mail-domain.com -ExternalHostname owa.mail-domain.com -InternalClientsRequireSsl $true -SSLOffloading $false -ExternalClientsRequireSsl $true -ExternalClientAuthenticationMethod Ntlm [PS] C:\Windows\system32>Get-ClientAccessServer ex-cas16-2 | Get-OutlookAnywhere | Set-OutlookAnywhere -InternalHostname owa.mail-domain.com -ExternalHostname owa.mail-domain.com -InternalClientsRequireSsl $true -SSLOffloading $false -ExternalClientsRequireSsl $true -ExternalClientAuthenticationMethod Ntlm
Setting up virtual directories
$urlpath = "owa.mail-domain.com"; $servername = "ex-cas16-1"; # after first run change the server name and run once again Get-ClientAccessServer -Identity $servername | Set-ClientAccessServer –AutodiscoverServiceInternalUri "$urlpath/autodiscover/autodiscover.xml" Get-WebServicesVirtualDirectory -ADPropertiesOnly -Server $servername | Set-WebServicesVirtualDirectory -InternalUrl "$urlpath/ews/exchange.asmx" -ExternalUrl "$urlpath/ews/exchange.asmx" Get-OabVirtualDirectory -ADPropertiesOnly -Server $servername | Set-OabVirtualDirectory -InternalUrl "$urlpath/oab" -ExternalUrl "$urlpath/oab" Get-OwaVirtualDirectory -ADPropertiesOnly -Server $servername | Set-OwaVirtualDirectory -InternalUrl "$urlpath/owa" -ExternalUrl "$urlpath/owa" Get-EcpVirtualDirectory -ADPropertiesOnly -Server $servername | Set-EcpVirtualDirectory -InternalUrl "$urlpath/ecp" -ExternalUrl "$urlpath/ecp" Get-ActiveSyncVirtualDirectory -ADPropertiesOnly -Server $servername | Set-ActiveSyncVirtualDirectory -InternalUrl "$urlpath/Microsoft-Server-ActiveSync" -ExternalUrl "$urlpath/Microsoft-Server-ActiveSync"
After our changes you must wait at least 15 minutes to apply new settings (Outlook Anywhere). After this you can test new environment.
To test high availability you can just shut down one CAS-server. Without help of load balancer Outlook will re-establish connection to the other CAS-server within 20 seconds, which is quite comfortable for mail service.
The use of DNS Round Robin is our case will provide load balancing between servers also.