eXCHANGE 2010 HA Guide

Ammar Hasayen

AMMARHASAYEN.WORDPRESS.COM

Contents1. Introduction:........................................................................................................................................3

1.1 Quorum.............................................................................................................................................3

1.2 DAG Networks...................................................................................................................................3

1.3 Active Manager..................................................................................................................................4

2. Datacenter Activation Coordination DAC............................................................................................5

2.1 Introduction.......................................................................................................................................5

2.2 How to get DAC OK status?................................................................................................................5

2.3 Restore-DatabaseAvailabilityGroup...................................................................................................5

2.4 Examples............................................................................................................................................6

3. Recovery Single Failed DAG member...................................................................................................6

4. Database Mobility................................................................................................................................6

5. Outlook WebApp across Sites..............................................................................................................7

5.1 Introduction.......................................................................................................................................7

5.2 Scenario 1..........................................................................................................................................7

5.3 Scenario 2..........................................................................................................................................8

5.4 Scenario 3..........................................................................................................................................8

6. Datacenter Switch Over.......................................................................................................................8

6.1 Terminate the primary data center...................................................................................................8

6.2 Activating Mailbox Servers................................................................................................................9

6.4 Activating CAS Servers.....................................................................................................................11

6.5 Restoring Services in the Primary Datacenter..................................................................................12

7. Autodiscover......................................................................................................................................13

7.1 When Autodiscover is triggered on Outlook....................................................................................13

7.2 How to find the service....................................................................................................................14

7.3 What Autodiscover needs................................................................................................................14

7.4 What Autodiscover process.............................................................................................................14

7.5 What Autodiscover returns.............................................................................................................14

8. How Outlook Connects......................................................................................................................15

8.1 What information Outlook needs....................................................................................................15

8.2 Database linkage to CAS Arrays.......................................................................................................15

Scenario 1..............................................................................................................................................15

Scenario 2..............................................................................................................................................15

Scenario 3..............................................................................................................................................16

Scenario 4..............................................................................................................................................17

1. Introduction:This guide simply explains in a very easy way, all the technologies and procedures that you need to know to perform Exchange 2010 data center switch over, recovering DAG member or stretching DAG between sites.

1.1 QuorumDefine as a mechanism to ensure that only one subset of members are functioning at any given time. It used to find majority.

There is Quorum data that is configuration shared between all nodes.

Exchange 2010 supports only two out four models of Quorums:

Node Majority: for odd number of nodes File share majority: for even number of nodes

Witness is a file share (Witness.log) that represent a vote when there is need to break the tie. When we are one vote from losing the majority, the node that hold the cluster group (PAM) will lock the witness file share.

The witness cluster file share is created when the DAG members become even and cluster will apply isalive controls to monitor it. If it fails, the cluster group is moved to another node and try to bring it online.

(Exchange Subsystem) group should be member of the local administrator group on the witness server and the alternative witness server.

1.2 DAG NetworksFor each subnet that the cluster discovers, a DAG network is created. Note also that heartbeat happens in all networks.

Two types of DAG Networks:

MAPI Network: o You can have only one MAPI network.o Default G and register in DNS

Replication Network: (Over TCP 64327)o You can have Zero or as many replication networks as you mucho No default G and no register in DNS

It is important to note the following:

o DAG Network enumeration happens only when adding DAG members or can be triggered by running (Set-DatabaseAvailabilityGroup –DiscoverNetworks)

o If the MAPI network dies in a server, automatic switch over happens.

o If Replication network dies in a server, replication will happen over MAPI network.o ISCIS network should be configured to be ignored from Cluster use.

And also make sure that the replication cannot route to the MAPI network in any case, or cross heartbeat scenario will happen.

1.3 Active ManagerLives inside (Microsoft Replication Service)

The data about where the database is active now DOES NOT LIVE IN AD. Active Manager is the one who knows about it.

Three Server types:

1. Standalone ( for nodes not member of DAG)2. Standby (SAM)

a. Monitor local resources and notify PAMb. Give information to Active Manager clients about where databases are active

3. Primary (PAM)a. The one who holds the cluster groupb. Best Copy Selection

Active Manager Client exists in HUB and CAS to know where the active copy lives in order to deliver or access data.

2. Datacenter Activation Coordination DAC2.1 IntroductionActive Manager handles DAC

DAC mode enables us to use three new commands: Stop-DatabaseAvailabilityGroup, Start-DatabaseAvailabilityGroup and Restore-DatabaseAvailabilityGroup

DAG property that uses DACP protocol to handle split brain scenarios when DAG is stretches to more than one subnet.

DAC when enabled, will be an extra application Quorum criteria that should be return OK.

DAC split DAG members to one of two sets:

1. Stopped DAG Members - Stop-DatabaseAvailabilityGroup2. Started DAG Members - Start-DatabaseAvailabilityGroup

Only Started DAG Members will participate in DAC voting. Started servers are those candidate to bring their database copies online.

Stopped DAG member is the status of Active Manager that prevents the databases to be mounted on the server and will exclude it from DAC voting.

2.2 How to get DAC OK status?o If all started DAG members can communicate to each othero If not, if a DAG Started member can communicate with a node with DAC bit 1

Note: In case of two DAG started members in the alternate datacenter exist, the boot time of the alternative witness share server can be used. If the witness boot time is before, DAC succeeded. Else, use Restore-DatabaseAvailabilityGroup . This only true for two member started DAG members.

In all cases, if all DAG members are DAC 0, use Start-DatabaseAvailabilityGroup to reset the DAC bit to 1 even if the nodes are already started.

2.3 Restore-DatabaseAvailabilityGroup

o Evicts DAG members marked as stopped from the cluster , thus created quorumo Assign alternate witness share in case of even number of nodes

It has three parameters:

1. Identity (required) : name of DAG2. ActiveDirectorySite (Optional)3. AlternativeWitnessDirectory and AlternativeWitnessServer (Optional): those can be configured

ahead on the DAG level.

2.4 Examples

Stop-DatabaseAvailabilityGroup -Identity DAG1 -MailboxServer E14EX2 Stop-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite RedmondStop-DatabaseAvailabilityGroup -Identity DAG1 -MailboxServer E14EX3 –ConfigurationOnly

3. Recovery Single Failed DAG memberDatabase copies on the failed server are marked as (ServiceShutdown)

For a failed MBX1 server

o Remove database copies on the serverRemove-MailboxDatabaseCopy DB1\MBX1This command will generated warning because the server is offline but the info about the copy in AD will be deleted.

o Remove its configuration in DAGRemove-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer MBX1 –ConfigurationOnlyIt may happen that the server is not fully removed, so open the cluster console from any active mailbox server and evict the failed DAG member manually

o Reset Computer Account in ADo Install a new Windows with same patches and service pack (IMPORTANT : SAME IP Addresses)o Setup /m:RecoverServero Add it to DAG o Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer MBX1o Add databases copies back to it.

4. Database MobilityIf you have a server that fails but the SAN or disk database files are accessible, you can mount the DB on another server. This is called Database Mobility.

1. Attach the database files to a drive on the new mailbox server.2. Use eseutil to check the health of the database

Eseutil /MH database.edb |findstr “state:”

3. If the database is dirty shutdown and log files are available, then perform soft recovery : From the folder that contains the log files, type :

eseutil /r E00 /d G:\Data\databaseFolderPath

Note: Replace E00 with log prefix

4. Finally, create new DB on the new server, mark it as over writable, dismount it , switch files.5. Point the user to the new DB :

Get-Mailbox -Database oldDB | Set-Mailbox –Database newDB

6. Outlook clients will automatically pick up the new info.

5. Outlook WebApp across Sites5.1 Introduction When CAS receives OWA requests:

o It checks to see if the request can be severed locally.o If mailbox is not local, CAS retrieves target ExternalURL (if defined) and redirects or proxies if no

OWA ExternalURLs are defined in the target Active Directory site.

Below is additional Scenarios

5.2 Scenario 1Suppose that the primary site went down completely, and you changed the DNS entry for owa.contoso.com to point to the CAS NLB in the secondary site. Now the primary site is back to normal and you changed the DNS entry for owa.contoso.com to point to the primary CAS NLB in the main site.

The client need to wait for the TTL for owa.contoso.com to expire (usually set the TTL to 5 minutes), and also after the cache expires, the browser will still cache the DNS entry for another 20 minutes.

So a loop will happen here as the browser will go to owa.contoso.com which will go to the secondary CAS NLB because of the browser cache, and the secondary CAS array will send an OWA redirection message “Hey... You should be using https://owa.contoso.com for best performance.” Because the mailbox is active in the primary site now and the OWA ExternalURL for the primary CAS array is https://owa.contoso.com.

The user may think “ODD, I just did log in at that site! Silly computer, let me log in again.”

The second time he logs in to owa.contoso.com, he will probably still hit the secondary CAS array servers because of their browser cache still isn’t updated. The secondary CAS array servers are intelligent enough to see this 2nd logon attempt (via a web canary) and then know “OH… this user’s DNS cache is old. They don’t know we failed back to the other datacenter. Send him the FailbackURL for the primary CAS servers.

The user is then prompted with a slightly different page with a “CONTINUE” button and it explains to them that the mailbox is in the process of being brought online in different datacenter. He clicks continue, which takes him to the FailbackURL. They log in again and this time is successfully in OWA.

So the Secondary CAS array will detect if the primary CAS servers has the failbackURL configured, and if it is, it will redirect the client to it to end the loop. If there is no failbackURL configured, then the secondary CAS array will send an error page to the client indicating that he should close his browser and try again.

5.3 Scenario 2If the CAS receive a request for OWA to a database, and he can see that the database legacyExchangeDN matches his local AD site, but the database is mounted in different site, the CAS will issues a redirect to the ExternalURL of the CAS server hosting the mounted database.

5.4 Scenario 3NEW IN SP2 Cross-Site Silent Redirection

If you configure the Set-OWAVirtualDirectory with CrossSiteRedirectType = Silent (default is manual), then all redirections become silent. In addition, if FBA or Integrated authentication is configured, a Single Sign On experience will occur.

6. Datacenter Switch OverThe case of complete outage in primary data center (NYC) and restoring things back in secondary data center (LON)

6.1 Terminate the primary data center

1. DAG Members in the primary data center must be marked as stopped. Stopped is the status of Active manager that prevents database copies to be mounted on them, and will exclude them from DACP voting. This can be done on the primary and the secondary sites :

o On the Primary side :

o If the mailbox servers in the primary are operational and there is a functioning DC in the primary site, use

Stop-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite NYCo If the mailbox servers in the primary site are not operational but there is domain

controller in the primary site, use this command for each primary MBX servers:Stop-DatabaseAvailabilityGroup -Identity DAG1 -MailboxServer E14EX3 –ConfigurationOnly

o If no DC nor mailbox servers are available in the parent side, then make sure that mailbox servers are shutdown always.

o If the primary mailbox server are online, make sure the cluster service is set to Disabled or do it yourself.

o On the Secondary side :

o We need to tell the secondary site which servers are available during the switch over. This can be done by using the Stop-DatabaseAvailabilityGroup command with the ConfigurationOnly.

2. UM Servers

If any Unified Messaging servers are in use in the failed datacenter, they must be disabled to prevent call routing to the failed datacenter. You can disable a Unified Messaging server by using the Disable-UMServer cmdlet (for example, Disable-UMServer UM01).

Alternatively, if you are using a Voice over IP (VoIP) gateway, you can also remove the Unified Messaging server entries from the VoIP gateway, or change the DNS records for the failed servers to point to the IP address of the Unified Messaging servers in the second datacenter if your VoIP gateway is configured to route calls using DNS.

6.2 Activating Mailbox Servers

1. When the primary datacenter is down, the mailbox servers in the secondary site, will try to take ownership of the cluster group and will try to bring the primary Witness server online for couple of time before timing out and failing. This is when the cluster as a whole goes down because of majority issues. Database copies on primary datacenter mailbox servers appears as (Service Shutdown), where database copies on secondary datacenter mailbox servers appear as (Disconnected and Healthy)

2. The Cluster service must be stopped on each DAG member in the primary datacenter (This can be one of two :

a. If the Primary data center is down, then for sure objective completedb. If the primary mailbox servers are online, make sure cluster service is stopped and the

service is marked as disabled.

3. Running Restore-DatabaseAvailabilityGroup which will do two things :a. Evict Stopped DAG members from clusterb. Create alternative witness share if not created previously on the DAG level

Restore-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite LON - AlternateWitnessServer EXHUB1 -AlternateWitnessDirectory D:\DAG1

You may need to run the command couple of time until the primary mailbox servers are evicted from the cluster.

Note: the restore command can fail, just wait 5 minutes and run it again. Also you can make sure that the command is being executed on the right domain controller by running:

Set-ADServerSettings –PreferredServer <Domain Controller in Failover Datacenter>

4. Always and at any time, if you want to force the cluster model to refresh (i.e if you open the cluster console from the secondary mailbox server, alternative witness share should appear after you entered the Restore-DatabaseAvailabilityGroup command, if it didn’t reflect in the cluster console, just type Set-DatabaseAvailabilityGroup –Identity DAGName)

5. You should make sure the Witness server and directory are up. Never lose them and avoid restarting them. Make sure Exchange Trusted Subsystem is member of the local administrator

group on the Witness server and create a firewall rule on the Witness server if necessary to allow all traffic from the mailbox server to the Witness Server.

6. At this moment, the secondary mailbox server(s) will try to assume the ownership of the cluster group and trying to get the secondary DAG IP online and will keep trying to bring the alternative Witness share online.

7. Use Get-DatabaseAvailabilityGroup cmdlet to make sure the Stopped servers are those mailbox servers in the primary site while started servers are those in the secondary site only.

8. If databases in the secondary site don’t mount automatically, remember to remove any activation blocks on the server level (Set-MailboxServer) or on the database level (Suspend Activation).

9. If still databases didn’t mount correctly, use this command:

Move-ActiveMailboxDatabase –Server FQDNofaServerinPrimarySite –ActivateOnServer FQDNofaServerinDRSite

This command contains many Skip switches that can be handy.This is very important step as it is like taking ownership of those databases. You can also use :

Move-ActiveMailboxDatabase DatabaseName –ActivateOnServer FQDNofaServerinDRSite

10. We need to choose whether to remove the database copies existing in the primary site to allow log truncation or not. If we choose so, reseeding will be necessary once you fail back to the primary data center.

11. Outlook Office clients will act as per the following :a. If the primary CAS servers are online, CAS servers in the primary site will issue a silent

redirect message to outlook users. Outlook users will see a message that they need to restart their outlook.

b. If the primary CAS servers are online, you can change the DNS name for the outlook anywhere name or just force autodiscover to work by repairing outlook profile

12. OWA clients will do the following :a. If the primary CAS servers are online, silent redirection will happen with SOO since both

OWA virtual directories has Integrated Authenticated on themb. If the primary CAS servers are offline, DNS name for OWA primary should point to

secondary and that’s it.13. If you restarted mailbox servers in the secondary site and/or the Witness server, the DAC bit will

be sit to 0 and databases will be shown as Dismounted. If you try to mount them , an error that the replication services on the primary mailbox servers are not online. You may find a problem locating the Active manager also especially if you typed: Get-DatabaseAvailabilityGroup –Identity DAGName – Status.The solution will be forcing the DAC bit to be 1 by running the Start-DatabaseAvabilibityGroup –Server (Secondary Mailbox Servers) even if they are already started.

6.4 Activating CAS Servers

If the primary datacenter has the following URLs internally and externally

Mail.NYC.contoso.com (Outlook Anywhere) OWA.NYC.contoso.com (Outlook Web Access) EAS.NYC.contoso.com (Exchange ActiveSync)

And the secondary site has:

Mail.LON.contoso.com OWA.LON.contoso.com EAS.LON.contoso.com

And suppose SCP for Autodiscover for CAS servers in the primary datacenter points to Mail.NYC.contoso.com where SCP for CAS servers in the secondary datacenter points to Mail.LON.contoso.com. Suppose also that the public autodiscover.Contoso.com points externally to primary datacenter publishing rule

During Data center Switchover:

1. OWA : Change the IP address for OWA.NYC.contoso.com to point to OWA.LON.contoso.com in the internal and external DNS servers. This really depends if the primary data center will be off for long time.

You can also chose not to change this DNS name if the primary CAS servers are online since they will do the redirection.

2. EAS :Change the IP of EAS.NYC.contoso.com to point to EAS.LON.contoso.com in the internal or external DNS servers. You can also chose to tell the users to manually change this manually on their mobiles.

3. Outlook Anywhere : Either manually let users to change their outlook proxy settings to

Mail.LON.contoso.com Automatic solution would be making sure Autodiscover service is reachable internally

and externally so that outlook profile repair will do the trick and switch Mail.NYC.contoso.com to Mail.LON.contoso.com

NOTE: VERY IMPORTANT: Don’t ever try to change the DNS name of Mail.NYC.contoso.com to point to Mail.LON.contoso.com. This will always fail as the subject name of the certificate in LON datacenter is mail.lon.contoso.com while the proxy settings in user outlook profile is mail.nyc.contoso.com

6.5 Restoring Services in the Primary Datacenter

1. Power on the primary mailbox servers. If you open the cluster console on them, you can see that they reflect that they are evicted from cluster. Database copies on them are marked as Failed and there is no way to mount them on primary servers.Note:Verify that Cluster service on the DAG members in the primary datacenter have a startup type of DISABLED. If they do not, either the Stop-DatabaseAvailabilityGroup command was not successful or the DAG members in the primary datacenter failed to receive eviction notification after network connectivity between datacenters was restored. Do not proceed until Cluster service cleanup has occurred and Cluster service has a startup type of DISABLED. You can optionally run the following command on the DAG members in the primary datacenter to forcibly cleanup the outdated cluster information: Cluster node /forcecleanup

2. Run the Start-DatabaseavailabiltyGroup –Identity DAG1 –ActiveDirectorySite NYC command on them.Note that powering those servers in the primary site will not be risky as they are out of DAG configuration. The start-DatabaseAvailabilityGroup command will return them to the DAG again.

Also remember that we have performed the Move-ActiveMailboxDatabase command during switchover to be servers in the secondary site. That’s why when you start-DatabaseAvailabilityGroup on primary servers, they will notice that the databases are active on secondary mailbox servers and will not try to do anything.

After running this Start command, the primary mailbox servers will start appearing in the cluster console as cluster nodes functioning normally.

3. Run Set-DatabaseAvailabilityGroup cmd without any parameter to make sure the right Quorum mode is being used. This command also will seed all changes on the passive copies.

4. Database copies on the primary site will start seeding automatically and will turn healthy eventually.

5. Leave the database to replicate over time and sync from Secondary datacenter to Primary. Then proceed to the below steps.

6. Note that the DAG is using the alternative witness server. In order to use a witness server in the primary site, and if you still have the old witness server, then use Set-DatabaseAvailabilityGroup -Identity DAG1 command. If we want to assign new witness on the primary datacenter, then add the witness parameters to the previous command.

7. Notice that the default cluster group is hosted on the secondary site which means that the Primary Active Manager PAM is located on the node who holds the default cluster group.To identify the PAM server, run: Get-DatabaseAvailabiliyGroup –Identity DAG1 –Status |FL *Primary*

8. You can move the default cluster group to the primary mailbox server by running Cluster group “Cluster Group” /MoveTo:EX01.

9. Dismount databases in the secondary datacenters and move the CAS URLs.10. After DNS is replicated and the cache is refreshed, use the Move-ActiveMailboxDatabase for the

copies in the primary site.11. Mount database copies in the primary site.12. Outlook clients will find a message to indicate that the administrator has changed something

and the outlook need to be restarted.

Note : When mounting database copies on the primary site, sometimes you will face issues like database cannot mount because index problem. For this scenario, you can run :

Update-MailboxDatabaseCopy DBName\FailedToMountServer –CatalogOnly

If this didn’t work, use

Move-ActiveMailboxDatabase “Database Name” -ActivateOnServer DestinataionServer SkipClientExperienceChecks

Note that this command is powerful, look at this :

Move-ActiveMailboxDatabase “Database Name” –ActivateOnServer –Options

Where Options can be:

SkipActiveCopyChecks SkipClientExperienceChecks SkipHealthChecks SkipLagChecks

7. Autodiscover7.1 When Autodiscover is triggered on Outlook

o When the Outlook profile is first createdo When network changes occur on Outlook machineo Once every 15 minuteso When the connection to Exchange failso When Outlook starts

Nevertheless, repairing Outlook profile is the most effective way to force complete reconfiguration of Outlook when Autodiscover gets new information.

7.2 How to find the serviceDomain Joined:

Any CAS server during the installation will create a SCP in AD. In a domain joined machines, Outlook will simply query AD (LDAP) for those SCPs and will choose any SCP randomly to connect to. In case all SCPs are not available, Outlook will try to access https://autodiscover.PrimarySMTPdomainname and if this fails, it will try the SRV method.

You need to configure the value in SCP to read the NLB of the CAS array instead of the default server name by using:

Set-ClientAccessServer CASServerName -AutoDiscoverServiceInternalUri https://mail.domain.local/Autodiscover/Autodiscover.xml

Non-Domain Joined:

For non-domain machines, Outlook will query AD for SCP and will fail, then it will query DNS for https://PrimarySMTPdomain/autodiscover/autodiscover.xml and then https://autodiscover.PrimarySMTPdomain/autodiscover.xml

7.3 What Autodiscover needsThe user email address and his credentials

7.4 What Autodiscover processAutodiscover service will pass the information to the Outlook Provider information stored in AD. Those provider settings are categorized to three main categories:

1. The WEB setting : Outlook WebApp Clients2. The EXCH setting : RCP Internal Client (Returns the InternalURLs for services)3. The EXPR setting : Outlook Anywhere Clients (Returns the ExternalURLs for services)

7.5 What Autodiscover returns

Autodiscover will return a lot of information depending of the nature of the client (RPC or RPC over HTTPS). Mainly the Internal URL and External URLs for the following services will be returned:

1. External and Internal URL for those servicesa. OWA Virtual Directoryb. OAB Virtual Directoryc. Web Services Virtual Directoryd. ActiveSync Virtual Directorye. ECP Virtual Directoryf. UM Seetings

2. User Display Name3. User Home Server (database LegacyExchangeDN)4. Outlook Anywhere settings

8. How Outlook Connects8.1 What information Outlook needsOutlook needs three piece of information to connect to a mailbox.

o Database Nameo Home Server (RPC Client Access Array Server attribute of the DB), aka. The database

legacyExchangeDNo LegacyDN of the mailbox

The rest of information are not that important and are return by Autodiscover.

If profile is configured, outlook will try to resolve the Home Server in the outlook profile and connect to it using TCP. This represents the Client Access Server Array object which should not be resolving externally in all cases, (nor internally, only if you want to force Outlook Anywhere behavior)

8.2 Database linkage to CAS ArraysFacts:

Each database has a GUID and also has an important attribute called (legacyExchangeDN). LegancyExchangeDN is also referred to the RPCClientAccessServer for that database.

The information about where the database is currently mounted is not stored in AD, instead each Active Manager server in each mailbox server in the DAG (SAM or PAM) knows about this info.

When the database is created in a mailbox server, the legacyExchangeDN is set to the CAS Array FDQN if exists in the local site or default to the first CAS server installed on that site.

This value doesn’t change if the database get mounted in different site unless that mailbox database copy is assigned an Activation Preference = 1.

The value of the legacyExchangeDN of the database is what Autodiscover returns to outlook as the home server. Outlook is still not configured, will honor this value. If the outlook profile already exists and pointing to a CAS array, it will not honor the Autodiscover information about the change on legacyExchangeDN depending on different factors.

Scenario 1It is important to remember that neither Outlook nor CAS care about the AD site in which the CAS server is located at.

If the database get mounted to different site, and you change just the DNS record of the primary CAS array to point to the CAS array of the secondary site, everything works fine. This works for RPC Clients.

Scenario 2RULE: The RPCClientAccessServer property of the database a.k.a the database legacyExchnageDN always points to the RPC CAS array that is in the same site as the copy of the mailbox database with the lowest activation preference (which equals 1).

In the below figure, when the database get mounted on MBX-C, the RPCClientAccessServer property will stay CAS-Pri.contoso.com. The outlook user will still point to cas.pri.contoso.com and CAS Direct Connect over the WAN will happen from CAS-Pri to MBX-C. If CAS-Pri is inaccessible, the Outlook will get disconnected!

Scenario 3The only time the system changes RPCClientAccessServer value on the database is when the administrator changes the ActivationPreference number on the activated database copy such that it now has the lowest value (meaning it becomes the preferred copy), as seen below.

However, the Outlook clients with an existing Outlook profile would continue to use the old RPC endpoint rather than the new RPC endpoint (even though Autodiscover detected the change). This is because the old RPC endpoint does not return an ecWrongServer response to the client.

The RPC endpoint accepts the connection; therefore, Outlook ignores the Autodiscover response because it has a working connection. In the event that the old RPC endpoint becomes inaccessible, Outlook 2007/2010 would update its settings. At any time you could force Outlook to use the new RPC endpoint by forcing a profile repair.

You can also manually change the RPCClientAccessServer property of the database to point to the new array instead of changing its activation preference.

The same happens when you move a mailbox to a database in different AD site. Outlook will continue to use the old and configured RPC CAS array unless that array become inaccessible or you trigger Outlook profile repair.

Scenario 4After Exchange SP2 RU3, the following changes happen:

o By default, once you have installed SP2 RU3, when you move mailboxes between AD sites, all versions of Outlook will get prompted to restart and the Outlook profile’s RPC endpoint will be updated.

o Cross Site Database Access changes :

1. This behavior depends on the value of DAG property called (AllowCrossSiteRPCClientAccess).If set to $true, then the behavior in Scenario 3 will occur. That is Outlook will stick to the original configured CAS array and cross WAN CAS direct connect will occur , unless you change the LegacyExchangeDN of the DB or change the ActivationPreference and the Outlook profile get repaired or the primary CAS array is not available.

2. If the value of AllowCrossSiteRPCClientAccess is set to $false which is the default DAG property value, then the Outlook profile’s RPC endpoint will be updated to be the RPC Client Access Server array that is in the same AD site where the database is active and mounted. Note that the RPCClientAccessServer property is not updated as that defines the preferred site.

Actually the CAS array log on the primary site will ask the Outlook to redirect to the CAS array in the secondary site although the LegacyExchangeDN of the database is still pointing to the primary CAS array.