Exchange 2007 - CAS Overview & Autodiscover

1 / 18 Oct 2007 E12 - Roles / Nitin Gupta

Client Access ServerClient Access Server

Nitin Gupta

[email protected]


• Client Access Server

• Exchange Autodiscover

– Overview

– Process

• Question & Answers

Agenda


• The topics / flow to be covered in this

session is going to be very basic

• Please feel free to interrupt in case something

is not clear, every attempt would be made to

answer your query immediately, else offline

Important


• Exchange 2007 - Architecture

• Overview / Understanding of – SMTP Protocol & Relay

– DNS & associated records

– PowerShell

– Certificates / PKI

• Good knowledge of Server Roles in MSX 2003

Prerequisites


Where CAS comes in…Where CAS comes in…


• Server roles allow an administrator to split the functions of an Exchange server and place each role, or a combination of roles, on different servers in the organization

• This can be done for performance reasons, management reasons, or any other reason deemed necessary by the organization's policies

• Various Server Roles

– Edge Transport

– Hub Transport

– Client Access

– Mailbox

– Unified Messaging

Server Roles


Perimeter

Exchange 2007 Edge Server

Intranet

Exchange 2007 Server

Server Roles


Enterprise Network

OtherSMTPServer

s

Hub Transport

Routing Policy

Applications:OWA, Outlook

Anywhere

Protocols:EAS, POP, IMAP,

Outlook Anywhere

Programmability:Web services, Web

parts

Client Access

EdgeTransport

Routing

Hygiene

PBX or VoIP

INTERNET

Mailbox

Mailbox

PublicFolders

Voice Messagin

g

Unified Messaging

Fax

Server Roles


CAS - OverviewCAS - Overview


Handles communications between clients and Microsoft Exchange.

Supports

Outlook 2007 and earlier versions,

Outlook Web Access,

Exchange ActiveSync

POP3 and IMAP4 protocols

Makes it possible to use Exchange 2007 features such as the offline address book, the Autodiscover service, and the Availability service

Must be installed in every Exchange 2007 organization

Enables users to use Unified Messaging features as Play on Phone

Overview


Outlook communicates directly with the Mailbox server,

Outlook still uses the Client Access server role to connect to

Exchange mailboxes when using Outlook Anywhere (formerly

known as RPC over HTTP) and for services such as

Autodiscover service

Availability service.

Overview - Note


Autodiscover

Uses a user's e-mail address and password to provide profile settings to

Outlook 2007 clients and supported mobile devices

Enables Outlook 2007 clients to automatically connect to Microsoft

Exchange and Exchange features, such as the Availability service or

Unified Messaging, without having to manually configure their Outlook

profile

POP3 & IMAP4

Supports POP3 and IMAP4 clients.

By default, POP3 and IMAP4 services are installed but are not enabled.

CAS – Features & Functionalities


Exchange ActiveSync

Helps synchronize data between mobile device and Exchange

Can synchronize e-mail, contacts, calendar information, and tasks

Devices that run Microsoft Windows Mobile® software, including Windows Mobile powered Pocket PC 2003 and Windows Mobile 5.0, are supported

Outlook Web Access

Helps access e-mail from a Web browser

Includes new features like smart meeting booking, enhanced reminders and notifications, integration with WSS and File share

Two versions of Outlook Web Access Full-featured Outlook Web Access Premium client Outlook Web Access Light client



Outlook Anywhere

The Outlook Anywhere feature for Microsoft Exchange Server 2007 lets Outlook 2007 and Outlook 2003 clients connect to their Microsoft Exchange servers over the Internet by using the RPC over HTTP Windows networking component.

Wraps remote procedure calls (RPC) with an HTTP layer, which allows the traffic to traverse network firewalls without requiring RPC ports to be opened

Availability Service

Improves free/busy data access for information workers by providing secure, consistent, and up-to-date free/busy data to computers that are running Outlook 2007



Autodiscover ServiceAutodiscover Service


Configures and maintains server settings for client

with MOO 2007

Configures supported Mobile devices

Includes features like

Web-based Offline Address Book

Availability Service

Unified Messaging

No Autodiscover service - Earlier versions of Outlook

Exchange Autodiscover Service


Easier to configure Outlook 2007 as compared to manual work required in previous versions

Uses User’s Email Address or Domain Account

Information:

User’s display name

Connection settings for internal and external connectivity

Location of user’s Mailbox server

The URLs for features

Free/busy information,

Unified Messaging, and

Offline address book

Outlook Anywhere server settings

Outlook 2007 & Autodiscover


Virtual directory “Autodiscover” is created under Default Web site in IIS on installation of CAS role

This Virtual Directory handles requests from Outlook 2007 when:

– A new Outlook profile is configured or updated

– A client periodically checks MSX Web Services URLs

– Underlying network connection changes

Service Connection Point (SCP) Active Directory object is created for each server where the CAS role is installed.

SCP object is used by clients to locate the Autodiscover service.

SCP record contains the serviceBindingInformation attribute that’s has FQDN of CAS

Ex: https://cas01.contoso.com/autodiscover/autodiscover.xml, where cas01.contoso.com is FQDN of CAS

Autodiscover Operation


The SCP object contains the authoritative list of Autodiscover service URLs for the forest

Most important attributes of an SCP are

Keywords : String value that identify a service

serviceDNSName : A or SRV record of

serviceDNSNameType : CAS server role

serviceBindingInformation : In-site and out-of-site lists of CAS

Client applications search the directory for keywords values to locate your SCP. When SCP is found, clients can read other attributes to retrieve service data.

SCP object is updated by using Set-ClientAccessServer cmdlet

SCP – Quick Overview


Require Exchange Administrator role to execute

Is used to set properties on specified CAS

To be for all Microsoft Exchange Server 2007 computers that have the Client Access server role

Set-ClientAccessServer Cmdlet

Set-ClientAccessServer -Identity "CAS-01" -AutodiscoverServiceInternalURI "https://cas.mail.contoso.com/autodiscover/autodiscover.xml" -

AutodiscoverServiceSiteScope "Mail"

Parameter Required Description

Identity Required This parameter specifies an individual Client Access server.

AutoDiscoverServiceInternalUri

Optional This parameter specifies the internal URL of the Autodiscover service.

AutoDiscoverSiteScope

Optional This parameter specifies the site for which the Autodiscover service is authoritative. Clients that connect to the Autodiscover service by using the internal URL must belong to a site listed here.

Confirm Optional This parameter causes the command to pause processing and requires that you acknowledge what the command will do before processing continues. The default value is $true.

DomainController Optional This parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to the Active Directory directory service.

Instance Optional This parameter specifies an instance of a Client Access server.


Domain-connected client connects and authenticates to Active Directory

Outlook 2007 sends a LDAP query to AD looking for all SCP objects.

Outlook sorts and enumerates the returned results based on the client's Active Directory site by using the keyword attribute of the SCP record.

2 Lists with SCP Records of in-site & out-of-site are returned

An array of Autodiscover URLs is generated by referencing the serviceBindingInformation attribute from in-site and out-of-site lists in sequence

Autodiscover – Domain Connected


Outlook tries to connect to each Autodiscover URL sequentially. If no URLs in in-site are unavailable, out-of-site URL are connected and sends an HTTP POST command to the Autodiscover service

The Autodiscover service queries AD to obtain the connection settings and URLs for the Exchange services.

The Autodiscover service returns an HTTP response with an XML file that includes the connection settings and URLs for the available Exchange services.

Outlook uses the appropriate configuration information and connection settings to connect to Exchange messaging environment.

How Autodiscover Works….contd


How Autodiscover Works….


Non domain-connected client first tries to locate the Autodiscover service by looking up the SCP object in Active Directory

As client is unable to contact AD, it then locates the Autodiscover service by using Domain Name System (DNS)

Client will use domain part from user’s e-mail address and check DNS by using two predefined URLs.

Example:

If SMTP domain is contoso.com,

Outlook tries following URLs to connect to the Autodiscover service:

https://contoso.com/autodiscover/autodiscover.xml

https://autodiscover.contoso.com/autodiscover/autodiscover.xml

Non Domain Connected Client


Non Domain Connected Client


The XML file provides following information:

User’s display name

Connection settings for internal and external connectivity

Location of user’s Mailbox server

The URLs for features

Free/busy information,

Unified Messaging, and

Offline address book

Outlook Anywhere server settings

XML Contents…


For Distributed AD sites separated by low-bandwidth network connectivity.

Preferred AD sites for clients to connect Autodiscover service.

Process of specifying preferred AD sites - Configuring site scope.

Configure site affinity - Set-ClientAccessServer cmdlet.

Clients connect to the Autodiscover service instances as specified in Site Scopes.

Site Affinity @ Autodiscover


Topology– IN-CHN A EDS site located in Chennai (CHN-CAS)– IN-DEL A EDS site located in Delhi (DEL-CAS)– IN-BNG A EDS site located in Bangalore (BNG-CAS)

Configuration– Autodiscover service enabled on each site – Each site includes user mailboxes.

Users Autodiscover optionsIN-DEL Users - Should use either IN-DEL or IN-CHN sites

IN-BNG Users - Should use either IN-BNG or IN-CHN sites

IN-BNG Users – No preference required

Site Affinity @ Example

IN-CHN

IN-DEL

IN-BNG


Scope Configuration – IN-DELSet-ClientAccessServer -Identity “DEL-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml" -

AutodiscoverServiceSiteScope “IN-DEL”,”IN-CHN”

Scope Configuration – IN-BNGSet-ClientAccessServer -Identity “BNG-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope “IN-BNG”,”IN-CHN”

Scope Configuration – IN-DELSet-ClientAccessServer -Identity “CHN-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml"

Site Affinity @ Example

IN-CHN

IN-DEL

IN-BNG


The connection settings that the Outlook client uses are translated into MAPI properties.

MAPI properties are stored in the user's profile located in the registry on their local computer.

The URLs for the available Exchange services are cached in the memory of the local computer.

There are two layers of Outlook 2007 that use the Autodiscover service:

The Outlook layer - begins operating when Outlook 2007 is opened to retrieve the user profile settings

The MAPI layer - begins operating when there are errors connecting to the Exchange server by using the MAPI protocol

Autodiscover @ Outlook 2007


Outlook 2007 automatically connects to the Autodiscover service under the following conditions:

Every time that the application starts

At intervals on a background thread

Any time that the client's connection to an Exchange server fail

User profile settings (by outlook layer) are refreshed every time that the Time to Live period is specified. Setting for TTL is 60 minutes or if an error occurs when Outlook tries to contact to server.

If Outlook does not connect to Autodiscover service, Outlook layer reconnects every 5 minutes because the URLs for the available Exchange services are cached in memory on the local computer.



MAPI layer connects to the Autodiscover when the user is using a low-bandwidth network connection or when the user tries to open their mailbox after a mailbox move.

The first failure detected by the MAPI layer results in an initial Autodiscover service request..

This initial Autodiscover service request is known as the free Autodiscover service request. If no other failures occur after the first failure, the MAPI layer will perform an Autodiscover service request every 6 hours to update the user's profile settings.

MAPI layer also connects to the Autodiscover service if the user creates a new Outlook profile.



How Autodiscover Works….


MAPI layer connects to the Autodiscover when the user is using a low-bandwidth network connection or when the user tries to open their mailbox after a mailbox move.

The first failure detected by the MAPI layer results in an initial Autodiscover service request..

This initial Autodiscover service request is known as the free Autodiscover service request. If no other failures occur after the first failure, the MAPI layer will perform an Autodiscover service request every 6 hours to update the user's profile settings.

MAPI layer also connects to the Autodiscover service if the user creates a new Outlook profile.



Thank YouThank You

Nitin Gupta

[email protected]

Exchange 2007 - CAS Overview & Autodiscover

Technology

Transcript of Exchange 2007 - CAS Overview & Autodiscover