Segmenting IMAP traffic from CAS Array

Status
Not open for further replies.
J

jtatz

We have 4 CAS servers in the same AD site. 2 of them are used for MAPI/OWA/POPS/IMAPS/Outlook Anywhere (everything).

We are trying to deploy 2 additional CAS servers to handle solely IMAPS traffic. We use a hardware based load balancer in front of the CAS boxes -- so we do not use NLB.
What we're trying to do is configure the 2 CAS servers to ONLY handle IMAPS traffic - so that means no address book, no MAPI, etc. However, it appears that you can only have 1 CAS array in an AD site and you cannot exclude CAS servers from a CAS array.

Is there a good way to achieve what we're trying to do?

We were seeing traffic being sent/proxied (address book related) to our " IMAP only" servers -- even though the load balancers aren't configured to send any traffic currently to the IMAP servers. We don't want Exchange trying to send other non-IMAP traffic over to those servers.
 
B

Brian Day MCITP

...and you cannot exclude CAS servers from a CAS array.

Sure you can. :) When you use Get-ClientAccessArray, ignore the CAS server names it returns. All that is doing it telling you what CAS servers " can" be part of that CAS array because those are the CAS servers in the same AD site as the CAS Array object you created with New-ClientAccessArray. It is up to you the admin to include/exclude CAS servers from a CAS Array by not adding them into the load balancer pool. A CAS Array itself is nothing more than an empty container in AD and a DNS record you create and is used for MAPI endpoint connetions. Exchange can't/won't do anything with it without help from you.

Exchange is always going to use CAS servers for what they were designed for such as Availability service, OAB downloads (if you have the files on them), etc...

Is there a particular reason why you would like to dedicate CAS servers only for IMAP? How many users are we talking about here?
Microsoft Premier Field Engineer, Exchange
MCSA 2000/2003, CCNA
MCITP: Enterprise Messaging Administrator 2010
Former Microsoft MVP, Exchange Server
My posts are provided “AS IS” with no guarantees, no warranties, and they confer no rights.
 
J

jtatz

Hey Brian,
Thanks a lot.
OK. So CAS1/2 are full service servers, CAS3/4 are IMAP only.

So, as long as we load balance non-IMAP traffic to CAS1/2 - and only IMAP to CAS3/4 - we should be OK - despite the fact that some things like OAB downloads will hit it regardless? We're trying to disable whatever we can on CAS3/4. Any idea if the Microsoft Exchange RPC Client Access service can be safely disabled?

Yeah, we have/will have 500+ IMAP users. From what we've seen the IMAP Service is pretty CPU intensive compared to OWA/MAPI/Outlook Anywhere.
 
B

Brian Day MCITP

500 IMAP users shouldn't be a problem. May I ask what the hardware specs of all of the CAS servers are?

Microsoft Premier Field Engineer, Exchange
MCSA 2000/2003, CCNA
MCITP: Enterprise Messaging Administrator 2010
Former Microsoft MVP, Exchange Server
My posts are provided "AS IS" with no guarantees, no warranties, and they confer no rights.
 
J

jtatz

The CAS servers are VMs - so that's a factor. They are each 8GB machines.

It's not as much the day to day usage - as much as it is some of the new users who are using imapsync - and importing gigs and gigs of data.

We just want to segment the IMAP traffic - so that the heavy IMAP usage doesn't compromise the performance of the other users.
 
J

jtatz

Exchange is always going to use CAS servers for what they were designed for such as Availability service, OAB downloads (if you have the files on them), etc...

So, just to clarify -- some of those things -- traffic will be passed to the CAS servers, even when the load balancers are not pointed to them?

Either through proxy or some other means?

Because we did NOT have anything load balanced to CAS3/4 and it appeared that address book downloads were being attempted there from Outlook clients.
 
B

Brian Desmond -MVP-

Hey Brian,
Thanks a lot.
OK. So CAS1/2 are full service servers, CAS3/4 are IMAP only.

So, as long as we load balance non-IMAP traffic to CAS1/2 - and only IMAP to CAS3/4 - we should be OK - despite the fact that some things like OAB downloads will hit it regardless? We're trying to disable whatever we can on CAS3/4. Any idea if the Microsoft Exchange RPC Client Access service can be safely disabled?

Yeah, we have/will have 500+ IMAP users. From what we've seen the IMAP Service is pretty CPU intensive compared to OWA/MAPI/Outlook Anywhere.

OAB downloads also won't hit those boxes unless you put them behind the load balancer for that URL.

I personally wouldn't worry much about 500 folks using IMAP. You're going to be more I/O constrained on the temp folder drive than CPU I'd expect.

My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
 
J

jtatz

OAB downloads also won't hit those boxes unless you put them behind the load balancer for that URL.

I personally wouldn't worry much about 500 folks using IMAP. You're going to be more I/O constrained on the temp folder drive than CPU I'd expect.
My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com

We actually found that was not correct. We had set up the new CAS servers, but we had no load balancer rules to them - and had not provided the address to anyone.

We were seeing a fair amount of traffic from a wide range of subnets -- attempting to reach CAS3/CAS4 on port 443.

We determined that the clients, via Autodiscover, were attempting to read the Autodiscover settings on CAS3/4 (before any other servers). The autodiscover logs showed that the clients were finding CAS3/CAS4 via the SCP records in AD.

Even though we had disabled nearly everything on CAS3/CAS4, the clients still attempt to hit the Autodiscover URL. If traffic was blocked to CAS3/4 on 443 - that would result in the clients attempting autodiscover on CAS3/4 and eventually timing out and moving on. However, despite the configuration being unchanged - clients were then being prompted to " Allow" when an Autodiscover prompt came up.

So, solution was to set (via set-clientaccessserver) AutoDiscoverSiteScope to " " (null).

As long as the sitescope was blank - that appears to effectively keep CAS3/4 from being advertised to autodiscover.

Wish this was better documented...... since I can't imagine we'll be the only people who ever want to dedicate a CAS server to a specific service (and not offer everything else).
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
M Managing Gmail "All Mail" sync issues with IMAP Using Outlook 1
J Outlook 2016 Moving IMAP emails to Exchange Using Outlook 1
K Outlook 2016 - controlling IMAP OST size with Group Policy not working Using Outlook 1
N Sent emails not reflected in all IMAP Folders Using Outlook 4
V Scheduled backup of imap account Using Outlook 7
glnz How set up new IMAP on Outlook-Office 365 and merge in pst from Outlook 2003 for same two email accounts? Using Outlook 5
David Langer Outlook 2016 (365) How to restore the ability to Re-Map iCloud IMAP Folders Using Outlook 5
D Outlook 2013 Yahoo IMAP Sync problems Using Outlook 1
P IMAP Folders Dialog Box Using Outlook 1
O How to recover rules after switch from POP3 to IMAP Using Outlook 2
O Benefits of Exchange over IMAP and why would I choose Exchange? Using Outlook 2
P Desktop doesn't index Outlook IMAP files, laptop Outlook does index those same IMAP files Using Outlook 2
B What is best IMAP .OST file to .PST file converter solutions? Using Outlook 1
I IMAP - are emails dynamically fetched from server as required? Using Outlook 2
I Convert POP3 account (PST) to IMAP (.OST) Using Outlook 3
Mark Foley Color Categories on IMAP mail lost when installing new Windows 7 workstation Using Outlook 12
CWM030 Outlook 2016 with imap emails keep Resurrecting themselves? Using Outlook 5
CWM030 Archiving ON the imap server Using Outlook 3
Y Outlook not displaying all imap emails Using Outlook 5
Y IMAP errors with Outlook 2016 Using Outlook 2
D Outlook 2016 IMAP Connection Returns All Email but outlook.com does NOT Using Outlook.com accounts in Outlook 2
Z Can't delete IMAP folder Using Outlook 2
GaryW88 2016 Archiving IMAP keeping mail on Gmail Server Using Outlook 1
N Error 0x80090326 when trying to setup IMAP account on Outlook.com Using Outlook.com accounts in Outlook 1
M cannot change delivery folders with IMAP accounts Using Outlook 0
E 365 Outlook changed from POP3 to IMAP,all contacts lost Using Outlook 3
O POP3 vs iMAP? Using Outlook 1
B How to 'really' delete IMAP emails? Using Outlook 6
K IMAP Server Wants to alert you to the following: cannpt rename system folder Using Outlook 1
Diane Poremsky Setting up an Outlook.com IMAP account New Slipstick.com Articles 0
M 10 Imap gmail accounts into OL2016-32b want 1 calendar Using Outlook 3
Liz Schneider PST from Outlook 2013 is now IMAP folders in 2016 Using Outlook 10
L Gmail POP, Android IMAP, Outlook 2013 setup close Using Outlook 5
B IMAP folders don't update when Outlook 365 opens Using Outlook 0
J IMAP server Using Outlook 0
J Converted .ost to .pst: Want to Import and Reconnect with IMAP Email Account Using Outlook 2
GregS Import from Outlook.com .ost to IMAP .pst? Using Outlook 3
J Your IMAP server wants to alert you to the following: cannot remove system folder Using Outlook 3
M Outlook 2010 Error: Your IMAP server closed the connection Using Outlook.com accounts in Outlook 1
I Outlook 2016 and Slow access to Outlook.com IMAP Using Outlook 0
E POP vs IMAP on iDevices Using Outlook 3
H Need help setting up GetFolderPath-Makro with Vodafone IMAP Mail-Account Outlook VBA and Custom Forms 0
Mark Foley Where are Outlook categories save for IMAP? Using Outlook 12
P Newly created IMAP subfolders not showing up on email clients away from computer. Using Outlook 3
M Cannot Delete Emails from IMAP inbox Using Outlook 4
Mark Foley Outlook prompts for IMAP user/PW when domain PW changes Using Outlook 0
K IMAP Subfolders missing after migrating to new server Using Outlook 0
K Outlook 2007 IMAP account stops syncing new messages Using Outlook 0
P Outlook 2013 and IMAP: Two popular issues Using Outlook 3
W Gmail IMAP list is incomplete Using Outlook 0
Similar threads


















































Top