EXCHANGE 2010 HA GUIDE

Ammar Hasayen
AMMARHASAYEN.WORDPRESS.COM

Contents
1.

Introduction: ......................................................................................................................................... 3
1.1 Quorum ............................................................................................................................................... 3
1.2 DAG Networks ..................................................................................................................................... 3
1.3 Active Manager ................................................................................................................................... 4

2.

Datacenter Activation Coordination DAC ............................................................................................. 5

2.1 Introduction ........................................................................................................................................ 5
2.2 How to get DAC OK status? ................................................................................................................. 5
2.3 Restore-DatabaseAvailabilityGroup.................................................................................................... 5
2.4 Examples ............................................................................................................................................. 6

3.

Recovery Single Failed DAG member.................................................................................................... 6

4.

Database Mobility ................................................................................................................................. 6

5.

Outlook WebApp across Sites ............................................................................................................... 7

5.1 Introduction ........................................................................................................................................ 7
5.2 Scenario 1............................................................................................................................................ 7
5.3 Scenario 2............................................................................................................................................ 8
5.4 Scenario 3............................................................................................................................................ 8

6.

Datacenter Switch Over ........................................................................................................................ 8

6.1 Terminate the primary data center .................................................................................................... 8
6.2 Activating Mailbox Servers.................................................................................................................. 9
6.4 Activating CAS Servers ...................................................................................................................... 11
6.5 Restoring Services in the Primary Datacenter .................................................................................. 12

7.

Autodiscover ....................................................................................................................................... 13
7.1 When Autodiscover is triggered on Outlook .................................................................................... 13
7.2 How to find the service ..................................................................................................................... 14
7.3 What Autodiscover needs ................................................................................................................. 14
7.4 What Autodiscover process .............................................................................................................. 14
7.5 What Autodiscover returns............................................................................................................... 14

8.

How Outlook Connects ....................................................................................................................... 15

8.1 What information Outlook needs ..................................................................................................... 15
8.2 Database linkage to CAS Arrays ........................................................................................................ 15
Scenario 1................................................................................................................................................ 15
Scenario 2................................................................................................................................................ 15

Scenario 3................................................................................................................................................ 16
Scenario 4................................................................................................................................................ 17

1. Introduction:
This guide simply explains in a very easy way, all the technologies and procedures that you need to know
to perform Exchange 2010 data center switch over, recovering DAG member or stretching DAG between
sites.

1.1 Quorum
Define as a mechanism to ensure that only one subset of members are functioning at any given time. It
used to find majority.
There is Quorum data that is configuration shared between all nodes.
Exchange 2010 supports only two out four models of Quorums:

Node Majority: for odd number of nodes

File share majority: for even number of nodes

Witness is a file share (Witness.log) that represent a vote when there is need to break the tie. When we
are one vote from losing the majority, the node that hold the cluster group (PAM) will lock the witness
file share.
The witness cluster file share is created when the DAG members become even and cluster will apply
isalive controls to monitor it. If it fails, the cluster group is moved to another node and try to bring it
online.
(Exchange Subsystem) group should be member of the local administrator group on the witness server
and the alternative witness server.

1.2 DAG Networks

For each subnet that the cluster discovers, a DAG network is created. Note also that heartbeat happens
in all networks.
Two types of DAG Networks:

MAPI Network:
o You can have only one MAPI network.
o Default G and register in DNS
Replication Network: (Over TCP 64327)
o You can have Zero or as many replication networks as you much
o No default G and no register in DNS

It is important to note the following:

o
o

DAG Network enumeration happens only when adding DAG members or can be triggered by
running (Set-DatabaseAvailabilityGroup DiscoverNetworks)
If the MAPI network dies in a server, automatic switch over happens.

o
o

If Replication network dies in a server, replication will happen over MAPI network.
ISCIS network should be configured to be ignored from Cluster use.

And also make sure that the replication cannot route to the MAPI network in any case, or cross
heartbeat scenario will happen.

1.3 Active Manager

Lives inside (Microsoft Replication Service)
The data about where the database is active now DOES NOT LIVE IN AD. Active Manager is the one who
knows about it.
Three Server types:
1. Standalone ( for nodes not member of DAG)
2. Standby (SAM)
a. Monitor local resources and notify PAM
b. Give information to Active Manager clients about where databases are active
3. Primary (PAM)
a. The one who holds the cluster group
b. Best Copy Selection
Active Manager Client exists in HUB and CAS to know where the active copy lives in order to deliver or
access data.

2. Datacenter Activation Coordination DAC

2.1 Introduction
Active Manager handles DAC
DAC mode enables us to use three new commands: Stop-DatabaseAvailabilityGroup, StartDatabaseAvailabilityGroup and Restore-DatabaseAvailabilityGroup
DAG property that uses DACP protocol to handle split brain scenarios when DAG is stretches to more
than one subnet.
DAC when enabled, will be an extra application Quorum criteria that should be return OK.
DAC split DAG members to one of two sets:
1. Stopped DAG Members - Stop-DatabaseAvailabilityGroup
2. Started DAG Members - Start-DatabaseAvailabilityGroup
Only Started DAG Members will participate in DAC voting. Started servers are those candidate to bring
their database copies online.
Stopped DAG member is the status of Active Manager that prevents the databases to be mounted on
the server and will exclude it from DAC voting.

2.2 How to get DAC OK status?

o
o

If all started DAG members can communicate to each other

If not, if a DAG Started member can communicate with a node with DAC bit 1

Note: In case of two DAG started members in the alternate datacenter exist, the boot time of the
alternative witness share server can be used. If the witness boot time is before, DAC succeeded.
Else, use Restore-DatabaseAvailabilityGroup . This only true for two member started DAG members.
In all cases, if all DAG members are DAC 0, use Start-DatabaseAvailabilityGroup to reset the DAC bit
to 1 even if the nodes are already started.

2.3 Restore-DatabaseAvailabilityGroup
o
o

Evicts DAG members marked as stopped from the cluster , thus created quorum
Assign alternate witness share in case of even number of nodes

It has three parameters:

1. Identity (required) : name of DAG
2. ActiveDirectorySite (Optional)
3. AlternativeWitnessDirectory and AlternativeWitnessServer (Optional): those can be configured
ahead on the DAG level.

2.4 Examples
Stop-DatabaseAvailabilityGroup -Identity DAG1 -MailboxServer E14EX2
Stop-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite Redmond
Stop-DatabaseAvailabilityGroup -Identity DAG1 -MailboxServer E14EX3 ConfigurationOnly

3. Recovery Single Failed DAG member

Database copies on the failed server are marked as (ServiceShutdown)
For a failed MBX1 server
o

o
o
o
o
o
o

Remove database copies on the server

Remove-MailboxDatabaseCopy DB1\MBX1
This command will generated warning because the server is offline but the info about the copy
in AD will be deleted.
Remove its configuration in DAG
Remove-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer MBX1
ConfigurationOnly
It may happen that the server is not fully removed, so open the cluster console from any active
mailbox server and evict the failed DAG member manually
Reset Computer Account in AD
Install a new Windows with same patches and service pack (IMPORTANT : SAME IP Addresses)
Setup /m:RecoverServer
Add it to DAG
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer MBX1
Add databases copies back to it.

4. Database Mobility
If you have a server that fails but the SAN or disk database files are accessible, you can mount the DB on
another server. This is called Database Mobility.
1. Attach the database files to a drive on the new mailbox server.
2. Use eseutil to check the health of the database
Eseutil /MH database.edb |findstr state:
3. If the database is dirty shutdown and log files are available, then perform soft recovery : From
the folder that contains the log files, type :
eseutil /r E00 /d G:\Data\databaseFolderPath
Note: Replace E00 with log prefix

4. Finally, create new DB on the new server, mark it as over writable, dismount it , switch files.
5. Point the user to the new DB :
Get-Mailbox -Database oldDB | Set-Mailbox Database newDB
6. Outlook clients will automatically pick up the new info.

5. Outlook WebApp across Sites

5.1 Introduction
When CAS receives OWA requests:
o
o

It checks to see if the request can be severed locally.

If mailbox is not local, CAS retrieves target ExternalURL (if defined) and redirects or proxies if no
OWA ExternalURLs are defined in the target Active Directory site.

Below is additional Scenarios

5.2 Scenario 1
Suppose that the primary site went down completely, and you changed the DNS entry for
owa.contoso.com to point to the CAS NLB in the secondary site. Now the primary site is back to normal
and you changed the DNS entry for owa.contoso.com to point to the primary CAS NLB in the main site.
The client need to wait for the TTL for owa.contoso.com to expire (usually set the TTL to 5 minutes), and
also after the cache expires, the browser will still cache the DNS entry for another 20 minutes.
So a loop will happen here as the browser will go to owa.contoso.com which will go to the secondary
CAS NLB because of the browser cache, and the secondary CAS array will send an OWA redirection
message Hey... You should be using https://owa.contoso.com for best performance. Because the
mailbox is active in the primary site now and the OWA ExternalURL for the primary CAS array is
https://owa.contoso.com.
The user may think ODD, I just did log in at that site! Silly computer, let me log in again.
The second time he logs in to owa.contoso.com, he will probably still hit the secondary CAS array servers
because of their browser cache still isnt updated. The secondary CAS array servers are intelligent
enough to see this 2nd logon attempt (via a web canary) and then know OH this users DNS cache is
old. They dont know we failed back to the other datacenter. Send him the FailbackURL for the primary
CAS servers.
The user is then prompted with a slightly different page with a CONTINUE button and it explains to
them that the mailbox is in the process of being brought online in different datacenter. He clicks
continue, which takes him to the FailbackURL. They log in again and this time is successfully in OWA.
So the Secondary CAS array will detect if the primary CAS servers has the failbackURL configured, and if
it is, it will redirect the client to it to end the loop. If there is no failbackURL configured, then the
secondary CAS array will send an error page to the client indicating that he should close his browser and
try again.

5.3 Scenario 2
If the CAS receive a request for OWA to a database, and he can see that the database legacyExchangeDN
matches his local AD site, but the database is mounted in different site, the CAS will issues a redirect to
the ExternalURL of the CAS server hosting the mounted database.

5.4 Scenario 3
NEW IN SP2 Cross-Site Silent Redirection
If you configure the Set-OWAVirtualDirectory with CrossSiteRedirectType = Silent (default is manual),
then all redirections become silent. In addition, if FBA or Integrated authentication is configured, a
Single Sign On experience will occur.

6. Datacenter Switch Over

The case of complete outage in primary data center (NYC) and restoring things back in secondary data
center (LON)

6.1 Terminate the primary data center

1. DAG Members in the primary data center must be marked as stopped. Stopped is the status of
Active manager that prevents database copies to be mounted on them, and will exclude them
from DACP voting. This can be done on the primary and the secondary sites :
o

On the Primary side :

o

If the mailbox servers in the primary are operational and there is a functioning DC in
the primary site, use
Stop-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite NYC
o If the mailbox servers in the primary site are not operational but there is domain
controller in the primary site, use this command for each primary MBX servers:
Stop-DatabaseAvailabilityGroup -Identity DAG1 -MailboxServer E14EX3
ConfigurationOnly
o If no DC nor mailbox servers are available in the parent side, then make sure that
mailbox servers are shutdown always.
o If the primary mailbox server are online, make sure the cluster service is set to
Disabled or do it yourself.
o

On the Secondary side :

o

2. UM Servers

We need to tell the secondary site which servers are available during the switch
over. This can be done by using the Stop-DatabaseAvailabilityGroup command
with the ConfigurationOnly.

If any Unified Messaging servers are in use in the failed datacenter, they must be disabled to
prevent call routing to the failed datacenter. You can disable a Unified Messaging server by
using the Disable-UMServer cmdlet (for example, Disable-UMServer UM01).
Alternatively, if you are using a Voice over IP (VoIP) gateway, you can also remove the Unified
Messaging server entries from the VoIP gateway, or change the DNS records for the failed
servers to point to the IP address of the Unified Messaging servers in the second datacenter if
your VoIP gateway is configured to route calls using DNS.

6.2 Activating Mailbox Servers

1. When the primary datacenter is down, the mailbox servers in the secondary site, will try to take
ownership of the cluster group and will try to bring the primary Witness server online for couple
of time before timing out and failing. This is when the cluster as a whole goes down because of
majority issues. Database copies on primary datacenter mailbox servers appears as (Service
Shutdown), where database copies on secondary datacenter mailbox servers appear as
(Disconnected and Healthy)
2. The Cluster service must be stopped on each DAG member in the primary datacenter (This can
be one of two :
a. If the Primary data center is down, then for sure objective completed
b. If the primary mailbox servers are online, make sure cluster service is stopped and the
service is marked as disabled.
3. Running Restore-DatabaseAvailabilityGroup which will do two things :
a. Evict Stopped DAG members from cluster
b. Create alternative witness share if not created previously on the DAG level
Restore-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite
LON AlternateWitnessServer EXHUB1 -AlternateWitnessDirectory
D:\DAG1
You may need to run the command couple of time until the primary mailbox servers are evicted
from the cluster.
Note: the restore command can fail, just wait 5 minutes and run it again. Also you can make
sure that the command is being executed on the right domain controller by running:
Set-ADServerSettings PreferredServer <Domain Controller in Failover Datacenter>
4. Always and at any time, if you want to force the cluster model to refresh (i.e if you open the
cluster console from the secondary mailbox server, alternative witness share should appear
after you entered the Restore-DatabaseAvailabilityGroup command, if it didnt reflect in the
cluster console, just type Set-DatabaseAvailabilityGroup Identity DAGName)

5. You should make sure the Witness server and directory are up. Never lose them and avoid
restarting them. Make sure Exchange Trusted Subsystem is member of the local administrator
group on the Witness server and create a firewall rule on the Witness server if necessary to
allow all traffic from the mailbox server to the Witness Server.
6. At this moment, the secondary mailbox server(s) will try to assume the ownership of the cluster
group and trying to get the secondary DAG IP online and will keep trying to bring the alternative
Witness share online.
7. Use Get-DatabaseAvailabilityGroup cmdlet to make sure the Stopped servers are those mailbox
servers in the primary site while started servers are those in the secondary site only.
8. If databases in the secondary site dont mount automatically, remember to remove any
activation blocks on the server level (Set-MailboxServer) or on the database level (Suspend
Activation).
9. If still databases didnt mount correctly, use this command:
Move-ActiveMailboxDatabase Server FQDNofaServerinPrimarySite
ActivateOnServer FQDNofaServerinDRSite
This command contains many Skip switches that can be handy.This is very important step as it is
like taking ownership of those databases. You can also use :
Move-ActiveMailboxDatabase DatabaseName ActivateOnServer
FQDNofaServerinDRSite

10. We need to choose whether to remove the database copies existing in the primary site to allow
log truncation or not. If we choose so, reseeding will be necessary once you fail back to the
primary data center.
11. Outlook Office clients will act as per the following :
a. If the primary CAS servers are online, CAS servers in the primary site will issue a silent
redirect message to outlook users. Outlook users will see a message that they need to
restart their outlook.
b. If the primary CAS servers are online, you can change the DNS name for the outlook
anywhere name or just force autodiscover to work by repairing outlook profile
12. OWA clients will do the following :
a. If the primary CAS servers are online, silent redirection will happen with SOO since both
OWA virtual directories has Integrated Authenticated on them
b. If the primary CAS servers are offline, DNS name for OWA primary should point to
secondary and thats it.
13. If you restarted mailbox servers in the secondary site and/or the Witness server, the DAC bit will
be sit to 0 and databases will be shown as Dismounted. If you try to mount them , an error that
the replication services on the primary mailbox servers are not online. You may find a problem
locating the Active manager also especially if you typed: Get-DatabaseAvailabilityGroup
Identity DAGName Status.
The solution will be forcing the DAC bit to be 1 by running the Start-DatabaseAvabilibityGroup
Server (Secondary Mailbox Servers) even if they are already started.

6.4 Activating CAS Servers

If the primary datacenter has the following URLs internally and externally

Mail.NYC.contoso.com (Outlook Anywhere)

OWA.NYC.contoso.com (Outlook Web Access)
EAS.NYC.contoso.com (Exchange ActiveSync)

And the secondary site has:

Mail.LON.contoso.com
OWA.LON.contoso.com
EAS.LON.contoso.com

And suppose SCP for Autodiscover for CAS servers in the primary datacenter points to
Mail.NYC.contoso.com where SCP for CAS servers in the secondary datacenter points to
Mail.LON.contoso.com. Suppose also that the public autodiscover.Contoso.com points externally to
primary datacenter publishing rule

During Data center Switchover:

1. OWA :
Change the IP address for OWA.NYC.contoso.com to point to OWA.LON.contoso.com in the
internal and external DNS servers. This really depends if the primary data center will be off for
long time.
You can also chose not to change this DNS name if the primary CAS servers are online since they
will do the redirection.
2. EAS :
Change the IP of EAS.NYC.contoso.com to point to EAS.LON.contoso.com in the internal or
external DNS servers. You can also chose to tell the users to manually change this manually on
their mobiles.
3. Outlook Anywhere :
Either manually let users to change their outlook proxy settings to
Mail.LON.contoso.com
Automatic solution would be making sure Autodiscover service is reachable internally
and externally so that outlook profile repair will do the trick and switch
Mail.NYC.contoso.com to Mail.LON.contoso.com
NOTE: VERY IMPORTANT: Dont ever try to change the DNS name of
Mail.NYC.contoso.com to point to Mail.LON.contoso.com. This will always fail as the

subject name of the certificate in LON datacenter is mail.lon.contoso.com while the

proxy settings in user outlook profile is mail.nyc.contoso.com

6.5 Restoring Services in the Primary Datacenter

1. Power on the primary mailbox servers. If you open the cluster console on them, you can see that
they reflect that they are evicted from cluster. Database copies on them are marked as Failed
and there is no way to mount them on primary servers.
Note:
Verify that Cluster service on the DAG members in the primary datacenter have a startup type of
DISABLED. If they do not, either the Stop-DatabaseAvailabilityGroup command was not
successful or the DAG members in the primary datacenter failed to receive eviction notification
after network connectivity between datacenters was restored. Do not proceed until Cluster
service cleanup has occurred and Cluster service has a startup type of DISABLED. You can
optionally run the following command on the DAG members in the primary datacenter to forcibly
cleanup the outdated cluster information: Cluster node /forcecleanup
2.

Run the Start-DatabaseavailabiltyGroup Identity DAG1 ActiveDirectorySite NYC

command on them.
Note that powering those servers in the primary site will not be risky as they are out of DAG
configuration. The start-DatabaseAvailabilityGroup command will return them to the DAG again.

Also remember that we have performed the Move-ActiveMailboxDatabase command during

switchover to be servers in the secondary site. Thats why when you start-DatabaseAvailabilityGroup
on primary servers, they will notice that the databases are active on secondary mailbox servers and
will not try to do anything.
After running this Start command, the primary mailbox servers will start appearing in the cluster
console as cluster nodes functioning normally.
3. Run Set-DatabaseAvailabilityGroup cmd without any parameter to make sure the right
Quorum mode is being used. This command also will seed all changes on the passive copies.
4. Database copies on the primary site will start seeding automatically and will turn healthy
eventually.
5. Leave the database to replicate over time and sync from Secondary datacenter to Primary. Then
proceed to the below steps.
6. Note that the DAG is using the alternative witness server. In order to use a witness server in the
primary site, and if you still have the old witness server, then use SetDatabaseAvailabilityGroup -Identity DAG1 command. If we want to assign new witness on
the primary datacenter, then add the witness parameters to the previous command.

7. Notice that the default cluster group is hosted on the secondary site which means that the
Primary Active Manager PAM is located on the node who holds the default cluster group.
To identify the PAM server, run: Get-DatabaseAvailabiliyGroup Identity DAG1 Status
|FL *Primary*
8. You can move the default cluster group to the primary mailbox server by running Cluster
group Cluster Group /MoveTo:EX01 .
9. Dismount databases in the secondary datacenters and move the CAS URLs.
10. After DNS is replicated and the cache is refreshed, use the Move-ActiveMailboxDatabase for the
copies in the primary site.
11. Mount database copies in the primary site.
12. Outlook clients will find a message to indicate that the administrator has changed something
and the outlook need to be restarted.

Note : When mounting database copies on the primary site, sometimes you will face issues like database
cannot mount because index problem. For this scenario, you can run :
Update-MailboxDatabaseCopy DBName\FailedToMountServer CatalogOnly
If this didnt work, use
Move-ActiveMailboxDatabase Database Name -ActivateOnServer DestinataionServer
SkipClientExperienceChecks
Note that this command is powerful, look at this :
Move-ActiveMailboxDatabase Database Nam e ActivateOnServer Options
Where Options can be:

SkipActiveCopyChecks
SkipClientExperienceChecks
SkipHealthChecks
SkipLagChecks

7. Autodiscover
7.1 When Autodiscover is triggered on Outlook
o
o
o
o
o

When the Outlook profile is first created

When network changes occur on Outlook machine
Once every 15 minutes
When the connection to Exchange fails
When Outlook starts

Nevertheless, repairing Outlook profile is the most effective way to force complete reconfiguration of
Outlook when Autodiscover gets new information.

7.2 How to find the service

Domain Joined:
Any CAS server during the installation will create a SCP in AD. In a domain joined machines, Outlook will
simply query AD (LDAP) for those SCPs and will choose any SCP randomly to connect to. In case all SCPs
are not available, Outlook will try to access https://autodiscover.PrimarySMTPdomainname and if this
fails, it will try the SRV method.
You need to configure the value in SCP to read the NLB of the CAS array instead of the default server
name by using:
Set-ClientAccessServer CASServerName -AutoDiscoverServiceInternalUri
https://mail.domain.local/Autodiscover/Autodiscover.xml
Non-Domain Joined:
For non-domain machines, Outlook will query AD for SCP and will fail, then it will query DNS for
https://PrimarySMTPdomain/autodiscover/autodiscover.xml and then
https://autodiscover.PrimarySMTPdomain/autodiscover.xml

7.3 What Autodiscover needs

The user email address and his credentials

7.4 What Autodiscover process

Autodiscover service will pass the information to the Outlook Provider information stored in AD. Those
provider settings are categorized to three main categories:
1. The WEB setting : Outlook WebApp Clients
2. The EXCH setting : RCP Internal Client (Returns the InternalURLs for services)
3. The EXPR setting : Outlook Anywhere Clients (Returns the ExternalURLs for services)

7.5 What Autodiscover returns

Autodiscover will return a lot of information depending of the nature of the client (RPC or RPC over
HTTPS). Mainly the Internal URL and External URLs for the following services will be returned:
1. External and Internal URL for those services
a. OWA Virtual Directory
b. OAB Virtual Directory
c. Web Services Virtual Directory
d. ActiveSync Virtual Directory
e. ECP Virtual Directory
f. UM Seetings
2. User Display Name
3. User Home Server (database LegacyExchangeDN)
4. Outlook Anywhere settings

8. How Outlook Connects

8.1 What information Outlook needs
Outlook needs three piece of information to connect to a mailbox.
o
o
o

Database Name
Home Server (RPC Client Access Array Server attribute of the DB), aka. The database
legacyExchangeDN
LegacyDN of the mailbox

The rest of information are not that important and are return by Autodiscover.
If profile is configured, outlook will try to resolve the Home Server in the outlook profile and connect to
it using TCP. This represents the Client Access Server Array object which should not be resolving
externally in all cases, (nor internally, only if you want to force Outlook Anywhere behavior)

8.2 Database linkage to CAS Arrays

Facts:
Each database has a GUID and also has an important attribute called (legacyExchangeDN).
LegancyExchangeDN is also referred to the RPCClientAccessServer for that database.
The information about where the database is currently mounted is not stored in AD, instead each Active
Manager server in each mailbox server in the DAG (SAM or PAM) knows about this info.
When the database is created in a mailbox server, the legacyExchangeDN is set to the CAS Array FDQN if
exists in the local site or default to the first CAS server installed on that site.
This value doesnt change if the database get mounted in different site unless that mailbox database
copy is assigned an Activation Preference = 1.
The value of the legacyExchangeDN of the database is what Autodiscover returns to outlook as the
home server. Outlook is still not configured, will honor this value. If the outlook profile already exists
and pointing to a CAS array, it will not honor the Autodiscover information about the change on
legacyExchangeDN depending on different factors.

Scenario 1
It is important to remember that neither Outlook nor CAS care about the AD site in which the CAS server
is located at.
If the database get mounted to different site, and you change just the DNS record of the primary CAS
array to point to the CAS array of the secondary site, everything works fine. This works for RPC Clients.

Scenario 2
RULE: The RPCClientAccessServer property of the database a.k.a the database legacyExchnageDN always
points to the RPC CAS array that is in the same site as the copy of the mailbox database with the lowest
activation preference (which equals 1).
In the below figure, when the database get mounted on MBX-C, the RPCClientAccessServer property will
stay CAS-Pri.contoso.com. The outlook user will still point to cas.pri.contoso.com and CAS Direct

Connect over the WAN will happen from CAS-Pri to MBX-C. If CAS-Pri is inaccessible, the Outlook will get
disconnected!

Scenario 3
The only time the system changes RPCClientAccessServer value on the database is when the
administrator changes the ActivationPreference number on the activated database copy such that it
now has the lowest value (meaning it becomes the preferred copy), as seen below.

However, the Outlook clients with an existing Outlook profile would continue to use the old RPC
endpoint rather than the new RPC endpoint (even though Autodiscover detected the change). This is
because the old RPC endpoint does not return an ecWrongServer response to the client.
The RPC endpoint accepts the connection; therefore, Outlook ignores the Autodiscover response
because it has a working connection. In the event that the old RPC endpoint becomes inaccessible,
Outlook 2007/2010 would update its settings. At any time you could force Outlook to use the new RPC
endpoint by forcing a profile repair.
You can also manually change the RPCClientAccessServer property of the database to point to the new
array instead of changing its activation preference.
The same happens when you move a mailbox to a database in different AD site. Outlook will continue to
use the old and configured RPC CAS array unless that array become inaccessible or you trigger Outlook
profile repair.

Scenario 4
After Exchange SP2 RU3, the following changes happen:

By default, once you have installed SP2 RU3, when you move mailboxes between AD sites, all
versions of Outlook will get prompted to restart and the Outlook profiles RPC endpoint will be
updated.

Cross Site Database Access changes :

1. This behavior depends on the value of DAG property called
(AllowCrossSiteRPCClientAccess).If set to $true, then the behavior in Scenario 3 will
occur. That is Outlook will stick to the original configured CAS array and cross WAN CAS
direct connect will occur , unless you change the LegacyExchangeDN of the DB or
change the ActivationPreference and the Outlook profile get repaired or the primary
CAS array is not available.
2. If the value of AllowCrossSiteRPCClientAccess is set to $false which is the default DAG
property value, then the Outlook profiles RPC endpoint will be updated to be the RPC
Client Access Server array that is in the same AD site where the database is active and
mounted. Note that the RPCClientAccessServer property is not updated as that defines
the preferred site.

Actually the CAS array log on the primary site will ask the Outlook to redirect to the CAS array in the
secondary site although the LegacyExchangeDN of the database is still pointing to the primary CAS array.

Start Sorting DBs

Ignore databases on servers Blocked

with Set-MailboxServer DatabaseCopyAutoActivationPolicy

BEST COPY
SELECTION BCS

SORT BY Copy Length, Activation

Preference , Index ,Replay Queue..

Attempt Copy Last

Logs (ACLL)

Try Next Copy

Only from the Active Copy

Within
NO

AutoDatabaseMount
Dial ?

Yes

Soft maximum number of Active DB on server

Exclusion?

If database is suspended for activation

Active Copy is mounted

Get missing messages from

Dumpster

Divergence detection on the failed

DB when it is up