Exchange 2007 – Add the CAS Role (Client Access Server)

Exchange 2007 – CAS (Client Access Server Role) Exchange CAS Role Client Access Server

Remember that the CAS role handles all initial communication between clients and Microsoft Exchange. The purpose of this page is to help you add, (or install) the CAS Role in Exchange 2007.  Steps and screenshots kindly supplied by Alain Laventure.

Topics for Exchange 2007 CAS Role

Introduction to Exchange CAS

CAS (Client Access Server) is an Exchange 2007 role which replaces the front-end server in Exchange 2003.  It makes sense to get this role working before implementing the Mailbox, Hub, or Unified Messaging roles.  The Exchange 2007 Client Access server can coexist in an Exchange Organization which still has Exchange 2003 or Exchange 2000 servers.  Consequently your transition to from Exchange 2003 to Exchange 2007 will be both straightforward and flexible.

Whenever you have email clients that access an Exchange 2007 Mailbox Server, you should deploy the Client Access Server role in that site.  As a result, clients such as Microsoft Outlook 2002 or later, OWA, IMAP4, POP3, or mobile devices, can access their mailboxes on an Exchange 2007 Server with the mailbox role.

The base procedure for installing Exchange 2007 is the same regardless of which Server Role(s) you wish to select.  Once you have built your Exchange 2007 server you can add the CAS role via the Control Panel, Add or Remove Programs (if you did not select it during the setup). 

While you could combine CAS with other roles, where possible, it is best to have a dedicated server for this role.  Separating the CAS and Mailbox roles is especially important if you want to implement OWA, but some clients have Exchange 2007 mailboxes, while others clients still have Exchange 2003 mailboxes.


Deciding On Your CAS Placement

When your CAS is accessible from the Internet, you need to take extra precautions.  The crucial decision is whether to locate the Client Access server on the internal network or the perimeter network.  If you are undecided, or the decision is close, I would recommend locating the Client Access Server(s) on the internal network.

You must install the CAS role on a member server that has access to a global catalog server.  Also remember that the CAS must be able to contact the Mailbox servers inside your Exchange organization.  A ratio of 1 CAS : 4 Mailbox servers works well.  However, small companies may want an extra CAS server for high availability.  In the case of Exchange organizations with fewer than 500 mailboxes you probably need to combine CAS with other Exchange 2007 server roles, for example, Hub Transport.

Once installed, I would call for the Security Configuration Wizard and listen to its suggestions to lock down ports and disable services that your particular Client Access server deployment does not require.   Only allow access through the external and internal firewall for the essential protocols.  The best and simplest decision is to install and configure Microsoft Internet Security and Acceleration (ISA) Server 2006.

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v11.5 v11.5

SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of SolarWinds’ Network Performance Monitor

Adding The Actual Client Access Role

Assumptions: You have installed the underlying operating system, Windows Server 2008 (best), alternatively choose Windows Server 2003.  If you are not ready to add the CAS role, then get a copy of the Microsoft Exchange Server Best Practices Analyzer Tool, and run a Readiness Check scan.

When you run the Exchange Server 2007 setup program, the Client Access Role is checked by default.  However, if you did not install this role at first, you can return to setup’s Roles menu via the Control Panel, Add or Remove Programs.

PowerShell Command-line

You may prefer to use PowerShell cmdlets to manage the Roles of your server.

Check the roles:

get-ExchangeServer | Format-Table Name, ServerRole

Add more roles:

Setup /mode:install /roles:CA

Other /roles: include ‘UM’ Unified Messaging, ‘MB’ Mailbox, ‘HT’ Hub Transport or ‘ET’ Edge Transport.  Incidentally, once you master PowerShell configuration in this context, you may like to employ PowerShell cmdlets for other Exchange 2007 Server tasks.

Exchange Monitor from SolarWindsGuy Recommends: The SolarWinds Exchange Monitor

Here is a free tool to monitor your Exchange Server.  Download and install the utility, then inspect your mail queues, monitor the Exchange server’s memory, confirm there is enough disk space and check the CPU utilization.

This is the real deal – there is no catch.  SolarWinds provides this fully-functioning freebie, as part of their commitment to supporting the network management community.

Free Download of SolarWinds Exchange Monitor

Virtual Directories for OWA

Understanding the role of the Exchange 2007 virtual directories is the key to troubleshooting any problems with OWA 2007 or OWA 2003.  It is also a reminder of the link between IIS web site in Exchange 2007 and the browser on the OWA client.

/owa.  This virtual directory is for OWA 2007 clients.  That is clients with a mailbox on the Exchange 2007 server.

/Exchange.  This is a legacy virtual directory for clients whose mailboxes are on an Exchange 2003 (or 2000) server.  As this is a virtual directory, we are talking about clients trying to use a browser to connect to their mailbox, hence OWA 2003 clients.  If the mailbox were on an Exchange 2007 server, the client would be redirected via the /owa virtual directory.OWA Virtual Directories for Exchange CAS

/Exchweb.  Again this is for connecting to mailboxes on Exchange 2003.  This virtual folder is used by some OWA applications.

/Public.  This is for public folders access.

Check the Virtual Directories

To see these virtual directories, launch the Exchange Management Console.  Click on the Server Configuration tab, and then select: Client Access.  You should now see the Outlook Web Access tab near the middle of the screen.

Any problems with the installation, then check the \ExchangeSetupLogs folder, in particular examine the ExchangeSetup.log file.  Also, remember the Eventlogs, both System and Application.

Troubleshooting Errors when Adding the CAS Role

Problem: CAS setup (or Add Role) fails with a Watson MultiValuedProperty error

Solution:  Launch ADSI Edit, navigate to: Default Offline Address List.  In particular, set the value of the MsExchVersion attribute to 4535486012416

Problem: You use the Exchange 2003 Exchange System Manager to Configure 2007

For example: You try to move the OAB generation role from Exchange 2003 to Exchange 2007.  While you can do this, don’t use the 2003 Exchange System Manager, instead use the native 2007 Exchange Management Console.

Guy Recommends:  SolarWinds’ Free Bulk Mailbox Import ToolFree Download Bulk Mailbox Import Tool

Import users from a spreadsheet, complete with their mailbox.  Just provide a list of the users with the fields in the top row, and save as .csv file.  Then launch this FREE utility, match your Exchange fields with AD’s attributes, click and import the users.  Optionally, you can provide the name of the OU where the new mailboxes will be born.

There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:

  1. Bulk-import new users and mailboxes into Active Directory.
  2. Seek and zap unwanted user accounts.
  3. Find inactive computers.

Download your FREE bulk mailbox import tool.

Summary – Install the Exchange CAS Role for Exchange 2007 Server

Actually, the CAS role for Exchange 2007 server is installed by default.  However, it is easy to add CAS as a role if you omit to select this role on the initial installation.  Two things you should remember about Exchange CAS, this role is needed for each site where you have Exchange 2007 Mailbox servers, and CAS is the gateway for OWA clients.

Although Outlook communicates directly with the Mailbox server, it uses the Client Access server role to connect to Exchange mailboxes when you are using Outlook Anywhere (formerly known as RPC over HTTP) and for services such as the Autodiscover service and the Availability service. The Client Access server role also enables users to use such Unified Messaging features as Play on Phone.  

Credit and acknowledgement Alain Laventure provided the screenshots, the detailed steps and the background for this CAS article.

If you like this page then please share it with your friends


See more Microsoft Exchange Server 2007 topics:

Exchange 2007 Home   • SP1   • Migration Advice   • Transition Checklist   • Compatibility  • Edge

Install  • Server Roles   • CAS Role   • Hub Transport  • SMTP Connector  • Exchange CCRExBPA

Mailbox Role   • Create Mailbox   • Mailbox Stores   • Recipients   • GAL   • Free Syslog Analyser