People are likely going to the other server due to Autodiscover, which updates automatically in AD when you install the CAS role on the server. You need to have everyone in the org use a DNS alias for autodiscover. Autodiscover needs to point to either a single CAS or a CAS Array that is represented by a single virtual IP address provided by a load balancer. If you do not have a load balancer you can use built in Windows Network Load Balancing (WNLB), but the caveat is that if you use WNLB in Exchange 2010 you cannot have the mailbox role installed on the server you are load balancing with. Only CAS or CAS/HUB.
An example in my org: CAS server 1: 192.168.1.100 CAS server 2: 192.168.1.101 Load Balancer: 192.168.1.200 email.domain.com: DNS A record point to 192.168.1.200 autodiscover.domain.com: DNS CNAME Alias point to email.domain.com This way, if you want to decommission a CAS server, everyone will go to the other CAS server without issue. DNS aliases are your friend in Exchange. Just make sure to use a SAN certificate and put ALL of the names in the cert that could possibly be used by clients to connect to. http://social.technet.microsoft.com/Forums/exchange/en-US/40cbe4bc-8b7b-438a-9c28-668e4211acf1/moving-client-access-role-to-different-server http://technet.microsoft.com/en-us/library/bb201695(v=exchg.141).aspx http://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx http://blogs.technet.com/b/ucedsg/archive/2009/12/06/how-to-setup-an-exchange-2010-cas-array-to-load-balance-mapi.aspx On Fri, Sep 5, 2014 at 10:22 AM, Dave Lum <[email protected]> wrote: > Exchange 2010: If I build a new CAS server with a different name, is it > difficult to move the services over and decommission the old one? Our > current CAS server works but is slow... > > I know there SSL to worry about, and the rpcclientaccessserver property, > what else? I am used to SMB single-box Exchange setups and have inherited > a single-CAS/dual Mailbox setup. > > What was suggested to me by the team here was build a new CAS server and > just move things over to the new CAS. What I did was build a new CAS > server (by this I mean a server with Exchange 2010 and HT/CAS roles > installed and our wildcard cert installed, but I did nothing else to our > environment) but what I didn't realize is that apparently some clients are > connecting with the new CAS server as they're getting a security message > that's effectively "NWECAS.OCHIN.ORG name does not match the security > certificate". > > I also didn't know if it made more sense to implement a CAS array instead > to give more options going forward. > > Thoughts? > > Dave > > > >
