Exchange 2010 – Part 15 – Overview of the Exchange CAS Server Role

The Exchange 2010 CAS Server Role

In this post, we will review the purpose of the Client Access Server (CAS) Role in Exchange 2010.

We will discuss the following CAS Role aspects:

  • Outlook Web App
  • Exchange Active Sync
  • Outlook Anywhere
  • POP3 and IMAP
  • The Availability Service
  • The Autodiscover Service

Take for example the scenario: a Team Meeting to Discuss CAS role

  • The more mobile your users wish to be, the more the CAS Role comes into focus
  • You most likely will have mobile users that want to connect to Exchange using their browser, mobile, smart phone or tablet, through Outlook or some POP/IMAP oriented mail application
  • The role of an administrator is to ensure connectivity from any remote location, and that connectivity is provided without compromising security


The Evolution of CAS

  • Exchange 2000/2003 didn’t have CAS servers, they had “Front End” servers
  •      – With “Front End” servers, internal clients connected with Outlook using MAPI. MAPI is “Messaging Application Program Interface” – it allows you to send email with Outlook. MAPI is the protocol Outlook uses to connect with Exchange. Internal Outlook clients connected directly to Mailbox servers using MAPI over RPC.
  •      – External clients used the “Front End” as more of a proxy that could handle RPC over HTTP (for Outlook Anywhere), HTTPS (for Outlook Web Access, or OWA), and POP/IMAP. Clients connect in, provide credentials, and the Front End server would decide which mailbox to connect.
  • Exchange 2007 introduces the CAS role which is more than a proxy server but offloads a significant amount of the load that the mailbox servers typically handled
  •      – Internal MAPI clients still connect directly to the MB role. In 2007, The Client Access Role started to handle middle tier of a three tier application (the logic tier).
  • Exchange 2010 introduces a new service (MSExchangeRPC) so that the CAS Role is “true” middle tier. It now takes on the brunt of the work that the MailBox Role had to do in the past.

The Exchange 2010 CAS Role is Middle Tier

  • In Exchange 2010, the CAS Role handles both external and internal connections to the Mailbox role; with the exception of Public Folder connections. So whether they’re coming from OWA or Outlook inside the LAN, they will both go through the CAS Role.
  • MAPI and directory connections are handled by thte CAS server now, relieving a ton of load off the Mailbox server role, and ultimately increasing the number of concurrent connections to a Mailbox server (in Exchange 2007, we had 64K and now we have 250K).
  • By offloading the CAS features, now we have a lot more responsibility with CAS, so we need to ensure load balancing and CAS Array concerns as well as security concerns are met.

CAS Role Aspects

  •  Outlook Web App: Allows you to access email through a web browser (including IE, Firefox, Safari and Chrome). This used to be called “Outlook Web Access”. The biggest change that users appreciate is that it works in different browsers on the same level. It is handled by the CAS Role and IIS
  • Exchange ActiveSync: Allows you to synch your data between your mobile device or smart phone and Exchange – There are varying levels of ActiveSync support in devices and one key security element is remote wipe, which is not available for all devices.
  • Outlook Anywhere: Allows you to connect to your Exchange Mailbox externally using Outlook (RPC over HTTP) without going through a VPN connection. Its great for Outlook at home with the “In-house” experience.
  • POP/IMAP support – Mail clients other than Outlook (e.g. Mozilla Thunderbird/Live Mail) that connect with POP or IMAP are supported through the CAS role.
  • Availability Service: Shows free/busy data to Outlook 2007/2010 users.
  • Autodiscover Service: Helps Outlook clients and some mobile phones to automatically receive profile settings and locate Exchange services.

Looking at the Exchange Management Console:

Under Organization Configuration, you can make changes to the Client Access Role:


At this point you have two options, modify the default policy of Outlook Web App Policies or the Exchange ActiveSync Mailbox Policies.

As an administrator you can control functionality of the user experience and even the devices connecting to the CAS.

Is modifying the following options a good or bad April Fools joke to play on your User’s smart phones?

Click Image to Enlarge


Click Image to Enlarge

Maybe not such a good idea to mess with these…

Client Access under the Server Configuration Node in the EMC, provides us with much more configuration options.


Some of the different tabs located here are:

  • Outlook Web App – Config changes to owa Default Web Site
  • Exchange Control Panel – connected with IIS ecp default web site
  • Exchange ActiveSync – Configure IIS/ActiveSync default website
  • POP3/IMAP4 – configure these mail protocols
  • Offline Address Book Distribution – If you recall we talked about the OAB now being distributed through web services
  • Outlook Anywhere – in a future post we will hit the “Enable Outlook Anywhere…” feature and go through it’s configuration.

So in review we’ve explained the purpose of the Client Access Server roles, discussed the different CAS features, and toured the EMC locations for working with the Client Access Service.




A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. is an invaluable source for accurate, easy to understand, IT information and training.