How to configure Exchange 2010 Client Access Server (CAS) Role

The Client Access server (CAS) role is one of five server roles for Microsoft Exchange Server 2010. CAS is placed in a DMZ or perimeter network facing internet that means CAS configured with a public IP accessible to external network. There are six components of CAS. Components are Outlook Web App, Exchange ActiveSync client applications, Post Office Protocol version 3 (POP3), Internet Message Access Protocol (IMAP) version 4, the Availability service and Auto discover Service. The Client Access server role also provides access to free/busy data by using the Availability service and enables certain clients to download automatic configuration settings from the Auto discover service.

The Client Access server role accepts connections to Exchange server 2010 from software clients such as Microsoft Outlook Express, Microsoft office Outlook and Eudora use POP3 or IMAP4 connections to communicate with the Exchange HT server. Hardware clients such as mobile phones, use ActiveSync, POP3 or IMAP4 to communicate with the Exchange server. You must install the Client Access server (CAS) role in every Exchange organization and every Active Directory Domain site that has the Mailbox server (HT) role installed.


Operating System requirement is similar to other Exchange Server roles. CAS does not store any mailboxes. CAS acts as a media in-between clients and HT server. you don’t need big storage for CAS server but the following Windows Server 2008 features must be installed. Outlook web access is a secure https web access. Web certificate and computer certificates must be installed in CAS server. To configure Outlook Anywhere you need to buy a SSL certificate from third party vendor such as verisign or godaddy.

1 02


2 3 4 5 6 7 8 9 10 




 13 14 15 16

Once you finish installation and configuration of CAS role. You have to create Outlook web publishing rule in Forefront TMG 2010 or ISA server otherwise you will be blocked by Forefront TMG.



Relevant Topics

Forefront TMG 2010: Publish Outlook Web Access and Exchange Servers using Forefront TMG 2010

Step by Step Guide on Exchange Server 2010 Edge Transport Role

Exchange Server 2010: Server Roles

Forefront Protection 2010: how to install and configure Forefront Protection 2010 for Exchange Server 2010—Step by step

share this Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

About Raihan Al-Beruni

My Name is Raihan Al-Beruni. I am working as an Infrastructure Architect in Data Center Technologies in Perth, Western Australia. I have been working on Microsoft technologies for more than 15 years. Other than Microsoft technologies I also work on Citrix validated solution and VMware data center virtualization technologies. I have a Masters degree in E-Commerce. I am certified in Microsoft, VMware, ITIL and EMC. My core focus is on cloud technologies. In my blog I share my knowledge and experience to enrich information technology community as a whole. I hope my contribution through this blog will help someone who wants more information on data center technologies.
This entry was posted in Exchange Server and tagged , , . Bookmark the permalink.

8 Responses to How to configure Exchange 2010 Client Access Server (CAS) Role

  1. Pingback: Exchange 2010 deployment in different firewall scenario « Information Technology Blog

  2. Rick says:

    Microsoft doesn’t support CAS in a perimeter network. The term “Internet-facing” is misleading. What they are really implying is a hub site that provides Internet connectivity, versus a remote site that requires access to the Internet through the hub site.



    • Hello Rick,

      Have tried back to back firewall? If you only open necessary port and close everything off. then I would say, nothing wrong. Exchange can be deployed so many ways. All my clients are different when comes to Exchange and Active Directory. I reckon, you just read Single Namespace with Proxy Sites section only. Please go to technet again and read Exchange deployment and design guide again.

      Again, you can be master in windows security and leave a port open by mistake that may bring catastrophie than why blame CAS in DMZ. tighten up DMZ and then place servers in DMZ. If you are too worried then use Forefront TMG as reverse proxy with OWA without looking which one leading or misleading.



  3. Ed says:

    Do the CAS server had to be in the AD under the installation? Wonder because its going to stand in the DMZ under other IP net then the AD/DC, but when trying to install a CAS server standalone I get error, asking about the AD, same with under installation on the AD error about active directory, it shold not have anything to the AD if it’s gonna act like an CAS server? strange


  4. Febri says:

    Dear mate,
    Your tutorial is great! Complete n helpful!
    I am looking forward.



  5. OC says:

    Dear Raihan,
    This is one of the best tutorials I have ever seen, and I’m pretty old / have seen a lot of them. I am going to use what you’ve written here as the core of my implementation because I have ZERO clue having never done this before.
    If I complete the task without looking at anyone else’s musings, can you tell me how I am going to put the ten stars at the top of the article?
    So far, you rule. Thank you very much for this article.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s