Exchange Online Load Balancing of Mailboxes – Considerations to Outlook Clients

Posted on


For Exchange Online Administrators who hear from their users that they “sometimes” get disconnected and reconnected quickly and wondering…what is going on…this posting is for you!


Exchange Online is constantly reviewing Exchange Mailbox Servers, determining if the right load or amount of mailboxes are on the Exchange Server.  As you know, the Exchange Store, Database Availability Groups (DAG), etc all play a part in how many mailboxes should be located on a server.  EXO makes sure that no servers are NOT overburdened to make sure all users, using any mail application, are not impacted by slow or sluggish performance.

To this end, Office 365 Exchange Admins may notice from time to time, through an Exchange Hybrid Server or Exchange Online Remote PowerShell that EXO mailboxes are being moved, with a move designation as local. This signifies that the mailbox is being load balanced onto another backend mailbox server and don’t worry, this is an Online Move, which means the MBX is being copied/moved over to a new server to provide the best server resources available.  As a result of the Online Move, once complete the original MBX is removed, Active Directory and Exchange are updated to the new location of the mailbox and the Outlook user will reconnect to, which then connects to the new mailbox server and mailbox.

Outlook Users

For those users whose MBXs are being moved to provide the best possible server health and access, they may see Outlook show as Disconnected and then quickly show Connected, with each Outlook connection changing within seconds or less.  In order to minimize the impact to users, the best possible configuration for Outlook users is the following, which allows Outlook to send credentials when asked without being prompted.

  1. Internet Explorer
    1. Why IE?  IE leverages the OS’ WinInet, which is used by socket based applications and when EXO asks for credentials and you add the following to your IE Security Zone settings, Outlook is able to release those credentials without being prompted to manually enter them
      1. Internet Explorer –> Tools –> Internet Options –> Security –> Local Intranet –> Sites –> Advanced
        1. For Active Directory Federation Service (ADFS) SSO (Single Sign-On) users add:
          1. https://*
          2. https://*
        2. For non ADFS users
          1. https://*
  2. Outlook
    1. When connecting to Exchange Online via Outlook, make sure each user uses the Save or Remember Me authentication dialog box.  This saves the users credentials into the Windows Operating System’s Credential Manager (CredMan), so when/if their mailbox is moved and Outlook must reconnect to an Exchange Online CAFE Server (Client Access Front-End), EXO will ask “who are you” and CredMan will silently pass those credentials and allow the Outlook client to quickly reconnect!

Whatcha thinkin?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s