Exchange Server

Outlook 2003 and Exchange Server 2010 RPC Encryption

Avatar photo
Post author:Written By 5 Comments

The earliest version of Microsoft Outlook that is supposed for Exchange Server 2010 is Outlook 2003.  However the Exchange Server 2010 environment is not necessarily configured for Outlook 2003 support by default.

When you are deploying Exchange Server 2010 in an environment in which Outlook 2003 is still in use there are some steps to be aware of.

Exchange Server 2010 Setup

For organizations that are migrating from Exchange Server 2003 to Exchange Server 2010 setup will automatically add support for legacy Outlook versions (Outlook 2003).  This means that a Public Folder database will be provisioned automatically on the Mailbox Server role if it is the first one being installed.  Subsequent Mailbox Servers will not automatically be provisioned with a Public Folder database.

Alternatively if you are deploying Exchange Server 2010 for a new organization that will be using Outlook 2003 (eg a business migrating from a third party email system) you can specify the /EnableLegacyOutlook setup parameter to enable Outlook 2003 support.  Again this only applies when installing the first Mailbox Server into the organization.

RPC Encryption

Exchange Server 2010 requires encryption of RPC communications by default.  Outlook 2003 has encryption disabled by default in Outlook profiles.  This results in an error message when Outlook 2003 clients attempt to connect to an Exchange Server 2010 mailbox.

Note: If you deploy your servers with Exchange Server 2010 SP1 it does not require RPC encryption by default.

Outlook 2003 and Exchange Server 2010 RPC Encryption
Outlook 2003 error connecting to Exchange 2010 mailbox

Your Microsoft Exchange Server is unavailable.

There are two ways to resolve this.

  • Enable encryption in the Outlook 2003 profile
  • Disable the encryption requirement on the Exchange 2010 Client Access server

Enable Outlook 2003 Encryption for Exchange 2010 Mailboxes

Open the Outlook 2003 profile and navigate to More Settings.

Outlook 2003 and Exchange Server 2010 RPC Encryption
Outlook 2003 profile settings

Choose the Security tab and tick the box to enable encryption.

Outlook 2003 and Exchange Server 2010 RPC Encryption
Enabling encryption for Outlook 2003 with Exchange 2010

Microsoft also provides a custom ADM so that you can make this change to multiple users at once using Group Policy.

Disable the Encryption Requirement on Exchange 2010 Client Access Servers

If you don’t want to make changes to Outlook profiles you can turn off the encryption requirement on the Client Access server instead.

Note that that this only disables the requirement, Outlook clients can still make encrypted connections.

Launch the Exchange Management Shell and run the following command.

[PS] C:\>Set-RpcClientAccess -Server EX3 -EncryptionRequired $false

In this example the encryption requirement is disabled for server EX3.  However you will find that Outlook 2003 clients still can’t open Public Folders.  If you examine the output of the Get-RPCClientAccess command you can see why.

[PS] C:\>Get-RpcClientAccess

Server          Responsibility            MaximumCo Encryptio
                                          nnections nRequired
------          --------------            --------- ---------
EX3             Mailboxes                 65536     False
EX2             PublicFolders             65536     True
EX4             Mailboxes                 65536     True
EX1             PublicFolders             65536     True

Note how the servers that are responsible for Public Folders still have the encryption requirement enabled. Even though MAPI connections for Exchange 2010 mailboxes are made to the Client Access server, Public Folder MAPI connections are still made directly to the Mailbox server.

To disable the encryption requirement for all of the servers at once run the following command.

[PS] C:\>Get-RpcClientAccess | Set-RpcClientAccess -EncryptionRequired $false

All of the servers will now reflect the change, and Outlook 2003 clients can connect to both their mailbox and the Public Folders.

[PS] C:\>Get-RpcClientAccess

Server          Responsibility            MaximumCo Encryptio
                                          nnections nRequired
------          --------------            --------- ---------
EX3             Mailboxes                 65536     False
EX2             PublicFolders             65536     False
EX4             Mailboxes                 65536     False
EX1             PublicFolders             65536     False
Tags: ,

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Ron 22 Mar 2012 Reply

    “Note that that this only disables the requirement, Outlook clients can still make encrypted connections.”

    Thank you so much for posting that simple sentence. I found a dozen sites that explained how to disable encryption but no others that I found (including TechNet) have clarified that very important point. Although I could have assumed that is would still be supported, you know how well this job goes when you assume things. For anyone who wants to ensure that older Outlook 2003 clients can continue to connect unencrypted, while ensuring that Outlook 2010 clients can be configured to require encryption, it is critical to know this.

  2. Rene 13 Apr 2011 Reply

    Tx, Worked like a charm!

  3. Mital 18 Nov 2010 Reply

    Thanks a lot for this… instantly solved the problem with Outlook 2003. A very well written, simple post doing wonders!

  4. Turbomcp 21 Sep 2010 Reply

    Hi
    thanks for the nice information
    there is just one little thing you forgot to mention
    outlook 2003 also needs an update to be installed(i think it resolves notifications changes between the server and the client)
    http://support.microsoft.com/kb/2212002

    Thanks again

Leave a Reply