The earliest version of Microsoft Outlook that is supposed for Exchange Server 2010 is Outlook 2003. However the Exchange Server 2010 environment is not necessarily configured for Outlook 2003 support by default.
When you are deploying Exchange Server 2010 in an environment in which Outlook 2003 is still in use there are some steps to be aware of.
Exchange Server 2010 Setup
For organizations that are migrating from Exchange Server 2003 to Exchange Server 2010 setup will automatically add support for legacy Outlook versions (Outlook 2003). This means that a Public Folder database will be provisioned automatically on the Mailbox Server role if it is the first one being installed. Subsequent Mailbox Servers will not automatically be provisioned with a Public Folder database.
Alternatively if you are deploying Exchange Server 2010 for a new organization that will be using Outlook 2003 (eg a business migrating from a third party email system) you can specify the /EnableLegacyOutlook setup parameter to enable Outlook 2003 support. Again this only applies when installing the first Mailbox Server into the organization.
Exchange Server 2010 requires encryption of RPC communications by default. Outlook 2003 has encryption disabled by default in Outlook profiles. This results in an error message when Outlook 2003 clients attempt to connect to an Exchange Server 2010 mailbox.
Note: If you deploy your servers with Exchange Server 2010 SP1 it does not require RPC encryption by default.
Your Microsoft Exchange Server is unavailable.
There are two ways to resolve this.
- Enable encryption in the Outlook 2003 profile
- Disable the encryption requirement on the Exchange 2010 Client Access server
Enable Outlook 2003 Encryption for Exchange 2010 Mailboxes
Open the Outlook 2003 profile and navigate to More Settings.
Choose the Security tab and tick the box to enable encryption.
Microsoft also provides a custom ADM so that you can make this change to multiple users at once using Group Policy.
Disable the Encryption Requirement on Exchange 2010 Client Access Servers
If you don’t want to make changes to Outlook profiles you can turn off the encryption requirement on the Client Access server instead.
Note that that this only disables the requirement, Outlook clients can still make encrypted connections.
Launch the Exchange Management Shell and run the following command.
[PS] C:\>Set-RpcClientAccess -Server EX3 -EncryptionRequired $false
In this example the encryption requirement is disabled for server EX3. However you will find that Outlook 2003 clients still can’t open Public Folders. If you examine the output of the Get-RPCClientAccess command you can see why.
[PS] C:\>Get-RpcClientAccess Server Responsibility MaximumCo Encryptio nnections nRequired ------ -------------- --------- --------- EX3 Mailboxes 65536 False EX2 PublicFolders 65536 True EX4 Mailboxes 65536 True EX1 PublicFolders 65536 True
Note how the servers that are responsible for Public Folders still have the encryption requirement enabled. Even though MAPI connections for Exchange 2010 mailboxes are made to the Client Access server, Public Folder MAPI connections are still made directly to the Mailbox server.
To disable the encryption requirement for all of the servers at once run the following command.
[PS] C:\>Get-RpcClientAccess | Set-RpcClientAccess -EncryptionRequired $false
All of the servers will now reflect the change, and Outlook 2003 clients can connect to both their mailbox and the Public Folders.
[PS] C:\>Get-RpcClientAccess Server Responsibility MaximumCo Encryptio nnections nRequired ------ -------------- --------- --------- EX3 Mailboxes 65536 False EX2 PublicFolders 65536 False EX4 Mailboxes 65536 False EX1 PublicFolders 65536 False
“Note that that this only disables the requirement, Outlook clients can still make encrypted connections.”
Thank you so much for posting that simple sentence. I found a dozen sites that explained how to disable encryption but no others that I found (including TechNet) have clarified that very important point. Although I could have assumed that is would still be supported, you know how well this job goes when you assume things. For anyone who wants to ensure that older Outlook 2003 clients can continue to connect unencrypted, while ensuring that Outlook 2010 clients can be configured to require encryption, it is critical to know this.
Tx, Worked like a charm!
Thanks a lot for this… instantly solved the problem with Outlook 2003. A very well written, simple post doing wonders!
thanks for the nice information
there is just one little thing you forgot to mention
outlook 2003 also needs an update to be installed(i think it resolves notifications changes between the server and the client)
Pingback: Outlook 2003 and Exchange Server 2010 | Exchange Server Pro « JC’s Blog-O-Gibberish