Exchange 2010 and Outlook 2003 clients - connection issues

by Henrik Walther [Published on 30 Aug. 2009 / Last Updated on 30 Aug. 2009]

Having a hard time connecting to an Exchange 2010 mailbox using an Outlook 2003 client? Here’s the deal. So as most of you already know Exchange 2010 introduces a new client access service named RPC Client Access. This service lives on the Client Access Server (CAS) and allows MAPI clients (Outlook) to connect to a CAS server just like pretty much all the other Exchange clients do nowadays (with WebDAV deprecated in Exchange 2010, even Entourage clients will  need to connect to the CAS). This means that Outlook clients no longer connect directly to an Exchange 2010 Mailbox server. Well, at least not when we’re speaking mailbox access (public folder connections will, after being authenticated by the RPC Client Access service on the CAS, be directed to the Mailbox server). One of the default settings for the RPC Client Access service is that it requires encryption for RPC connections. You can check this setting using the following command: Get-RpcClientAccess | fl This is not an issue if you use Outlook 2007 or Outlook 2010 since these Outlook versions have RPC encryption enabled by default, when you create a new Outlook profile, see below: But guess what? Yes the old Outlook 2003 version behaves differently. You see, when you create a new Outlook 2003 profile, RPC encryption is disabled by default in this client version. This means that if you migrate an Exchange 2003 or 2007 mailbox to Exchange 2010, or try to create a brand new Outlook 2003 profile against an Exchange 2010 mailbox, you won’t be able to connect to the mailbox. After authentication, you will instead

Having a hard time connecting to an Exchange 2010 mailbox using an Outlook 2003 client?

Here’s the deal. So as most of you already know Exchange 2010 introduces a new client access service named RPC Client Access. This service lives on the Client Access Server (CAS) and allows MAPI clients (Outlook) to connect to a CAS server just like pretty much all the other Exchange clients do nowadays (with WebDAV deprecated in Exchange 2010, even Entourage clients will  need to connect to the CAS).

This means that Outlook clients no longer connect directly to an Exchange 2010 Mailbox server. Well, at least not when we’re speaking mailbox access (public folder connections will, after being authenticated by the RPC Client Access service on the CAS, be directed to the Mailbox server).

One of the default settings for the RPC Client Access service is that it requires encryption for RPC connections. You can check this setting using the following command: Get-RpcClientAccess | fl

image

This is not an issue if you use Outlook 2007 or Outlook 2010 since these Outlook versions have RPC encryption enabled by default, when you create a new Outlook profile, see below:

image

But guess what? Yes the old Outlook 2003 version behaves differently. You see, when you create a new Outlook 2003 profile, RPC encryption is disabled by default in this client version.

30-08-2009 13-16-31

This means that if you migrate an Exchange 2003 or 2007 mailbox to Exchange 2010, or try to create a brand new Outlook 2003 profile against an Exchange 2010 mailbox, you won’t be able to connect to the mailbox. After authentication, you will instead receive a dialog box similar to the below (click on it to see it in full size):

image

The issue can be resolved in two ways. You can either enable RPC encryption in the Outlook 2003 profile (if you have many, you could do so via a GPO) or disable the RPC encryption requirement on the Exchange 2010 Client Access server. Enabling RPC encryption on the client is of course the recommended over disabling it server-side. If you insist on disabling this setting server-side, you can use the following command:

Set-RpcClientAccess –Server –EncryptionRequired $false

image

As you can see by running Get-RpcClientAccess | fl, the encryption requirement is now disabled, and you will be able to connect to your Exchange 2010 mailbox using Outlook 2003 clients that doesn’t have RPC encryption enabled (default mode).

Add Review or Comment

Featured Links