Outlook 2003 & Exchange 2010

Problems connecting Outlook 2003 to Exchange 2010 could turn out to be an unpleasant surprise after migrating to Exchange Server 2010 over the weekend. The problem is caused by Outlook 2003 not using encrypted RPC connections to the Exchange Server by default, and Exchange 2010 requiring  encrypted RPC connections (contrary to earlier Exchange versions). The solution is simple but you have several options; The way you should proceed not only depends on your situation but you also need to check the company’s security policies regarding communications encryption which might restrict your options.

Change how Outlook connects

Enabling RPC encryption in Outlook can be performed per configuration (Outlook profile) or using a Group Policy Object.To manual change the way Outlook connects:

  1. Open Control Panel > Mail > Show Profile > <Select Profile>
  2. Select Properties > E-mail Accounts > View or Change existing e-mail accounts
  3. Select Next > Microsoft Exchange Server > Change > More Settings > Microsoft Exchange Server > Security
  4. There, check Encrypt data between Microsoft Office Outlook and Microsoft Exchange Server
  5. Close everything with OK > Next > Finish > Close > OK.

You can also control the RPC encryption setting centrally for Outlook clients using the following registry value as part of a GPO:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Outlook\RPC
DWORD: EnableRPCEncryption
Value: 1

For a more detaild guide on implementing the Outlook profile change or implementing the GPO using an administrative template, consult KB2006508.

Change how Exchange 2010 accepts
To change the way Exchange 2010 accepts RPC connections, i.e. disable the RPC encryption requirement, you need to disable the RPC encryption for Exchange Server 2010 CAS servers (remember, in Exchange 2010 RPC connections are handled by the CAS server role), use the following cmdlet:

Set-RpcClientAccess –Server <Server Name> –EncryptionRequired $False

Exchange 2010 & Outlook 2003 Notifications

Update (13 apr 2011): Rollup 3 for Exchange 2010 SP1 contains UDP support. To enable it, apply RU3 and set HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeRPC\ParametersSystem\EnablePushNotifications to 1 (REG_DWORD). More information in support article kb2009942.

New e-mail notifications from Exchange to Outlook, we receive them all the time. Most of us never look at the technique, because in most cases this works so there’s no need. But what if it doesn’t or you are experiencing delays? With Exchange 2010 this situation is more likely to occur than with earlier versions of Exchange, because many people are still using Outlook 2003 or earlier clients.  To understand why this happens, you need to understand how these notifications work (or should I say worked).

Note: To improve readability, you should read “Outlook 2003 or earlier versions in online mode” when it reads “Outlook 2003″ from here on, unless states otherwise.

When Outlook 2003 connects to Exchange, it tries to register itself to receive notifications. If registration is successful, Outlook 2003 tells Exchange on what port it expects (UDP) packages to arrive, and it by default this is in the port range 1024-65535. When sending notifications, the Exchange server will also open a dynamic port in this range and connect to the registered client port. After receiving the notification, Outlook 2003 will retrieve the message, will display it in the appropriate folder, make a sound, show a systray icon, change your cursor, etc. When the registration for new mail notifications fails, Outlook 2003 will use a polling mechanism the check for changes.

Now, with Exchange 2010 this behavior has changed because Exchange 2010 does not send these kind of notifications to Outlook 2003 (i.e. UDP notifications were removed). Therefor, Outlook 2003 will revert to polling, which by default is set to 1 minute. This means in worst case users will be notified of new e-mail after approximately 1 minute, where (sort of) real-time feedback is expected. To make things worse in terms of user experience, this also means delays in visible feedback on any folder updates, e.g. e-mail seems to stay in outbox, deleted items not being deleted, moved items not being moved, etc.

The related knowledge base article (kb2009942) mentions two solutions. One solution is a mere pretext and explains increasing the polling frequency. To do so, it requires applying Exchange 2010 Rollup 1 on the CAS server and configuring the following registry key on that CAS server:

HKLM\CurrentControlSet\Services\MSExchangeRPC\ParametersSystem\Maximum Polling Freqeuency (DWORD, range 5000-120000)

The reason for performing this step on the CAS server is that Exchange 2010 will determine the polling frequency, not the client. The setting will work immediately, but clients need to reconnect in order for the new value to become effective. Note that setting this value lower than 5000 has no effect because Outlook 2003’s minimum poll rate is 5000.

Another solution is to enable cached mode for Outlook 2003 clients. This will not solve the delay in receiving new e-mail notifications, but it will solve the most annoying issue, being the delay in visual feedback. In cached mode users won’t notice the delay because they’re working with a local copy of their mailbox. Any changes (sends, deletes, moves) will happen in the local cached file (OST), and Outlook will update their Exchange mailbox in the background.

The article fails to mention the third solution: upgrade! The reason Outlook 2007 doesn’t have this issue is that Outlook 2007 (and later) support a third method: asynchronous (push notification). And as you’ve probably guessed, Exchange 2010 (and Exchange 2007) supports this method as well.

Exchange Online Connector for Outlook 2003

Today Microsoft released the Microsoft Exchange Online Connector for Outlook 2003 version 1.0. With this connector you can connect to Exchange Online using Outlook 2003 for free/busy lookups and to download the offline address book.

Be advised that the connector is not supported on Windows 7 or on any x64 version of Windows.

You can download the connector here.