Can’t Connect Outlook 2003 To Exchange 2010. Unable To Open Your Default E-mail Folders…

Share & Comment

I was trying to connect to my Exchange 2010 RC Server with Outlook 2003, but couldn’t connect successfully. I tried with Outlook 2007 & 2010 and was able to connect successfully. That made me search whether Outlook 2003 is a supported client and it is. The error message is “Unable to open your default e-mail folders”
O1
After playing around for a while, I found the solution. Before I jump in to the fix, let me explain a few changes in Exchange 2010 in terms of MAPI connectivity.

  • All MAPI clients connecting to Exchange 2010 server connects to the mailbox through the CAS Server.
  • A new service named Exchange RPC Client Access is introduced in 2010 CAS which handles all MAPI connections.
  • All MAPI clients connect to the mailbox server directly in Exchange 2007.

Now that we know about the new RPC Client Service running on the 2010 CAS Server, lets bring up the full info by running Get-RpcClientAccess | fl
O0
We can see that this service needs rpc encryption and it is set to True by default.
Same is the case with Outlook 2007 & 2010 profiles! Encryption between Outlook and Exchange is enabled by default, which explains why these clients can connect to Exchange 2010 without any issues.
Outlook 2003 profiles don’t enable encryption by default.
O3
Once I checked the box, I could connect to my 2010 mailbox.
You can also disable the requirement of 2010 CAS servers to have encryption enabled by running Set-RpcClientAccess –server servername –EncryptionRequired $false. This is not recommended though!
If you have too many Outlook 2003 clients trying to connect to a 2010 server, you can enable encryption using Group Policy.

Share & Comment
Subscribe for Updates
Never miss a blog post again

66 thoughts on “Can’t Connect Outlook 2003 To Exchange 2010. Unable To Open Your Default E-mail Folders…

  1. Deepak Khandelwal

    Great article.. thanks for sharing

    In Exchange 2010, Outlook will be connecting to CAS which will atleast go with its name Client access server covering all types of clients

    But it does introduce one more problem with placing the cas role in the environment, now we will need CAS, hub and mailbox role in each site where there is mailboxes.. Not a big deal but it does require some planing for external owa connectivity in larger environment since you do not want external connection to each CAS server in the environment. It some environment, they might need didicated CAS for OWAactivesyncRPC-http with loadbalancing as in exchange 2007.

    May be it is better to have Mailbox and CAS role together (acting similar to Exch 2007 for outlook) and have HUBCAS role additional for external connectivity.

    I would be intrested to know how does outlook client determines which cas to use and how it is loadbalanced? Also by having outlook connection through CAS what are the sizing requirement to handle the load, does that means that you we need more CAS then mailbox server (since it act now more like database server)?

    cheers

    Reply
  2. Deepak Khandelwal

    Hi Rajith

    I was playing around with client connectivity and found that the Outlook 2007 do not automatically failover to active DAG Mailbox database server.

    I found the cause of it, the MAPI client connect to the perticular CAS based upon a attribute "RPCclientAccessServer" in mailbox database property, which is set statically when the mailbox database is created.

    Now you would expect that when active mailbox database fails, you will update the RPCClientaccessserver property in the database but that does not happen.

    Even worst when you have one mailbox server (NO DAG) and 2 CAS server (on seperate server to mailbox), when you create a database it will set RPCclientaccessserver to one of the CAS server and if that server is unavailable for any reason, the client will disconnect and will not failover to onother cas server.

    Looking around in web I found that you need to create a ClientAccessArray. using the powershell script

    New-ClientAccessArray -Fqdn casarray.domain.com -name casarray.domain.com -site sitename

    Even after creating this array which include both of CAS server in the environment, it does not do much.. I think there is still some bug in Exchange 2010 related to ClientAccessArray which is not working as expected.

    http://technet.microsoft.com/en-us/library/ee332317(EXCHG.140).aspx

    I even try to set the RPCclientAccessserver property to name of CLientaccessarray but that does not work since OUltook client will not be able to resolve the Clientaccessarray name.

    I guess New-Clientaccessarray is not doing its job by creating a NLB on both the CAS Box and creating necessary DNS records. Not much documentation is provided on ClientAcessArray by MS yet.

    As I mention in my earlier post, moving MAPI client to CAS server does require more planning and configuration..

    I wounder how Outlook 2010 client works in this case?

    Hope MS will resolve this in RTM..

    Reply
  3. Davy

    This may sound stupid, but I can't configure my clients to receive the new security settings. I even followed this microsoft article: http://support.microsoft.com/kb/2006508. When I gpupdate /force my client to receive the new GPO, it changes his security settings but the checkbox in outlook – encryption isn't ticked?

    Have any of you already implemented this using GPO's or used another way to do this?

    My client runs win xp sp3 with outlook 2003.

    Davy

    Reply
  4. Davy

    Hi Rajith,

    I made it work, you have to be really careful when copying the text of the microsoft article because i always was getting the error when importing the administrative template there was a problem at line 16.

    CLASS USER

    CATEGORY "Outlook 2003 RPC Encryption"
    CATEGORY "Exchange settings"

    POLICY "Enable RPC Encryption"
    KEYNAME SoftwarePoliciesMicrosoftOffice11.0OutlookRPC
    PART "Encrypt data between Microsoft Office Outlook and Microsoft Exchange" CHECKBOX
    VALUENAME EnableRPCEncryption
    VALUEON NUMERIC 1 DEFCHECKED
    VALUEOFF NUMERIC 0
    END PART
    END POLICY

    END CATEGORY
    END CATEGORY

    Also i forgot to replicate to my DC who was in another site that i used for testing. My users running outlook 2003 now have the encryption option enabled by default and are not allowed to change it. It also works fine on our terminal servers.

    Much thanks,

    Davy

    Reply
  5. Anonymous

    Hi Rajith,
    Thank you very much, this was my exact error and solution.
    You might want to indicate that Outlook 2003 can still access Exchange 2003 server mailboxes with encryption checked so a GP could be rolled out before mailboxes are moved without affecting connectivity.

    McCue

    Reply
  6. Rajith Jose Enchiparambil

    Thanks McCue.

    Yes, a group policy with custom adm template can be used to automatically force Outlook 2003 to use an encrypted channel between the client & the exchange server.

    I will write about how to do this very soon.

    Reply
  7. Anonymous

    To answer Deepak's question on CASArray, you need to create a DNS record for the name that will be CASArray, you also need to either use hardware load balancer and point the name you created in step above to the hardware load balancer IP. If you choose to use Windows NLB instead, you will need to configure it on all CAS servers that will participate in array and assign it a unique IP. Using the cmdlet to create CASArray just tells CAS servers that an array exists. It does not work until you actually setup that array by using hardware or windows NLB.

    Reply
  8. Dave M

    helpful post – put in a new Exchange 2010 box over the weekend, all my 2007 clients were fine, but my one 2003 client was not. This past was first on google and extremely helpful

    Reply
  9. Anonymous

    I just migrated my exchange server to 2010. Clients are running a mix of outlook 03/07. Everyone on outlook 07 is working but only the machines that are less then 3-4 years old are getting the policy. Is there any prerequisites (such as SP3) for this to work. There are about 2500 computers in my company and around 400 are having this problem so help will be greatly appreciated.

    Reply
  10. Rajith Jose Enchiparambil

    Hi,

    Doesn't the policy tell you the clients supported? You can see that normally at the bottom of the window, when the option is double clicked.

    Isn't non-OutlookSP3 machines getting the policy? Or is it the OS service pack? Does it work if you manually enalbe one of the clients?

    Thanks.

    Reply
  11. Mark0

    zNot for me I still get the password box when i open outlook, if it type it in it connects but always asks for password :|

    Reply
  12. Pingback: Exchange 2007/2010 coexistance in a single server deployment « PC LOAD LETTER

  13. Pingback: Exchange 2007/2010 coexistence in a single server deployment « PC LOAD LETTER

  14. InDublin

    This was just what I needed to hear this morning after moving mailboxes to Exchange 2010 last night for our users.

    The solution worked fine, except for the Office XP user, of which I’ve only found one so far.

    I’ve moved their mailbox back to the 2003 server for now, until I can upgrade their Office install.

    Thanks Alot

    InDublin

    Reply
  15. Jason Payne

    I cannot find those settings to check that box… my Outlook closes automatically after the error how am I supposed to find this option to check it?

    Reply
    1. Rajith Enchiparambil

      Hi Jason,

      Don’t fully configure the profile. Set the server name etc and click on “More Settings”, before clicking “Next.

      Reply
  16. Simon Shaw

    Thanks for this, was stumped for a while. We have ONE Outlook 2003 user left out of around 300 staff. He’s a director though. Much appreciated.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>