Can’t Connect Outlook 2003 To Exchange 2010. Unable To Open Your Default E-mail Folders…

Share & Comment

I was trying to connect to my Exchange 2010 RC Server with Outlook 2003, but couldn’t connect successfully. I tried with Outlook 2007 & 2010 and was able to connect successfully. That made me search whether Outlook 2003 is a supported client and it is. The error message is “Unable to open your default e-mail folders”
After playing around for a while, I found the solution. Before I jump in to the fix, let me explain a few changes in Exchange 2010 in terms of MAPI connectivity.

  • All MAPI clients connecting to Exchange 2010 server connects to the mailbox through the CAS Server.
  • A new service named Exchange RPC Client Access is introduced in 2010 CAS which handles all MAPI connections.
  • All MAPI clients connect to the mailbox server directly in Exchange 2007.

Now that we know about the new RPC Client Service running on the 2010 CAS Server, lets bring up the full info by running Get-RpcClientAccess | fl
We can see that this service needs rpc encryption and it is set to True by default.
Same is the case with Outlook 2007 & 2010 profiles! Encryption between Outlook and Exchange is enabled by default, which explains why these clients can connect to Exchange 2010 without any issues.
Outlook 2003 profiles don’t enable encryption by default.
Once I checked the box, I could connect to my 2010 mailbox.
You can also disable the requirement of 2010 CAS servers to have encryption enabled by running Set-RpcClientAccess –server servername –EncryptionRequired $false. This is not recommended though!
If you have too many Outlook 2003 clients trying to connect to a 2010 server, you can enable encryption using Group Policy.

Share & Comment
Subscribe for Updates
Never miss a blog post again
About the author: UC Architect, Blogger, Husband & Dad. I have been in IT for the last 12 years, with Exchange Server becoming the prime area in the last few years. I am active on Experts Exchange & TechNet forums and I am a technical author for SearchExchange.

64 comments… add one

  1. Deepak Khandelwal

    This post has been removed by the author.

  2. Deepak Khandelwal

    Great article.. thanks for sharing

    In Exchange 2010, Outlook will be connecting to CAS which will atleast go with its name Client access server covering all types of clients

    But it does introduce one more problem with placing the cas role in the environment, now we will need CAS, hub and mailbox role in each site where there is mailboxes.. Not a big deal but it does require some planing for external owa connectivity in larger environment since you do not want external connection to each CAS server in the environment. It some environment, they might need didicated CAS for OWAactivesyncRPC-http with loadbalancing as in exchange 2007.

    May be it is better to have Mailbox and CAS role together (acting similar to Exch 2007 for outlook) and have HUBCAS role additional for external connectivity.

    I would be intrested to know how does outlook client determines which cas to use and how it is loadbalanced? Also by having outlook connection through CAS what are the sizing requirement to handle the load, does that means that you we need more CAS then mailbox server (since it act now more like database server)?


  3. Deepak Khandelwal

    Hi Rajith

    I was playing around with client connectivity and found that the Outlook 2007 do not automatically failover to active DAG Mailbox database server.

    I found the cause of it, the MAPI client connect to the perticular CAS based upon a attribute "RPCclientAccessServer" in mailbox database property, which is set statically when the mailbox database is created.

    Now you would expect that when active mailbox database fails, you will update the RPCClientaccessserver property in the database but that does not happen.

    Even worst when you have one mailbox server (NO DAG) and 2 CAS server (on seperate server to mailbox), when you create a database it will set RPCclientaccessserver to one of the CAS server and if that server is unavailable for any reason, the client will disconnect and will not failover to onother cas server.

    Looking around in web I found that you need to create a ClientAccessArray. using the powershell script

    New-ClientAccessArray -Fqdn -name -site sitename

    Even after creating this array which include both of CAS server in the environment, it does not do much.. I think there is still some bug in Exchange 2010 related to ClientAccessArray which is not working as expected.

    I even try to set the RPCclientAccessserver property to name of CLientaccessarray but that does not work since OUltook client will not be able to resolve the Clientaccessarray name.

    I guess New-Clientaccessarray is not doing its job by creating a NLB on both the CAS Box and creating necessary DNS records. Not much documentation is provided on ClientAcessArray by MS yet.

    As I mention in my earlier post, moving MAPI client to CAS server does require more planning and configuration..

    I wounder how Outlook 2010 client works in this case?

    Hope MS will resolve this in RTM..

  4. Anonymous

    That was right on the spot.
    Thanks for sharing.

  5. Thanks for the comment MM.

  6. Thanks for sharing this, exactly what I needed

  7. Glad to know it helped you Thaner.

  8. Anonymous

    Very good information, it helped me very much. Thank you

  9. Glad to know that it helped you Anonymous. Thanks for the comment.

  10. Anonymous

    Thank you, just the information I was looking for.

  11. Thanks for the comment Anonymous. Would be nice to leave your name.

  12. Rajith, we are currently implementing migration from 2003 to 2010, your article was a big help for me

    Thank you


    Davy Neirynck

  13. Glad that the article helped you Davy.

  14. This may sound stupid, but I can't configure my clients to receive the new security settings. I even followed this microsoft article: When I gpupdate /force my client to receive the new GPO, it changes his security settings but the checkbox in outlook – encryption isn't ticked?

    Have any of you already implemented this using GPO's or used another way to do this?

    My client runs win xp sp3 with outlook 2003.


  15. Hi Davy,

    Do you have SP3 on Outlook 2003? I haven't done it myself. I will test this in my lab & update you.

  16. Hi Rajith,

    I made it work, you have to be really careful when copying the text of the microsoft article because i always was getting the error when importing the administrative template there was a problem at line 16.


    CATEGORY "Outlook 2003 RPC Encryption"
    CATEGORY "Exchange settings"

    POLICY "Enable RPC Encryption"
    KEYNAME SoftwarePoliciesMicrosoftOffice11.0OutlookRPC
    PART "Encrypt data between Microsoft Office Outlook and Microsoft Exchange" CHECKBOX
    VALUENAME EnableRPCEncryption


    Also i forgot to replicate to my DC who was in another site that i used for testing. My users running outlook 2003 now have the encryption option enabled by default and are not allowed to change it. It also works fine on our terminal servers.

    Much thanks,


  17. Hi Davy,

    Didn't get time to test it yesterday. Glad that you have sorted it out. And thanks for the update.

  18. Anonymous

    Hi Rajith,
    Thank you very much, this was my exact error and solution.
    You might want to indicate that Outlook 2003 can still access Exchange 2003 server mailboxes with encryption checked so a GP could be rolled out before mailboxes are moved without affecting connectivity.


  19. Thanks McCue.

    Yes, a group policy with custom adm template can be used to automatically force Outlook 2003 to use an encrypted channel between the client & the exchange server.

    I will write about how to do this very soon.

  20. you saved my life dude!

  21. Happy to know that the article helped you Gert.

  22. Anonymous

    To answer Deepak's question on CASArray, you need to create a DNS record for the name that will be CASArray, you also need to either use hardware load balancer and point the name you created in step above to the hardware load balancer IP. If you choose to use Windows NLB instead, you will need to configure it on all CAS servers that will participate in array and assign it a unique IP. Using the cmdlet to create CASArray just tells CAS servers that an array exists. It does not work until you actually setup that array by using hardware or windows NLB.

  23. Anonymous

    You saved my life too. Thank you much.

  24. Thanks Anonymous.

  25. Anonymous

    Good Good Good, thank you

  26. Thanks Anonymous.

  27. Anonymous

    Big help, thanks!

  28. Thanks Anonymous.

  29. Anonymous

    Thanks a lot! You saved my day for sure. :]

    Greetings from Norway.

  30. Thanks Anonymous from Norway…

  31. helpful post – put in a new Exchange 2010 box over the weekend, all my 2007 clients were fine, but my one 2003 client was not. This past was first on google and extremely helpful

  32. Hi Dave,

    Happy to know that this post helped you solve your issue.

  33. Anonymous

    Thanks a lot

  34. Thanks Anonymous.

  35. I believe the command should be
    Set-RpcClientAccess -Server "Servername" -EncryptionRequired $False

  36. Thanks David.

    I have changed it in the post.

  37. Anonymous

    I just migrated my exchange server to 2010. Clients are running a mix of outlook 03/07. Everyone on outlook 07 is working but only the machines that are less then 3-4 years old are getting the policy. Is there any prerequisites (such as SP3) for this to work. There are about 2500 computers in my company and around 400 are having this problem so help will be greatly appreciated.

  38. Hi,

    Doesn't the policy tell you the clients supported? You can see that normally at the bottom of the window, when the option is double clicked.

    Isn't non-OutlookSP3 machines getting the policy? Or is it the OS service pack? Does it work if you manually enalbe one of the clients?


  39. Anonymous

    thanks a bunch. I wasn't aware of this and I was having just that problem at a client!

  40. Good to know that it helped you. Thanks.

  41. Anonymous

    Thanks for this, it solved my problem and answered the question as to why

  42. Thanks Anonymous.

  43. Mark0

    zNot for me I still get the password box when i open outlook, if it type it in it connects but always asks for password :|

  44. Hi Mark, Is it for Outlook 2007+ clients? If so, run "test email configuration" and see whether the urls are set properly.

    Is this happening in Outlook 2003?

  45. Mark0

    yes happening both in 2003 and 2007

  46. Mital Shah

    Excellent post, thank you!

  47. Thanks Mital.

  48. Anonymous

    Great Thanks a Lot !!!!

  49. Thanks Anonymous

  50. Divya

    Many thanks for such informative post.I am very happy to knew about it…

  51. UK

    Thank you that really helped me :)

    1. Rajith Enchiparambil

      No problem UK

  52. George

    Thanks a lot, guy. Well done.

    1. Rajith Enchiparambil

      Thanks George.

  53. InDublin

    This was just what I needed to hear this morning after moving mailboxes to Exchange 2010 last night for our users.

    The solution worked fine, except for the Office XP user, of which I’ve only found one so far.

    I’ve moved their mailbox back to the 2003 server for now, until I can upgrade their Office install.

    Thanks Alot


    1. Rajith Enchiparambil

      Glad to help InDublin.

  54. Jason Payne

    I cannot find those settings to check that box… my Outlook closes automatically after the error how am I supposed to find this option to check it?

    1. Rajith Enchiparambil

      Hi Jason,

      Don’t fully configure the profile. Set the server name etc and click on “More Settings”, before clicking “Next.

  55. Simon Shaw

    Thanks for this, was stumped for a while. We have ONE Outlook 2003 user left out of around 300 staff. He’s a director though. Much appreciated.

    1. Rajith Enchiparambil

      No problem Simon. Let me know if you have any questions!


  56. uday

    what about problem occurred for single usermailbox

    1. Rajith Enchiparambil

      Can you explain a bit more Uday?

  57. neil

    thanks alot its really a big help

    1. Glad it helped Neil.

Leave a Comment