Administration of Active Directory does not have to be hard. Too often what should be a simple task is made more difficult than it needs to be.The solution? Hyena from SystemTools Software. With ease-of-use as well as powerful importing and bulk updating capabilities.
Prevent Outlook from connecting if RPC encryption is not enabled.
I would like to prevent Outlook 2010 and 2013 clients from connecting if RPC encryption is disabled/unchecked. I'm using a Exchange 2010 server and I've configured a setting that should accomplish this (unless I'm missing something).
Set‐MailboxServer <ServerName> ‐MapiEncryptionRequired:$t
I've also check the following command and "EncryptionRequired" is set to true.
Get‐RpcClientAccess | fl Server,EncryptionRequired
However, when I run Outlook with the RPC encryption feature unchecked, I'm still able to connect to the exchange server, and send messages. One thing I noticed is the address book is no longer works, so I think I'm on the right track. Is there anything I'm missing? Thank you for your time.
Set‐MailboxServer <ServerName> ‐MapiEncryptionRequired:$t
I've also check the following command and "EncryptionRequired" is set to true.
Get‐RpcClientAccess | fl Server,EncryptionRequired
However, when I run Outlook with the RPC encryption feature unchecked, I'm still able to connect to the exchange server, and send messages. One thing I noticed is the address book is no longer works, so I think I'm on the right track. Is there anything I'm missing? Thank you for your time.
Asked:
6-
5
3 Solutions
Amit: I've have on exchange 2010 server that's in production. I also have a exchange 2013 server install, but I haven't migrated any mailboxes to the new server. But I did apply the configuration to both servers.
Will: This Technet link is what I used to configure and verify RPC encryption.
Will: This Technet link is what I used to configure and verify RPC encryption.
So here is a twist. I am sure you know, how clients now connect to Exchange 2013. Everything is now http. How you installed Exchange 2013, multi-role or you separated the roles?
Also, you need to tell your Exchange design, how many servers in total, how many sites they are spread out.
Also, you need to tell your Exchange design, how many servers in total, how many sites they are spread out.
When I installed Exchange 2013, I installed both CAS and mailbox, since we will be decommissioning exchange 2010 server at some point. I only have 1 active exchange 2010 server. The exchange 2013 server is not being used at this time until we're ready to move mailboxes. Both servers are on the same network.
I've shutdown the Exchange 2013 server, and test Outlook 2010 and 2013 without using RPC encryption. Unfortunately, I'm still able to connect to the server and send messages.
Ok Restart RPC Client Access services on your Exchange 2010 server and test again. Suggest you to check this as well
http://www.msexchange.org/articles-tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-exchange-2010-part2.html
http://www.msexchange.org/articles-tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-exchange-2010-part2.html
I've restarted the RPC Client Access service. But I'm still able to connect to the exchange server, and send messages. I'm reviewing the MSExchange,org article now.
I haven't been able to prevent outlook clients from connecting to the exchange server. For now, I've downloaded the office 2010 and 2013 admin templates and created a group policy that enforces RPC encryption (or prevents the user from disabling the setting).
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
Take a look at the technet below to ensure that you have done all of the steps accordingly, and haven't missed anything.
Technet for Encrypted Connections
Will.