Prevent Outlook from connecting if RPC encryption is not enabled.

I would like to prevent Outlook 2010 and 2013 clients from connecting if RPC encryption is disabled/unchecked. I'm using a Exchange 2010 server and I've configured a setting that should accomplish this (unless I'm missing something).
Set‐MailboxServer <ServerName> ‐MapiEncryptionRequired:$true
I've also check the following command and "EncryptionRequired" is set to true.
Get‐RpcClientAccess | fl Server,EncryptionRequired
However, when I run Outlook with the RPC encryption feature unchecked, I'm still able to connect to the exchange server, and send messages. One thing I noticed is the address book is no longer works, so I think I'm on the right track. Is there anything I'm missing? Thank you for your time.
Domenic DiPasqualeSystem / Network AdministratorAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
AmitConnect With a Mentor IT ArchitectCommented:
That was the last option, you can try. Push it via GPO, so it will force user to use RPC Encryption.
0
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
From what you have illustrated above it appears correct. Does this happen with all clients?

Take a look at the technet below to ensure that you have done all of the steps accordingly, and haven't missed anything.
Technet for Encrypted Connections

Will.
0
 
AmitIT ArchitectCommented:
How many CAS servers  you have in  your environment. As you need to run this on all CAS servers.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Domenic DiPasqualeSystem / Network AdministratorAuthor Commented:
Amit: I've have on exchange 2010 server that's in production. I also have a exchange 2013 server install, but I haven't migrated any mailboxes to the new server. But I did apply the configuration to both servers.

Will: This Technet link is what I used to configure and verify RPC encryption.
0
 
AmitIT ArchitectCommented:
So here is a twist. I am sure you know, how clients now connect to Exchange 2013. Everything is now http. How you installed Exchange 2013, multi-role or you separated the roles?

Also, you need to tell your Exchange design, how many servers in total, how many sites they are spread out.
0
 
Domenic DiPasqualeSystem / Network AdministratorAuthor Commented:
When I installed Exchange 2013, I installed both CAS and mailbox, since we will be decommissioning exchange 2010 server at some point. I only have 1 active exchange 2010 server. The exchange 2013 server is not being used at this time until we're ready to move mailboxes. Both servers are on the same network.
0
 
AmitIT ArchitectCommented:
Go and shut down your Exchange 2013 and then test again. Let me know the result.
0
 
Domenic DiPasqualeSystem / Network AdministratorAuthor Commented:
I've shutdown the Exchange 2013 server, and test Outlook 2010 and 2013 without using RPC encryption. Unfortunately, I'm still able to connect to the server and send messages.
0
 
AmitConnect With a Mentor IT ArchitectCommented:
Ok Restart RPC Client Access services on your Exchange 2010 server and test again. Suggest you to check this as well
http://www.msexchange.org/articles-tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-exchange-2010-part2.html
0
 
Domenic DiPasqualeSystem / Network AdministratorAuthor Commented:
I've restarted the RPC Client Access service. But I'm still able to connect to the exchange server, and send messages. I'm reviewing the MSExchange,org article now.
0
 
AmitIT ArchitectCommented:
Ok, check the article.
0
 
Domenic DiPasqualeSystem / Network AdministratorAuthor Commented:
I haven't been able to prevent outlook clients from connecting to the exchange server. For now, I've downloaded the office 2010 and 2013 admin templates and created a group policy that enforces RPC encryption (or prevents the user from disabling the setting).
0
All Courses

From novice to tech pro — start learning today.