Solved

Prevent Outlook from connecting if RPC encryption is not enabled.

Posted on 2015-01-05
12
101 Views
Last Modified: 2015-01-17
I would like to prevent Outlook 2010 and 2013 clients from connecting if RPC encryption is disabled/unchecked. I'm using a Exchange 2010 server and I've configured a setting that should accomplish this (unless I'm missing something).
Set‐MailboxServer <ServerName> ‐MapiEncryptionRequired:$true
I've also check the following command and "EncryptionRequired" is set to true.
Get‐RpcClientAccess | fl Server,EncryptionRequired
However, when I run Outlook with the RPC encryption feature unchecked, I'm still able to connect to the exchange server, and send messages. One thing I noticed is the address book is no longer works, so I think I'm on the right track. Is there anything I'm missing? Thank you for your time.
0
Comment
Question by:Domenic DiPasquale
  • 6
  • 5
12 Comments
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 167 total points
ID: 40531528
From what you have illustrated above it appears correct. Does this happen with all clients?

Take a look at the technet below to ensure that you have done all of the steps accordingly, and haven't missed anything.
Technet for Encrypted Connections

Will.
0
 
LVL 42

Expert Comment

by:Amit
ID: 40531545
How many CAS servers  you have in  your environment. As you need to run this on all CAS servers.
0
 

Author Comment

by:Domenic DiPasquale
ID: 40531756
Amit: I've have on exchange 2010 server that's in production. I also have a exchange 2013 server install, but I haven't migrated any mailboxes to the new server. But I did apply the configuration to both servers.

Will: This Technet link is what I used to configure and verify RPC encryption.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 42

Expert Comment

by:Amit
ID: 40531789
So here is a twist. I am sure you know, how clients now connect to Exchange 2013. Everything is now http. How you installed Exchange 2013, multi-role or you separated the roles?

Also, you need to tell your Exchange design, how many servers in total, how many sites they are spread out.
0
 

Author Comment

by:Domenic DiPasquale
ID: 40531810
When I installed Exchange 2013, I installed both CAS and mailbox, since we will be decommissioning exchange 2010 server at some point. I only have 1 active exchange 2010 server. The exchange 2013 server is not being used at this time until we're ready to move mailboxes. Both servers are on the same network.
0
 
LVL 42

Expert Comment

by:Amit
ID: 40531911
Go and shut down your Exchange 2013 and then test again. Let me know the result.
0
 

Author Comment

by:Domenic DiPasquale
ID: 40531973
I've shutdown the Exchange 2013 server, and test Outlook 2010 and 2013 without using RPC encryption. Unfortunately, I'm still able to connect to the server and send messages.
0
 
LVL 42

Assisted Solution

by:Amit
Amit earned 333 total points
ID: 40532009
Ok Restart RPC Client Access services on your Exchange 2010 server and test again. Suggest you to check this as well
http://www.msexchange.org/articles-tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-exchange-2010-part2.html
0
 

Author Comment

by:Domenic DiPasquale
ID: 40533326
I've restarted the RPC Client Access service. But I'm still able to connect to the exchange server, and send messages. I'm reviewing the MSExchange,org article now.
0
 
LVL 42

Expert Comment

by:Amit
ID: 40533821
Ok, check the article.
0
 

Author Comment

by:Domenic DiPasquale
ID: 40549353
I haven't been able to prevent outlook clients from connecting to the exchange server. For now, I've downloaded the office 2010 and 2013 admin templates and created a group policy that enforces RPC encryption (or prevents the user from disabling the setting).
0
 
LVL 42

Accepted Solution

by:
Amit earned 333 total points
ID: 40549477
That was the last option, you can try. Push it via GPO, so it will force user to use RPC Encryption.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now