DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 2735060 - Last Review: September 3, 2013 - Revision: 2.0

On This Page

Symptoms

When you start Microsoft Office Outlook by using a profile that includes a mailbox on a server that is running Microsoft Exchange Server 2010, you may receive the following error messages:

Error message 1
Cannot start Microsoft Office Outlook. Unable to open the Outlook window. The set of folders could not be opened.

Error message 2
Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.

Error message 3
The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.

Error message 4
Unable to open your default e-mail folders. The information store could not be opened.

Error message 5
Outlook could not log on. Check to make sure you are connected to the network and are using the proper server and mailbox name. The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.

Additionally, if you are using a cached mode profile, Outlook does not display an error. Instead, Outlook starts in the disconnected state. (That is, the lower-right corner of the Outlook windows displays Disconnected, the screen shot for the state is listed below).

Collapse this imageExpand this image
The screen shot for the lower-right corner of the Outlook windows


When you try to create a new Outlook profile for a mailbox on a server that is running Exchange Server 2010, you may receive the following error messages:

Error message 1
The action could not be completed. The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.

Error message 2
The name could not be resolved. The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.

Error message 3
Outlook could not log on. Check to make sure you are connected to the network and are using the proper server and mailbox name. The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.

Error message 4
The name could not be resolved. The action could not be completed.

Error message 5
Your Server or Mailbox names could not be resolved.

Cause

This problem occurs because the default Exchange Server 2010 Release to Manufacturing (RTM) configuration requires RPC encryption. However, by default, Microsoft Office Outlook 2003 does not use RPC encryption.

Note This problem can also occur if you are using Microsoft Office Outlook 2007 and you disable the Encrypt data between Microsoft Office Outlook and Microsoft Exchange profile setting.

Note By default, in Exchange Server 2010 Service Pack 1, the RPC encryption requirement is disabled. Any new Client Access Servers (CAS) that are deployed in the organization will not require encryption. However, any CAS servers that were deployed before Service Pack 1 or were upgraded to Service Pack 1 will maintain the existing RPC encryption requirement setting.

Resolution

To resolve this problem, use one of the following methods.

Note If you are using one of the automated methods (Group Policy or a .prf file), make sure that you fully test the method before you deploy it on a large scale.

Method 1: Disable the encryption requirement on all CAS servers

We strongly recommend that you leave the encryption requirement enabled on your server and that you use one of the other methods that are described in this article. Method 1 is provided in this article only for situations in which you cannot immediately deploy the necessary RPC encryption settings on your Outlook clients. If you use Method 1 to enable Outlook clients to connect without RPC encryption, make sure that you re-enable the RPC encryption requirement on your CAS servers as quickly as possible to maintain a high level of client-to-server communication.

To disable the required encryption between Outlook and Exchange, follow these steps:

  1. On the server that is running Exchange 2010, run the following command in the Exchange Management Shell:
    Set-RpcClientAccess –Server <Exchange_server_name> –EncryptionRequired $False

    Note The placeholder <Exchange_server_name> represents the name of an Exchange Server 2010-based server that has the Client Access Server role.

    You must run this cmdlet for all Exchange 2010-based servers that have the Client Access Server role.
  2. Rerun this command for each Exchange 2010-based server that has the Client Access Server role. The command also has to be run on each Mailbox Server role that contains a Public Folder Store. Public Folder connections from the MAPI client go directly to the RPC Client Access Service on the Mailbox server.
  3. After your Outlook clients are updated with the setting to enable encrypted RPC communication with Exchange (see the steps that follow), you can re-enable the RPC encryption requirement on your Exchange 2010 servers that have the Client Access Server role.

    To re-enable the RPC encryption requirement on your Exchange 2010-based servers that have the Client Access Server role, run the following command in the Exchange Management Shell:

    Set-RpcClientAccess –Server <Exchange_server_name> –EncryptionRequired $True
    Note

    The placeholder <Exchange_server_name> represents the name of an Exchange 2010-based server that has the Client Access Server role.

    This cmdlet must be run for all Exchange 2010 Client Access servers.

Method 2: Manually update or create your Outlook profile with RPC encryption

Outlook 2003

To manually update an existing Outlook 2003 profile so that it uses RPC encryption with Exchange 2010, follow these steps:

  1. In Control Panel, open the Mail item.
  2. Click Show Profiles.
  3. Select your profile, and then click Properties.
  4. Click E-mail Accounts.
  5. Select View or change existing e-mail accounts, and then click Next.
  6. Select the Microsoft Exchange Server account, and then click Change.
  7. In the dialog box that contains your mailbox server and user name, click More Settings.
  8. In the Microsoft Exchange Server dialog box, click the Security tab.
  9. Click to select the Encrypt data between Microsoft Office Outlook and Microsoft Exchange Server check box, and then click OK (The screen shot for this step is listed below).

    Collapse this imageExpand this image
    The screen shot for this step

  10. Click Next, and then click Finish.
  11. Click Close, and then click OK.

To manually create a new Outlook 2003 profile so that it uses RPC encryption with Exchange 2010, follow these steps:
  1. In Control Panel, open the Mail item.
  2. Click Add to create a new profile.
  3. Enter a name for your profile, and then click OK.
  4. In the E-mail Accounts dialog box, select Add a new e-mail account, and then click Next.
  5. On the Server Type page of the E-mail Accounts dialog box, select Microsoft Exchange Server, and then click Next.
  6. On the Exchange Server Settings page of the E-mail Accounts dialog box, enter the name of your Exchange Server 2010 server that has the Client Access Server role. 

    Note This server may differ from the server that hosts your mailbox.
  7. Click More Settings.
  8. Click OK when you receive a "The action could not be completed" error message.
  9. In the Microsoft Exchange Server dialog box that contains the Check Name button, click Cancel.
  10. In the Microsoft Exchange Server dialog box, click the Security tab.
  11. Click to select the Encrypt data between Microsoft Office Outlook and Microsoft Exchange Server check box, and then click OK.
  12. Click Next, and then click Finish.

Outlook 2007

To manually update an existing Outlook 2007 profile so that it uses RPC encryption with Exchange 2010, follow these steps:
  1. In Control Panel, open the Mail item.
  2. Click Show Profiles.
  3. Select your profile, and then click Properties.
  4. Click E-mail Accounts.
  5. Select the Microsoft Exchange Server account, and then click Change.
  6. In the dialog box that contains your mailbox server and user name, click More Settings.
  7. In the Microsoft Exchange Server dialog box, click the Security tab. 
  8. Click to select the Encrypt data between Microsoft Office Outlook and Microsoft Exchange check box, and then click OK (The screen shot for this step is listed below).

    Collapse this imageExpand this image
    The screen shot for this step

  9. Click Next, and then click Finish.
  10. Click Close, click Close, and then click OK.

Method 3: Deploy a Group Policy setting to update existing Outlook profiles with RPC encryption

From a client perspective, deploying the Outlook-Exchange encryption setting is probably the simplest solution for organizations that have many Outlook clients. This solution involves a single change on a server (domain controller), and your clients are automatically updated after the policy is downloaded to the client.

Outlook 2003

The default Group Policy template (Outlk11.adm) for Outlook 2003 Service Pack 3 (SP3) does not contain the policy setting that controls the setting for encryption between Outlook and Exchange. Therefore, you must use a custom Group Policy template to update existing Outlook 2003 profiles so that RPC encryption is used in Outlook-Exchange communication.

To use a custom Group Policy template file (.adm) and to update existing Outlook 2003 profiles by using Group Policy, follow these steps. 
  1. Download the following file from the Microsoft Download Center:

    Download the Outlook_2003-Exchange_RPC_Encryption.adm package now.

    Note The custom .adm template contains the following text.

    CLASS USERCATEGORY "Outlook 2003 RPC Encryption"
    CATEGORY "Exchange settings"POLICY "Enable RPC Encryption"
    KEYNAME Software\Policies\Microsoft\Office\11.0\Outlook\RPC
    PART "Encrypt data between Microsoft Office Outlook and Microsoft Exchange" CHECKBOX
    VALUENAME EnableRPCEncryption
    VALUEON NUMERIC 1 DEFCHECKED
    VALUEOFF NUMERIC 0
    END PART
    END POLICYEND CATEGORY
    END CATEGORY
  2. Add the .adm file to your Group Policy Object Editor.

    Note The steps to add the .adm file to the Group Policy Object Editor vary, depending on the version of Windows that you are running. Also, because you may be applying the policy to an organizational unit (OU) and not to the whole domain, the steps may also vary in this aspect of applying a policy. Therefore, check your Windows documentation for detailed information.

    Go to step 3 after you add the .adm template to the Group Policy Object Editor.
  3. In the Group Policy Object Editor, under User Configuration, expand Classic Administrative Templates (ADM) to locate the policy node for your template. By using the custom .adm template that is provided in step 1, this node will be named "Outlook 2003 RPC Encryption."
  4. Under Outlook 2003 RPC Encryption, select the Exchange settings node (The screen shot for this step is listed below).

    Collapse this imageExpand this image
    The screen shot for this step

  5. In the details pane, double-click Enable RPC Encryption.
  6. On the Setting tab, click Enabled, and then leave the Encrypt data between Microsoft Office Outlook and Microsoft Exchange check box selected.
  7. Click OK.

At this point, the policy setting will be applied on your Outlook client workstations when the Group Policy update is replicated. To test this change, run the following command at a command prompt on a client workstation:
gpupdate /force
After you run this command, start Registry Editor on the client workstation to make sure that the following registry data exists on the client: 

Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Outlook\RPC
DWORD: EnableRPCEncryption
Value: 1

If you see this registry data in the registry, the Group Policy setting was applied to this client. Start Outlook to verify that this change resolves the errors that are described in the "Symptoms" section. 

Outlook 2007

By default, the RPC encryption setting is enabled in Outlook 2007. Therefore, you should deploy this setting by using Group Policy only for one of the following reasons:
  • Your original Outlook 2007 deployment disabled RPC encryption between Outlook and Exchange.
  • You want to prevent users from changing the RPC encryption setting in their Outlook profile. 
The default Group Policy template for Outlook 2007 contains the Group Policy setting that controls Outlook-Exchange RPC encryption. Therefore, the process for updating Outlook 2007 profiles requires fewer steps than the process for Outlook 2003.

To update existing Outlook 2007 profiles by using Group Policy, follow these steps:
  1. Download the latest version of the Outlk12.adm Group Policy template. To do this, go to the following Microsoft website:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=92D8519A-E143-4AEE-8F7A-E4BBAEBA13E7&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=92D8519A-E143-4AEE-8F7A-E4BBAEBA13E7&displaylang=en)
  2. Add the .adm file to your domain controller.

    Note The steps to add the .adm file to a domain controller vary according to the version of Windows that you are running. Also, because you may be applying the policy to an organizational unit and not to the whole domain, the steps may also vary in this aspect of applying a policy. Therefore, check your Windows documentation for detailed information.

    Go to step 3 after you add the .adm template to the Group Policy Editor. 
  3. Under User Configuration, expand Classic Administrative Templates (ADM) to locate the policy node for your template. By using the Outlk12.adm template, this node will be named "Microsoft Office Outlook 2007."
  4. Under Tools | Account Settings, select the Exchange node (The screen shot for this step is listed below). 

    Collapse this imageExpand this image
    The screen shot for this step

  5. Double-click the Enable RPC encryption policy setting.
  6. On the Setting tab, click Enabled.
  7. Click OK.

At this point, the policy setting will be applied on your Outlook client workstations when the Group Policy update is replicated. To test this change, run the following command at a command prompt on a client:
gpupdate /force

After you run this command, start Registry Editor on the workstation to make sure that the following registry data exists on the client:
Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\RPC
DWORD: EnableRPCEncryption
Value: 1

If you see this registry data in the registry, the Group Policy setting was applied to this client. Start Outlook to verify that the change resolves the problem. 

Method 4: Update existing Outlook 2003 profiles for RPC encryption by using a custom .prf file

Note Because the RPC encryption setting is stored in the registry in your Outlook profile, you can use a .prf file to deploy the setting. However, there are some major issues and limitations that are important to consider before you implement this approach. These include the following:
  • Your Exchange account settings in the profile will be overwritten. Therefore, you will lose any nondefault profile settings that are currently configured on the tabs in the Microsoft Exchange Server dialog box.

    For example, in the Microsoft Exchange Server dialog box, you can configure common settings that will be overwritten if you use a .prf file to update an Outlook profile. These settings include the following:
    • Additional mailboxes in the profile 
    • Cached mode 
    • Download public folder favorites
    These settings are configurable on the Advanced tab in the Microsoft Exchange Server dialog box (The screen shot for the Advanced tab is listed below). 

    Collapse this imageExpand this image
    The screen shot for the Advanced tab

  • You must have a .prf file that matches your current profile setting for cached or online mode.

    Because the cached mode setting is configured on the Advanced tab in the Microsoft Exchange Server dialog box, the setting that you have specified in the .prf file will overwrite the configuration in the Outlook profile. Therefore, make sure that your cached mode setting in the .prf matches the intended profile setting.

    Note If you are changing an existing cached mode profile, the .prf file will cause Outlook to generate a new .ost file and to resynchronize the mailbox with this file. 

To update existing Outlook 2003 profiles by using a custom .prf file, follow these steps:
  1. Start the Custom Installation Wizard (CIW).

    For more information about the Custom Installation Wizard, go to the following Microsoft website:
    http://office.microsoft.com/en-us/ork2003/HA011401701033.aspx (http://office.microsoft.com/en-us/ork2003/HA011401701033.aspx )
  2. When you are prompted, select any .msi file for Office 2003, and then click Next.
  3. Select Create a new MST file, and then click Next.
  4. Use the default path for the .mst file, and then click Next.
  5. Continue to click Next until the Outlook: Customize Default Profile dialog box appears.
  6. Click Modify Profile, and then click Next.
  7. In the Outlook: Specify Exchange Settings dialog box, configure your Exchange settings to match your current profile configuration.

    For example, if you are using cached mode, make sure that you enable the Configure Cached Exchange Mode option.

    Note For your Exchange Server name, you must specify the name of an Exchange 2010 server that has the Client Access Server role. If your mailbox is located on an Exchange 2010 server, all Outlook-Exchange mailbox communication is performed by using the Exchange 2010 server that has the Client Access Server role (The screen shot for this step is listed below).

    Collapse this imageExpand this image
    The screen shot for this step

  8. Click to select the Overwrite existing Exchange settings if an Exchange connection exists (only applies when modifying the profile) check box.

    Note If you do not select this check box, the .prf file will not update existing profiles to include RPC encryption.
  9. When you are finished making changes in the Outlook: Specify Exchange Settings dialog box, click Next.
  10. In the Outlook: Add Accounts dialog box, click Next.
  11. In the Outlook: Remove Accounts and Export Settings dialog box, click Export Profile Settings.
  12. In the Save As dialog box, specify a file name for your .prf file, and then click Save.
  13. In the Custom Installation Wizard, click Cancel, and then click Yes when you are prompted to confirm that you want to exit the wizard.
  14. Open your .prf file in Notepad.
  15. Add the following line to the [ServiceEGS] section:
    RPCEncryptData=0x00004100
    The following is an example of the [ServiceEGS] section after it is changed:
    [ServiceEGS]
    CachedExchangeConfigFlags=0x00000100
    MailboxName=%username%
    HomeServer=e2010ch
    RPCEncryptData=0x00004100
  16. Add the following line to the [Exchange Global Section] section:
    RPCEncryptData=PT_LONG,0x6606
    The following is an example of the [Exchange Global Section] section after it is changed:
    [Exchange Global Section]
    SectionGUID=13dbb0c8aa05101a9bb000aa002fc45a
    MailboxName=PT_STRING8,0x6607
    HomeServer=PT_STRING8,0x6608
    RPCoverHTTPflags=PT_LONG,0x6623
    RPCProxyServer=PT_UNICODE,0x6622
    RPCProxyPrincipalName=PT_UNICODE,0x6625
    RPCProxyAuthScheme=PT_LONG,0x6627
    CachedExchangeConfigFlags=PT_LONG,0x6629
    RPCEncryptData=PT_LONG,0x6606
  17. Note The following step is optional. If you decide to skip this step, go to step 18.

    By default, Outlook will create a backup of your original profile and then create a new profile that is based on modifications that are specified in the .prf file. If you want to prevent Outlook from creating this backup profile, add the following line to the bottom of the [General] section of the .prf file:
    BackupProfile=False
    The following is an example of the [General] section after it is changed:
    [General]
    Custom=1
    ProfileName=test3
    DefaultProfile=Yes
    OverwriteProfile=Yes
    ModifyDefaultProfileIfPresent=FALSE
    BackupProfile=False
  18. Save your changes, and then close the file.
To apply the .prf file, you can direct users to double-click the file to start Outlook and to then change the profile. Or, you can deploy the .prf file by following the steps that are outlined in the "Applying Outlook user profiles by using a PRF file" section of the following Office Resource Kit page:
http://office.microsoft.com/en-us/ork2003/HA011402581033.aspx (http://office.microsoft.com/en-us/ork2003/HA011402581033.aspx)  
RPC encryption is implemented by calling the Windows RPC encryption API. This encryption does not require you to use certificates. The level of RPC encryption (40-bit or 128-bit) depends on the version of Windows that is running on the client and server computers.

More information

As noted in the "Cause" section, this problem will not occur for new deployments that use Exchange Server 2010 Service Pack 1 in a "greenfield" environment.

Applies to
  • Microsoft Office Outlook 2007
  • Microsoft Office Outlook 2003
  • Microsoft Exchange Server 2010 Standard
  • Microsoft Exchange Server 2010 Enterprise
Keywords: 
KB2735060
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support