There are several scenarios for consideration when deploying Exchange Server 2010 in an environment where Outlook 2003 is used. Most of these scenarios have been documented prior to the product release and some applied to previous versions. However, in a review of support cases, we've found that they have not been used prior to contacting Microsoft.
This post introduces some of the scenarios and the articles that will resolve these issues. If you're planning a deployment of Exchange 2010, understanding client configuration and the requirements and capabilities of your organization are of importance to the user experience. Primarily field office environments or environments where users are not joined to the domain, profile distribution, or the ability or inability to enforce policies or distribute the solutions will dictate how you address the issue.
This is a top support issue for Outlook 2003 access to Exchange 2010.
Note: In Exchange 2010 Service Pack 1, the RPC encryption requirement has been disabled by default. Any new Client Access Servers (CAS) deployed in the organization will not require RPC encryption. However, any CAS servers deployed prior to SP1, or upgraded to Service Pack 1, will retain the existing RPC encryption requirement setting. Also bear in mind disabling the RPC encryption requirement on a CAS server won't lower the security between Outlook 2010/2007 and any CAS server as RPC communication for these Outlook versions will remain encrypted.
Exchange 2010 introduces additional "out of the box" security for client communications with the Exchange Server — encryption between the client and the server is enabled, by Default. This is RC4 encryption - where the client negotiates the encryption level based on the client operating system's capabilities, up to 128-bit encryption. This is documented in the following topic in Understanding RPC Client Access
Prior to Outlook 2007, encryption was not enabled on the client side, by default. However, if profiles for Outlook 2007 exist where encryption is disabled, or if Outlook 2003 profiles created with default settings are used with Exchange 2010, the connection will fail when Outlook attempts to connect to an Exchange Server 2010 mailbox. One or more of the following common error messages will be displayed:
Cannot start Microsoft Office Outlook. Unable to open the Outlook window. The set of folders could not be opened.
Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.
The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.
Unable to open your default e-mail folders. The information store could not be opened.
Outlook could not log on. Check to make sure you are connected to the network and are using the proper server and mailbox name. The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.
There are several methods to work around this issue, from immediate manual change by the administrator or the user, to deployment of administrative templates or new profiles. Each of these scenarios is documented in the Microsoft Knowledge Base article 2006508: Outlook connection issues with Exchange 2010 mailboxes because of the RPC encryption requirement
Directory access has changed in the Exchange Server 2010 world. The TechNet topic Understanding the Address Book Service introduces the changes and is currently being updated with more information.
A future topic will cover this in more detail.
Public Folders, Offline Address Book and Free/Busy
Outlook 2003 uses the Public Folders free/busy messages to determine availability in the Calendar and as the source for Offline Address Book (OAB) synchronization. If Public Folders are not configured during Exchange 2010 setup, OAB and Free/Busy will not be available to Outlook 2003 users. These users will encounter connection errors.
If clients inside the organization or connected via VPN/RAS, and the organization uses a Proxy server, the Client Access Server should be listed in the "Bypass proxy server for local addresses" configuration.
Delegate Access issues, opening other user's folders or mailboxes are a common operation in the enterprise. Outlook 2003 users may encounter issues, if the environment is not properly prepared for their use:
*Note: This functionality is not available to Outlook 2003/Exchange Server 2003 users, as the Availability Service functionality is required for both the client and the Exchange Server. The only method to obtain this functionality is to upgrade both the client and the server(s).
Update 10/12/2010: Added a note about RPC Encryption setting on Exchange 2010 SP1 servers.