While migrating from Microsoft Exchange 2010 to Exchange 2016 we came upon a typical issue in which Outlook keeps giving the message: "The Microsoft Exchange Administrator has made a change that requires you quit and restart Outlook".
This means that users were totally unable to connect to Exchange during the migration and co-existence phase:
The reason for that was quite obvious (at least after we did some research and thinking) as we switched the Client Access from the old Exchange 2010 servers to the newly implemented Exchange 2016 servers, i.e. all client connections have been directed to Exchange 2016 only. As no mailboxes have been migrated at this point in time client connections need then to be down proxied to Exchange 2010 by Exchange 2016. All things considered it could only have been a question of the protocol being used by our Outlook 2010 clients. Assuming that our Outlook 2010 clients try to connect via RPC-over-TCP (as is the default setting configured in all internal Outlook 2010 profiles) this is an expected behaviour as Exchange 2013 and later no longer support RPC-over-TCP connections from client applications. They only support RPC-over-HTTP, in later versions MAPI-over-HTTP (MAPIhttp). An automatic switch in protocol to RPC-over-HTTP does not occur, thus Outlook 2010 won't find a valid connection end point and cannot be down proxied to Exchange 2010. The importance of this consideration is that if Outlook clients are using RPC-over-TCP prior to being migrated, it becomes even more important to have a process to update those profiles properly.
Required Outlook 2010 version:
- Outlook 2010 SP2
- Outlook 2010 (KB2878264)
In an Outlook profile under Exchange Proxy Settings you’ll find two options regarding fast and slow networks:
- On fast networks, connect using HTTP first, then connect using TCP/IP
- On slow networks, connect using HTTP first, then connect using TCP/IP
In order to understand what this setting really means have a look at the article Outlook Anywhere: Fast vs. Slow network connection over HTTP or TCP/IP:
Outlook Anywhere; Emphasis on “Anywhere”
First of all, lets take a closer look at the terms being used here:
- TCP/IP connection
This is the traditional (internal) direct-to-Exchange connection also known as a “RPC over TCP” connection or as a (not entirely technical correct) MAPI connection.- HTTP or HTTPS connection
This is the over-the-Internet connection introduced in Outlook 2003 also known as a “RPC over HTTP” connection and nowadays knows as “Outlook Anywhere”.
As of Outlook 2013 SP1 in combination with Exchange 2013 SP1, this is a MAPI over HTTP connection or simply: MAPI/HTTP.The description for the HTTP connection doesn’t really hold true anymore as the HTTP connection can also be used internally. In fact, over the past few Exchange versions, the trend was to move away from the direct RCP connections and towards HTTP connections, even internally. Actually, as of Exchange 2013, all Outlook connectivity is taking place via Outlook Anywhere.
So, with having the option On fast networks, connect using HTTP first, then connect using TCP/IP being disabled we receive the aforementioned error:
With having the option On fast networks, connect using HTTP first, then connect using TCP/IP being enabled the connection can be established successfully:
Now, in order to rollout such a configuration change on a large scale (after careful testing of course!) you could utilize GPOs by either configuring the corresponding Outlook setting or by using GPP and manipulating the user's registry settings directly.
The required Group Policy Setting can be found in the corresponding Microsoft Office ADMX Templates under:
- User Configuration | Policies | Administrative Templates | Microsoft Outlook 2013 | Account Settings | Exchange
- User Configuration| Policies | Administrative Templates | Microsoft Outlook 2016 | Account Settings | Exchange
Please keep in mind that this setting is unavailable with Office 2010 ADMX.
Alternatively you could add the setting manually via GPP (Group Policy Preferences) under:
- User Configuration| Preferences | Windows Settings | Registry
This XML based code looks like this:
<?xml version="1.0" encoding="UTF-8"?> <Registry uid="{ADF10FBF-F683-4549-A19E-885D5A58D23E}" changed="2018-11-26 11:04:59" image="0" status="RPC" name="RPC" clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}"> <Properties name="" value="" type="REG_SZ" key="Software\Policies\Microsoft\office\14.0\outlook\RPC" hive="HKEY_CURRENT_USER" default="0" displayDecimal="1" action="C"/> </Registry>
<?xml version="1.0" encoding="UTF-8"?> <Registry uid="{0C4FA337-45F4-4A16-965F-48155F45186F}" changed="2018-11-26 11:05:56" image="10" status="ProxyServerFlags" name="ProxyServerFlags" clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}"> <Properties name="ProxyServerFlags" value="0000002F" type="REG_DWORD" key="Software\Policies\Microsoft\office\14.0\outlook\RPC" hive="HKEY_CURRENT_USER" default="0" displayDecimal="1" action="C"/> </Registry>
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Policies\Microsoft\office\14.0\outlook\rpc] "ProxyServerFlags"=dword:0000002f
With having the option On fast networks, connect using HTTP first, then connect using TCP/IP being enabled by GPO or GPP, the settings are greyed out, cannot be changed by the user, and the connection can be established successfully:
The Outlook Connection Status now shows: RPC/HTTP
Prior to switching Client Access from Exchange 2010 to Exchange 2016 all Outlook 2010 clients connected via RPC-over-TCP, which shows as: RPC/TCP
With this configuration adjustment we were able to proceed with the Exchange 2016 migration without having any Outlook 2010 connectivity issues.
Further reading:
- Microsoft TechNet - Outlook keeps giving the message: "The Microsoft Exchange Administrator has made a change that requires you quit and restart Outlook"
- Microsoft TechNet - Your Administrator has made a change and requires you to restart Outlook
- Jaap Wesselius - THE MICROSOFT EXCHANGE ADMINISTRATOR HAS MADE A CHANGE…
- Outlook Anywhere: Fast vs. Slow network connection over HTTP or TCP/IP
- Group Policy Home - RPC/HTTP Connection Flags
- Outlook Anywhere in Outlook 2016 with Exchange 2010
- Frankys Web (German) - Exchange Migration: Probleme mit der Outlook Verbindung