One of the big issues that admins had while migrating to Exchange 2010 was the RPC Encryption requirement on CAS servers and Outlook 2003 clients. Outlook 2003 users had to have their RPC encryption turned on for them to get connected to a 2010 mailbox. Check my previous article for more info. Few admins sorted the issue by turning the encryption off on the server while few others turned on encryption on Outlook 2003 clients manually or by using group policy.
Exchange Product Group have disabled the RPC encryption on CAS servers in 2010 SP1 servers. Existing 2010 RTM & upgraded SP1 servers are unaffected. I found this the hard way and hence thought of sharing the info. Run the following command to find out the RPC encryption setting in 2010 SP1.
Get-RPCClientAccess | fl name, encryptionrequired
Though the product group have disabled it to make migration easier for admins managing older versions of clients, my take will be to enable it right after the 2010 SP1 CAS role installation. Run the following command to enable RPC encryption.
Get-RPCClientAccess | Set-RPCClientAccess –EncryptionRequired $true
If you introduce new 2010 SP1 CAS servers into your environment, make sure that the RPC encryption setting is the same on all servers.