Applies to: Exchange Server 2010 SP2, Exchange Server 2010 SP3

Topic Last Modified: 2015-03-09

Use the Set-RpcClientAccess cmdlet to manage the settings for the Exchange RPC Client Access service that's running on a Microsoft Exchange Server 2010 Client Access server.

Set-RpcClientAccess -Server <ServerIdParameter> [-BlockedClientVersions <String>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-EncryptionRequired <$true | $false>] [-MaximumConnections <Int32>] [-Name <String>] [-WhatIf [<SwitchParameter>]]

You can run the Set-RpcClientAccess cmdlet for a single Client Access server that has the Exchange RPC Client Access service installed or for all Exchange Client Access servers that have the Exchange RPC Client Access service installed.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "RPC Client Access settings" entry in the Client Access Permissions topic.


Parameter Required Type Description




The Server parameter specifies the Client Access server.




The BlockedClientVersions parameter specifies which versions of Microsoft Outlook are restricted from connecting. The Exchange RPC Client Access service rejects Outlook connections if versions are in the range specified. This setting affects MAPI and Outlook Anywhere client connections. The value must be less than 256 characters in length.

Versions should be single numbers in the format X.Y.Z where X is a major version number, Y is the minor revision number, and Z specifies the build, and ranges should be delimited by semicolons (for example, 0.0.0-5.9.9; 7.0.0-65535.65535.65535). For more information, see Configure Outlook Client Blocking.




The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.




The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.




The EncryptionRequired parameter specifies whether to require Outlook connections to be encrypted. The Exchange RPC Client Access service rejects unencrypted Outlook connections if this parameter is set to $true.




The MaximumConnections parameter specifies the maximum number of concurrent connections allowed. The Exchange RPC Client Access service reads and limits connections based on this property.

This parameter has a range from 1 through 65535.

Although you can configure a non-default value for this parameter, changes to this setting aren't enforced in this version of Exchange.




The Name parameter specifies the name of the configuration object in Active Directory. By default, this parameter is set to RpcClientAccess.




The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

This example restricts clients that aren't running Office Outlook 2007 from connecting to the Client Access server CAS01.

The values used with the BlockedClientVersions parameter are examples. You can determine the correct client software versions by parsing the RPC Client Access log files located at %ExchangeInstallPath%Logging\RPC Client Access.
Set-RpcClientAccess -Server CAS01 -BlockedClientVersions "0.0.0-5.6535.6535;7.0.0;8.02.4-11.6535.6535"