Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Outlook Anywhere no longer working after dissabling ssl 2.0

Posted on 2011-03-16
25
Medium Priority
?
953 Views
Last Modified: 2016-02-03
We are using Outlook 2007 and exchange 2003, with outlook anywhere up untill tonight. It was suggested that we dissable ssl 2.0 to make our exchange server more secure, I went in and made the  following registry changes
 (1.Click Start, click Run, type regedt32 or type regedit, and then click OK.
2. In Registry Editor, locate the following registry key: HKey_Local_Machine \ System \ CurrentControlSet \ Control \  SecurityProviders \ SCHANNEL \ Protocols \ SSL 2.0 \ Server
3. On the Edit menu, click Add Value.
4. In the Data Type list, click DWORD.
5. In the Value Name box, type Enabled, and then click OK. Note If this value is present, double-click the value to edit its current value.
6. Type 00000000 in Binary Editor to set the value of the new key equal to “0¿.)

and now we are having trouble sending and recieveing when using laptops off site. (they work fine on our network) also I don't know if this is related or not but there is a signifcant delay in sending emails out.
After noticing these problems, I went back and undid the registry edits but the problems still persist.

Any help would be greatly appreciated.
0
Comment
Question by:TeethGuys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
  • 6
  • +3
25 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35145110
Did you reboot the server or iisreset after making the change?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35145174
Seriously?? Someone suggested disabling SSL to make yuor server more secure??
0
 
LVL 4

Expert Comment

by:Tekyguy
ID: 35145213
You need SSL for off site secure connection.  Is this SBS 2003 sever?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 9

Expert Comment

by:ash007
ID: 35146187
Disabling SSL is less secure
0
 
LVL 1

Author Comment

by:TeethGuys
ID: 35147939
disabled ssl 2.0, left ssl 3.0 enabled. we reboted the exchange box after the change was made and after the change was reversed.
0
 
LVL 1

Author Comment

by:TeethGuys
ID: 35147949
it is exchange 2007 enterprise edition
0
 
LVL 1

Author Comment

by:TeethGuys
ID: 35147961
exchange server 2007
0
 
LVL 1

Author Comment

by:TeethGuys
ID: 35147984
here is quote from wiki:

SSL 1.0, 2.0 and 3.0The SSL protocol was originally developed by Netscape. Version 1.0 was never publicly released; version 2.0 was released in February 1995 but "contained a number of security flaws which ultimately led to the design of SSL version 3.0" (Rescorla 2001). SSL version 3.0 was released in 1996.

0
 
LVL 4

Expert Comment

by:Tekyguy
ID: 35148065
You may want to re-clarify for all here.  Your original Post says:  " We are using Outlook 2007 and exchange 2003"  There is a huge difference between Exchange 2003 and Exchange 2007.  And yes, there is a huge difference between disabling SSL and preventing users from connecting using an older revision of the protocol.
0
 
LVL 1

Author Comment

by:TeethGuys
ID: 35148359
I appologize to all, It is in fact Exchange 2007.  I'm not trying to dissable ssl entirely. I'm only trying to disable SSL 2.0 as it is know for having security issues.

I should add a few things. OWA has been working fine both ways, it only seems to affect Using Outlook from outside of our network (using outlook anywhere). When I try to do a send/receive I get a error (0x8004011d)

I mentioned a delay in outgoing e-mail, it is only affecting some domains, I'm pretty sure this issue is not related to the ssl issue.

sorry for the errors, I was up pretty late last night scratching my head.
0
 
LVL 4

Expert Comment

by:Tekyguy
ID: 35148434
Is outlook 2003 fully patched - SP3+ all updates?  Can you try to connect with Outlook 2007 - does it work?
0
 
LVL 1

Author Comment

by:TeethGuys
ID: 35148556
Sorry for the continued confusion, the Clients are also Outlook 2007. It is up to date.
0
 
LVL 4

Expert Comment

by:Tekyguy
ID: 35148909
Can you connect via TLS?
0
 
LVL 4

Expert Comment

by:Tekyguy
ID: 35148938
What errors are you getting?  use the ExRCA tool.  Web version here:  https://www.testexchangeconnectivity.com/
0
 
LVL 1

Author Comment

by:TeethGuys
ID: 35149171
well, it passed. I went and expanded all and found this in the auto discover section.

 Attempting each method of contacting the Autodiscover service. 
  The Autodiscover service was tested successfully. 
   Test Steps 
   Attempting to test potential Autodiscover URL https://parkdental.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed. 
   Test Steps 
   Attempting to resolve the host name mycompany.com in DNS. 
  The host name resolved successfully. 
   Additional Details 
  IP addresses returned: 9.9.9.9 -my companies wesite address 
 Testing TCP port 443 on host mycompany.com to ensure it's listening and open. 
  The specified port is either blocked, not listening, or not producing the expected response. 
   Tell me more about this issue and how to resolve it 
   Additional Details 
  A network error occurred while communicating with the remote host.
Exception details:
Message: No connection could be made because the target machine actively refused it 9.9.9.9:443
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
 
 
 
 
 
 

Open in new window


 
 
 
 
 
0
 
LVL 4

Expert Comment

by:Tekyguy
ID: 35149294
Has the server been 'bounced' since the offending reg key was removed?  Try restarting all the Exchange and IIS services - or quick and dirty => reboot the Exchange servers.  
If that doesn't work, you may need to play around with the Outlook Anywhare config on the server.  Make sure it's setup correctly, or reset it up again.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35150009
On the send/receive does it show as downloading the address book when you get the 0x8004010D error or is it just downloading/synching mail?
0
 
LVL 1

Author Comment

by:TeethGuys
ID: 35157917
I've tried restarting the server after the update, it did not resolve the issue.

When I get the 0x8004010D error, it is just send recieve
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35158233
Can you screenshot that error please.

How big is your OST file? If you have upgraded from an earlier version of outlook then your OST may be limited to 2Gb
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35158306
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35158341
You can also try turning off Outlook cached mode and see how Outlook Anywhere works after that.
0
 
LVL 1

Author Comment

by:TeethGuys
ID: 35159665
Tried turing off cached exchange, getting the same error. I really don't think that this is a client side issue as the only change that has been made was to the Server. I do appreciate the suggestions.
untitled.JPG
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35160640
8004010D = MAPI_E_NOT_ENOUGH_DISK = SPACE ISSUE

This is the error you reported earlier whereas in the screenshot you have:
8004011D
Which is MAPI_E_FAILONEPROVIDER, which means it can't connect to Exchange, so forget about what I am saying about OSTs and sizes.

When you said in your post 35149171 "well, it passed..." did you mean to say "well, it failed"?

go to www.canyouseeme.org and see if it says port 443 is open to your address...

0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 2000 total points
ID: 35160650
Have a look in the IIS logs and see what it is saying for your test connection. Maybe have a look in the HTTPErr#.log first to see if that is recording any errors for you. The HttpErr.log files can be found under C:\windows\system32\logfiles\HTTPErr. More details about increasing the detail in the httperr#.log http://support.microsoft.com/kb/832975

IIS logs should be under C:\Windows\system32\logfiles\W3SVC1 if you can't see your usernames then you might need to make the server log it by going into IIS Manager, Default Web Site-->Properties-->"Web Site" tab-->Properties button under "Enable Logging"-->Advanced tab-->then select all the options
0
 

Expert Comment

by:jdff
ID: 41447991
Did toy have to make any change son IIS after disabling TLS 1.0? I have disabled TSL 1.0 now outlook anywhere and owa does not work on external devices.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question