<div>
Try having them delete their password and re-enter it. &nbsp;It might need to re-authenticate with the server.
</div>


<div>
When you restarted your server last time?
</div>


<div>
I could see deleting passwords and re-authenticating if it was one person, but this issue is impacting ALL Mac users across the board.<br />
<br />
The server was rebooted a couple weeks ago. How could a reboot matter for Mac users specifically?
</div>


<div>
which process is taking maximum CPU and RAM currently and what is NPM value?
</div>


<div>
I'm not aware of any updates to Mac OSX Sierra. &nbsp;iOS was released yesterday, but that shouldn't be related to the problem you're having.<br />
<br />
Have you tried turning off your antivirus on the server and re-running the test?
</div>


<div>
Microsoft Exchange MDB Store is using the most RAM<br />
Total RAM usage is sitting at 46% for the entire Exchange VM.<br />
<br />
GFI MailEssentials Scan Engine is using the most CPU overall.<br />
IIS Worker Process will jump up to the top at 20% CPU usage every so often.<br />
Total CPU usage is sitting at 14-35% for the entire Exchange VM.<br />
<br />
Yes, I've turned off AV but that didn't change anything.<br />
<br />
I'd be happy to try a server reboot. It seems odd that would fix this, though.
</div>


<div>
<blockquote>
I could see deleting passwords and re-authenticating if it was one person, but this issue is impacting ALL Mac users across the board.
</blockquote>
Does this mean you already did try it with one person?
</div>


<div>
I'll try it now... gosh, you want me to do stuff?! ;-)
</div>


<div>
Hehe, just making sure we cross one item off the list at a time. &nbsp;I'm a completionist, dangit! :)
</div>


<div>
The only other thing I can think of would be to recreate the group they're all in and see if that fixes it.
</div>


<div>
I just wiped the Outlook profile for a user and tried to add it back. Authentication failed. It looks like Mac dudes can't even add their Exchange account to Outlook for Mac.<br />
<br />
Here are some screenshots of the failed process for your viewing pleasure.<br />
Is this a certificate issue?<br />
<br />
<a href="https://filedb.experts-exchange.com/incoming/2016/09_w38/1116713/mac1.PNG" target="_blank" title="Initial setup of account in Outlook (120 KB)"><img alt="Initial setup of account in Outlook" class="file-block lazyload" style="max-width: 705px;" data-src="https://filedb.experts-exchange.com/incoming/2016/09_w38/1116713/mac1.PNG" /></a><br />
<a href="https://filedb.experts-exchange.com/incoming/2016/09_w38/1116714/mac2.PNG" target="_blank" title="Certificate error pops up (71 KB)"><img alt="Certificate error pops up" class="file-block lazyload" style="max-width: 529px;" data-src="https://filedb.experts-exchange.com/incoming/2016/09_w38/1116714/mac2.PNG" /></a><br />
<a href="https://filedb.experts-exchange.com/incoming/2016/09_w38/1116715/mac3.PNG" target="_blank" title="Certificate being pulled is for primary domain web server and not autodiscover/exchange? This only happens with Macs. (168 KB)"><img alt="Certificate being pulled is for primary domain web server and not autodiscover/exchange? This only happens with Macs." class="file-block lazyload" style="max-width: 521px;" data-src="https://filedb.experts-exchange.com/incoming/2016/09_w38/1116715/mac3.PNG" /></a><br />
<a href="https://filedb.experts-exchange.com/incoming/2016/09_w38/1116716/mac4.PNG" target="_blank" title="Authentication fails (79 KB)"><img alt="Authentication fails" class="file-block lazyload" style="max-width: 583px;" data-src="https://filedb.experts-exchange.com/incoming/2016/09_w38/1116716/mac4.PNG" /></a><br />
We have not made any changes whatsoever to cause this. Something has to have changed in Mac or Office for Mac, right? Certs just don't all of sudden stop being accepted.<br />
<br />
What's really weird to me is that Macs are pulling a cert for the web server that runs our primary domain's website. Why doesn't the Macs pull the autodiscover cert like Outlook on a PC?
</div>


mac1.PNG

mac4.PNG

Certificate being pulled is for primary domain web server and not autodiscover/exchange? This only happens with Macs.

mac3.PNG

mac2.PNG

<div>
A search on EE led me to this:<br />

<blockquote>
You need to remove the old certificate(s) from the Mac's so they can get the new one:<br />
<a href="http://lists.gno.org/cert-maint-mac-10.5.8/" rel="ugc">http://lists.gno.org/cert-maint-mac-10.5.8/</a>
</blockquote>
<a href="https://www.experts-exchange.com/questions/28689540/Outlook-for-Mac-Not-Connecting.html" rel="ugc">https://www.experts-exchange.com/questions/28689540/Outlook-for-Mac-Not-Connecting.html</a><br />
<br />
Here is a search I did:<br />
<br />
<a href="https://www.experts-exchange.com/searchResults.jsp?asNoSuggestionNoResults=true&asSubmit=true&searchSubmit=true&showDidYouMean=&sort=10_-1&searchDisplayTypeID=1&searchTitle=&searchRow=1&clauseTypeId1=10&searchInclude1=true&termsScopeId1=10&termsTypeId1=10&searchTerms1=mac+cert+outlook" rel="ugc">https://www.experts-exchange.com/searchResults.jsp?asNoSuggestionNoResults=true&asSubmit=true&searchSubmit=true&showDidYouMean=&sort=10_-1&searchDisplayTypeID=1&searchTitle=&searchRow=1&clauseTypeId1=10&searchInclude1=true&termsScopeId1=10&termsTypeId1=10&searchTerms1=mac+cert+outlook</a>
</div>


<div>
I already tried that. (the problem they were having in your referenced ticket is a little different. they could add the account. we can't)<br />
I went in to their keychain access manager and removed any certs having to do with my domain or email server and then tried to add the exchange profile.<br />
<br />
There isn't a new cert. Nothing has changed on the web server or Exchange in weeks.
</div>


<div>
Please take the cert you downloaded in your comment above, <a href="#a41798859" rel="ugc">#a41798859</a>&nbsp;and added it to the keychain of computer. <br />
<br />
This is what I have to do in our environment.
</div>


<div>
I also tried installing the cert into the keychain. Same 'authentication failed' message.
</div>


<div>
Which version of Outlook are they using? &nbsp;Outlook 2016 is certificate sensitive, i.e. there will almost always be a certificate to accept from the server and it should be set to &quot;Always trust&quot;<br />
<br />
Outlook 2011 is a little more forgiving but it is quite old and at some point will no longer get updates to allow for compatibility. &nbsp;I suppose it's possible that you are seeing one such issue right now.<br />
<br />
It sounds like there might be a few issues:<br />
- &nbsp;the cert was not set to &quot;Always trust&quot;<br />
- &nbsp;there was an update on the server which reset a preference setting<br />
- &nbsp;the users need an update (triggered by the previous point)<br />
<br />
<br />
There is another possibility, based on the fact that they get in remotely. &nbsp; Are there any VPN issues that might be happening at your site?
</div>


<div>
Different versions for most but there is a cluster of them using Outlook for Mac 15.xx
</div>


<div>
Paul Wagner wrote:<br />

<blockquote>
Different versions for most but there is a cluster of them using Outlook for Mac 15.xx
</blockquote>
<br />
That is Office 2016. &nbsp;By contrast, <b><i>14.x.y..</i></b> is Office 2011.<br />
<br />
Given that you are experiencing an entire group of users who are: <br />
- &nbsp;now offline<br />
- &nbsp;all macs<br />
- &nbsp;using different versions of Outlook 2011, 2016 + who knows which patch update for each<br />
<br />
I would say that the problem has to originate from the server and/or network login area. &nbsp;The <b><i>solution</i></b> to the problem might be an update to the clients but the <b><i>source </i></b>of the problem is almost certainly at the server end.<br />
<br />
How do they fare with using OWA (Outlook Web Access)?
</div>


<div>
I agree that the problem could be on the server end, but I can't imagine what is causing the issue since no changes have been made in weeks.<br />
<br />
They can access email on phones, PCs and OWA just fine.
</div>


<div>
Have you checked log files on both the clients and the various servers (exchange, certificate, network controllers, ...) &nbsp;Something has to show up somewhere.<br />
<br />
<br />
The only things I can suggest right now is to<br />
<br />
- &nbsp;Redo the account setup and set the certificate to &quot;Always Trust&quot;.<br />
- &nbsp;Force a check for updates on the clients. &nbsp;It makes sense to take that variable out of the equation.
</div>


<div>
ok. will try and report back.
</div>


<div>
I remoted a Mac user and their profile was built without any issues. <br />
I also got an email from another Mac user who said they are now receiving email on the MacMail app. We didn't change a thing.<br />
We didn't make any changes on either end (didn't even restart server) and Mac users could start connecting again. Thoughts?<br />
<br />
Sidenote: I WAS able to install the cert into keychain access for the remoted user. That part worked fine.
</div>


<div>
Wait, Apple Mail? &nbsp;I didn't see any mention of that in the original post. &nbsp;Was that app also affected by the outage?<br />
<br />
What about other users? &nbsp;Can they try that app too?<br />
<br />
Regardless, sounds like progress!
</div>


<div>
Might have left MacMail out since only two guys use it.<br />
Yes, one or two Mac users have MacMail and the rest (most of them) are on Outlook for Mac.
</div>


<div>
<blockquote>
Try having them delete their password and re-enter it. &nbsp;It might need to re-authenticate with the server.
</blockquote>
<br />
For their Apple Mail account? I'm not sure what that is.<br />
<br />
More findings:<br />
I noticed that there were a lot of SChannel errors on the Exchange server. Are these conencted? Still researching... Thoughts?<br />
<a href="https://filedb.experts-exchange.com/incoming/2016/09_w38/1116907/error1.PNG" target="_blank" title="error (155 KB)"><img alt="error" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2016/09_w38/800_1116907/error1.PNG" /></a><a href="https://filedb.experts-exchange.com/incoming/2016/09_w38/1116908/error2.PNG" target="_blank" title="error (146 KB)"><img alt="error" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2016/09_w38/800_1116908/error2.PNG" /></a>
</div>


error1.PNG

error2.PNG

<div>
KB2992611 is already installed on the Exchange server.<br />
<br />
Great article link!<br />
Is this going to help, you think?<br />
<a href="https://support.microsoft.com/en-us/kb/980436" rel="ugc">https://support.microsoft.com/en-us/kb/980436</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2016/09_w38/1116926/compatible.PNG" target="_blank" title="compatible mode (93 KB)"><img alt="compatible mode" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2016/09_w38/800_1116926/compatible.PNG" /></a><br />
I assume &quot;nonzero&quot; means to make the setting a &quot;1&quot;?
</div>


compatible.PNG

<div>
Yes, that would be a reasonable assumption, certainly one I would make.
</div>


<div>
Rebooting server tonight. I will report back on how it went.<br />
<br />
UPDATE: Server reboot went well. SChannel and SSL/TLS issues are resolved by using IIS Crypto (this was actually unrelated to the Mac problem). After entering those registry changes for &quot;AllowInsecureRenego&quot; I'll wait to hear from the Mac users.
</div>


<div>
A user gave me feedback that he couldn't connect after I made the changes.<br />
<br />
He is on OSX Yosemite (10.10.5) and Outlook for Mac 2011.<br />
<br />
Hypothesis: I think that I need to add a cipher back to the SSL cipher suite to allow Macs to connect. <br />
<br />
I now only have TLS in my cipher list. I know that SSL is necessary for Macs, so does that mean the registry settings didn't work?
</div>


<div>
I've been reading <a href="http://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook-mso_mac/better-ssltls-cipher-suite-support/16f21825-c4d9-41ee-b89d-ddcd11a939d3" rel="ugc nofollow">here</a> and someone said that Outlook for Mac needs TLS_RSA_WITH_3DES_EDE_CBC_<wbr />SHA.<br />
<br />
Also found it mentioned <a href="https://community.qualys.com/thread/15818" rel="ugc">here</a>.<br />
<br />
... and <a href="http://answers.microsoft.com/en-us/msoffice/forum/msoffice_other-mso_mac/document-connection-and-sharepoint-sharepoint-not/c876fcde-3d4c-4353-b4f4-35970f3a4915" rel="ugc nofollow">here</a><br />
<br />
Amazing that Outlook for Mac can only go as high as 3DES!! :-(<br />
<br />
Also, I have a couple guys using MacMail. Do you think that applies to them as well?
</div>


<div>
I will award points and close the question.
</div>


<div>
The issue was the SSL ciphers on my Exchange server. We added the correct one (and old one) back and Mac could get mail again. Thanks for the help.
</div>


<div>
<div class="content wysiwyg-content">
Since yesterday, all of our teleworkers who use a Mac and Outlook for Mac can't get their email. Nothing has changed in our environment in weeks so I know we're good there. All other users can get email (Android, Windows, iPhone, etc.).<br />
<br />
One of the employees said that the &quot;last connected to Exchange&quot; time was exactly the same for everyone in his group. Was there some kind of update that broke Outlook for Mac? Known solutions? Favorite flavor of ice cream? Mine is mint chocolate chip!<br />
<br />
I searched the interwebs and couldn't find anything specific to the last couple days.
</div>
</div>


Since yesterday, all of our teleworkers who use a Mac and Outlook for Mac can't get their email. Nothing has changed in our environment in weeks so I know we're good there. All other users can get email (Android, Windows, iPhone, etc.).

One of the employees said that the "last connected to Exchange" time was exactly the same for everyone in his group. Was there some kind of update that broke Outlook for Mac? Known solutions? Favorite flavor of ice cream? Mine is mint chocolate chip!

I searched the interwebs and couldn't find anything specific to the last couple days.

Issues With Outlook for Mac and Exchange?

Microsoft Outlook is a personal information manager from Microsoft, available as a part of the Microsoft Office suite. Although often used mainly as an email application, it also includes a calendar, task manager, contact manager, note-taker, journal, and web browser.

Outlook

Mac OS X is the desktop operating system from Apple Inc., found on Macintosh computers. OS X consists of a Mach/BSD-based kernel, operating system interfaces primarily based on FreeBSD and additional frameworks (written in C, C++ and Objective-C providing user interface and application-level services.

Mac OS X

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Apple's early computers ran on a variety of operating systems, including a Pascal version and one based on CP/M, before releasing its ProDOS with the advent of its 16-bit computer. With the release of the Lisa, which had its own OS, Apple and computing entered the graphical age; it was followed by the Macintosh, which offered a series of "System" operating systems. Other Mac operating systems included PowerPC until Apple acquired NeXT and folded it into the Mac OS. Current operating systems for Apple devices are Mac OS-X and iOS.

Apple OS

Programs written for the Apple operating systems are distinguished from software created for other operating systems in that it must be approved by Apple for use on its devices, whether it is from Apple (Final Cut, iWork, Keynote, Logic Pro and GarageBand are popular titles), or is a third party application from Parallels, Nuance, Microsoft and Amazon, among many others.