Paul Wagner
asked on
Issues With Outlook for Mac and Exchange?
Since yesterday, all of our teleworkers who use a Mac and Outlook for Mac can't get their email. Nothing has changed in our environment in weeks so I know we're good there. All other users can get email (Android, Windows, iPhone, etc.).
One of the employees said that the "last connected to Exchange" time was exactly the same for everyone in his group. Was there some kind of update that broke Outlook for Mac? Known solutions? Favorite flavor of ice cream? Mine is mint chocolate chip!
I searched the interwebs and couldn't find anything specific to the last couple days.
One of the employees said that the "last connected to Exchange" time was exactly the same for everyone in his group. Was there some kind of update that broke Outlook for Mac? Known solutions? Favorite flavor of ice cream? Mine is mint chocolate chip!
I searched the interwebs and couldn't find anything specific to the last couple days.
Try having them delete their password and re-enter it. Â It might need to re-authenticate with the server.
When you restarted your server last time?
ASKER
I could see deleting passwords and re-authenticating if it was one person, but this issue is impacting ALL Mac users across the board.
The server was rebooted a couple weeks ago. How could a reboot matter for Mac users specifically?
The server was rebooted a couple weeks ago. How could a reboot matter for Mac users specifically?
which process is taking maximum CPU and RAM currently and what is NPM value?
I'm not aware of any updates to Mac OSX Sierra. Â iOS was released yesterday, but that shouldn't be related to the problem you're having.
Have you tried turning off your antivirus on the server and re-running the test?
Have you tried turning off your antivirus on the server and re-running the test?
ASKER
Microsoft Exchange MDB Store is using the most RAM
Total RAM usage is sitting at 46% for the entire Exchange VM.
GFI MailEssentials Scan Engine is using the most CPU overall.
IIS Worker Process will jump up to the top at 20% CPU usage every so often.
Total CPU usage is sitting at 14-35% for the entire Exchange VM.
Yes, I've turned off AV but that didn't change anything.
I'd be happy to try a server reboot. It seems odd that would fix this, though.
Total RAM usage is sitting at 46% for the entire Exchange VM.
GFI MailEssentials Scan Engine is using the most CPU overall.
IIS Worker Process will jump up to the top at 20% CPU usage every so often.
Total CPU usage is sitting at 14-35% for the entire Exchange VM.
Yes, I've turned off AV but that didn't change anything.
I'd be happy to try a server reboot. It seems odd that would fix this, though.
I could see deleting passwords and re-authenticating if it was one person, but this issue is impacting ALL Mac users across the board.Does this mean you already did try it with one person?
ASKER
I'll try it now... gosh, you want me to do stuff?! ;-)
Hehe, just making sure we cross one item off the list at a time. Â I'm a completionist, dangit! :)
The only other thing I can think of would be to recreate the group they're all in and see if that fixes it.
ASKER
I just wiped the Outlook profile for a user and tried to add it back. Authentication failed. It looks like Mac dudes can't even add their Exchange account to Outlook for Mac.
Here are some screenshots of the failed process for your viewing pleasure.
Is this a certificate issue?
We have not made any changes whatsoever to cause this. Something has to have changed in Mac or Office for Mac, right? Certs just don't all of sudden stop being accepted.
What's really weird to me is that Macs are pulling a cert for the web server that runs our primary domain's website. Why doesn't the Macs pull the autodiscover cert like Outlook on a PC?
Here are some screenshots of the failed process for your viewing pleasure.
Is this a certificate issue?
We have not made any changes whatsoever to cause this. Something has to have changed in Mac or Office for Mac, right? Certs just don't all of sudden stop being accepted.
What's really weird to me is that Macs are pulling a cert for the web server that runs our primary domain's website. Why doesn't the Macs pull the autodiscover cert like Outlook on a PC?
A search on EE led me to this:
Here is a search I did:
https://www.experts-exchange.com/searchResults.jsp?asNoSuggestionNoResults=true&asSubmit=true&searchSubmit=true&showDidYouMean=&sort=10_-1&searchDisplayTypeID=1&searchTitle=&searchRow=1&clauseTypeId1=10&searchInclude1=true&termsScopeId1=10&termsTypeId1=10&searchTerms1=mac+cert+outlook
You need to remove the old certificate(s) from the Mac's so they can get the new one:https://www.experts-exchange.com/questions/28689540/Outlook-for-Mac-Not-Connecting.html
http://lists.gno.org/cert-maint-mac-10.5.8/
Here is a search I did:
https://www.experts-exchange.com/searchResults.jsp?asNoSuggestionNoResults=true&asSubmit=true&searchSubmit=true&showDidYouMean=&sort=10_-1&searchDisplayTypeID=1&searchTitle=&searchRow=1&clauseTypeId1=10&searchInclude1=true&termsScopeId1=10&termsTypeId1=10&searchTerms1=mac+cert+outlook
ASKER
I already tried that. (the problem they were having in your referenced ticket is a little different. they could add the account. we can't)
I went in to their keychain access manager and removed any certs having to do with my domain or email server and then tried to add the exchange profile.
There isn't a new cert. Nothing has changed on the web server or Exchange in weeks.
I went in to their keychain access manager and removed any certs having to do with my domain or email server and then tried to add the exchange profile.
There isn't a new cert. Nothing has changed on the web server or Exchange in weeks.
Please take the cert you downloaded in your comment above, #a41798859Â and added it to the keychain of computer.
This is what I have to do in our environment.
This is what I have to do in our environment.
ftfy, nappy_d ;)
ASKER
I also tried installing the cert into the keychain. Same 'authentication failed' message.
Which version of Outlook are they using? Â Outlook 2016 is certificate sensitive, i.e. there will almost always be a certificate to accept from the server and it should be set to "Always trust"
Outlook 2011 is a little more forgiving but it is quite old and at some point will no longer get updates to allow for compatibility. Â I suppose it's possible that you are seeing one such issue right now.
It sounds like there might be a few issues:
- Â the cert was not set to "Always trust"
- Â there was an update on the server which reset a preference setting
- Â the users need an update (triggered by the previous point)
There is another possibility, based on the fact that they get in remotely. Â Are there any VPN issues that might be happening at your site?
Outlook 2011 is a little more forgiving but it is quite old and at some point will no longer get updates to allow for compatibility. Â I suppose it's possible that you are seeing one such issue right now.
It sounds like there might be a few issues:
- Â the cert was not set to "Always trust"
- Â there was an update on the server which reset a preference setting
- Â the users need an update (triggered by the previous point)
There is another possibility, based on the fact that they get in remotely. Â Are there any VPN issues that might be happening at your site?
ASKER
Different versions for most but there is a cluster of them using Outlook for Mac 15.xx
Paul Wagner wrote:
That is Office 2016. Â By contrast, 14.x.y.. is Office 2011.
Given that you are experiencing an entire group of users who are:
- Â now offline
- Â all macs
- Â using different versions of Outlook 2011, 2016 + who knows which patch update for each
I would say that the problem has to originate from the server and/or network login area. Â The solution to the problem might be an update to the clients but the source of the problem is almost certainly at the server end.
How do they fare with using OWA (Outlook Web Access)?
Different versions for most but there is a cluster of them using Outlook for Mac 15.xx
That is Office 2016. Â By contrast, 14.x.y.. is Office 2011.
Given that you are experiencing an entire group of users who are:
- Â now offline
- Â all macs
- Â using different versions of Outlook 2011, 2016 + who knows which patch update for each
I would say that the problem has to originate from the server and/or network login area. Â The solution to the problem might be an update to the clients but the source of the problem is almost certainly at the server end.
How do they fare with using OWA (Outlook Web Access)?
ASKER
I agree that the problem could be on the server end, but I can't imagine what is causing the issue since no changes have been made in weeks.
They can access email on phones, PCs and OWA just fine.
They can access email on phones, PCs and OWA just fine.
Have you checked log files on both the clients and the various servers (exchange, certificate, network controllers, ...) Â Something has to show up somewhere.
The only things I can suggest right now is to
- Â Redo the account setup and set the certificate to "Always Trust".
- Â Force a check for updates on the clients. Â It makes sense to take that variable out of the equation.
The only things I can suggest right now is to
- Â Redo the account setup and set the certificate to "Always Trust".
- Â Force a check for updates on the clients. Â It makes sense to take that variable out of the equation.
ASKER
ok. will try and report back.
ASKER
I remoted a Mac user and their profile was built without any issues.
I also got an email from another Mac user who said they are now receiving email on the MacMail app. We didn't change a thing.
We didn't make any changes on either end (didn't even restart server) and Mac users could start connecting again. Thoughts?
Sidenote: I WAS able to install the cert into keychain access for the remoted user. That part worked fine.
I also got an email from another Mac user who said they are now receiving email on the MacMail app. We didn't change a thing.
We didn't make any changes on either end (didn't even restart server) and Mac users could start connecting again. Thoughts?
Sidenote: I WAS able to install the cert into keychain access for the remoted user. That part worked fine.
Wait, Apple Mail? Â I didn't see any mention of that in the original post. Â Was that app also affected by the outage?
What about other users? Â Can they try that app too?
Regardless, sounds like progress!
What about other users? Â Can they try that app too?
Regardless, sounds like progress!
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Might have left MacMail out since only two guys use it.
Yes, one or two Mac users have MacMail and the rest (most of them) are on Outlook for Mac.
Yes, one or two Mac users have MacMail and the rest (most of them) are on Outlook for Mac.
ASKER
Try having them delete their password and re-enter it. Â It might need to re-authenticate with the server.
For their Apple Mail account? I'm not sure what that is.
More findings:
I noticed that there were a lot of SChannel errors on the Exchange server. Are these conencted? Still researching... Thoughts?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
KB2992611 is already installed on the Exchange server.
Great article link!
Is this going to help, you think?
https://support.microsoft.com/en-us/kb/980436
I assume "nonzero" means to make the setting a "1"?
Great article link!
Is this going to help, you think?
https://support.microsoft.com/en-us/kb/980436
I assume "nonzero" means to make the setting a "1"?
Yes, that would be a reasonable assumption, certainly one I would make.
ASKER
Rebooting server tonight. I will report back on how it went.
UPDATE: Server reboot went well. SChannel and SSL/TLS issues are resolved by using IIS Crypto (this was actually unrelated to the Mac problem). After entering those registry changes for "AllowInsecureRenego" I'll wait to hear from the Mac users.
UPDATE: Server reboot went well. SChannel and SSL/TLS issues are resolved by using IIS Crypto (this was actually unrelated to the Mac problem). After entering those registry changes for "AllowInsecureRenego" I'll wait to hear from the Mac users.
ASKER
A user gave me feedback that he couldn't connect after I made the changes.
He is on OSX Yosemite (10.10.5) and Outlook for Mac 2011.
Hypothesis: I think that I need to add a cipher back to the SSL cipher suite to allow Macs to connect.
I now only have TLS in my cipher list. I know that SSL is necessary for Macs, so does that mean the registry settings didn't work?
He is on OSX Yosemite (10.10.5) and Outlook for Mac 2011.
Hypothesis: I think that I need to add a cipher back to the SSL cipher suite to allow Macs to connect.
I now only have TLS in my cipher list. I know that SSL is necessary for Macs, so does that mean the registry settings didn't work?
ASKER
ASKER
I will award points and close the question.
ASKER
The issue was the SSL ciphers on my Exchange server. We added the correct one (and old one) back and Mac could get mail again. Thanks for the help.