Link to home
Start Free TrialLog in
Avatar of Paul Wagner
Paul WagnerFlag for United States of America

asked on

Issues With Outlook for Mac and Exchange?

Since yesterday, all of our teleworkers who use a Mac and Outlook for Mac can't get their email. Nothing has changed in our environment in weeks so I know we're good there. All other users can get email (Android, Windows, iPhone, etc.).

One of the employees said that the "last connected to Exchange" time was exactly the same for everyone in his group. Was there some kind of update that broke Outlook for Mac? Known solutions? Favorite flavor of ice cream? Mine is mint chocolate chip!

I searched the interwebs and couldn't find anything specific to the last couple days.
Avatar of Kyle Santos
Kyle Santos
Flag of United States of America image

Try having them delete their password and re-enter it.  It might need to re-authenticate with the server.
When you restarted your server last time?
Avatar of Paul Wagner

ASKER

I could see deleting passwords and re-authenticating if it was one person, but this issue is impacting ALL Mac users across the board.

The server was rebooted a couple weeks ago. How could a reboot matter for Mac users specifically?
which process is taking maximum CPU and RAM currently and what is NPM value?
I'm not aware of any updates to Mac OSX Sierra.  iOS was released yesterday, but that shouldn't be related to the problem you're having.

Have you tried turning off your antivirus on the server and re-running the test?
Microsoft Exchange MDB Store is using the most RAM
Total RAM usage is sitting at 46% for the entire Exchange VM.

GFI MailEssentials Scan Engine is using the most CPU overall.
IIS Worker Process will jump up to the top at 20% CPU usage every so often.
Total CPU usage is sitting at 14-35% for the entire Exchange VM.

Yes, I've turned off AV but that didn't change anything.

I'd be happy to try a server reboot. It seems odd that would fix this, though.
I could see deleting passwords and re-authenticating if it was one person, but this issue is impacting ALL Mac users across the board.
Does this mean you already did try it with one person?
I'll try it now... gosh, you want me to do stuff?! ;-)
Hehe, just making sure we cross one item off the list at a time.  I'm a completionist, dangit! :)
The only other thing I can think of would be to recreate the group they're all in and see if that fixes it.
I just wiped the Outlook profile for a user and tried to add it back. Authentication failed. It looks like Mac dudes can't even add their Exchange account to Outlook for Mac.

Here are some screenshots of the failed process for your viewing pleasure.
Is this a certificate issue?

User generated image
User generated image
User generated image
User generated image
We have not made any changes whatsoever to cause this. Something has to have changed in Mac or Office for Mac, right? Certs just don't all of sudden stop being accepted.

What's really weird to me is that Macs are pulling a cert for the web server that runs our primary domain's website. Why doesn't the Macs pull the autodiscover cert like Outlook on a PC?
I already tried that. (the problem they were having in your referenced ticket is a little different. they could add the account. we can't)
I went in to their keychain access manager and removed any certs having to do with my domain or email server and then tried to add the exchange profile.

There isn't a new cert. Nothing has changed on the web server or Exchange in weeks.
Please take the cert you downloaded in your comment above, #a41798859 and added it to the keychain of computer.

This is what I have to do in our environment.
ftfy, nappy_d ;)
I also tried installing the cert into the keychain. Same 'authentication failed' message.
Which version of Outlook are they using?  Outlook 2016 is certificate sensitive, i.e. there will almost always be a certificate to accept from the server and it should be set to "Always trust"

Outlook 2011 is a little more forgiving but it is quite old and at some point will no longer get updates to allow for compatibility.  I suppose it's possible that you are seeing one such issue right now.

It sounds like there might be a few issues:
-  the cert was not set to "Always trust"
-  there was an update on the server which reset a preference setting
-  the users need an update (triggered by the previous point)


There is another possibility, based on the fact that they get in remotely.   Are there any VPN issues that might be happening at your site?
Different versions for most but there is a cluster of them using Outlook for Mac 15.xx
Paul Wagner wrote:
Different versions for most but there is a cluster of them using Outlook for Mac 15.xx

That is Office 2016.  By contrast, 14.x.y.. is Office 2011.

Given that you are experiencing an entire group of users who are:
-  now offline
-  all macs
-  using different versions of Outlook 2011, 2016 + who knows which patch update for each

I would say that the problem has to originate from the server and/or network login area.  The solution to the problem might be an update to the clients but the source of the problem is almost certainly at the server end.

How do they fare with using OWA (Outlook Web Access)?
I agree that the problem could be on the server end, but I can't imagine what is causing the issue since no changes have been made in weeks.

They can access email on phones, PCs and OWA just fine.
Have you checked log files on both the clients and the various servers (exchange, certificate, network controllers, ...)  Something has to show up somewhere.


The only things I can suggest right now is to

-  Redo the account setup and set the certificate to "Always Trust".
-  Force a check for updates on the clients.  It makes sense to take that variable out of the equation.
ok. will try and report back.
I remoted a Mac user and their profile was built without any issues.
I also got an email from another Mac user who said they are now receiving email on the MacMail app. We didn't change a thing.
We didn't make any changes on either end (didn't even restart server) and Mac users could start connecting again. Thoughts?

Sidenote: I WAS able to install the cert into keychain access for the remoted user. That part worked fine.
Wait, Apple Mail?  I didn't see any mention of that in the original post.  Was that app also affected by the outage?

What about other users?  Can they try that app too?

Regardless, sounds like progress!
SOLUTION
Avatar of Kyle Santos
Kyle Santos
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Might have left MacMail out since only two guys use it.
Yes, one or two Mac users have MacMail and the rest (most of them) are on Outlook for Mac.
Try having them delete their password and re-enter it.  It might need to re-authenticate with the server.

For their Apple Mail account? I'm not sure what that is.

More findings:
I noticed that there were a lot of SChannel errors on the Exchange server. Are these conencted? Still researching... Thoughts?
User generated imageUser generated image
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
KB2992611 is already installed on the Exchange server.

Great article link!
Is this going to help, you think?
https://support.microsoft.com/en-us/kb/980436
User generated image
I assume "nonzero" means to make the setting a "1"?
Yes, that would be a reasonable assumption, certainly one I would make.
Rebooting server tonight. I will report back on how it went.

UPDATE: Server reboot went well. SChannel and SSL/TLS issues are resolved by using IIS Crypto (this was actually unrelated to the Mac problem). After entering those registry changes for "AllowInsecureRenego" I'll wait to hear from the Mac users.
A user gave me feedback that he couldn't connect after I made the changes.

He is on OSX Yosemite (10.10.5) and Outlook for Mac 2011.

Hypothesis: I think that I need to add a cipher back to the SSL cipher suite to allow Macs to connect.

I now only have TLS in my cipher list. I know that SSL is necessary for Macs, so does that mean the registry settings didn't work?
I've been reading here and someone said that Outlook for Mac needs TLS_RSA_WITH_3DES_EDE_CBC_SHA.

Also found it mentioned here.

... and here

Amazing that Outlook for Mac can only go as high as 3DES!! :-(

Also, I have a couple guys using MacMail. Do you think that applies to them as well?
I will award points and close the question.
The issue was the SSL ciphers on my Exchange server. We added the correct one (and old one) back and Mac could get mail again. Thanks for the help.