When my normal laptop died last week I had to use an older laptop, and this laptop had Windows 7 and Outlook 2010 installed, one of my personal favorite Outlook clients.
However, Outlook 2010 did work correctly with Mailboxen in Exchange Online, but Outlook refused to work with Mailboxen on my on-premises Exchange 2016 server. The only thing I saw in the lower right corner was “Disconnected” and every now and then Outlook tried to connect, but no luck.
When checking the Connection Status in Outlook I could see that the directory connection was established, but the Exchange Connections disconnected. The Exchange sever and mailbox were ok since I was able to connect using OWA and my Outlook for iPhone client.
The Test Email AutoConfiguration option in Outlook wasn’t very helpful either, it just showed that it was unable to determine the settings and none of the Autodiscover options worked.
Using the Internet Explorer browser I tried to access my Autodiscover.exchangelabs.nl site, and after a logon prompt I got the famous ErrorCode 600. This is good, so I know my Autodiscover is at least listening properly.
The certificate is a valid Digicert UC certificate and there’s nothing wrong with this certificate. IE does use it, and the Digicert help utility doesn’t show anything strange either.
Oh, and my Outlook 2016 running on another computer did work correctly, so there should be a configuration error impacting Outlook 2010 only.
Then I realized that a week before I accidentally ruined the Virtual Service on my Kemp Load Balancer and I quickly created a new Virtual Service using the correct template. As a security measure I only selected TLS 1.2 on the SSL properties of the Virtual Service.
After enabling TLS 1.0 on the Virtual Service, Outlook 2010 started to work correctly again and (to my surprise) so did the Remote Connectivity Analyzer.
So, obviously TLS 1.0 was the culprit here and by enabling TLS 1.0 Outlook 2010 started to work again.
Now we solved the problem, but there’s more at stake than just a checkbox around TLS versions. Next October Microsoft will only support TLS 1.2 for Office 365, so this might impact a lot more Outlook 2010 installation than just mine (in a lab environment) so some more deeper digging is necessary.
When checking my laptop using the SSLLABS website (https://www.ssllabs.com/ssltest/viewMyClient.html), all looks fine and TLS 1.2 is fully supported by my Windows 7 client:
It must be something with Outlook 2010 and TLS1.2. I found an interesting article on Technet regarding enabling of TLS 1.1 and TLS 1.2. Create a DWORD value DefaultSecureProtocols in the registry under the following keys:
Its value should be one of the following:
For only TLS 1.1 and 1.2: A00 (hexadecimal)
For TLS 1.0, 1.1, and 1.2: A80 (hexadecimal)
Also, create the following DWORD values DisabledByDefault in the following locations and assign it the value of ‘0’:
When needed create the necessary subkeys under the \Protocols key.
Now your Windows 7 and Outlook 2010 will support a TLS 1.2 environment only (this is also true for Windows 8 BTW).
Outlook 2010 does not support TLS 1.2 out of the box. This can be an issue if you or your network department starts implementing a TLS 1.2 environment only. You have to enable TLS 1.2 on the workstation by setting a registry key. After this it works fine. This is especially important if you are using Outlook 2010 against Office 365, since Microsoft will support TLS 1.2 only anytime soon on Offic 365.