2
0x800CC13: Cannot connect to the network. - Outlook 2013 / Windows 10 / ActiveSync / SM 14.1 Ent
Problem reported by CCWH - 7/29/2015 at 1:20 PM
Submitted
Hello all,
 
We have an issue and I hope it's just us and not anything bigger!
 
We upgraded a single laptop as a test to Win10 Pro today to pre-empt any issues with clients auto-upgrading.  The laptop has Outlook 2013 using a number of ActiveSync and IMAP accounts with mailboxes on two different SM 14.1 Enterprise servers.  For some reason even though initially after the upgrade we could send out now we can't.
 
We receive the following error for the IMAP accounts:
 
(0x800ccc13) 'cannot connect to the network. verify your network connection or modem.'
 
No emails from either IMAP or ActiveSync accounts are being sent.
 
All incoming emails are being received.
 
We are not having any other issues with other kit.
 
We have ran a full repair on the Outlook installation but no joy.
 
Looking in the SM logs I can see the following over and over in the 'Delivery' logs for one of the IMAP accounts:
 
[2015.07.29] 20:29:43 [92637] Delivery started for user@domain.com at 20:29:43
[2015.07.29] 20:29:49 [92638] Delivery started for user@domain.com at 20:29:49
[2015.07.29] 20:29:49 [92637] Delivery finished for user@domain.com at 20:29:49    [id:247392637]
[2015.07.29] 20:29:55 [92638] Delivery finished for user@domain.com at 20:29:55    [id:247392638]
 
Can anyone advise on this if seen before?  It's worrying if this will cause issues after all of the Win10 upgrades, especially if it is linked with SM authentication in some way....my guess is it has nothing to do with SM but want to look at all avenues!

16 Replies

Reply to Thread
0
CCWH Replied
Just to add...if I complete a 'Test Account Settings' within the Mailbox setup of Outlook...it passes both send and receive! Very weird!
1
CCWH Replied
Update 
 
ANYONE upgrading to Windows 10 (Pro) using Outlook 2010 / 2013 runs a risk of not being able to send emails!
 
This is now being documented across a number of sites.  Here is one thread I have just found:
 
 
 
1
CCWH Replied
Just to confirm, after completing a recovery back to Win 8.1 all sending started to work.. Definitely an issue with Outlook 2013 & Windows 10 upgrade.  Might be worth all email admins mentioning this to the clients!
0
Bruce Barnes Replied
This appears to be an issue with the discontinued SSL security and the fact that TLS 1.0 and TLS 1.1 must be enabled on the machine.  SSL 3.0 appears to be auto-disabled on the installation of Windows 10.
 
On every machine we've converted, which had been upgraded to REMOVE SSL, and ENABLE TLS 1.0 and TLS 1.1, prior to the conversation, there are zero issues with Outlook.
 
These settings are in the ADVANCED TAB on INTERNET EXPLORER, which I understand is still available to run under Windows 10.
 
To open Internet Explorer, open the Microsoft EDGE browser, then click on the . . .  up in the upper right-hand corner of the window.
 
A link to OPEN WITH INTERNET EXPLORER will be listed in the menu which drops down.
 
After opening Internet Explorer, you can still access the SETTINGS menu
 
 
 
Within the Internet Explorer ===>  Settings ===> Advanced tab, DISABLE SSL 3.0 and ENABLE TLS 1.0 and TLS 1.1
 
You will then need to change the encryption settings in Outlook to TLS encryption when connecting to from outlook,
 
This also mandates that TLS is enabled for POP (port 193) and IMAP (port 587)

These settings have been tested, and work, with COMCAST, GMAIL, SMARTERMAIL, AOL, YAHOO! and HOTMAIL under Windows 10.
 
Remember, SSL 3.0 is now officially depreciated and must be removed from all servers which will be used for credit card processing.  In order to support connectivity you must have TLS 1.0 and TLS 1.1 enabled in IE or the PC will not connect using those protocols.
 
If I can find anything more, I will post an addendum to this note.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
jorge.mx.neto Replied
Just to make sure Bruce, It should be Port 143 at POP protocol, correct?
0
Bruce Barnes Replied
Here are the PORTS we have open, 
 
The SSL ports can be ignored as we will be removing them as soon as we transition our last client from SSL, early in August.
 
Once our remaining SSL based customers have been converted to TLS, all of our SSL ports will be removed from mappings in SmarterMail and blocked in the firewalls.
 
 
We have mapped the following ports in SmarterMail:
 
  • SMTP TLS 25
     
  • POP TLS 110
     
  • IMAP TLS 143
     
  • SMTP SSL 465 (to be discontinued in August, 2015- when last remaining clients are converted to TLS)
     
  • ALT SUBMISSION PORT TLS 587 [required of all MX servers per RFC 5068 (section 3.1)]
     
  • IMAP SSL 993 (to be discontinued in August, 2015- when last remaining clients are converted to TLS)
     
  • POP SSL 995  (to be discontinued in August, 2015- when last remaining clients are converted to TLS)
     
  • XMPP TLS 5222
     
  • XMPP ALT TLS 5223 (originally allocated by IETF to XMPP TLS and now discontinued because XMPP TLS has been standardized in port 5222)
     
  • XMPP TLS SERVER PORT 5269
 
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Bruce Barnes Replied
Here's more information on Outlook 2013. 
 
This issue has been around for a while, but is exacerbated in Windows 10:
 

Why is my IMAP account not working?

The IMAP implementation had quite some issues when Outlook 2013 got released initially. With update KB2837618 came a drastic amount of fixes and changes to improve the IMAP experience. If your version of Outlook is 15.0.4551.1004 or higher, you have the fixes applied.

However, a downside of this update is that it requires you to configure a “Root folder path” if your IMAP requires it. If you don’t set it, you could end up with folders not synching or not being visible at all.

You can set your root folder path via:
File-> Account Settings-> Account Settings…-> double click on your IMAP account-> button More Settings…-> tab Advanced.

For more details and background information see: Empty Inbox and other IMAP synching issues in Outlook 2013

Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
CCWH Replied
Thanks for all the replies and info.
 
Our servers are configured without SSL and have TLS 1/1.1 enabled and working.  However, I will take a look at the local IE TLS when testing next.
 
As this is an issue across IMAP and ActiveSync unsure if the Folder Path will be the issue as you cannot set this with the ActiveSync protocol.
 
I have just read that it could be an issue of the Win10 build which requires a System File Check scan (SFC /scannow)
 
 I will give it ago over the weekend.  In the meantime we have made all clients aware of the potential issues.
0
CCWH Replied
Unfortunately everything we have tried has failed for the ActiveSync accounts.
 
We have checked the local TLS/SSL as Bruce mentioned, however it was set correctly and no changes were required.
 
We have completed a SFC /scannow to no avail.
 
Unsure what this issue is....
 
HOWEVER - Bruce...for IMAP adding the 'Inbox' into the Root Path did allow sending for IMAP only accounts.  However this causes an issue as it then creates new sub-folders (Deleted/Sent Items etc.) under Inbox and no longer synchronises the other folders.
 
So...we have issues where ActiveSync does not work with Windows 10 / Office 2013 and IMAP can only send at the expense of losing the sync of the folders external to the Inbox.
 
Just to confirm, we have replicated the above issues on multiple devices after the Win10 upgrade.
 
Can anyone else confirm this?
0
Bruce Barnes Replied
If you want earlier Android devices to be able to connect, along with many of the legacy computers still in use, which are not capable of supporting TLS 1.1, to be able to connect, you will have to enable TLS 1.0 support enabled at the SERVER.
 
NOTE that doing so will fail your security scans if the same servers are used to support credit card transactions and your credit card processing accounts will be TERMINATED, not just shut down, but TERMINATED for failure to comply, if you have any credit card processing running on a server which supports TLS 1.0.
 
To support Windows devices, you will also have to have TLS 1.0 enabled on the local machines, as disabling TLS 1.0 on many windows devices inhibits connectivity to many encrypted servers.
 
Android devices below Android 4.4 are not capable of supporting TLS encryption higher than TLS 1.0.  There is no patch for this.  The only solution is for the CARRIER to push Android 4.4.
 
Many windows based devices are not yet capable of supporting TLS 1.1 or TLS 1.2.
 
Note that Outlook will have to be configured to use TLS as the encryption method under the ADVANCED settings tab.  Once you have disabled SSL, no SSL connections will work for Outlook accounts.
 
NO Windows XP devices are able to be patched - Microsoft is enforcing the retirement of all Windows XP machines.

Test the FQDN of the MAIL SERVER at https://www.ssllabs.com/ssltest/index.html to make certain you receive a passing grade.  The report will also tell you what you have open and, if your security is too low, what needs to be closed.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
CCWH Replied
Thanks Bruce.
 
We still support 1.0 for the time being.
 
All accounts are set to TLS.  However, ActiveSync accounts there is no Advanced in the config setup.  That might be the issue.
 
We have two issues...one is the IMAP sync and the other is the ActiveSync unable to send....but both will complete a successful test using the Outlook setup tool.
0
CCWH Replied
Just to note, our email servers all pass the SSL LABS tests.
0
Bruce Barnes Replied
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
CCWH Replied
We've tried that one Bruce. Sadly didn't work on either of the test kit.
0
Bruce Barnes Replied
Are you running the BETA or FINAL version of Windows 10?
 
As I understand it, you must uninstall the BETA and install the FINAL version for everything to work properly.  The BETA will NOT convert to the final version.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
CCWH Replied
No beta, these are only final devices.

Reply to Thread