Posts Tagged ‘365’

Recently when a user tried to look at his Online Archive in Webmail the folder was missing. In Outlook 2016 ( NOT Outlook 2013 as this doesn’t support archive very well ) the folders were listed.

The issue is due to the folder count in Online Archives. The folder limit 10,000 and the current folder count was 15,000

Kindly refer to the below article for more information.

https://support.microsoft.com/en-us/help/2849181/some-folders-are-not-visible-in-outlook-on-the-web

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a user who’s accepted meeting requests were going straight to their Deleted items instead of being displayed in their Inbox

  • Checked in Mail and Calendars settings in Outlook which all were the default
  • Checked Delegate Permissions for the user
  • Check the Rules inside of Outlook Nothing there

Closing all Outlook windows and trying this again , the accepted meeting request still went the deleted items in Webmail which showed this was server side not Outlook/Client Side.  

Turns out there was a specific Webmail Server side Inbox rule/filter doing this which was not displayed in the Outlook Client. Disabling this resolved the issue

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

After deploying some sharepoint lists using Group Policy via Microsoft Outlook 2016/Account Settings/SharePoint Lists

The Lists would not add unless the user had clicked Allow to this error : 

Do you want to allow this website to open a program on your computer?

Image result for Do you want to allow this website to open a program on your computer?

From: companyweb

Program: Microsoft Outlook

Address: stssync://sts/?ver=1.1&type=tasks&cmd=add-folder&base-url=http%3A%2F%2Fcompanyweb&list-url=%2FLists%2FTasks%2F&guid=%7Bcf8bbfb4%2D575b%2D4dce%2Da800%2D5b34ac1786f1%7D&site-name=Corporate%20Intranet&list-name=Tasks

This error can stopped being displayed by deploying the below reg key : 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ProtocolExecute

Add Key stssync

In that Key Create a Dword :  “WarnOnOpen=dword:00000000.”

For this to apply to All users on the machine apply to the Key’s below

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\stssync

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\stssync

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Previously, we used a development instance of Azure AD Connect with a development Azure AD tenant to investigate the rules. However, Microsoft has created new functionality in the adfshelp.microsoft.com ADFSHelp Portal:

The ADFSHelp Portal in Microsoft Edge (click for larger screenshot)

ADFSHelp ToolsIn the Tools section, there is now a Claims Generator wizard labeled Azure AD RPT Claim Rules, that will help you get optimized claims rules for the ‘Office 365 Identity Platform’ RPT.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

In October Microsoft is shutting down TLS 1.0 and TLS 1.1 so we need to check Legacy decives that speak to 365 with protocols that use this like SMTP

https://dirteam.com/dave/2018/01/10/office-365-only-allows-tls-1-2/

TLS 1.2 Supported

Toshiba E-Studio MFD – Have checked with an Engineer, the device support all 3 version of TLS and will failover when required , no issue 

Veeam – This uses SSL not TLS 

DocuCenter-V and Above Supported ( needs latest firmware ) 

No TLS 1.2 Support

ApeosPort-IV C3371 does not support for TLS 1.2 as it only support to TLS 1.1 even after the possibility to upgrade to the latest firmware

TBC

Avaya IP Office 500 V2 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Make sure your Avaya phone system has been setup with a routeable DNS Server per http://pariswells.com/blog/random/avaya-ip-office-default-gateway

Create a user in 365 with a License 

On the IP Office under the SMTP Tab put the following:
Server Address – smtp.office365.com
Port – 587 – Mine was intermittently working with 25 so I switched it and it has worked on 587.
Email From Address – voicemail@company.com
Use STARTTLS – Checked
Server Requires Auth – Checked
Username – adminaccount@company.com
Password – admin accounts password
Use CRAM-MD5 – Unchecked

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

It is possible to disable certain autodiscover steps by creating DWORD entries in the HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Outlook\AutoDiscover registry key.

Note. <version> can be 16.0 for Outlook 2016, 15.0 for Outlook 2013 and 14.0 for Outlook 2010.

The following DWORD entries can be created:

  • ExcludeHttpRedirect
  • ExcludeHttpsAutoDiscoverDomain
  • ExcludeHttpsRootDomain
  • ExcludeScpLookup
  • ExcludeSrvRecord
  • ExcludeLastKnownGoodURL (Outlook 2010 version 14.0.7140.5001 and later)
  • ExcludeExplicitO365Endpoint (Outlook 2016 version 16.0.6741.2017 and later)

Add the DWord of 1 to any of the above to skip the check

Per here https://support.microsoft.com/nl-nl/help/2212902/unexpected-autodiscover-behavior-when-you-have-registry-settings-under

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

An email from this sender could not be delivered to your mailbox as it has failed DKIM verification. To comply with government security standards the ATO cannot accept emails that fail DKIM integrity checks because the email cannot be verified as genuine.

Currently there is an issue causing emails from organisations using Office 365 to fail DKIM verification.

Office 365 has implemented its own DKIM features and customers must ensure that outbound DKIM is correctly configured for their domain (DNS) and namespace (Office 356 Administration).

 

Resolution

How to enable DKIM on 365

You will need to enable DKIM outbound DNS Verification on either 365 

selector1._domainkey.domain.com
selector2._domainkey.domain.com

These need to point to 

selector1-domain-com._domainkey.onmicrosoftalias.onmicrosoft.com
selector2-domain-com._domainkey.onmicrosoftalias.onmicrosoft.com

Your onmicrosoftalias is the domain GUID and can be retrieved from the MX record for your domain

You then need to enable

View Powershell :  

New-DkimSigningConfig –DomainName domain.com –Enabled $true

Or through GUI : 

 

If you send out via another provider e.g. a spam filter you will need to check the method on the spam filter of enabling this

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When trying to add your email account to Outlook 2016 you get the follow error

an encrypted connection to your mail server is not available

365 is obviously  encrypted which means there must be something wrong with Autodiscover

  1. Check Autodiscover

Should be a CNAME to autodiscover.outlook.com. ( Put full stop on the end )

2. Make sure you have finished setting up the domain in 365 or it won’t listen for the domain

Test Autodiscover via : https://testconnectivity.microsoft.com/

Try logging in to powershell on your 365 Tenant and disabling OAuth2 (2fa ) 

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When trying to create an IMAP Mailbox Sync via Office 365 , I was getting the following Failed Error next to the Sync Status

TLS negotiation failed with status AlgorithmMismatch

The IMAP Server I was syncing from was using SSL  on port 993 however the SSL cert was self signed rather than from a proper cert authority

In the end I had to enable syncing through 143 Uncrypted or you can purchase a sign SSL cert for the migration

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)