Unable to connect to mail servers using Outlook on Windows 7 or 8 Print

  • Email, security, TLS
  • 6

Problem Description

You are unable to connect to our mail services while using Windows 7 or Windows 8.0.

Our servers require TLS 1.2 or newer. Unfortunately, users of Windows 7 and 8 (NOT 8.1) are likely to experience connection errors if they are using Outlook or Windows Mail as those mail apps make use of the WinHTTP (schannel) libraries which don't support TLS1.2 by default.

Please Note: the Windows Mail app that's built in to Windows 8.1 for some reason does not use the built-in schannel system that Outlook and Internet Explorer use. Why Microsoft would rely upon a completely different, and apparently inferior, library for security than the one that's built into their own OS is beyond us. Unfortunately the Windows Mail (but not Windows Live Mail -- that's a different app) security library only supports up to TLS 1.0 -- if you are using Windows Mail on Windows 8.1 or earlier, you will need to change mail apps to Outlook or Thunderbird, or any other app that uses TLS 1.2, in order to resume connectivity to our servers.

Problem Resolution

You will need to apply updates or patches to add support for TLS 1.1 and TLS 1.2 in the WinHTTP/schannel libraries, then you may also need to manually enable those functions.

It's important to note that if you're not at least a little comfortable editing your windows registry, you will need to either upgrade to Windows 10 or install and use a different mail app (Thunderbird?) as most other mail clients will include their own security libraries instead of relying on WinHTTP/schannel and therefore will support TLS1.2+.
  1. Update Windows using Windows Update and download/install all important updates. You will likely need to install updates, then check for updates again repeatedly until Windows Update shows no more updates available. For windows 7 is important that you install Service Pack 1. Specifically make sure you install KB3140245 and reboot the computer.
  2. Download and install the EasyFix patch found here
  3. Click the Start button > Search for Execute, Type Regedit and press Enter to access Windows Registry. Follow these steps:
    1. Check this registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols
    2. Under the Protocols key, add a key called “TLS 1.2” Inside this key add another key called “Client“. Now create a DWORD value under Client called “DisabledByDefault” whose value is 00000000.
    Alternately you can use this registry file to add the required items to your registry. If your browser won't let you download a .REG file, you can download this file, open Regedit, and go to File->Import and select the file.
  4. Reboot the computer
  5. Check to be sure TLS 1.2 is now enabled:
    1. Open the Start Menu.
    2. Search for “internet options”
    3. Click on the search result titled Internet Options
    4. Navigate to the Advanced section
    5. In the area under Settings, scroll down to the Security section and make sure that the Use SSL 2.0, Use SSL 3.0, and Use TLS 1.0 options are disabled (don’t have a checkmark beside them) and that the Use TLS 1.1 and Use TLS 1.2 options are enabled (have a checkmark beside them).
    6. Click on Apply, then click on OK
  6. Restart your computer again
  7. Start Outlook.

Source


Was this answer helpful?

← Back