Outlook 2013: MailTips, OOF, Free/Busy Availability all failing to pull from Exchange 2010 server

Question

QUESTION:

How can I troubleshoot and fix Outlook 2013 Clients so that they can pull MailTips, set Out of Office notifications (Automatic Replies), and see Free/Busy availability?

DETAILS:

The server is Exchange 2010 build 14.03.0361.001 running on Server 2008R2. Outlook 2016 works 100%, with no problems. All features work from OWA. This would suggest that the server is capable of serving Exchange Web Services (EWS). Users who are on Outlook 2013 or below cannot see MailTips, OOF, Free/Busy Availability. I've found that there are a large number of causes for these errors. I'm interested in the behavior difference in Outlook 2016 that would allow it to pull from the server when 2013 clients cannot.

RELATED ERRORS:

When attempting to set Automatic Replies (Out of Office)

"Your automatic reply settings cannot be displayed because the server is currently unavailable"

When writing a new message

"We can't show MailTips right now"

When attempting to schedule a meeting

"Suggestions cannot be provided because free/busy data could not be retrieved."

Scheduling Assistant shows "No Information" for all invited attendees.

WHAT I HAVE TRIED:

• I have gone through all the AutoDiscover\AutoConfiguration troubleshooting and I have found that all of my URLs are correct and AutoDiscover works fine.
• I have ensured that DNS is set up correctly with SRV records for AutoDiscover.
• I have tested the URLs in AutoDiscover from affected clients and they can pull the XML files with no problem.
• I have tried creating new Outlook profiles on affected systems.
• Rebuild the EWS Virtual Directory on the Exchange server
• I have read through countless articles and searched all the forums, both official and rando.

Answer 1

I found my solution. It's not something easy for an outside party to diagnose but the answer might help someone else who is in the strange situation I am. Using wireshark I analyzed an OOO request and I found 3 sets of “Client Hello” packets with a server response of “ACK RST”. This suggested to me that it was a secure channel negotiation failure. I noticed that my Client hello was TLS v1.0 and that got me wondering why it wasn’t using TLS v1.1 or 1.2 which led me to the answer. Office 2013 running on Windows 7 can't communicate via TLS v1.1 or v1.2 without a special patch.

SOLUTION:

1. Determine which TLS versions you want to enable, and determine the corresponding value for DefaultSecureProtocols (which we will add shortly):

    For only TLS 1.1 and 1.2, the value will be 0xA00
    For TLS 1.0, 1.1, and 1.2, the value will be 0xA80  
   

2. Install the KB3140245 update, either via Windows Update -- it's available as an Optional Update, or obtain via the Microsoft Update Catalog and deploy as you would any other updates (SCCM, etc.).

3. Create a DWORD value called DefaultSecureProtocols in both of the following locations and set its value to the value determined in Step 1:

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
   HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
   

4. Create a DWORD value called DisabledByDefault set it to 0 in the following locations:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
   

SOURCE:

https://blogs.technet.microsoft.com/schrimsher/2016/07/08/enabling-tls-1-1-and-1-2-in-outlook-on-windows-7/

KB3140245 UPDATE:

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in