1. If you enjoy the forum please consider supporting it by signing up for a NES Membership  The benefits pay for the membership many times over.

  2. Dismiss Notice

TLS 1.2 Rendering Outlook Useless

Discussion in 'Off-Topic' started by Greschner 4, Feb 10, 2019.

  1. Greschner 4

    Greschner 4

    Joined:
    Jan 8, 2013
    Messages:
    2,819
    Likes Received:
    474
    Ran into a f***ed up situation with a few of my business laptops with Win 7, running MS office with Outlook 2010. To be clear, all these laptops run great with no issues.

    We use Mindshift (formerly 123together) for MS Exchange and were notified that older Outlook versions will not be supported due to TLS 1.2 compatibility issues? I don't understand the technical aspects, but are we supposed to load new OS and and current Office programs or buy new f***ing laptops? Any ideas? Would I face this issue with all Exchange providers? Originally, they were going live with the new protocol in December, but they got so much shit from subscribers they have put off implementation until April.
     

  2. brain_8972

    brain_8972

    Joined:
    Jul 2, 2018
    Messages:
    48
    Likes Received:
    46
    Location:
    MA
    I can't speak to all providers, but yes you would likely have this issue with others. I am guessing they are disabling TLS 1.0. While your provider likely won't support it if you have trouble, you can enable TLS 1.2 support for Windows 7/Outlook 2010: Outlook 2010 disconnected with TLS 1.2

    With that said, no guarantee this is what they are changing or that it will fix your issue. They might block older versions of Outlook outright if they feel like it to prevent dealing with problems.

    You can absolutely upgrade your Office version to a newer, supported version, but with Windows 7 support ending in less than a year, it may not be the best idea. Frankly, if it were me, I would move my email hosting and at least the Office subscription portion to Office 365, and plan on replacing those machines in the next 12-18 months. Microsoft is pushing Office towards a subscription model, which may cost you a bit more over the long haul, but you are guaranteed to always be on the latest version and eliminates the issue you are facing.
     
  3. Greschner 4

    Greschner 4

    Joined:
    Jan 8, 2013
    Messages:
    2,819
    Likes Received:
    474
    How about wiping the HD clean and loading Win 10 with Office 2019?
     
    blindfire likes this.
  4. snax

    snax NES Member

    Joined:
    Dec 1, 2009
    Messages:
    3,721
    Likes Received:
    2,396
    Location:
    LA - lowell area
    Is is an effort by Microsoft to force you to go to office 365?
     
  5. dw617

    dw617 NES Member

    Joined:
    Jun 5, 2013
    Messages:
    1,234
    Likes Received:
    341
    Industry wide shift to depreciate older and insecure TLS versions. It's not just MS.
     
  6. dw617

    dw617 NES Member

    Joined:
    Jun 5, 2013
    Messages:
    1,234
    Likes Received:
    341
    OP, you could get away with simply upgrading your Outlook client to 2016. Leave the rest. This would be a bandaid, as the Win7 OS is going End Of Life in Jan 2020.
     
  7. brain_8972

    brain_8972

    Joined:
    Jul 2, 2018
    Messages:
    48
    Likes Received:
    46
    Location:
    MA
    That would definitely solve the issue. Nothing wrong going scorched earth as long as the hardware is new enough to justify it and any software you need will run on Windows 10. The machines might even have upgrade rights to Windows 10 if they are recent.
     
  8. brain_8972

    brain_8972

    Joined:
    Jul 2, 2018
    Messages:
    48
    Likes Received:
    46
    Location:
    MA
    More of an industry wide depreciation of outdated and vulnerable encryption protocols.

    Now, Microsoft not guaranteeing releasing a version of Exchange after 2019....that is forcing people to Office 365!
     
    dw617 likes this.
  9. Rob Boudrie

    Rob Boudrie NES Member

    Joined:
    Apr 24, 2005
    Messages:
    32,797
    Likes Received:
    8,869
    A friend asked me to discuss the quote she received from a computer repair place for data restore/migration. They proposed a Windows 7 solution.

    At her request, I emailed the store with a few questions. One was "Why are you recommending Win 7 when the extended service life ends 1/14/2020 and the free update to Win 10 is long expired? Is there a reason, or is this a matter of moving old inventory?".

    She got a call - come get your computer. We will not touch it after that insulting email, and we will not refund the diagnosis fee of $50 you already paid.

    Yes, I am working on a nice Yelp and Google review.
     
    dw617 and fshalor like this.
  10. fshalor

    fshalor NES Member

    Joined:
    Jul 1, 2012
    Messages:
    2,090
    Likes Received:
    861
    Location:
    Portland, ME
    Any software which works on TLS 1 but can not support TLS 1.2 is basically garbage. You shouldn't trust your communications to garbage.

    And TLS 1 was supposed to be completely dead more than a year ago!
     
  11. namedpipes

    namedpipes NES Member

    Joined:
    May 7, 2008
    Messages:
    28,991
    Likes Received:
    10,751
    Location:
    PREM
    Outlook jumped the shark around 5 years ago.
     
  12. JayMcB

    JayMcB NES Member

    Joined:
    Aug 8, 2011
    Messages:
    9,906
    Likes Received:
    4,215
    Location:
    Metro-Worst, assachusetts
    Outlook '13, '16 and Office 365's flavor will all work.

    Ping Mindshit and see if they will provide a supported version of just outlook as part of their hosted exchange. If I recall right crAppriver used to give a bundled version of just outlook client. EDIT: they do, I have a copy of standalone '13 and '16 in a file share. I know at least '13 works with Win 7 as it is the flavor of client running on my Win7 VM

    Also, be happy it took this long, mindshit is way behind the 8 ball if they're just getting around to deprecating TLS 1.0

    Also your users can always use OWA if the client won't work.

    PM me if you can't figure out a fix, I can probably scare you up a copy of outlook client
     
  13. jrpascucci

    jrpascucci NES Member

    Joined:
    Mar 14, 2018
    Messages:
    137
    Likes Received:
    101
    Location:
    Milford, MA
    I know it's easy to say here from the cheap seats, and it's your business to do what you please, but, it sounds like you're so far behind the technology curve, you're probably losing money just due to it, and it seems to me like you don't know that.

    I'd buy some new laptops and/or invest in VDI (virtual desktop infrastructure). Regardless, you'll need to replace your laptops anyway, we've gone at least 3 semi-serious generations in technology since then.

    Now, if you go the second route (with VDI) you can get the cheapest reasonable ones you can find (i.e. 2 or 3 years old), and if you don't, the get the knee in the curve (about 9 months old). In either case, you'd best plan to upgrade every 4-5. Normal people do this as a rotation: 20%-25% of the devices in a year.

    You can continue being wed to Microsoft by running it in VDI, or you can just do other things that are actually more coherent for your purpose, and only use MS stuff when you absolutely need to, in its own little sandbox away from where the real work happens.

    Now, if you don't have people who can make force-multiplying use of newer technology, then you're definitely losing money in various (what would immediately be seen by young people as very stupid) ways.

    Having seen a number of such cases, the ultimate cost of being a business skinflint who doesn't hire at least one technically clever person and take their advice is that you get a dying business (and even if it appears to be growing, chances are it's actually dying). But, who knows, maybe you're planning on retiring in a year or two, and if so, who cares? Let it burn.
     
  14. namedpipes

    namedpipes NES Member

    Joined:
    May 7, 2008
    Messages:
    28,991
    Likes Received:
    10,751
    Location:
    PREM
    You can pry my Windows for Workgroups 3.11 machine from my cold, dead hands.
     
    MuzzleDiscipline and xero2099 like this.
  15. blindfire

    blindfire NES Member

    Joined:
    Jun 5, 2010
    Messages:
    14,840
    Likes Received:
    3,368
    No...it's security related. Anything older than TLS 1.2 is compromised. While it would take work to crack you TLS 1.0 - TLS 1.1 traffic, it is possible. So, vendors are slowly forcing people to TLS 1.2.

    I won't even mention TLS 1.3 and how quickly that is coming down the pipe. My company is already getting ticklers from our federal customers about supporting this. OpenSSL 1.1 barely came out a few months ago and people are already asking for it.
     
    snax likes this.
  16. JayMcB

    JayMcB NES Member

    Joined:
    Aug 8, 2011
    Messages:
    9,906
    Likes Received:
    4,215
    Location:
    Metro-Worst, assachusetts
    I also have clients that have expensive machines with 32 bit cards in them and the drivers won't work on anything newer than Win7 32 bit. Some of these machines will require high 6 figure replacements. I get the whole 1-14-20 thing to deprecate, but for those can't upgrade withspending 750k boxes, instead we're building out a no-internet VLAN or a DMZ off the LAN with zero net access for those to preserve their investment and they'll roll with them until the shit the bed
     
  17. Greschner 4

    Greschner 4

    Joined:
    Jan 8, 2013
    Messages:
    2,819
    Likes Received:
    474
    Thanks for the information. It appears I'm in the market for several laptops!
     
    jrpascucci likes this.
  18. drgrant

    drgrant Moderator NES Member

    Joined:
    Mar 21, 2006
    Messages:
    64,496
    Likes Received:
    19,207
    Do yourself a favor and get off Exchange and move on to something like Google apps are some other group platform that gets all that garbage off the computer.... all out house is going to do is cost you lots of money over the long term....
     
    jrpascucci likes this.
  19. blindfire

    blindfire NES Member

    Joined:
    Jun 5, 2010
    Messages:
    14,840
    Likes Received:
    3,368
    Compromise option would be OWA...but that is still requiring local resources to manage and maintain.
     
  20. JayMcB

    JayMcB NES Member

    Joined:
    Aug 8, 2011
    Messages:
    9,906
    Likes Received:
    4,215
    Location:
    Metro-Worst, assachusetts
    if it's mindshit, it's probably rebadged hosted exchange anyway.
     
  21. Prepper

    Prepper NES Member

    Joined:
    Apr 12, 2007
    Messages:
    16,795
    Likes Received:
    4,671
    Location:
    NH
    Is that really a good idea for business use? How does a company know Google isn't selling off the info from all the files in cloud storage to the Chinese?
     
  22. n1bsbri

    n1bsbri NES Member

    Joined:
    Dec 3, 2011
    Messages:
    3,124
    Likes Received:
    757
    Location:
    RI - but not on the island part
    My company (a large multi-national) has gone all-in for Google Apps. I know it was a carefully considered move when we ditched Microsoft a few years ago.

    We are not the only ones for sure.
     
    Prepper likes this.
  23. drgrant

    drgrant Moderator NES Member

    Joined:
    Mar 21, 2006
    Messages:
    64,496
    Likes Received:
    19,207
    Depends on the business but at least my customers don't have anything that the chinese would ever care about. I just know where I've rolled it out it massively reduced the headaches and costs associated with dealing with
    that crap... and at my day job we use it and it's probably saved dozens of man-hours of labor and support every year. If google is too objectionable I'd bet someone else has a similar cloud/web based groupware product.... anything, anything, to get that shit off the desktop. Excrement is a f***ing disaster. Even for private users the average MS excrement/outlook call I bill is $150 or more. Moving PSTs and Address books blows chunks, too, because its so f***ing clunky. In the old days of company wealth many places would hire an exchange administrator whose entire job was to run that crap, that should tell you how much it sucks. When my day job dumped exchange (and a companion shitty sun IMAP server) we went from 3 or 4 people wasting several hours each every week to one person doing 99% of the complicated admin shit a few hours a week (mostly mailing list crap etc) and helpdesk folks doing lower level stuff in seconds over the phone. Google apps also scales to handle retarded email loads, too. No deleting, or worrying about quotas or other garbage, it just works. If the data storage stuff is an issue I would look into their compliance and policy stuff. I know it was a concern where I work and after some negotiation the mothership approved it.

    My only real bitch with google apps is they change the f***ing interface like twice a year (and they force this) and this pisses off the users. They should support a user choice or something instead of pulling that "Linux" type bullshit where a UI change is forced...

    -Mike
     
  24. namedpipes

    namedpipes NES Member

    Joined:
    May 7, 2008
    Messages:
    28,991
    Likes Received:
    10,751
    Location:
    PREM
    You're the ones that wanted to run it on a fricken cluster! [laugh]
     
    drgrant likes this.
  25. drgrant

    drgrant Moderator NES Member

    Joined:
    Mar 21, 2006
    Messages:
    64,496
    Likes Received:
    19,207
    Thankfully I didn't have to deal much directly with the exchange part of the problem, although honestly the Sun IMAP bs in our particular case was worse. With exchange the system basically pointed a gun at the user and forced them to delete stuff, from what I recall, which self-controlled the carnage considerably. In IMAP land users did whatever the hell they wanted which caused huge problems... but it was still terrible, because we had to wean the exchange users off the "excrement crack dust" or whatever it was. The problem with "groupware" bs is it causes a dependency.

    As you know, though.... even MS Exchange is polite and cuddly compared to GOLDMINE. [rofl] If I ever get a call from that guy again and he asks me to work on goldmine I'm going to go "how about no".

    -Mike
     
  26. namedpipes

    namedpipes NES Member

    Joined:
    May 7, 2008
    Messages:
    28,991
    Likes Received:
    10,751
    Location:
    PREM
    It's been a long time since I did that sort of admin stuff, but IIRC the mail store back then was limited to 16gb. I don't think there's a meaningful limit anymore but believe me, I don't envy the Exchange guys at my current gig.
     
    drgrant likes this.

Share This Page