Email account can't be added in Outlook

W

warg

Verified User
Joined
Nov 30, 2020
Messages
183
Hello,

I can log in to Roundcube and send/receive emails successfully. Now I tried to add my admin@ account as an IMAP account to my Windows Outlook client. I took the ports and SSL/security information from https://docs.directadmin.com/other-...tml#how-to-configure-thunderbird-email-client.

Outlook tells me that something went wrong (no useful error message). What could be the issue? I think the DNS records and ports are properly set up/open because otherwise I couldn't receive/send emails via Roundcube.

I also tried to use the "Download Outlook configuration" option in "E-mail accounts" page of DirectAdmin's user view. The registry entries were added successfully but I don't see the account in Outlook after restarting it nor does adding it work now.

I'm running latest DirectAdmin on Debian 11.

Thank you for your help.

Best Regards,
 
what are the setting of your imap ? did you use mail.domain.com or did you use the server hostname as send/receiving server ?
Without proper info is not easy to see the problem, start with testing your DNS settings (dnsinspect.com) and your email here : https://www.checktls.com/TestReceiver
 
These are the settings that the Outlook configuration download set ups (maybe it's for older Outlook versions only?):

1646399727751.png

The DNS server settings at my domain registrar:

1646400177877.png

This should be fine I think. The IP addresses are correct and the domain is of type "mail.domain.tld".

Regarding ports and SSL/TLS and STARTTLS I used the information from the link in my initial post.

Maybe this is some Outlook-specific problem like it assumes some wrong parameter?

Best Regards,
 
warg said:
but I don't see the account in Outlook after restarting it nor does adding it work now.
Click to expand...
But did outlook say it added the account? Seems a local problem to me. Normally Outlook adds the account and then complaints about passwords or other issues.

What version Outlook is this?
Did you try repairing Outlook already? You can do that via configuration and then programs and software, select the Office version and then on top don't selecte remove but select repair.
Be sure your Office applications are all closed before you do this.
 
No, Outlook did nothing. I think this option of DirectAdmin is deprecated/for older Outlook or Windows versions. I'm running newest Outlook from Office 365. I suspect Outlook just ignored the entries. I'm running Outlook version 2202 on Windows 11.

Outlook itself is working fine with other email accounts and that for a long time. So I doubt that Outlook itself is broken because adding it manually doesn't work as well.
 
warg said:
I also tried to use the "Download Outlook configuration" option in "E-mail accounts" page of DirectAdmin's user view.
Click to expand...
This might maybe not be 100% compatible.
However, that it works fine with other accounts, is no argument for not trying the repair option. I've seen myself more often that sometimes it needed repair in spite of the fact that it looked as if it worked fine.
Even recently I repaired mine because everything worked fine, but when starting it took a lot longer than normal. After the repair, it started fast again. So it does not need to be fully broken.

Try to make the account in Outlook manually as Directadmin works with RFC's as far as it's about e-mail, so same as others. There is no case of supporting older or newer versions.

It's still a local problem as DA does not create outlook accounts in your email client. You should even be able to create mail accounts in your Outlook when being offline, so that has nothing to do with DA.

Windows 11 does has some issues. I've seen that happening already on ICT forums with other mails too. So might be Win11 related too. Hard to say without proper error notices.

DA already works a long time correctly with Office 365 Outlook versions.

I would suggest removing the registry entry's first so they can't do harm anymore. After that, don not use that "download outlook configuration" anymore but just use the "add account" option in Outlook itself.
Doublecheck with the edit option what is done and entered.
 
I just found out that the default settings of Outlook (username admin@..., port 143 for ingoing and port 25 for outgoing SMTP, automatic or no encryption) works. So I suspect the encryption settings and/or port settings are wrong serverside. Any idea how I can check the ssl/encryption settings easily/quickest way? HTTPS is working fine on the webserver (although this means nothing for my email server of course). Let's Encrypt is being used.
 
Last edited:
I found the root cause of this . . . really stupid.

This did help:
./build set ssl_configuration intermediate
./build update
./build rewrite_confs
./build exim_conf
./build dovecot_conf
Click to expand...

Outlook doesn't support ssl_configuration set to modern . . .
 
That's odd. One would expect that a modern version would also support modern SSL.
Typical Microsoft. I will keep that in mind.

Thank you for reporting back! (y)
 
What did you change? I have MS365 on Windows 11 and everything worked fine for me. Was it just?

set ssl_configuration intermediate
 
Yeah, based on this write up, the TLS handshake is not the problem.

CustomBuild: ssl_configuration=intermediate setting will now also drop TLS 1.1 and older for exim and dovecot

If you're running a box with OpenSSL 1.0.2 or higher, any rebuilds of the exim.conf or dovecot.conf will include options to disable TLS 1.1. TLSv1.1 is EOL as of March 31, 2020. Windows 7 support ended on January 14, 2020. This is with CustmoBuild 2, rev 2404 and up: "./build version" If you...
forum.directadmin.com forum.directadmin.com


docs.microsoft.com

Preparing for TLS 1.2 in Office 365 and Office 365 GCC

How to prepare to use TLS 1.2 for all client-server and browser-server combinations in Office 365 and Office 365 GCC after support for TLS 1.0 and 1.1 is disabled.
docs.microsoft.com

"We have already begun deprecation of TLS 1.0 and 1.1 as of January 2020. Any clients, devices, or services that connect to Office 365 through TLS 1.0 or 1.1 in our DoD or GCC High instances are unsupported. For our commercial customers of Office 365, deprecation of TLS 1.0 and 1.1 will begin October 15, 2020 and rollout will continue over the following weeks and months.

We recommend that all client-server and browser-server combinations use TLS 1.2 (or a later version) in order to maintain connection to Office 365 services."

So saying this is a MS issue is not correct. I use Outlook 365 and didnt have to change anything.
 
Due to the fact that this is the only thing I have changed the chances are very high that this is the root cause of the error.

I'm not sure what you refer to: The quote is not relevant here because it's about connecting to Office 365 online services but that's not given here; I'm connecting to the dovecot/exim of my DirectAdmin instance.

The thread you have linked to is the one from where I found out how to fix this after I realized that some other email server test sites fail as well because they don't support TLS 1.3. Thus I tried to research whether Outlook does support it and the search results were quite useless. The only clear point was this one and then I just changed it to see if it works (watch out: It says outlook.com but maybe it's just client-side not supported, not server-side; I tried it after this link because I didn't see the ".com" part after the Outlook word):


Of course it could be caused by non-supported cypher suites as well but there is no way for me to find this out when Outlook just outputs some useless error text; one of the two things is enforced by this setting and not supported by Outlook.
 
Last edited:
Gotcha - so you're saying Microsoft has this double standard where they require others to connect to them using TLS 1.2 or higher, but Outlook requires TSL 1.0. Just making sure I understand. I must just be lucky because I did a clean install back in June and everything just works for me.

The ONLY reason I bring this up is because people in this thread are now saying that based on the evidence here, the answer is Outlook does not support anything higher than TSL 1.0. If you all are good with that, makes no difference what I think. But remember...

Correlation is not causation
 
BillyS said:
Gotcha - so you're saying Microsoft has this double standard where they require others to connect to them using TLS 1.2 or higher, but Outlook requires TSL 1.0.
Click to expand...
I think that's the confusion/misunderstanding here: Yes, Microsoft disabled TLS 1.0 and TLS 1.1 as you've mentioned. Beside of that, TLS 1.2 does work but it seems like "TLS 1.2 or later" ("or later" = TLS 1.3 at the moment) doesn't.

So this is just about TLS 1.2 vs. TLS 1.3 by having ssl_configuration set to "intermediate" (for TLS 1.2 and TLS 1.3) or to "modern" (for TLS 1.3 only).

Did you try to connect to your email account in DirectAdmin via Outlook with having ssl_configuration set to "modern"? (Don't forget to rewrite the configurations, I think)
 
BillyS said:
but Outlook requires TSL 1.0. Just making sure I understand. I must just be lucky because I did a clean install back in June and everything just works for me.
Click to expand...
No they do not require TLS 1.0 or TLS 1.1. But it seems at least outlook.com (so the webmail version) does not support 1.3 yet.

I just read somewhere on Microsoft that only "some" would support TLS 1.3 and now have a look what I found:
docs.microsoft.com

Protocols in TLS/SSL (Schannel SSP) - Win32 apps

The schannel SSP implements versions of the TLS, DTLS and SSL protocols. Different Windows versions support different protocol versions.
docs.microsoft.com

So it seems only in Windows Server 2022 and Windows 11 TLS 1.3 is supported. I think that's browsers.
I have a hard time finding anything about TLS 1.3 support in Office Outlook versions. Seems MS is not there yet.
 
For tls versions and also important Ciphers you have to change registry if needed in the MS OS as windows server or windows.

Only if you want a better higher security , ( for to old versions setting you have to do for complaince) also MS has some tools and web site with help for those.

But take care, id did years ago some for better security ( forcing to use and not to use) , then the auto update for some Microsoft products didn't work while their update servers where talking to old stuff. ( So for this is did the update's with complete download packages)
 
Thanks for the info @ikkeben. I wasn't aware of this details!

I think the support of Windows' TLS differs to the one of Outlook and at the moment it seems that there is only information for Windows out regarding TLS 1.3. I had a conversation with a Microsoft tech support person yesterday for 2 hours and there was no information he could provide. He will set up a test system with Windows 11 now and get back to me to see if it works from a technical view and he will try to find documentation about it although he doubts there is any. I think we will have some news regarding this in some days. For sure it's nothing we will clarify in 5 minutes research, sadly.
 
some info
( ah was looking for the older versions a tool i rememberd is offtopic but for who find this

Nartac Software - IIS Crypto

www.nartac.com www.nartac.com


www.paubox.com

How to check if Outlook is using TLS encryption

Microsoft's design is not quite as simple as Google's, and is different depending on which version you're using.
www.paubox.com www.paubox.com

docs.microsoft.com

TLS Cipher Suites in Windows 11. - Win32 apps

Learn about TLS cipher suites in Windows 11. Cipher suites can only be negotiated for TLS versions which support them.
docs.microsoft.com

docs.microsoft.com

Cipher Suites in TLS/SSL (Schannel SSP) - Win32 apps

A cipher suite is a set of cryptographic algorithms.
docs.microsoft.com

docs.microsoft.com

Transport Layer Security (TLS) registry settings

Learn about supported registry setting information for the Windows implementation of the Transport Layer Security (TLS) protocol.
docs.microsoft.com

microsoft schannel provider support of tls protocol versions


Versions of TLS supported by Office 365​

TLS, and SSL that came before TLS, are cryptographic protocols that secure communication over a network by using security certificates to encrypt a connection between computers. Office 365 supports TLS version 1.2 (TLS 1.2).

TLS version 1.3 (TLS 1.3) is supported by some of the services.
Click to expand...
docs.microsoft.com

Technical reference details about encryption

Learn about the various certificates, technologies, and Transport Layer Security (TLS) cipher suites used for encryption in Microsoft 365.
docs.microsoft.com

 
Last edited:
TLS version 1.3 (TLS 1.3) is supported by some of the services.
Click to expand...
Yep, same link and what I said in post #16. Only some of the services.

But there also seems to be a difference between the online outlook.com and Outlook 365 (c.q. Outlook from Office).
It was already stated by Microsoft that outlook.com does not support TLS 1.3 at this moment. So MS wants everybody to be modern and use SPF and DKIM and if possible DMARC and TLS 1.2 but they don't even haf TLS 1.3 working yet decently everywhere.
 
You must log in or register to reply here.
Back
Top