Mailcow-dockerized: EAS / ActiveSync not working
Hello!
I just tried mailcow and everything works fine, but i can't get Outlook 2013 connected via EAS.
Outlook alway says, that it couldn't find the server, but i specified it in manually (i can provide a screenshot later).
In the SOGO-Log there's the following:
Any ideas?
Regards,
Aaron
chakotay94
All 7 comments
When commenting out Ciphers + TLS 1.2 in nginx config its working.
chakotay94
on 30 Apr 2018
I think we talked in IRC yesterday, right?
Yes, it seems to be the ciphers list and/or TLS 1.2 which Windows 7 dislikes.
andryyy
on 30 Apr 2018
TLS 1.2 needs to be manually enabled on Windows 7. That should be the preferred solution instead of re-enabling TLS 1.0/1.1 on the server.
You need the update from https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in and edit the registry keys as described there. I believe you also need to set these:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
@chakotay94, please test this and then submit a pull request to the documentation to explain what is needed to make Windows 7 work.
mkuron
on 30 Apr 2018
I had the same issue and could also fix it by commenting these lines
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
TLS 1.2 needs to be manually enabled on Windows 7. That should be the preferred solution instead of re-enabling TLS 1.0/1.1 on the server.
The problem is that I can't do that for every user and I can't ask them to do it themselves.
Windows 7 still has over 80% usage between my users, so its key that it works. Whats the recommended alternative to have nginx work with Windows 7?
Edit: The change came with f0df390d12fcda51139c0d47fdfee957197c653d, I suppose the older settings are still better/more secure than defaults?
Lennix
on 28 May 2018
Do you have an Active Directory network? Would it not be possible to set a GPO to automatically create those registry keys?
PocketNerdIO
on 4 Jul 2018
Sure it is. Just export them from one client where you have set them or do it using the GPO Registry Assistant.
Regards,
Aaron
Am 04.07.2018 um 11:17 schrieb urbangenie notifications@github.com:
Do you have an Active Directory network? Would it not be possible to set a GPO to automatically create those registry keys?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
chakotay94
on 4 Jul 2018
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 13 Oct 2018
Related issues
zkryakgul
·
3Comments
pgollor
·
3Comments
constin
·
3Comments
Braintelligence
·
3Comments
poldixd
·
3Comments
Most helpful comment
TLS 1.2 needs to be manually enabled on Windows 7. That should be the preferred solution instead of re-enabling TLS 1.0/1.1 on the server.
You need the update from https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in and edit the registry keys as described there. I believe you also need to set these:
@chakotay94, please test this and then submit a pull request to the documentation to explain what is needed to make Windows 7 work.