SmarterMail Outlook Mobile Cannot Connect to IMAP

Screen Shot 2020 10 28 at 01.24.19

Outlook Android or iOS cannot make an IMAP Connection to SmarterMail

Okay, so this problem is a little bit weird. And it probably applies into other email server technologies. In this particular case, smarter mail runs on a Windows server. And I suspect it’s more likely that this problem occurs with window service. Here is what we noticed and how we fixed it.

Using only the mobile versions of Microsoft outlook. We found we were unable to create an account that should be able to connect to an IMAP account. The email account using IMAP could be connected using other email clients. For example Mac mail, or the native mail app in iOS.

When attempting to use the mobile version of Outlook, it simply said after entering all of the correct details, but a connection could not be made to the server. After a hell of a lot of mucking around, we were able to determine that this is caused by the fact that TLS 1.1 was available on the server. And outlook is programmed, or at least the mobile version of Outlook is programmed to funk out with TLS 1.1 due to the fact that it is it technically no longer supported technology as it is less secure.

This is an example of a failure message:

Outlook TLS 1.1 Failure IMAP

The solution in this case is to disable TLS 1.1 on the server. Remembering that it is a Windows server we are dealing with, it is actually pretty easy to do.

The Fix

Firstly let’s confirm that it is the problem that you are experiencing on your server. Go to this URL and enter the host name for the server that you would like to test.

https://www.ssllabs.com/ssltest/analyze.html

You will probably notice is that you receive a message saying that this server supports TLS 1.1 grade captain to B

TLS 1.1 Grade Capped to B

 

Assuming that you receive a result it looks something like this. We next need to implement the solution.

Download and install NARTAC Software (yes it is safe) from here: https://www.nartac.com/Products/IISCrypto/Download

NARTAC Disable TLS 1.1.

Will probably find it will look something like this when you run it, but with more of the Server protocol selected.

The easiest way to get the result we are after is to use the templates that are pre-selected. I have templates like best practice, server defaults, strict, and in our case the one we want to use his PCI 3.2 compliant.

PCI 3.2 Compliant on SmarterMail

Apply, and reboot the server.

Then repeat the test at: https://www.ssllabs.com/ssltest/analyze.html by using the “Clear Cache” on the page of results. It should run the test again and give a result that is “A” grade.

SmarterMail with TLS 1.1 Disabled

This should now allow outlook to connect to the smartermail server as the disabling of the TLS 1.1. will enabled the previous failure to be solved.

Leave a Reply

Your email address will not be published. Required fields are marked *