Error when using SMTP with TLS (Windows 8, Outlook 2013)

Hi

I used to be able to use a Hotmail (now outlook.com) account with Outlook 2013 x64 using the SMTP settings as follows

SMTP Server: smtp.live.com
Port 587
Type of encrypted connection: TLS

This used to work fine until now and there is another account (non-hotmail, non Microsoft) using the same settings and still works. The Hotmail account cannot send anymore. Reception still works.

Sending an email with the Hotmail account fails.

In Outlook when testing the account settings, I get:

Send test e-mail message: The connection to the server was interrupted. If this problem continues , contact your server administrator or internet service provider (ISP).

In Outlook when sending, I get:

Task '...(at)hotmail.com - Sending reported error (0x800CCC0F) : The connection to the server was interrupted. If this problem continues, contact your server administrator or Internet service provider (ISP).'

Windows 8 Pro x64
Outlook 2013 x64

Internet Options (Internet Explorer)
unchecked: SSL 2.0
checked: SSL 3.0, TLS 1.0, TLS 1.1 TLS 1.2

Tried without success:
Disabling the Windows Firewall
I thought I was related to
Schannel Event ID 36871 but it doesn't seem to be.

The cause of this error is that I applied the SCM (Security Compliance Manager) Windows 8 baseline that changed a bunch of Group policy settings but I dont know which one is causing the SSL error.

I need help with tracing the error please.



September 25th, 2013 2:53am

Turns out it is

System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"

as found in

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

which as per description does

This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite.

that needs to be disabled for Outlook.com's SMTP TLS to work.

or, looking at the registry: FIPSAlgorithmPolicy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy/Enabled

Which raises the question

Why is it that Outlook.com/Hotmail does NOT have FIPS compliance whereas my other free email provider does?!


Free Windows Admin Tool Kit Click here and download it now
September 25th, 2013 8:07am

Hi,

Thank you for sharing your experience and discovery here. For the raised quesion, it seems to be related to security problem. Better to post it to security forum or Windows live forum

http://social.technet.microsoft.com/Forums/en-us/home?forum=australiasecurity

Thanks you for you understanding.

Tony Chen
TechNet Community Support

September 30th, 2013 2:07am

Hi,

I did post this in the Windows 8 Security forum as it seemed appropriate at the time given the little information I had about the error.

It was moved by a mod to here as I added more information.

It is clear now that it is not a Windows issue and not an Office or Outlook 2013 issue. It is an issue of the outlook.com email accounts.

I would like to post the issue there but could not find that support forum/area. I am positive they exist as I have been there when I had issues with the transition from Hotmail to outlook.com :-)

Perhaps you could point me to that outlook.com support or move my post there?

Free Windows Admin Tool Kit Click here and download it now
September 30th, 2013 2:46am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics