Global protect and Outlook 2016

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L7 Applicator

Are you still getting this message

 

"we are unable to connect right now. please check your network and try again later"

Highlighted

Yes, that's the error, tested it with ruleset permitting any generic users as suspected user-id mapping was causing anykind of slownes, but the status remains the same.

Highlighted
L7 Applicator

So do you still have a source user group in the policy. If so then set the source user to any and test again.

Highlighted

Yes, we did tried with a rule set having no source user/group attached, but no luck hence had escalated with MS Outlook if there are any latest bus on their office updates.

Highlighted
L0 Member

Any resolution to this issue?  We are running into this same issue with Prisma.

Highlighted
L1 Bithead

We have the same issue, but only if we use a full Globalprotect VPN and not if we use a split tunnel (default here).

I found out the reason is that the GlobalProtect network interface has no default gateway, but only routes are pushed.

Because of this, the Network Location Awareness service does not attempt to check if there is a connection to the internet.

 

Office programs rely on the NLA service and don't check themselves if they are online. Because of this, the apps assume they are offline when you are connected via GlobalProtect.

 

Other VPN service also have the same problem: https://superuser.com/questions/1447783/why-do-windows-10-apps-and-office-outlook-word-onedrive-etc-...

 

Our clients are asking if they can use the full VPN more and more, but with this problem we can't provide them with it..

Highlighted

Thanks for those pointers, we have this pushing with MS again, lets see how it turns out with NIC level modifications for the apps to work as expected.

Highlighted
L4 Transporter

Has anyone found a fix for this? I can confirm, with full tunnel VPN MS Office thinks there is no internet.  With split tunnel VPN MS Office can see that there is an internet connection.

Highlighted
L1 Bithead

Hi All

 

I had the similar issue and was able to to trace it down NCSI causing the problem, the probe HTTP was failing for me. You can check windows event logs to see if you are facing the same issue - Microsoft-Windows-NCSI/Operational

 

This is logged in the event it was failing:

Capability change on {57a83755-d89b-4a01-a72d-d4786875d856} (0x6008009000000 Family: V4 Capability: None ChangeReason: ActiveHttpProbeFailedButDnsSucceeded)

 

I need to allow "www.msftconnecttest.com" this site access in pre-logon policy.

 

For more info check this blog

https://support.microsoft.com/en-us/help/4494446/an-internet-explorer-or-edge-window-opens-when-your...

https://www.ghacks.net/2014/02/07/disable-customize-windows-internet-connection-test-improve-privacy...

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc766017(v=ws.10)?re...

 

 

I hope this helps fix your guys issue

 

RJ

Highlighted

Yes, we had similar tweak done under the Enforce GlobalProtect Connection for Network Access option under app in the GP agent profile by excluding the NLSA lookup DNS IP of Microsoft. We are still testing it though.

Split tunneling would eliminate this issue completely again, the above option we are testing with is very much in line with split tunneling

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!