This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Global protect and Outlook 2016
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- Re: Global protect and Outlook 2016
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-04-2019 06:07 AM
Recently we observed an issue for users on GP and using outlook.
When the GP is etablished and if the user launches Outlook in less than 1 min the outlook throws the error
"we are unable to connect right now. please check your network and try again later"
The same user once connected to GP and tried to launch post 1 min the outlook works fine
I am unable to link to GP or generic Outlook behaviour, any pointed from the community is highly appreciated.
27 REPLIES 27
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
12-18-2019 12:20 AM
We have the same issue, but only if we use a full Globalprotect VPN and not if we use a split tunnel (default here).
I found out the reason is that the GlobalProtect network interface has no default gateway, but only routes are pushed.
Because of this, the Network Location Awareness service does not attempt to check if there is a connection to the internet.
Office programs rely on the NLA service and don't check themselves if they are online. Because of this, the apps assume they are offline when you are connected via GlobalProtect.
Other VPN service also have the same problem: https://superuser.com/questions/1447783/why-do-windows-10-apps-and-office-outlook-word-onedrive-etc-...
Our clients are asking if they can use the full VPN more and more, but with this problem we can't provide them with it..
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-13-2020 08:50 AM
Thanks for those pointers, we have this pushing with MS again, lets see how it turns out with NIC level modifications for the apps to work as expected.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-06-2020 01:42 PM
Has anyone found a fix for this? I can confirm, with full tunnel VPN MS Office thinks there is no internet. With split tunnel VPN MS Office can see that there is an internet connection.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-06-2020 10:33 PM
Hi All
I had the similar issue and was able to to trace it down NCSI causing the problem, the probe HTTP was failing for me. You can check windows event logs to see if you are facing the same issue - Microsoft-Windows-NCSI/Operational
This is logged in the event it was failing:
Capability change on {57a83755-d89b-4a01-a72d-d4786875d856} (0x6008009000000 Family: V4 Capability: None ChangeReason: ActiveHttpProbeFailedButDnsSucceeded)
I need to allow "www.msftconnecttest.com" this site access in pre-logon policy.
For more info check this blog
I hope this helps fix your guys issue
RJ
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-07-2020 12:57 AM
Yes, we had similar tweak done under the Enforce GlobalProtect Connection for Network Access option under app in the GP agent profile by excluding the NLSA lookup DNS IP of Microsoft. We are still testing it though.
Split tunneling would eliminate this issue completely again, the above option we are testing with is very much in line with split tunneling 🙂
Related Content
- URL Filtering is not working for Global Protect users in Next-Generation Firewall Discussions
- Is it possible to monitor average/min/max latency to Global Protect clients connected to a PAN 3220 or VM PAN? in General Topics
- Global Protect Hip check doubt in General Topics
- Anyone got Global Protect 6.1.0 for Linux to work on Ubuntu 22.04? in GlobalProtect Discussions
- Need to Allow user to uninstall Global Protect with a Password in GlobalProtect Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks