Global protect and Outlook 2016

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global protect and Outlook 2016

Recently we observed an issue for users on GP and using outlook.

When the GP is etablished and if the user launches Outlook in less than 1 min the outlook throws the error

"we are unable to connect right now. please check your network and try again later"

The same user once connected to GP and tried to launch post 1 min the outlook works fine

I am unable to link to GP or generic Outlook behaviour, any pointed from the community is highly appreciated.


Yes, outlook is cloud based hybrid connections. logically the connection would take a min to be established post GP is connected and outbound access is user-id specific.

does user-id mapping takes close to a min to complete? i ran fw tests under a min trying to launch outlook and it does fail.

But the version on GP reminded with no recent upgrade, all i can pin is the latest office update the end user machine team did.

user ID is almost instant...  but it will not take place until an event such as a drive mapping or domain authentication takes place.

this triggers an event to be written to the AD security log which includes the AD user ID and his/her/it's IP address. this is what the agent collects.


there are other options like device probing WMI stuff but i cannot help with this...  


we allow access to all microsoft URL's without user ID required, that may be one option, or perhaps run a post VPN script that is included with GP such as GPUpdate...   thats assuming mapping latency is the issue here...


also...     set your mapping timeout higher... some suggest 8 to 12 hours but we use 24. 


Well, i did test the connection to Microsoft URL's as a non user-id specific connection with a dedicated rule with source user group.

 The status is remaining the same, post GP connection comes live, the outlook once launched works fine post 1 min of GP establishment, but fails to authenticate outlook and prompts password if attemted within 1 min of GP coming up.

p.s. taken off any SSL decryption that were currently in place assuming decryption was playing any part.

is this new..


"and prompts password if attemted within 1 min of GP coming up."


as this was not mentioned in your first post...

Yes, if outlook launched within 1 min of GP coming up the outlook says its offine and needs password (i.e., AD logon) to pass through

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!