Outlook 2016 unable to open while on GlobalProtect

Reply
L1 Bithead

Outlook 2016 unable to open while on GlobalProtect

Anyone else experiencing issues with Outlook 2016 being unable to open while on GlobalProtect?  We have sporadic windows 10 pc's with this problem and all windows 7 pc's have this issue.  When we disable GlobalProtect and start Pulse Secure (our legacy VPN agent), Outlook opens right up and connects.  We have a ticket open, but I'm guessing TAC is slammed right now.

Cyber Elite

Hello,

Are you using split tunnel VPN or full tunnel? What do the traffic logs say with regards to the traffic, allow/deny? My guess is that it might be denied?

 

Regards,

L1 Bithead

We're currently running split-tunnel, but the split tunnel is only to exclude a few domains not related to O365.  I'm not finding ANY denied logs.  We even added FULL internet access based on any, any, any with no IPS, URL, etc.  Still failed.

L0 Member

 Is there any finding as to the issue?  We have the same problem with some clients whereby you need to disable global protect and start outlook first.  Thanks

L1 Bithead

root cause:

we are running into this issue quite long.                                                                                                                                                    Root cause:The NLA/NCSI is confused and incorrectly assumes there is no active internet connection because the VPN adapter does not have an explicit default gateway IP defined.


Workaround we tried still testing though
1-Change the NLA under services to automatic delayed start ( so it takes some secs to start rather than automatic)
2->As Both of these rely on there being a default gateway specified for the current active Internet connection for them to successfully report the connection is up, I added default gateway “192.168.0.1" on my wifi network.( and added NLA and NLC ip are added to Allow traffic to specified hosts/networks when Enforce GlobalProtect Connection for Network Access is enabled and GlobalProtect Connection is not established )

3->if you hv pre-logon you would need to allow NLSA on pre-logon policy as well.

 

Type of Request that NCSI Sends

msftconnecttest.com
dns.msftncsi.com

L0 Member

Hello,

 

Any news about this issue ? We have also this issue, we have a default route but we exclude private network from the tunnel. Outlook cannot connect (GP enforce network access is disabled).

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!