Uncategorized

After migrating an e-mail account to Microsoft 365, or setting up a new account in Outlook 2010/2013/2016/2019/ Office 365, often times we find users unable to connect or – or Outlook’s web services don’t work as expected.

For example, when adding a new account, autodiscover will time out, saying it can’t contact the server giving the following message :

Outlook cannot log on. Verify you are connected to the network and are using the proper server and mailbox name. The Microsoft Exchange information service in your profile is missing required information. Modify your profile to ensure that you are using the correct Microsoft Exchange information service.

This, despite Microsoft’s (very useful) Remote Connectivity Analyzer reporting no configuration issues with Autodiscover, and being able to connect successfully using MS Activesync.

The issue we see here, is that Outlook is pre-configured by Microsoft 365’s profile configuration to prefer only M365 sources for autodiscover – ignoring DNS settings and local XML files.

This behavior is regulated by the registry, specifically keys under the Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\XX.0\Outlook\AutoDiscover location. XX.0 will vary, depending on the version of Office you have installed. Examples of these keys are :

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover]
"ExcludeLastKnownGoodUrl"=dword:00000001
"ExcludeHttpRedirect"=dword:00000001
"ExcludeScpLookup"=dword:00000001
"ExcludeHttpsRootDomain"=dword:00000001
"ExcludeSrvRecord"=dword:00000001

By toggling these switches to “0” – or “do not exclude” these autodiscover sources, Outlook connectivity to on-premise or 3rd party Exchange providers will be restored.

More detail available via Microsoft at the following KB’s :

https://support.microsoft.com/en-us/topic/after-migration-to-office-365-outlook-doesn-t-connect-or-web-services-don-t-work-3d9df009-597b-5d75-460c-4b7c64c833a1

https://support.microsoft.com/en-us/topic/outlook-2016-implementation-of-autodiscover-0d7b2709-958a-7249-1c87-434d257b9087

Many of Euclid Networks’ clients approach us, regularly asking for feedback on the validity of e-mails and mails they have received. Most typically, scammers have targeted a business owner, or senior partner – and are attempting to gain access to the company’s computer network.

In some cases, the attack is not targeted directly at the servers or network itself – but rather the employees themselves in an attempt to bypass all security measures that have been put into place. These attempts often appeal to authority – either by impersonating senior members of staff – or by appearing as credible communications from outside vendors or service providers.

The most recent attempt we’ve seen along these lines is a scam being run in states nationwide, where a sender impersonates a state’s department of revenue / licensing office – example below.

The above document shows a scam being run in Hawaii, but in Atlanta, Fulton County, and Georgia as well, similar schemes have been set up.

On the document we were asked about, an entity calling itself “C.P.F.S , 4279 Roswell Rd. NE – #208-339, Atlanta, GA 30342” requested payment on a “2020 – Annual Registration Instruction Form” for Georgia LLCs.

How to Spot Misleading Communications

The key indicator that a solicitation is not a valid request can be found in the fine print. By law, the soliciting company (the company that sends out these mailings) must include some variation of the following disclaimers:“SOLICITING COMPANY is not a government agency and does not represent a government agency.”

“SOLICITING COMPANY is not a government agency and does not have a contract with any government agency to provide this service.”

“SOLICITING COMPANY is not a government agency and is not affiliated with the Secretary of State or any other government agency.”

In this case, it’s relatively easy to spot – but in other cases, where businesses and their IT systems have been targeted by more malicious actors, the consequences can be more dire! Having a trusted technology partner on your side can help prevent targeted attacks – and when your business comes under attack, you’ll have someone in your corner to help fight back.

If you have been a victim of a mailing like the one we highlighted today, we strongly encourage you to report these misleading solicitations to the Secretary of State or Attorney General of the state where your business is registered. Many of these offices have been cracking down on those entities sending out fraudulent mailings, enforcing heavy fines and even taking legal action.

Also contact the Secretary of State or Attorney General if you have remitted payment in response to a solicitation that you suspect was fraudulent. You may be able to have your money refunded.

For more information and to contact the Georgia Secretary of State, you can visit :

https://sos.ga.gov/index.php/corporations/kemp_warns_businesses_about_scam_mail