Issues with connecting Microsoft Outlook to Microsoft Exchange after installing Cumulative Update 14

Support

Support for business applications

Kaspersky Endpoint Security 11 for Windows

Issues with connecting Microsoft Outlook to Microsoft Exchange after installing Cumulative Update 14

Latest update: May 22, 2024 ID: 16046

Show applications and versions that this article concerns

Kaspersky Endpoint Security 12.5 for Windows (version 12.5.0.539)
Kaspersky Endpoint Security 12.4 for Windows (version 12.4.0.467)
Kaspersky Endpoint Security 12.3 for Windows (version 12.3.0.493)
Kaspersky Endpoint Security 12.2 for Windows (version 12.2.0.462)
Kaspersky Endpoint Security 12.1 for Windows (version 12.1.0.506)
Kaspersky Endpoint Security 12 for Windows (version 12.0.0.465)
Kaspersky Endpoint Security 11.11 for Windows (version 11.11.0.452)
Kaspersky Endpoint Security 11.10 for Windows (version 11.10.0.399)
Kaspersky Endpoint Security 11.9 for Windows (version 11.9.0.351)
Kaspersky Endpoint Security 11.8 for Windows (version 11.8.0.384)
Kaspersky Endpoint Security 11.7 for Windows (version 11.7.0.669)

Issue

After installing Cumulative Update 14 (KB5035606) for Microsoft Exchange 2019, released in February 2024, or later updates on Microsoft Exchange servers, users with Kaspersky Endpoint Security for Windows installed experience issues with mail performance.

The Microsoft Outlook mail client asks for credentials to connect to Microsoft Exchange or warns that the Microsoft Exchange server certificate is invalid.

Cause

Cumulative Update 14 and later updates by default include extended device authentication mode — Extended Protection in Exchange Server. This mode protects network traffic between the mail client and Microsoft Exchange servers from interception with a fake certificate.

Kaspersky Endpoint Security for Windows decrypts and analyzes protected traffic when encrypted connections scan is enabled.

For these technologies to work together, additional configuration of Kaspersky Endpoint Security for Windows may be required.

Solution

Open Kaspersky Security Center.
Click the Administration Server and go to Policies.
Select the policy that manages devices with Kaspersky Endpoint Security for Windows installed.
Go to General settings→ Network settings and select Advanced settings.
Check the value set in the When encrypted connections scan errors occur parameter. For more details about the parameter, see Online Help.
- If the Add domain to exclusions value is set, Kaspersky Endpoint Security for Windows will automatically add addresses and ports of Microsoft Exchange servers to the list of local exclusions Domains with scan errors and will not block connection to Microsoft Exchange.
- If the Block connection value is set, add the exclusion manually:
  1. Open the Trusted addresses list in the Network settings of Kaspersky Endpoint Security for Windows.
  2. Add all Microsoft Exchange host connection addresses to the list.

What to do if the issue persists

If the issue persists, use these recommendations and submit a request to Kaspersky Technical Support via Kaspersky CompanyAccount.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Kaspersky Endpoint Security for Windows: Detection of advanced threats

Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.