Microsoft Outlook - "Can not connect to server" after latest Windows update patches

EQ Admin

EQ Forum Admin
Staff member
It is being reported in May 2015 that there is a new patch from Microsoft breaking users that use Microsoft Outlook and have their settings configured to use POP3+SSL (port 995) or IMAP+SSL (port 993) in their settings.

It may only affect Microsoft Outlook when configured to use non-Microsoft email services.

To fix the problem you can pick one of the following options:
  • Do a system restore to a point in time before the updates were installed
  • If your email service supports unencrypted ports, change to POP3 (110) or IMAP (143)
Update: The long term fix is for your service provider to upgrade their certificates with keys that use the current standard key length of 2048 bits.
 
Last edited:

EQ Admin

EQ Forum Admin
Staff member
I spoke with Office 365 support and they're not aware of the issue, but they also stated they don't have visibility into Microsoft Office or Windows Update problem reports.
 

EQ Admin

EQ Forum Admin
Staff member
Here is the Microsoft support page for this issue - Microsoft Security Bulletin MS15-055 - Important

The problem is appears with Microsoft Outlook trying to connect to IMAP servers with SSL that doesn't support key lengths of at least 1024 bits.

Microsoft appears to have made a reasonable update, but some email service providers may need to upgrade their IMAP and/or SSL to avoid problems.
 

EQ Admin

EQ Forum Admin
Staff member
Here is a response from an ISP (possibly a web hosting provider) that was impacted:

This week we were made aware of a widespread issue where customers using Outlook as their email client were unable to receive email via both POP and IMAP. The problem is specifically related to the latest Outlook update provided by Microsoft. Basically, Courier authlib uses a DH key to encrypt communications once connections are established. The RPM for Courier that was shipped prior to cPanel 11.46 sets the key length at 768 bits. The latest Outlook update disallows the use of any DH key less than 1024 bits, so the resolution is to simply regenerate the key at > 1024 bits. Please note this has nothing to do with the shared SSL certificate that is installed on all of our shared servers. It's a different key pair. All shared, VPS, and dedicated servers have been updated to use a key size of 2048 bits. Customers experiencing a problem may need to restart Outlook before they can connect again.
 
Top