May 19 2023 03:32 PM
when running office365 network checker, I get:
"Unable to connect to origin. Inner exception message:
The SSL connection could not be established, see inner exception." pops up immediately.
3rd party apps work fine. I am writing this on the machine.
I suspect it is a certificate issue or HTTPS issue with Microsoft?
Windows 11 22h2 has issues as well. Microsoft store error 0x800704cf
windows update/defender updates error
Feedback Hub: error (I was on beta build of 22h2. I upgraded to official 22h2, same issue)
windows update: error 8000704cf
windows 22h2 upgrade didn't fix it
no hosts. file
disabled all 3 firewall profiles
ran 4 online scanners for rootkits and such
Malwarebytes no problems
boot to safe mode - same issue
logged in as admin same issue
reset network from windows, no joy
tried 1.1.1.1 DNS, tried ISP default fiber DNS.
ran checkdsk, SFC /scannow, DISM no errors
this is a prod system running VMs and many services. reinstalling windows is last resort.
any advice is GREATLY WELCOME
May 20 2023 09:17 PM
Are you saying Microsoft 365 network connectivity test tool? If yes, may refer to assistant for the setup:
May 21 2023 01:47 PM
May 27 2023 10:55 AM
May 31 2023 04:16 AM - edited May 31 2023 04:17 AM
Hi @CoCoKola ,
When the error pops up, is there any other message below "Unable to connect to origin. Inner exception message: The SSL connection could not be established, see inner exception."?
Jun 01 2023 01:50 PM
Jun 02 2023 12:35 AM - edited Jun 02 2023 12:36 AM
I'm trying to find the root cause of the issue. Could you please help me with the following two questions first?
1. Are you using a proxy to connect to the Internet?
2. Could you please try downloading the standalone connectivity test tool to see if we could get the whole error message? It works quite similarly to the desktop application but in a console.
The standalone rich client could be downloaded here: https://connectivity.office.com/api/AnonymousConnectivityTest/DownloadStandAloneRichClient
After the download is finished you could simply click it and see if the same issue shows up again and if there's more inner error message. There will be consent required after executing the console.
If you run into some problems when using the standalone rich client, here're guidelines for it: https://learn.microsoft.com/en-us/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-to...
or you could comment here.
Thanks.
Jun 02 2023 03:03 PM
Jun 05 2023 03:19 PM - edited Jun 05 2023 03:21 PM
I have found out the error message relates to a certificate or an issue with the time being off creating an invalid key for https or other cert used to communicate with the Microsoft servers.
Jun 06 2023 02:07 AM
Jun 08 2023 02:05 AM
Jun 09 2023 09:10 PM
@dingxin I identified this as the issue by looking up the error code for this thread, plus I have checked and tested every other possibility. I checked certs from what I know and didn't set anything obvious.it's it guaranteed?no.
It was the same error code in the log file generated by this connectivity app. Look up the 0x8.. Error from original post the the log file from the stand alone app you provided. You will find what I found.
Jun 09 2023 10:27 PM - last edited on Jun 11 2023 10:31 PM by Meenah_Khosraw
Jun 09 2023 10:27 PM - last edited on Jun 11 2023 10:31 PM by Meenah_Khosraw
The Office365 connectivity test ensures seamless connectivity and functionality for Seattle executive search [hyperlink removed by admin] firms, enhancing productivity and efficiency in their daily operations.
Jun 11 2023 10:36 PM
Friendly reminder: Please refrain from posting third-party links to unrelated or self-promotional content as it violates our Code of Conduct and Tech Community Guidelines.
Thanks,
Meenah
Microsoft 365 Community Manager
Jun 12 2023 04:31 AM - edited Jun 12 2023 04:39 AM
Thanks. Could you please help me clarify the following two questions?
1. Is 'DigiCert Global Root G2' on the operating system's trusted issuer list, as described in the private message I sent to you? There should be some trusted issuers on the list for the client to trust the certs received from servers.
2. Could you still repro this issue? I'm asking this question because I received an email saying you marked the answer "Browser's trusted issuer list might be different from the operating system. I've sent a message to check the information" as an accepted solution.
Jun 12 2023 10:50 AM
Jun 13 2023 05:14 AM - edited Jun 14 2023 03:10 AM
SolutionHi CocoKola, could you please help me with the following 3 questions?
1. Is TLS 1.2 protocol disabled on your machine?
M365 connectivity test tool service requires TLS 1.2 to establish SSL connections. You may check that on your registry editor to see if it's disabled. You could search "Registry Editor" in the taskbar and open it, then navigate to the following path:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
TLS 1.2 should be enabled to use M365 Connectivity Test Tool .exe client.
2. Are the following two cipher suite on your machine?
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030
)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f
)
Cipher suite can also be checked in Registry Editor. The path is:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuite
Those two cipher suites are required by the connectivity test tool service.
3. is .NET Desktop Runtime 6 installed on the machine?
This shouldn't be the reason for the SSL connection failure but I see the exception code 0xe0434352 in the crash log you provided in the comment on May 21st, so just want to double-confirm. Is the crash log below from the issue in the original post saying "Unable to connect to origin. Inner exception message: The SSL connection could not be established, see inner exception" shows when executing the rich client?
If the TLS and cipher suites configuration are unknown, you can also try to enable them on the machine using this software or modify the registry through the Registry Editor and see if the issue can be resolved.
The software is NARTAC which can be downloaded from:
https://www.nartac.com/Products/IISCrypto/Download
No installation requires. Checking the needed TLS protocol and Cipher Suite should work.
Jun 16 2023 07:31 AM
Jun 16 2023 11:24 PM
Jun 13 2023 05:14 AM - edited Jun 14 2023 03:10 AM
SolutionHi CocoKola, could you please help me with the following 3 questions?
1. Is TLS 1.2 protocol disabled on your machine?
M365 connectivity test tool service requires TLS 1.2 to establish SSL connections. You may check that on your registry editor to see if it's disabled. You could search "Registry Editor" in the taskbar and open it, then navigate to the following path:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
TLS 1.2 should be enabled to use M365 Connectivity Test Tool .exe client.
2. Are the following two cipher suite on your machine?
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030
)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f
)
Cipher suite can also be checked in Registry Editor. The path is:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuite
Those two cipher suites are required by the connectivity test tool service.
3. is .NET Desktop Runtime 6 installed on the machine?
This shouldn't be the reason for the SSL connection failure but I see the exception code 0xe0434352 in the crash log you provided in the comment on May 21st, so just want to double-confirm. Is the crash log below from the issue in the original post saying "Unable to connect to origin. Inner exception message: The SSL connection could not be established, see inner exception" shows when executing the rich client?
If the TLS and cipher suites configuration are unknown, you can also try to enable them on the machine using this software or modify the registry through the Registry Editor and see if the issue can be resolved.
The software is NARTAC which can be downloaded from:
https://www.nartac.com/Products/IISCrypto/Download
No installation requires. Checking the needed TLS protocol and Cipher Suite should work.