Outlook Error CAA20002 for many users but only in a single OU

New Contributor

We did some server patching last weekend. This week we've had issues with drive mappings (done via GPO) not working (we think it's because the file server is too old because it affects a specific drive mapping for multiple OUs/GPOs), but now we have issues with Outlook, even with the latest updates, getting an error CAA20002; and says Outlook is trying to use an outdated version of TLS or 3DES cipher.


I'm not sure how the server upgrades would cause this as we are using Office 365 with the email accounts hosted online. All the computers affected are running updated Windows 10.

We're trying to figure out why it would only affect users under a specific OU. The only things that are different with the GPO for that OU are the specific drive mappings and some unique settings for NTP. They are also on a different subnet from everyone else, but we haven't been able to identify any network issues or configurations that would only affect that one subnet, and only one application.

All the affected users are able to get to their email via a web browser, so I don't see it being an issue with their accounts. All other office applications and non-office applications work fine.

I've been searching all over the internet for the last couple of days, but don't see anyone else claiming to be experiencing a similar issue.


Is there somewhere else I should look to see why some, but not necessarily all users in a specific OU or subnet would have the same TLS problem just with outlook?

2 Replies

We Found it.
Control Panel, Internet Options, Advanced, scroll to the bottom and Use TLS 1.0 was checked, and the others not checked.
Could updating the DC caused this to get changed somehow, or did Microsoft finally get around to turning TLS1.0/1.1 off for our organization?


It's related to 3DES (Triple Data Encryption Standard) retiring in Office 365, and need to migrate to TLS1.2


Office 365 TLS Deprecation Report - Preparing for TLS 1.2 Migration (o365reports.com)