none
Office in air-gapped environment tries to reach external Microsoft's servers/services RRS feed

  • Question

  • Hi!

    I have an environment, in an isolated network ("air gapped"), comprised of several Windows 2016 servers (DC, Exchange 2016, SharePoint 2016, Terminal Server, etc.).

    I'm having problems with Office applications (Office 2016 Standard) on the Terminal Server, and specifically with Outlook and SharePoint:

    * Outlook opens immediately, but the connection to the Exchange server takes about 30 seconds. 

    * Opening the SharePoint portal takes 20-30 seconds, each time a user starts a new terminal session.

    Using Process Explorer I was able to figure out that (all) Office applications try connecting with some Microsoft servers (i.e. 52.109.32.27:443 and 52.109.76.6:443) and only when "giving up" (as there's no outbound connectivity) - the application connects and behaves normally.

    I found no issues with DNS configuration nor ports and firewall configuration within the closed environment.

    I was able to bypass this issue by changing the firewall (external) rule from:
    any-any-->BLOCK to any-any-->REJECT
    but I'm trying to avoid this "solution", as it poses a security risk.

    Any ideas would be appreciated.

    Thanks!




    • Edited by Ran Kedar Monday, May 20, 2019 4:20 PM
    Monday, May 20, 2019 4:10 PM

Answers

  • For office In trust centre you need to turn off let office connect to online services from Microsoft to provide functionality that's relevant to your usage and preferences as well as making sure you don't select update anything when very first starting office.

    cant help you with SharePoint


    • Edited by Anewton Monday, May 20, 2019 4:28 PM
    • Marked as answer by Ran Kedar Monday, May 20, 2019 5:07 PM
    • Unmarked as answer by Ran Kedar Tuesday, May 21, 2019 8:14 AM
    • Marked as answer by Ran Kedar Wednesday, May 22, 2019 2:34 PM
    Monday, May 20, 2019 4:27 PM

All replies

  • For office In trust centre you need to turn off let office connect to online services from Microsoft to provide functionality that's relevant to your usage and preferences as well as making sure you don't select update anything when very first starting office.

    cant help you with SharePoint


    • Edited by Anewton Monday, May 20, 2019 4:28 PM
    • Marked as answer by Ran Kedar Monday, May 20, 2019 5:07 PM
    • Unmarked as answer by Ran Kedar Tuesday, May 21, 2019 8:14 AM
    • Marked as answer by Ran Kedar Wednesday, May 22, 2019 2:34 PM
    Monday, May 20, 2019 4:27 PM
  • Thank you Anewton!
    That did the trick for Outlook!

    Now only SharePoint is left...

    Monday, May 20, 2019 4:38 PM
  • I'm happy to say that I've found the solution for SharePoint as well!

    On the SharePoint Central Administration --> System Settings --> Configure privacy options
    I had to change "Display help from external Web sites..." to No.
    SharePoint site now opens like a bomb! :)

    • Marked as answer by Ran Kedar Monday, May 20, 2019 5:07 PM
    • Unmarked as answer by Ran Kedar Tuesday, May 21, 2019 8:01 AM
    Monday, May 20, 2019 5:07 PM
  • I spoke too soon. :(

    I'm facing the annoying delay with SharePoint again this morning... Must be something with intervals in trying to reach MS external servers.


    • Edited by Ran Kedar Tuesday, May 21, 2019 8:03 AM
    Tuesday, May 21, 2019 8:02 AM
  • no problem you are welcome, wish I could help with sharepoint might be worth checking the dedicated sharepoint forums and asking there.


    Tuesday, May 21, 2019 12:41 PM
  • Hi Ran Kedar,

    >>Outlook opens immediately, but the connection to the Exchange server takes about 30 seconds. 

    Does Outlook connect well?

    If Anewton's first reply works for Outlook, you can mark it as answer.

    As here we mainly focus on issues regarding Office desktop client, your second question about SharePoint can be posted in SharePoint forum. Hope they will help you deal with this.

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 22, 2019 5:12 AM
    Moderator
  • Hello.

    Same situation of Ran.

    A doubt: the layout and the options of Trust Center in Office 2016/2019 1904 are different if you are connected to internet or if you never connect.

    Office 2016/2019 - 1904 - never connected to internet

    Office 2016/2019 - 1904 - connected to internet

    How can I have the new privacy options and layout also on the disconnected clients?

    In the past the problems of delays are due to enabled options in Trust Center.

    Thank you.
    Best regards.
    Alessandro


    • Edited by HimuraCC Thursday, May 23, 2019 6:02 PM
    Thursday, May 23, 2019 6:01 PM
  • Hello Alessandro, your answer is exactly the same you need to un-tick those two privacy options.
    Friday, May 24, 2019 8:10 AM
  • Thank you Anewton.

    The problem is that if I un-tick those two privacy options in 1904, they will auto-tick immediately again.

    So it's impossible to un-tick these options in 1904 (on all the clients).

    Best.
    Alessandro

    Friday, May 24, 2019 11:13 AM
  • Hi Alessandro,

    ah that is because they moved in office 2019, out of the trust centre 

    have a look at this link for more information, removing them here should do it :)

    https://support.office.com/en-gb/article/account-privacy-settings-3e7bc183-bf52-4fd0-8e6b-78978f7f121b

    Friday, May 24, 2019 12:15 PM
  • Thank you.

    But is there a way to have the new privacy options and layout on disconnected Office 2016/2019?

    Best.
    Alessandro

    Friday, May 24, 2019 2:56 PM
  • If you don't see the settings in the client then you can try this way, I don't have a never online copy of office19 to test sorry :)

    https://docs.microsoft.com/en-us/deployoffice/privacy/manage-privacy-controls

    Friday, May 24, 2019 3:58 PM