Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 31 subscribers
  • Views 22114 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Office365 activation FAILED

Angelo Orlando1

Im facing this problem with the activation of Office365 through our company firewall Sophos XG 330.

The dialog box shows  |We are unable to connect right now. Please check your network and try again later|

The firewall rule is for "full access" and defined for AD users group.

All the rules working perfectly , the web content filtering is ok, the O365 activation is the only problem.

We have 3 WAN Connectivities.

Intrusion Protection |None|

Web Policy |Allow All|

Application Control |None|

 

Malware Scanning (I tried already to disable all the options, most important the HTTPS)

SCAN FTP

SCAN HTTP

DESCRYPT & SCAN HTTPS

 

The rule is for Active Directory Users Group

 

The Microsoft sites for the activation of Office365 are already in the Exceptions List for the web for (HTTPS Decryption-Malware Scannin-Policy checks)

 

Now.... to see working the O365 activation the only option is disable the NAT & Routing Rewrite Source Address (Masquerading)

but in this way all the other browsing do not work!!

In the rule there is the definition for a primary gateway and a secondary gateway.

 

I'm trying to diagnose the problem with the Microsoft Network monitor but the parser for the new office are not presents and don't qualify the traffic.

 

The Microsoft Support and Recovery Assistat for Office 365 report

OFFICE ACTIVATION CONNECTIVITY

OK Resolve host name activation.sls.microsoft.com

OK Resolve host name crl.microsoft.com

OK Resolve host name ols.officeapps.live.com

OK Resolve host name office15client.microsoft.com

OK Resolve host name login.windows.net

OK Resolve host name login.microsoftonline.com

 

Nobody with the same problem?



This thread was automatically locked due to age.
  • 0

    I am having the same problem on an XG115 running XG115w (SFOS 16.05.5 MR-5)

    I am reaching out to Support now and will report the result.

  • 0 in reply to TevorHinch

    I just finished with Sophos support and the solution found at https://community.sophos.com/kb/en-us/123335 when added to my existing exception list allowed office to activate and updates to be applied.

     

    This is the full list of my exception:

     

    account.activedirectory.windowsazure.com

    ^([A-Za-z0-9.-]*\.)?office\.live\.com/

    smtp.office365.com

    ^([A-Za-z0-9.-]*\.)?login\.windows\.net/

    ^([A-Za-z0-9.-]*\.)?geotrust\.com/

    ^([A-Za-z0-9.-]*\.)?office\.net/

    secure.aadcdn.microsoftonline-p.com

    hip.microsoftonline-p.net

    accesscontrol.windows.net

    ^([A-Za-z0-9.-]*\.)?microsoftonline\.com/

    ^([A-Za-z0-9.-]*\.)?yammer\.com/

    makolagroupofsocieties.sharepoint.com/

    ^([A-Za-z0-9.-]*\.)?sharepoint.com/

    ^([A-Za-z0-9.-]*\.)?msedge\.net/

    ^([A-Za-z0-9.-]*\.)?login\.live\.com/

    ^([A-Za-z0-9.-]*\.)?appsforoffice.microsoft\.com/

    ^([A-Za-z0-9.-]*\.)?lync\.com/

    ^([A-Za-z0-9.-]*\.)?symcd\.com/

    ^([A-Za-z0-9.-]*\.)?office\.com/

    ^([A-Za-z0-9.-]*\.)?Portal.cloudappsecurity\.com/

    ^([A-Za-z0-9.-]*\.)?microsoftonline-p\.net/

    ^([A-Za-z0-9.-]*\.)?entrust\.net/

    ^([A-Za-z0-9.-]*\.)?office365\.com/

    adminwebservice.microsoftonline.com

    ^([A-Za-z0-9.-]*\.)?msocdn\.com/

    api.login.microsoftonline.com

    clientconfig.microsoftonline-p.net

    provisioningapi.microsoftonline.com

    207.46.150.128/25

    ^([A-Za-z0-9.-]*\.)?windowsupdate\.com/

    ^([A-Za-z0-9.-]*\.)?glbdns.microsoft\.com/

    ^([A-Za-z0-9.-]*\.)?officecdn\.microsoft\.com/

    ^([A-Za-z0-9.-]*\.)?azurerms\.com/

    ^([A-Za-z0-9.-]*\.)?microsoftonline-p\.com/

    ^([A-Za-z0-9.-]*\.)?live\.com/

    login.windows.net

    207.46.164.0/24

    157.55.59.128/25

    ^([A-Za-z0-9.-]*\.)?verisign\.net/

    ^([A-Za-z0-9.-]*\.)?agent.office\.net/

    ^([A-Za-z0-9.-]*\.)?skype\.com/

    ^([A-Za-z0-9.-]*\.)?login\.microsoftonline\.com/

    ^([A-Za-z0-9.-]*\.)?public-trust\.com/

    ^([A-Za-z0-9.-]*\.)?symcb\.com/

    ^([A-Za-z0-9.-]*\.)?microsoft\.com/

    ^([A-Za-z0-9.-]*\.)?sharepoint\.com/

    ^([A-Za-z0-9.-]*\.)?officecdn\.microsoft\.com\.edgesuite.net/

    ^([A-Za-z0-9.-]*\.)?officeapps\.live\.com/

    ^([A-Za-z0-9.-]*\.)?omniroot\.com/

    ^([A-Za-z0-9.-]*\.)?cdn\.office\.net/

    ^([A-Za-z0-9.-]*\.)?verisign\.com/

    outlook.office365.com

    ^([A-Za-z0-9.-]*\.)?msecnd\.net/

    ^([A-Za-z0-9.-]*\.)?cloudapp\.net/

    ^([A-Za-z0-9.-]*\.)?login\.microsoftonline-p\.com/

    login.microsoftonline.com

    ^([A-Za-z0-9.-]*\.)?outlook\.office\.com/

    ^([A-Za-z0-9.-]*\.)?onmicrosoft\.com/

    ^([A-Za-z0-9.-]*\.)?outlook\.com/

     

    The exception skips the checks for HTTPS decryption, Malware Scanning and Policy Checks.

     

  • 0 in reply to TevorHinch

    Despite all the exceptions configured I found the problem with the -Rewrite Source Address  (Masquerading)- enabled in the rule.

    I'm still investigating because the problem seems occurs randomly and sometime also for some updates only: for example activation of Office365 or Office365 updates).

  • 0 in reply to Angelo Orlando

    An old thread but if you are using Outlook on iOS you may also need to add:

     

    ^([A-Za-z0-9.-]*\.)?acompli\.net/

    ^([A-Za-z0-9.-]*\.)?helpshift\.com/

    To the rules. My Outlook was failing without these (Outlook app on iOS)

  • 0

    I had this issue too and checked the logs and excluded this host:

    ^([A-Za-z0-9.-]*\.)?microsoft\.com\.edgesuite\.net/

    No issues since this was added regarding installing Office 365 and activating it.

  • 0

    I had to add this one for MS Office activation SSO;

     

    ^([A-Za-z0-9.-]*\.)?autologon\.microsoftazuread-sso\.com/

     

    May need to do this one as well;

    myapps.microsoft.com/<your tenancy>.onmicrosoft.com