Area of Troubleshooting: Exchange Calendar Sync
Environment:
Exchange 2007 SP1, Exchange 2010, Exchange 2010 SP1 - SP3, Exchange 2013, Exchange 2013 SP1, Exchange 2016.
Problem Description: In December 2018, Teem Technologies announced a 60 day sunset period for the use of the insecure TLSv1.0 encryption protocol. TLSv1.0 can allow man-in-the-middle attacks potentially revealing the respective customer’s data and credential information.
On February 28th, 2019, Teem deprecated support for the TLSv1.0 security protocol on our servers. On March 3, 2019, Teem Customer Support began to receive reports that some customers using on-premise Exchange servers were noticing that
On August 1st, 2020, Teem announced the planned deprecation of TLS 1.1 on September 13th, 2020. This can cause events to stop syncing to all of a customer's Teem Room Display devices if the customer does not have the appropriate Exchange server updates.
Problem Identification & Root Cause Analysis
Immediately following these reports, engineers at Teem began to investigate the problem. The root cause was identified as TLS compliance for push notifications from on-premise Exchange environments. Affected customer systems did not have Exchange servers that complied with the Microsoft TLS security updates and patches.
It is assumed that if this problem occurs, the on-premise Exchange servers used to sync room calendars with Teem systems do not have the correct configuration to support TLS 1.2.
Actions & Next Steps:
First, affected clients should verify that they have completed the steps in this guide. Notably, the steps specific to ensuring you have the correct server updates for your specific environment.
Secondly, administrators will need to follow the steps outlined in this article to properly set TLS 1.2 (or above) as the default outbound connection protocol.
In the above guide, clients will want to focus on the following sections:
"Enable TLS 1.2 for SChannel"
"Enable TLS 1.2 for .NET 3.5"
"Enable TLS 1.2 for .NET 4.x"
After running the registry edits found in the guide above, administrators will need to restart updated Exchange servers. Steps to validate the configuration are provided in the referenced articles.
What next?
After performing the steps above, navigate to app.teem.com and open the left-hand menu. From this menu, select “Manage” and then “Calendars”. Next, click the “Select All” checkbox in the list of calendars and click the “Re-sync” button. Perform this step for all calendars present; this will re-initialize the calendar push notification subscriptions.
To test the solution, run the following tools on your mail server and ensure TLS 1.2 or higher is being utilized:
SSL Server Test: https://www.ssllabs.com/ssltest/index.html-
Enter the URL of your mail server into this tool and run it to see which security protocols are being used.
Server Settings GUI Tool: https://www.nartac.com/Products/IISCrypto-
This is a simple .exe file that does not install on your computer. Download and run this file on your Exchange server to view the protocols supported by your server.
Teem asks that you perform the outlined steps even if you believe that you’re already supporting TLS 1.1 and/or 1.2. While TLS 1.1 and 1.2 may be enabled in some systems and contexts, it is possible that not all subsystems recognize the new defaults (namely the components that connect to the Teem platform). Taking the steps above are key to resolving this issue.
All Teem products and services have continued to operate for customers during this process. Teem recommends maintaining current patch levels for all email/calendaring and operating systems. This guide is provided to inform your infrastructure, administrative and operations teams of particular areas of interest.
Please Note: Apple, Google, and Microsoft will be deprecating support for TLSv1.1 in early 2020. Please plan ahead now to support TLSv1.2 and TLSv1.3.
