Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of Cisco Meraki Issue?

Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of TLS 1.2 Changes? some users in the EMEA region are unable to connect to some Microsoft 365 services. Users may be unable to connect to multiple Microsoft 365 services.

Microsoft 365 team confirms this via a Twitter update that their investigation is focused on a potential issue where legitimate Microsoft traffic is being blocked across multiple regions. More details are available in your admin center under the SI MO411804.

The latest Update from Microsoft is that The third-party provider (Cisco Meraki) successfully disabled snort rule 1-60381 at approximately 6:19 PM UTC, on Wednesday, August 10.

At this time, the impact appears to be specific to some users who are served through the affected infrastructure in Europe, the Middle East, and Africa. The following are the impacted services as per Microsoft:

Patch My PC
  • Outlook desktop client
  • OneDrive for Business
  • Microsoft Teams
Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of TLS 1.2 Changes 1 Timeline IST
Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of TLS 1.2 Changes 1 Timeline IST

Last Update from Microsft

While the incident was ongoing, affected customers confirmed that disabling the affected snort rule mitigated the impact. In addition, Cisco Meraki has published supplemental information for their customers to follow at their community site, which is located here: https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649.

Final status: The third-party provider successfully disabled snort rule 1-60381 at approximately 6:19 PM UTC, on Wednesday, August 10. Through telemetry and reports from affected users, we have confirmed that this has resolved the issue. However, the change can take up to three hours to fully propagate, so some users may continue to experience impact until that change reaches their environment.

Adaptiva
  • Scope of impact: Impact was specific to customers who implemented snort rule 1-60381.
  • Start time: Wednesday, August 10, 2022, at 10:30 AM UTC
  • End time: Wednesday, August 10, 2022, at 6:19 PM UTC
Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of TLS 1.2 Changes 4
Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of TLS 1.2 Changes 4

Preliminary root cause: While we have confirmed that there was a problem with snort rule 1-60381, a full investigation into the root cause is ongoing. We’ll provide a full root cause when the final post-incident report has been published.

Outlook Teams OneDrive Microsoft 365 Outage

The following are the full details of the outage with Outlook, Teams, and OneDrive. It seems some of the users from Europe, the Middle East, and Africa regions are facing this issue. More details are available in the admin center under SI MO411804.

Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of TLS 1.2 Changes 4
Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of TLS 1.2 Changes 4
Microsoft 365 suite service alert
Incident information
Title: Some users may be unable to connect to multiple Microsoft 365 services.
ID: MO411804
Status – Service Degradation
Affected Services Microsoft 365 suite
Details
Title: Some users may be unable to connect to multiple Microsoft 365 services.
User Impact: Users may be unable to connect to multiple Microsoft 365 services.
More info: Impacted services include, but are not limited to:-
Outlook desktop client
OneDrive for Business
Microsoft Teams
Current status: We’re reviewing system telemetry to isolate the source of the issue. Additionally, we’re working with impacted users to gather network trace logs to assist our investigation.
Scope of impact: At this time, the impact appears to be specific to some users who are served through the affected infrastructure in Europe, the Middle East, and Africa.
Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of TLS 1.2 Changes Table 1

Cause of the Issue? Resolution

It seems Microsoft made some changes made within the Microsoft-managed infrastructure and reviewing endpoints that are leveraging TLS 1.2. So it’s not a false positive!?

There are other conversations going on with Meraki that this issue is because of vulnerability discloser by CVE-2022-35748 in August patch Tuesday.

Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of TLS 1.2 Changes 2
Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of TLS 1.2 Changes 2

This Reddit thread talks about the issue and some mitigations – For anyone having this issue, Meraki is causing it. Microsoft is being marked as a DOS and being blocked. Whitelist it in Security & SD-Wan > Security center > most prevalent threats. “Microsoft Windows IIS DOS attempt” that’ll allow access to the outlook desktop app and teams.

  • FIX -> Security & SD-Wan > Security Center > Most Prevalent Threat section > Microsoft Windows IIS DOS click and whitelist.

Author

HTMD Admin Account to provide news and latest updates on the known issue from Microsoft world. We cover Windows, Intune, Azure, AVD, and Windows 365 news.

1 thought on “Outlook Teams OneDrive Outage Windows IIS DOS Attempt because of Cisco Meraki Issue?”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.