Is pfSense blocking Outlook login (TPM)?
-
Ive been having this issue roughly since installing pfSense back in 2020 (might be coincidental). I run pfsense on the Protectli Vault 4 Port with config recommendations from Lawrence Systems (youtube- ntopng/pfblockerng/suricata). When deploying new workstations on our network I run into a login issue as seen in the attached image reference an issue with the TPM. After researching this issue I have found a work around (registry fix per workstation) but I would like to fix the firewall if I can confirm its at fault. Ive tried looking through logs but I dont see any pings related to it. I have used a remote hotspot to give the PC internet access to bypass our local internet and that does work so I know its an internet specific issue. Not sure what to do at this point. Maybe I have some sort of DNSBL list block Microsoft but that shouldnt effect encryption or authentication I would this and there would be other errors. Any help is appreciated.
-
@usaevo7 A TPM is internal hardware in the PC and doesn't connect to anything. It can be a BIOS setting (to enable/disable) or an add-on chip on some boards. It's required for Windows 11 which came out in 2021...
-
@usaevo7 if your time is off that could do it - are you allowing devices behind pfsense to set time? Other than that I can't see pfsense having anything to do with your problem.
Could be issue talking to yoru domain, are they connecting in via vpn to your domain?
-
To add a bit more information, all workstations are local. Local domain server is NTP with failover as global NTP but I havent looked into that in a while. This error occurs during setup of desktop version of Outlook (2021-2016) which causes the TPM to crash completely. All other authentication online happens like normal. The workaround is to add the ProtectionPolicy = 1 Regedit. Then Outlook authenticates fine and the TPM doesnt crash. This is an older DC so it might be domain related but nothing has changed DNS or DHCP wise to start kicking out these errors. Unless Microsoft changed some sort of authentication process around the same time I put this device in. Like I said originally, it could be coincidence but Im just trying to prove that to myself I guess. Is it everyones consensus that pfSense would not be able to cause this kind of issue then? Thanks
-
@usaevo7 I’d think it super unlikely. We have ourselves and lots of clients on a domain with pfSense. PfSense can’t interact with LAN traffic which doesn’t reach pfSense. So at best it’d be something connecting to the Internet. Maybe try unplugging the next PC when you install Office?
I’d wonder why the TPM is involved in Office. I’ve heard of gaming DLC, or BitLocker or other encryption.
-
Huh. https://learn.microsoft.com/en-us/office/troubleshoot/activation/tpm-malfunctioned
-
@usaevo7 this is literally nothing to do with pfsense. You need understanding on TPM.may as well blame pfsense for Covid it’s that unrelated.
-
Mmm, that's an issue with the local TPM device on thew workstation. Nothing to do with pfSense.
-
@nanoken said in Is pfSense blocking Outlook login (TPM)?:
may as well blame pfsense for Covid it’s that unrelated.
I wouldn't be surprised to be honest that someone prob has blamed it ;) It was routing their 5G connection and brought it into the house - what is the good of firewall that can't filter out the covid from the 5G signal.. hehehehe
