As if logging in as root without a password and constant freezes with external displays weren’t enough, Apple decided to make life even more thrilling for Exchange 2016 users by not supporting http/2 in High Sierra.
Recently, we’ve updated all of our company Macs to macOS 10.13. Since most people use Outlook 2016 as their email/calendar app of choice, initially there were no issues reported. That’s until I tried to add our Exchange to “Internet Accounts” and synchronize contacts and calendar events directly with my OS:
Despite multiple attempts, I always ended up with the same error: “Unable to verify account name or password“. There’s not much about it on Apple support forums – most threads have to do with misconfigured IIS or SSL certs.
At some point, I tried the EWS directly in Safari: lo and behold, 401 Unauthorized. Thanks to some helpful folks online, the problem was quickly narrowed down to http/2. Long story short, the only way to get this working is to change the IIS 10 configuration back to previous version of HTTP protocol.
And it’s pretty easy, too. All you need are two (http + https) registry entries in:
EnableHttp2Tls REG_DWORD 0 EnableHttp2Cleartext REG_DWORD 0
This is what it should look like:
One exchange restart later, and High Sierra finally can sync contacts and calendars.
Fun fact: Apple has known about the issue for months. Originally, it was a problem with iOS 11 (MS had to downgrade their whole O365 cloud to http/1 to prevent widespread disconnects). It has since been fixed in their mobile OS.