If there is one splash screen I have become sick of staring at over the past few weeks it is the one for Outlook 2016, with those irritating little dots sliding across the screen while Outlook is supposedly “Loading Profile” or “Processing”.
If you, like me, have spent quite a lot of time researching the cause of this problem you will probably have found that quite a lot of things can cause it. You’ve probably scanned and repaired your Outlook Data Files with SCANSPST.exe, created a new profile, repaired your Office 2016 install, opened Outlook in safe mode (or otherwise disabled all of the add-ins), removed any additional mailboxes or shared calendars and any number of other solutions you will find online.
These things probably do help to fix the issue if it is affecting only certain individuals, but what if the problem is affecting everyone in the office who upgrades to Outlook 2016? I had users who had previously been running Outlook 2010 or 2013 and were not seeing any problem with Outlook loading times, with it typically only taking between 10 to 15 seconds to load. But as soon as they were upgraded to Outlook 2016 it would take anywhere from 5 minutes to 15 minutes to load and some people reported times even longer than that.
A small curiosity about this problem was that it only affected the first launch of Outlook after turning on or restarting the machine. A user could close and reopen Outlook as many times as they liked once it had started the first time and it would load within a few seconds. Even more curious was that if a user did not launch Outlook immediately after logging in, but instead waited between 5 to 10 minutes before doing so, it would launch fine. I also found that if the machine was not connected to any network when Outlook was launched it would launch in just a few seconds. Obviously this meant Outlook was in offline mode and wasn’t very useful, but it did suggest that something was going on over the network that was causing Outlook to hang while loading.
To figure out the cause of this issue I started with a vanilla build of Windows 7 installed on a laptop with Office 2016 and connected it to the corporate network. I went through the steps of launching Outlook for the first time and setting up my profile and then proceeded to restart the laptop for the first proper test. The result? Outlook launched in 10 seconds. So it appeared the network on its own was not the cause.
Next I joined the laptop to the domain and left it in the Computers container. I also moved my user account into an OU with blocked inheritance. This meant that I could test with a minimal set of GPOs applied (the ones at the domain level only). I expected that I would have to apply one GPO at a time and test until I identified the GPO that was causing the problem (assuming that it even was a GPO causing the problem). However I did not have to go through that laborious process at all as the problem returned the first time I opened Outlook after adding the machine to the domain. This told me that one of the GPOs applied at the domain level was causing the problem.
That just left identifying which specific setting was causing the problem. Let’s see… a logon legal notice, some Internet Explorer site zoning and… hmm… the DNS suffix search list. Perhaps Outlook is taking ages looking for autodiscover on each of these domains? (Purely hypothesising; it wasn’t that).
As I was fairly sure the cause of the issue wouldn’t be the legal notice or the IE zoning I gave my attention on the DNS suffixes. There where quite a few of them so I thought it would be a good idea to first remove them all to see if the problem persists, and if it didn’t, add them back one at a time until the problem came back. To do this I navigated to the registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient, made a note of what was in the SearchList value and then deleted it, leaving the SearchList value empty. I then amended the permissions on the DNSClient key to prevent Windows simply adding the values back in the next time GPOs where processed. To do this I right clicked on the DNSClient key and selected Permissions, clicked on Advanced and unticked Include inheritable permissions from this object’s parent and then in the security notice that comes up I clicked Add. This allowed me to freely change the permission I needed to change. I clicked OK to dismiss the advanced security settings box and in the simple permissions box, clicked on SYSTEM and removed the Full Control permission (leaving it with just Read). Following that I restarted the laptop and opened Outlook to see how long it would take; it took 10 seconds. Bingo.
Next I proceeded to add back one domain at a time to the SearchList registry value, each time restarting the laptop and opening Outlook until I struck on the one domain that was causing Outlook to take an age to load. I then confirmed that was the only domain causing the problem by adding them all back except that one, and once that was proven I added back the troublesome domain to prove that by adding it back, the problem returned. With about 50% of the root cause determined it was time to get Wireshark out and find out exactly why having that domain in the DNS search list was causing Outlook to load slowly.
After restarting the laptop I immediately opened Wireshark to began a trace and then opened Outlook. Once Outlook had finished opening I stopped the trace and started looking through. I noticed at the start of the trace that there where several DNS lookups being made for WPAD on each domain in the DNS search list.
WPAD is the Web Proxy Auto-Discovery Protocol and is used by the WinHTTP Web Proxy Auto-Discovery Service and Internet Explorer to automatically find a proxy server on your network to route Internet traffic through. Windows checks for WPAD entries in each domain on your DNS search list even if you don’t use WPAD to assign a proxy. You may even believe you had WPAD turned off by having Automatically detect settings unticked in your Internet options, however this only turns it off for Internet Explorer. The WinHTTP Web Proxy Auto-Discovery Service still goes looking for them.
Most of the domains did not have a record for WPAD, however legacydomain.com did have a record and therefore wpad.legacydomain.com returned an IP address. This IP address was not assigned to any device (the device having been decommissioned at some point in the past) and this seems to be the key issue here. If no IP address is returned from DNS Windows moves straight on to the next domain, but if an IP address is returned Windows will attempt to route traffic through that IP address for several minutes before it gives up, and it is during this time that your Outlook client is hanging on the splash screen.
In this image you can see that my client attempted to send packets to 192.168.0.10 (the IP returned by wpad.legacydomain.com) several times with approximately 20 seconds between each attempt. The first packet was sent at 09:03:51 and the last packet (which is cropped out of the image below) was sent at 09:08:34 – 4 minutes and 45 seconds later!
As the network device that was originally assigned to 192.168.0.10 was no longer around I removed the DNS record for WPAD in the legacydomain.com DNS zone and the slow Outlook loading problem went away.
This explains some of the observations made at the beginning of this post regarding Outlook only being slow to load the first time you launch it and Outlook loading quickly if you wait a few minutes after logging on. The issue is not being caused by Outlook, Outlook is merely a victim of Windows’ HTTP proxy service latching on to the IP addresses returned by DNS and spending time trying to route traffic through them. If you wait a few minutes before launching Outlook or close and reopen it during the day the WPAD process has already happened so Outlook hasn’t got to wait for anything.
So if you are experiencing issues with Outlook starting slowly and have already tried everything you can find on the Internet, I would suggest making sure you haven’t got any stale WPAD entries in DNS! It could be a very quick fix for a very frustrating issue.