Outlook Autodiscover for MAPI - Requires EAS as well?
Problem reported by Shaun Peet - 1/7/2020 at 2:02 PM
Submitted
Now that we are starting to slowly introduce MAPI as an option to a handful of users, we're seeing more things come up.  Today I noticed that the autodiscover response for a user with MAPI enabled and not EAS returns the following XML response:

<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">;
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">;
<User>
<DisplayName>Somebody Name</DisplayName>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXPR</Type>
<Server>mail.mbsportsweb.ca</Server>
<ASUrl>https://mail.mbsportsweb.ca/ews/exchange.asmx</ASUrl>;
<OOFUrl>https://mail.mbsportsweb.ca/ews/exchange.asmx</OOFUrl>;
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<EwsUrl>https://mail.mbsportsweb.ca/ews/exchange.asmx</EwsUrl>;
<LoginName>somebody@domain.com</LoginName>
</Protocol>
<Protocol>
<Type>IMAP</Type>
<Server>mail.mbsportsweb.ca</Server>
<Port>993</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>on</SSL>
<SPA>off</SPA>
<AuthRequired>on</AuthRequired>
<LoginName>somebody@domain.com</LoginName>
</Protocol>
<Protocol>
<Type>POP3</Type>
<Server>mail.mbsportsweb.ca</Server>
<Port>995</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>on</SSL>
<SPA>off</SPA>
<AuthRequired>on</AuthRequired>
<LoginName>somebody@domain.com</LoginName>
</Protocol>
<Protocol>
<Type>SMTP</Type>
<Server>mail.mbsportsweb.ca</Server>
<Port>587</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>off</SSL>
<SPA>off</SPA>
<Encryption>TLS</Encryption>
<AuthRequired>on</AuthRequired>
<LoginName>somebody@domain.com</LoginName>
</Protocol>
</Account>
</Response>
</Autodiscover>

For Outlook there's something missing in that response to trigger using MAPI (Exchange) so it will revert back to connecting using IMAP.  In various new versions of Outlook it's also impossible to manually set any of this up, so it will always just use IMAP.

Because I hadn't come across this for any of the accounts I had setup previously, I examined the XML response for one of my own accounts where setting up MAPI had worked as expected and noticed some differences (highlighted below).  For these accounts EAS and MAPI are both enabled - that's the only difference.

<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">;
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">;
<User>
<DisplayName>My Name</DisplayName>
<LegacyDN>/o=domain.com/ou=SmarterMail/cn=Recipients/cn=90693a5eff5d4888824504a42e2fca0e-scheduler</LegacyDN>
<DeploymentId>67a332ba-2c50-4742-adcf-ea5db6c6caf4</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXPR</Type>
<Server>mail.mbsportsweb.ca</Server>
<ASUrl>https://mail.mbsportsweb.ca/ews/exchange.asmx</ASUrl>;
<OOFUrl>https://mail.mbsportsweb.ca/ews/exchange.asmx</OOFUrl>;
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<AuthPackage>ntlm</AuthPackage>
<LoginName>me@domain.com</LoginName>
<DomainRequired>On</DomainRequired>
<DomainName>domain.com</DomainName>
<EwsUrl>https://mail.mbsportsweb.ca/ews/exchange.asmx</EwsUrl>;
</Protocol>
<Protocol>
<Type>SMTP</Type>
<Server>mail.mbsportsweb.ca</Server>
<Port>465</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<LoginName>me@domain.com</LoginName>
<DomainRequired>On</DomainRequired>
<DomainName>domain.com</DomainName>
<SPA>Off</SPA>
<TLS>On</TLS>
<AuthRequired>On</AuthRequired>
</Protocol>
<Protocol>
<Type>IMAP</Type>
<Server>mail.mbsportsweb.ca</Server>
<Port>993</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<LoginName>me@domain.com</LoginName>
<DomainRequired>On</DomainRequired>
<DomainName>domain.com</DomainName>
<SPA>Off</SPA>
<AuthRequired>On</AuthRequired>
</Protocol>
<Protocol>
<Type>POP3</Type>
<Server>mail.mbsportsweb.ca</Server>
<Port>995</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<LoginName>me@domain.com</LoginName>
<DomainRequired>On</DomainRequired>
<DomainName>domain.com</DomainName>
<SPA>Off</SPA>
<AuthRequired>On</AuthRequired>
</Protocol>
</Account>
</Response>
</Autodiscover>


So is it by design that EAS must also be enabled for a user to return the "proper" autodiscover settings to trigger Outlook to use MAPI?  

Shaun

4 Replies

Reply to Thread
0
echoDreamz Replied
As far as I knew, MAPI only required EWS.
0
Larry Duran Replied
Employee Post
Hey Shaun, MAPI does not require EAS for it to work.  Make sure you have the MAPI setting enabled in the autodiscover section for the domain settings and also make sure you're user is configured for MAPI/EWS in the user settings.

If those settings are set correctly and you're still not seeing MAPI in the autodiscover response, then try checking the autodiscover request headers for "X-MapiHttpCapability: 1".  This means the client that's making the request is a capable MAPI client.  You could use either Fiddler or Wireshark to see these requests.
Larry Duran
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Shaun Peet Replied
Something I'm noticing, which is probably more of an Outlook issue than anything else, is that Outlook is inconsistent in where it tries to find Autodiscover settings.

Our mail server is https://mail.mbsportsweb.ca.  There's 500+ domains in there and we don't add the other domains into the bindings for IIS.  One such domain is oakvillerangers.ca.  We control the DNS for all these domains, so we've created SRV records to point autodiscover requests to mail.mbsportsweb.ca.  When using the MS Autodicover Connectivity Tester, it goes through and eventually finds that SRV record and passes its test.

Trouble is, that is appears Outlook 365 doesn't always follow the path to use the SRV record.  Adding accounts from within Outlook itself seems to be hit-and-miss (mostly miss), but, we can add accounts using the old Mail Setup dialog found within the old-school Control Panel of Windows 10.  Adding the account that way, even using the "Office 365" option (which makes no sense) seems to work every time.

Then after doing that I'll open up Outlook and run Fiddler and notice that it's constantly making requests to autodiscover.oakvillerangers.ca.  Why?  I have no idea - the account is already setup and seems to be working.  Originally I didn't create a DNS record for autodiscover.oakvillerangers.ca and it looked like Outlook was constantly updating the account, so I created a CNAME to point to mail.mbsportsweb.ca.  That seems to have stopped Outlook from saying it's constantly updating the account, but, looking at Fiddler I still see fairly frequent requests happening to autodiscover.oakvillerangers.ca.

So while things seem to be working, I'm not sure I fully understand how things are supposed to be setup.  Is autodiscover.domainname.com a requirement?  Who's requirement?  Can it be a CNAME or must it be an A record?  In SmarterMail, we have the "hostname" for each domain set to be mail.mbsportsweb.ca (which seems to be the best way to get the proper XML returned from an autodiscover request) - is that correct?  We used to have these all set as mail.domainname.com (and we have CNAMEs setup for those too) but that didn't seem to work.  

Too many variables all at once here - from what is the proper DNS settings to the proper Hostname settings in SmarterMail to bindings in IIS, etc.

0
Larry Duran Replied
Employee Post
Hey Shaun, https://autodiscover.DOMAIN_NAME/Autodiscover/Autodiscover.xml is an endpoint that Outlook will try to get its autodiscover information.  I believe the behavior of Outlook can be found with some Google searches.

It's also common that it will make autodiscover requests more than once through out an Outlook session.  I don't know all the reasons why it does this, but I do know with MAPI Outlook spawns different sessions (transparent to an Outlook user) that will require autodiscover lookups.
Larry Duran
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread