Back to Community Threads
3
Cannot create MAPI user in local domain
Problem reported by Karl Jones - 1/27/2021 at 2:44 PM
Submitted
I have a client using the newest update of Smartermail. They have a mix of users using webmail, Outlook 2010 and 2016. The 2016 users are using a mix of IMAP and Activesync to access their mailboxes. Although the Outlook Activesync is being discontinued by Microsoft it has been working up until the most recent Server 2012R2 update which for some strange reason stopped some users from being able to use Activesync any more.
I finally decided to start a trial of the MAPI addon and as i already had the server setup for Activesync autodiscover i just enabled my test account and created a new account in my Outlook 2016 and within 30 secs i was up and running.... yay for me..!!!
The problem was that i then went to enable and setup users remotely at my clients site and Outlook either fails to authenticate at the windows security prompt or it does and then ask to restart Outlook and when i do it shows the security prompt again and it fails.

This is a log of a autodiscover test app

2021-01-27T14:53:45 :: Getting a list of AutoDiscover urls to use...
 2021-01-27T14:53:45 :: Getting currently configured DNS servers from host...
 2021-01-27T14:53:45 :: DNS IP: 192.168.10.100
 2021-01-27T14:53:45 :: DNS IP: 192.168.10.1
 2021-01-27T14:53:45 :: Attempting to determine the AutoDiscover endpoint to use.
 2021-01-27T14:53:45 :: Checking to see of mailbox ID is Office 365
 2021-01-27T14:53:45 :: Checking MX record for 'domain-name.com' to determine if it is Office 365.
 2021-01-27T14:53:45 :: MX query returned 1 records
 2021-01-27T14:53:45 :: mail.domain-name.com.
 2021-01-27T14:53:45 :: Mail domain does not appear to be Office 365.
 2021-01-27T14:53:45 :: Checking local domain SCP records, if host is domain joined.
 2021-01-27T14:53:47 :: No SCP records found.
 2021-01-27T14:53:47 :: Re-checking local domain SCP records using mail domain as endpoint.
 2021-01-27T14:54:08 :: SCP lookup failed with: The server is not operational.
 2021-01-27T14:54:08 :: No SCP records found.
 2021-01-27T14:54:08 :: No SCP information found.
 2021-01-27T14:54:08 :: Search for locally cached AutoDiscover.xml files.
 2021-01-27T14:54:08 :: Found 3 files
 2021-01-27T14:54:08 :: End of cached files analysis
 2021-01-27T14:54:08 :: Adding http://domain-name.com/autodiscover/autodiscover.xml to list of redirection test hosts
 2021-01-27T14:54:08 :: Adding https://domain-name.com/autodiscover/autodiscover.xml to list of redirection test hosts
 2021-01-27T14:54:08 :: SRV query returned 1 records
 2021-01-27T14:54:08 :: mail.domain-name.com.
 2021-01-27T14:54:08 :: Calculated the following 7 urls for AutoDiscover lookup, and will be queried in the order listed...
 2021-01-27T14:54:08 :: 0. ROOT: https://domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:08 :: 1. AUTOD: https://autodiscover.domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:08 :: 2. REDIRECT: http://domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:08 :: 3. REDIRECT: http://autodiscover.domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:08 :: 4. REDIRECT: https://domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:08 :: 5. REDIRECT: https://autodiscover.domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:08 :: 6. SRV: https://mail.domain-name.com./autodiscover/autodiscover.xml
 2021-01-27T14:54:08 ::
 2021-01-27T14:54:08 ::
 2021-01-27T14:54:08 :: Starting XML requests...
 2021-01-27T14:54:08 :: Attempting Root Domain AutoDiscover query using https://domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:08 :: Setting request type to EmailAddress
 2021-01-27T14:54:08 :: Request XML will be:
 2021-01-27T14:54:08 ::
 <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">;
 <Request>
 <EMailAddress>Username@domain-name.com</EMailAddress>
 <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>;
 </Request>
 </Autodiscover>
 
 2021-01-27T14:54:09 :: Request will be sent to: https://domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:09 :: HttpWebRequest object created
 2021-01-27T14:54:09 :: HttpWebRequest set to allow auto redirect
 2021-01-27T14:54:09 :: HttpWebRequest set to POST method
 2021-01-27T14:54:09 :: HttpWebRequest ContentType set to 'text/xml'
 2021-01-27T14:54:09 :: HttpWebRequest UserAgent set to Microsoft Office/14.0 (Windows NT 6.2; Microsoft Outlook 14.0.7015; Pro)
 2021-01-27T14:54:09 :: HttpWebRequest Headers set to the following to request mapiHTTP details:
 2021-01-27T14:54:09 :: X-MapiHTTPCapability=1
 2021-01-27T14:54:09 :: X-ClientCanHandle=Negotiate
 2021-01-27T14:54:09 :: Set integrated authentication using: Username@domain-name.com/•••••••••••••••••
 2021-01-27T14:54:09 :: Communicating with remote host...this can take a few seconds to a minute or more...please wait..
 2021-01-27T14:54:09 :: Wrote xml request data to the http request object.
 2021-01-27T14:54:09 :: Sending request to the server...please wait...
 2021-01-27T14:54:09 :: Error when sending request to server:
 System.Net.WebException: The remote server returned an error: (404) Not Found.
 at System.Net.HttpWebRequest.GetResponse()
 at AutoDiscoverXMLTool.frmMain.GetAutodiscoverXML(String user, String url, NetworkCredential creds, Boolean RequestMapiHttp, String UserAgent, Dictionary`2 AdditionalHeaders, Boolean UseBasicAuth)
 2021-01-27T14:54:09 ::
 2021-01-27T14:54:09 :: Attempting AutoDiscover Prefixed Domain AutoDiscover query using https://autodiscover.domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:09 :: Setting request type to EmailAddress
 2021-01-27T14:54:09 :: Request XML will be:
 2021-01-27T14:54:09 ::
 <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">;
 <Request>
 <EMailAddress>Username@domain-name.com</EMailAddress>
 <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>;
 </Request>
 </Autodiscover>
 
 2021-01-27T14:54:09 :: Request will be sent to: https://autodiscover.domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:09 :: HttpWebRequest object created
 2021-01-27T14:54:09 :: HttpWebRequest set to allow auto redirect
 2021-01-27T14:54:09 :: HttpWebRequest set to POST method
 2021-01-27T14:54:09 :: HttpWebRequest ContentType set to 'text/xml'
 2021-01-27T14:54:09 :: HttpWebRequest UserAgent set to Microsoft Office/14.0 (Windows NT 6.2; Microsoft Outlook 14.0.7015; Pro)
 2021-01-27T14:54:09 :: HttpWebRequest Headers set to the following to request mapiHTTP details:
 2021-01-27T14:54:09 :: X-MapiHTTPCapability=1
 2021-01-27T14:54:09 :: X-ClientCanHandle=Negotiate
 2021-01-27T14:54:09 :: Set integrated authentication using: Username@domain-name.com/•••••••••••••••••
 2021-01-27T14:54:09 :: Communicating with remote host...this can take a few seconds to a minute or more...please wait..
 2021-01-27T14:54:30 :: Unable to connect to the remote server
 2021-01-27T14:54:30 ::
 2021-01-27T14:54:30 :: Request will be sent to: http://domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:30 :: HttpWebRequest object created
 2021-01-27T14:54:30 :: HttpWebRequest set to disallow auto redirect
 2021-01-27T14:54:30 :: HttpWebRequest set to GET method
 2021-01-27T14:54:30 :: HttpWebRequest ContentType set to 'text/xml'
 2021-01-27T14:54:30 :: Sending request to the server...please wait...
 2021-01-27T14:54:30 :: Response received from server...
 2021-01-27T14:54:30 :: Server responded with a status code of 200 [OK].
 2021-01-27T14:54:30 :: Retrieved response data...
 2021-01-27T14:54:30 :: Server responsed with an unexpected content type of: text/html; charset=utf-8
 2021-01-27T14:54:30 :: Server response data is:
 <html><head><title>Request Rejected</title></head><body>The requested URL was rejected. If you think this is an error, please contact the webmaster. <br><br>Your support ID is: 2046517501005352890</body></html>
 2021-01-27T14:54:30 :: Conection to URL 'http://domain-name.com/autodiscover/autodiscover.xml'; did not return any valid redirection information.
 2021-01-27T14:54:30 :: Attempting XML Redirect AutoDiscover query using http://domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:30 :: Setting request type to EmailAddress
 2021-01-27T14:54:30 :: Request XML will be:
 2021-01-27T14:54:30 ::
 <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">;
 <Request>
 <EMailAddress>Username@domain-name.com</EMailAddress>
 <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>;
 </Request>
 </Autodiscover>
 
 2021-01-27T14:54:30 :: Request will be sent to: http://domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:30 :: HttpWebRequest object created
 2021-01-27T14:54:31 :: HttpWebRequest set to allow auto redirect
 2021-01-27T14:54:31 :: HttpWebRequest set to POST method
 2021-01-27T14:54:31 :: HttpWebRequest ContentType set to 'text/xml'
 2021-01-27T14:54:31 :: HttpWebRequest UserAgent set to Microsoft Office/14.0 (Windows NT 6.2; Microsoft Outlook 14.0.7015; Pro)
 2021-01-27T14:54:31 :: HttpWebRequest Headers set to the following to request mapiHTTP details:
 2021-01-27T14:54:31 :: X-MapiHTTPCapability=1
 2021-01-27T14:54:31 :: X-ClientCanHandle=Negotiate
 2021-01-27T14:54:31 :: Set integrated authentication using: Username@domain-name.com/•••••••••••••••••
 2021-01-27T14:54:31 :: Communicating with remote host...this can take a few seconds to a minute or more...please wait..
 2021-01-27T14:54:31 :: Wrote xml request data to the http request object.
 2021-01-27T14:54:31 :: Sending request to the server...please wait...
 2021-01-27T14:54:31 :: Error when sending request to server:
 System.Net.WebException: The remote server returned an error: (404) Not Found.
 at System.Net.HttpWebRequest.GetResponse()
 at AutoDiscoverXMLTool.frmMain.GetAutodiscoverXML(String user, String url, NetworkCredential creds, Boolean RequestMapiHttp, String UserAgent, Dictionary`2 AdditionalHeaders, Boolean UseBasicAuth)
 2021-01-27T14:54:31 ::
 2021-01-27T14:54:31 :: Request will be sent to: http://autodiscover.domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:31 :: HttpWebRequest object created
 2021-01-27T14:54:31 :: HttpWebRequest set to disallow auto redirect
 2021-01-27T14:54:31 :: HttpWebRequest set to GET method
 2021-01-27T14:54:31 :: HttpWebRequest ContentType set to 'text/xml'
 2021-01-27T14:54:31 :: Sending request to the server...please wait...
 2021-01-27T14:54:52 :: Unable to connect to the remote server
 2021-01-27T14:54:52 ::
 2021-01-27T14:54:52 :: Request will be sent to: https://domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:52 :: HttpWebRequest object created
 2021-01-27T14:54:52 :: HttpWebRequest set to disallow auto redirect
 2021-01-27T14:54:52 :: HttpWebRequest set to GET method
 2021-01-27T14:54:52 :: HttpWebRequest ContentType set to 'text/xml'
 2021-01-27T14:54:52 :: Sending request to the server...please wait...
 2021-01-27T14:54:52 :: Response received from server...
 2021-01-27T14:54:52 :: Server responded with a status code of 301 [MovedPermanently] with a Location Header of: https://www.domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:52 :: Response from url provided a new url for AutoDiscover queries: https://www.domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:52 :: Attempting Redirected URL AutoDiscover query using https://www.domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:52 :: Setting request type to EmailAddress
 2021-01-27T14:54:52 :: Request XML will be:
 2021-01-27T14:54:52 ::
 <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">;
 <Request>
 <EMailAddress>Username@domain-name.com</EMailAddress>
 <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>;
 </Request>
 </Autodiscover>
 
 2021-01-27T14:54:52 :: Request will be sent to: https://www.domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:52 :: HttpWebRequest object created
 2021-01-27T14:54:52 :: HttpWebRequest set to allow auto redirect
 2021-01-27T14:54:52 :: HttpWebRequest set to POST method
 2021-01-27T14:54:52 :: HttpWebRequest ContentType set to 'text/xml'
 2021-01-27T14:54:52 :: HttpWebRequest UserAgent set to Microsoft Office/14.0 (Windows NT 6.2; Microsoft Outlook 14.0.7015; Pro)
 2021-01-27T14:54:52 :: HttpWebRequest Headers set to the following to request mapiHTTP details:
 2021-01-27T14:54:52 :: X-MapiHTTPCapability=1
 2021-01-27T14:54:52 :: X-ClientCanHandle=Negotiate
 2021-01-27T14:54:52 :: Set integrated authentication using: Username@domain-name.com/•••••••••••••••••
 2021-01-27T14:54:52 :: Communicating with remote host...this can take a few seconds to a minute or more...please wait..
 2021-01-27T14:54:52 :: Wrote xml request data to the http request object.
 2021-01-27T14:54:52 :: Sending request to the server...please wait...
 2021-01-27T14:54:53 :: Error when sending request to server:
 System.Net.WebException: The remote server returned an error: (404) Not Found.
 at System.Net.HttpWebRequest.GetResponse()
 at AutoDiscoverXMLTool.frmMain.GetAutodiscoverXML(String user, String url, NetworkCredential creds, Boolean RequestMapiHttp, String UserAgent, Dictionary`2 AdditionalHeaders, Boolean UseBasicAuth)
 2021-01-27T14:54:53 ::
 2021-01-27T14:54:53 :: Request will be sent to: https://autodiscover.domain-name.com/autodiscover/autodiscover.xml
 2021-01-27T14:54:53 :: HttpWebRequest object created
 2021-01-27T14:54:53 :: HttpWebRequest set to disallow auto redirect
 2021-01-27T14:54:53 :: HttpWebRequest set to GET method
 2021-01-27T14:54:53 :: HttpWebRequest ContentType set to 'text/xml'
 2021-01-27T14:54:53 :: Sending request to the server...please wait...
 2021-01-27T14:55:14 :: Unable to connect to the remote server
 2021-01-27T14:55:14 ::
 2021-01-27T14:55:14 :: Attempting SRV Record Lookup AutoDiscover query using https://mail.domain-name.com./autodiscover/autodiscover.xml
 2021-01-27T14:55:14 :: Setting request type to EmailAddress
 2021-01-27T14:55:14 :: Request XML will be:
 2021-01-27T14:55:14 ::
 <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">;
 <Request>
 <EMailAddress>Username@domain-name.com</EMailAddress>
 <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>;
 </Request>
 </Autodiscover>
 
 2021-01-27T14:55:14 :: Request will be sent to: https://mail.domain-name.com./autodiscover/autodiscover.xml
 2021-01-27T14:55:14 :: HttpWebRequest object created
 2021-01-27T14:55:14 :: HttpWebRequest set to allow auto redirect
 2021-01-27T14:55:14 :: HttpWebRequest set to POST method
 2021-01-27T14:55:14 :: HttpWebRequest ContentType set to 'text/xml'
 2021-01-27T14:55:14 :: HttpWebRequest UserAgent set to Microsoft Office/14.0 (Windows NT 6.2; Microsoft Outlook 14.0.7015; Pro)
 2021-01-27T14:55:14 :: HttpWebRequest Headers set to the following to request mapiHTTP details:
 2021-01-27T14:55:14 :: X-MapiHTTPCapability=1
 2021-01-27T14:55:14 :: X-ClientCanHandle=Negotiate
 2021-01-27T14:55:14 :: Set integrated authentication using: Username@domain-name.com/•••••••••••••••••
 2021-01-27T14:55:14 :: Communicating with remote host...this can take a few seconds to a minute or more...please wait..
 2021-01-27T14:55:14 :: Wrote xml request data to the http request object.
 2021-01-27T14:55:14 :: Sending request to the server...please wait...
 2021-01-27T14:55:14 :: Error when sending request to server:
 System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
 at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
 at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
 --- End of inner exception stack trace ---
 at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
 at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
 at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
 at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
 at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
 at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
 at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
 at System.Net.TlsStream.CallProcessAuthentication(Object state)
 at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
 at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
 at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
 at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
 at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
 at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
 at System.Net.ConnectStream.WriteHeaders(Boolean async)
 --- End of inner exception stack trace ---
 at System.Net.HttpWebRequest.GetResponse()
 at AutoDiscoverXMLTool.frmMain.GetAutodiscoverXML(String user, String url, NetworkCredential creds, Boolean RequestMapiHttp, String UserAgent, Dictionary`2 AdditionalHeaders, Boolean UseBasicAuth)
 2021-01-27T14:55:14 ::

Just to be clear, i can create a MAPI account on Outlook outside the network but i am unable to get Outlook to create an account inside the domain network. Does anyone know what i'm missing..?

28 Replies

Reply to Thread
0
Kyle Kerst Replied
1/27/2021 at 3:38 PM
Employee Post
Hello, and thanks for this detailed post. I'm still working my way through the full autodiscover log at the moment, but based on the behavior itself it sounds like the local environment DNS or domain records are resulting in the wrong autodiscover values being returned. A good place to start would be probing the hostnames its attempting to reach out to, that way you can see what results you get in a web browser from the internal network. Chances are one of these hostnames is unreachable, or is coming back with an invalid SSL certificate. When functioning properly the internal users should be able to:

- Reach the SRV record pointing 443 TCP traffic to the hostname above. 

If all else fails we've also seen some luck with a few tweaks to the local client machine. First, we'll need to add the following line to your C:\Windows\System32\Drivers\Etc\Hosts file on the test machine you're using:

127.0.0.1        outlook.office365.com

Next, we'll need to add a DWORD registry value within your registry at:

Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover

You can add a new DWORD property here and call it "PreferLocalXML" and set it to a value of 1. This tells Outlook to ignore any Office 365 autodiscover that it might be receiving, and use what it got from the SmarterMail server instead. This should confirm you're actually reaching the SmarterMail server and not getting stuck in the 0365 account discovery process. 

Above and beyond that, I noticed an SSL/connectivity error towards the bottom of the log you provided, and so this might be a clue in the right direction as well as any kind of certificate validation issue will cause a breakdown in the process. 

I hope this helps! If you continue to get stuck please submit a ticket with us and we'd be happy to dig into this for you. Have a good one!
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
1
Karl Jones Replied
1/27/2021 at 4:08 PM
The mail.domain-name.com and autodiscover.domain-name.com work properly externally and both end up at the webmail login page, both are secured with a LetsEncrypt SSL.
Internally autodiscover fails but that might be because i changed settings in the DNS as a test. I have already used the autodiscovery tool from priasoft.com. to set the registry hacks.
I will make some changes to see if i can get the internal https:// browser checks to work.
I have submitted a ticket but thought i would also approach the community.
0
Kyle Kerst Replied
1/27/2021 at 4:57 PM
Employee Post
Thanks Karl, I think you might be on the right track with DNS. Outlook w/MAPI/EAS/EWS uses the Microsoft discovery service to facilitate connectivity, so they need to be able to reach those records from the outside, and your client machine needs to be able to reach Microsoft in addition to the SmarterMail server. I saw your ticket and will keep an eye on it so I can offer any guidance I see worth mentioning along the way. Have a good one!
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Karl Jones Replied
1/27/2021 at 5:17 PM
Thanks Kyle,
Ok, restored the DNS settings for internal server and now both HTTPS:// web browsers addresses resolve to the webmail login. Added the host files entry just in case the registry hack doesn't stop it going to O365.
Re-Ran the autodiscovery tool and got this.


2021-01-27T19:10:14 :: Getting a list of AutoDiscover urls to use...

2021-01-27T19:10:14 :: Getting currently configured DNS servers from host...

2021-01-27T19:10:14 ::     DNS IP: 192.168.10.1

2021-01-27T19:10:14 ::     DNS IP: 192.168.10.100

2021-01-27T19:10:14 :: Attempting to determine the AutoDiscover endpoint to use.

2021-01-27T19:10:14 :: Skipping Office 365 checks due to registry option: ExcludeExplicitO365Endpoint

2021-01-27T19:10:14 :: Checking local domain SCP records, if host is domain joined.

2021-01-27T19:10:16 ::     No SCP records found.

2021-01-27T19:10:16 :: Re-checking local domain SCP records using mail domain as endpoint.

2021-01-27T19:10:38 ::     SCP lookup failed with: The server is not operational.

2021-01-27T19:10:38 ::     No SCP records found.

2021-01-27T19:10:38 :: No SCP information found.

2021-01-27T19:10:38 :: Search for locally cached AutoDiscover.xml files.

2021-01-27T19:10:38 ::     Found 3 files

2021-01-27T19:10:38 :: End of cached files analysis

2021-01-27T19:10:38 :: Adding http://domain-name.com/autodiscover/autodiscover.xml to list of redirection test hosts

2021-01-27T19:10:38 :: Adding https://domain-name.com/autodiscover/autodiscover.xml to list of redirection test hosts

2021-01-27T19:10:38 :: SRV query returned 1 records

2021-01-27T19:10:38 ::     mail.domain-name.com.

2021-01-27T19:10:38 :: Calculated the following 7 urls for AutoDiscover lookup, and will be queried in the order listed...

2021-01-27T19:10:38 ::      0. ROOT: https://domain-name.com/autodiscover/autodiscover.xml

2021-01-27T19:10:38 ::      1. AUTOD: https://autodiscover.domain-name.com/autodiscover/autodiscover.xml

2021-01-27T19:10:38 ::      2. REDIRECT: http://domain-name.com/autodiscover/autodiscover.xml

2021-01-27T19:10:38 ::      3. REDIRECT: http://autodiscover.domain-name.com/autodiscover/autodiscover.xml

2021-01-27T19:10:38 ::      4. REDIRECT: https://domain-name.com/autodiscover/autodiscover.xml

2021-01-27T19:10:38 ::      5. REDIRECT: https://autodiscover.domain-name.com/autodiscover/autodiscover.xml

2021-01-27T19:10:38 ::      6. SRV: https://mail.domain-name.com./autodiscover/autodiscover.xml

2021-01-27T19:10:38 :: 

2021-01-27T19:10:38 :: 

2021-01-27T19:10:38 :: Starting XML requests...

2021-01-27T19:10:38 :: Attempting Root Domain AutoDiscover query using https://domain-name.com/autodiscover/autodiscover.xml

2021-01-27T19:10:38 :: Setting request type to EmailAddress

2021-01-27T19:10:38 :: Request XML will be:

2021-01-27T19:10:38 :: 

                       <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">;

                           <Request>

                               <EMailAddress>Username@domain-name.com</EMailAddress>

                               <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>;;

                           </Request>

                       </Autodiscover>

                       

2021-01-27T19:10:38 :: Request will be sent to: https://domain-name.com/autodiscover/autodiscover.xml

2021-01-27T19:10:38 :: HttpWebRequest object created

2021-01-27T19:10:38 :: HttpWebRequest set to allow auto redirect

2021-01-27T19:10:38 :: HttpWebRequest set to POST method

2021-01-27T19:10:38 :: HttpWebRequest ContentType set to 'text/xml'

2021-01-27T19:10:38 :: HttpWebRequest UserAgent set to Microsoft Office/14.0 (Windows NT 6.2; Microsoft Outlook 14.0.7015; Pro)

2021-01-27T19:10:38 :: HttpWebRequest Headers set to the following to request mapiHTTP details:

2021-01-27T19:10:38 ::     X-MapiHTTPCapability=1

2021-01-27T19:10:38 ::     X-ClientCanHandle=Negotiate

2021-01-27T19:10:38 :: Set integrated authentication using: Username@domain-name.com/•••••••••••••••••

2021-01-27T19:10:38 :: Communicating with remote host...this can take a few seconds to a minute or more...please wait..

2021-01-27T19:10:38 :: Wrote xml request data to the http request object.

2021-01-27T19:10:38 :: Sending request to the server...please wait...

2021-01-27T19:10:38 :: Error when sending request to server:

                       System.Net.WebException: The remote server returned an error: (404) Not Found.

                          at System.Net.HttpWebRequest.GetResponse()

                          at AutoDiscoverXMLTool.frmMain.GetAutodiscoverXML(String user, String url, NetworkCredential creds, Boolean RequestMapiHttp, String UserAgent, Dictionary`2 AdditionalHeaders, Boolean UseBasicAuth)

2021-01-27T19:10:38 :: 

2021-01-27T19:10:38 :: Attempting AutoDiscover Prefixed Domain AutoDiscover query using https://autodiscover.domain-name.com/autodiscover/autodiscover.xml

2021-01-27T19:10:38 :: Setting request type to EmailAddress

2021-01-27T19:10:38 :: Request XML will be:

2021-01-27T19:10:38 :: 

                       <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">;

                           <Request>

                               <EMailAddress>Username@domain-name.com</EMailAddress>

                               <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>;;

                           </Request>

                       </Autodiscover>

                       

2021-01-27T19:10:38 :: Request will be sent to: https://autodiscover.domain-name.com/autodiscover/autodiscover.xml

2021-01-27T19:10:38 :: HttpWebRequest object created

2021-01-27T19:10:38 :: HttpWebRequest set to allow auto redirect

2021-01-27T19:10:38 :: HttpWebRequest set to POST method

2021-01-27T19:10:38 :: HttpWebRequest ContentType set to 'text/xml'

2021-01-27T19:10:38 :: HttpWebRequest UserAgent set to Microsoft Office/14.0 (Windows NT 6.2; Microsoft Outlook 14.0.7015; Pro)

2021-01-27T19:10:38 :: HttpWebRequest Headers set to the following to request mapiHTTP details:

2021-01-27T19:10:38 ::     X-MapiHTTPCapability=1

2021-01-27T19:10:38 ::     X-ClientCanHandle=Negotiate

2021-01-27T19:10:38 :: Set integrated authentication using: Username@domain-name.com/•••••••••••••••••

2021-01-27T19:10:38 :: Communicating with remote host...this can take a few seconds to a minute or more...please wait..

2021-01-27T19:10:38 :: Wrote xml request data to the http request object.

2021-01-27T19:10:38 :: Sending request to the server...please wait...

2021-01-27T19:10:38 :: Response received from server...

2021-01-27T19:10:38 :: Server responded with a status code of 200 [OK].

2021-01-27T19:10:38 :: Retrieved response data...

 

Tried to run the Outlook account creation and it located the server (i think) but once again it fails with windows security login. it results in a loop as though wrong password was submitted.
0
Karl Jones Replied
1/27/2021 at 6:02 PM
Lastly, this is the XML returned during the autodisciver test


<?xml version="1.0" encoding="utf-8"?>
        <User>
            <DisplayName>User Name</DisplayName>
            <LegacyDN>/o=domain-name.com/ou=SmarterMail/cn=Recipients/cn=cfff6cabb81c4e0fa2603ecfcb30fec5-Username</LegacyDN>
            <AutoDiscoverSMTPAddress>Username@domain-name.com</AutoDiscoverSMTPAddress>
            <DeploymentId>fa8b72f9-14e6-4c60-b43d-608a13dea5d7</DeploymentId>
        </User>
        <Account>
            <AccountType>email</AccountType>
            <Action>settings</Action>
            <MicrosoftOnline>False</MicrosoftOnline>
            <ConsumerMailbox>False</ConsumerMailbox>
            <Protocol>
                <Type>SMTP</Type>
                <Server>mail.domain-name.com</Server>
                <Port>465</Port>
                <LoginName>Username@domain-name.com</LoginName>
                <DomainRequired>On</DomainRequired>
                <DomainName>domain-name.com</DomainName>
                <SPA>Off</SPA>
                <TLS>On</TLS>
                <AuthRequired>On</AuthRequired>
            </Protocol>
            <Protocol>
                <Type>IMAP</Type>
                <Server>mail.domain-name.com</Server>
                <Port>143</Port>
                <LoginName>Username@domain-name.com</LoginName>
                <DomainRequired>On</DomainRequired>
                <DomainName>domain-name.com</DomainName>
                <SPA>Off</SPA>
                <SSL>On</SSL>
                <AuthRequired>On</AuthRequired>
            </Protocol>
        </Account>
    </Response>
</Autodiscover>
0
Karl Jones Replied
1/28/2021 at 3:14 PM
Update.... On the request of support ran fiddler and noticed that the www and domain name only addresses were being tested, instead of being directed to the autodiscover address.
Checked my local DNS servers and looked for anything that related to the mail.domain-name.com or autodiscover.domain-name.com including any srv records.Found and removed a local A record for mail.domain-name.com so removed and flushed DNS, now it apparently is working at connecting to the right servers but is giving bad gateway errors (502)
0
Karl Jones Replied
1/29/2021 at 4:26 PM
Getting so frustrated...It seems to find the login prompts but fails on all internal computers but if i take my outlook 2016 and go to anywhere but my workplace it works just fricken fine....!!!
0
Mike Mulhern Replied
2/1/2021 at 12:20 PM
Karl---

I just solved a similar issue with our email.  

Is your mail domain a subdomain of your website?  In our instance there was some cache setting where internal dns calls were going to our website host.  Worth a shot:

Solved my problem with Autodiscover not finding MAPI settings internally.
0
Karl Jones Replied
2/1/2021 at 12:41 PM
I saw that and was reading up on it...I do see a fiddler log showing a mapi login but incorrect credentials. I have to talk with the webmaster about settings on the webserver as i don't have access or control of that.
Thanks for the suggestion... still waiting on an update from support to see what they see in the logs i'm providing.
0
Karl Jones Replied
2/2/2021 at 4:40 PM
This is a question to Smartertool support....!

Issue: You would like a better understanding of the order in which Outlook goes through the Autodiscover process and Outlook looks locally first using SCP (part of MS exchange configuration)

  1. SCP lookup: Outlook will query Active Directory for Autodiscover information.  If that fails, Outlook begins it’s “non-domain connected” logic, and will go in order down this list
  2. HTTPS root domain query: Outlook, if not domain joined, queries using the primary email address domain (right hand side of the email address). Using this domain as an example, it will search for https://domain-name/autodiscover/autodiscover.xml
  3. HTTPS Autodiscover domain query – If the above search yields no response, the next URL Outlook will try is https://autodiscover.domain-name/autodiscover/autodiscover.xml
  4. HTTP redirect method
  5. SRV record query
  6. Local XML file
  7. cached URL in the Outlook profile (new for Outlook 2013)
Now, why did smartertools decide not to create/use an SCP entry so that local domain installs automatically use the SCP info rather than doing the full search which creates problems because it locates a top level domain or website entry that stops the full search.
1
Mike Mulhern Replied
2/3/2021 at 10:42 AM
Hi Karl---
Not sure how relevant this is but might be helpful.

I was running my tests with Outlook 2016, which works fine with MAPI for me.  

Oddly enough, I started testing Outlook 2019 yesterday and have a similar issue you are having.

This is on my LAN.

Trying Outlook 2019 > MAPI and it goes into a security log-in loop as if the incorrect password is provided.

Running Outlook 2019 'Email Autoconfiguration Test' and MAPI fails and returns IMAP/SMTP whereas same email account return MAPI xml data (both on the same LAN) with Outlook 2016.  

I played with the reg edits and local xml, etc with no luck.

Looking at fiddler logs (I am a novice and might be misinterpreting) I can see that 'Email Autoconfiguration Test' is hitting the correct ip on my LAN for autodiscover.my-domain.com/autodiscover/autodiscover.xml but the traffic is being bounced as 401 unauthorized.

Looking at the Fiddler for Outlook 2016 'Email Autoconfiguration Test' and the traffic goes right through and returns the MAPI XML info.

When I run the Priasoft tool on both the 2019 machine and the 2016 machine the XML outlook is identical on both machines.
0
Kyle Kerst Replied
2/3/2021 at 10:52 AM
Employee Post
Karl, I took a quick look at your follow up autodiscover test and it looks like its getting stuck on domain.com/autodiscover/autodiscover.xml which should be resolved with the redirect steps on our autodiscover KB article. Can you try that out please? I am not sure what the answer is on the SCP lookups, but if you create a ticket on that we can definitely find out for you. I hope this helps!
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Karl Jones Replied
2/3/2021 at 11:43 AM
Thanks Mike. I see various results depending on the DNS configuration, PC used and whatever test utility I use. Worse still i can get a fully successful test and then reboot the PC and they fail again... Grrrr All the versions of Outlook we are using are 2016.... I hope i don't have to fight with 2019 when we start having to buy them. (smh)
0
Karl Jones Replied
2/3/2021 at 11:54 AM
Thanks for the reply Kyle. I'm guessing Tony is busy because you reply before he does. The SCP is a function of MS exchange install but it is also the first thing that Outlook MAPI search looks for in a local domain setup so seems counter intuitive that smartermail wouldn't create those same entries to allow Outlook MAPI search to go straight to a local domain install, instead of doing the full search and finally setting up with a SRV result.!!!

I have forwarded the request to the webmasters to update the config files as i think they have a permanently moved entry and it doesn't forward to the smartermail mail domain name. My issue is that my non domain joined home laptop connects straight away. with the settings as they are. All domain joined office computers fail to create an account and get stuck in the credentials loop. It seems its domain joined computers that have a problem. I haven't been able to check a local, non joined PC yet.
0
Karl Jones Replied
2/3/2021 at 2:38 PM
Example of what is happening.. Fiddler trace for the section that shows www to autodiscover to mail and a prompt for a mapi mailboxid:-

53    200    HTTP    Tunnel to    www.domain-name.com:443    690            rundll32:6800    [#52]        
54    404    HTTPS    www.domain-name.com    /autodiscover/autodiscover.xml    29,212    no-cache; Expires: Thu, 19 Nov 1981 08:52:00 GMT    text/html; charset=UTF-8    rundll32:6800    [#53]        
55    200    HTTP    Tunnel to    autodiscover.domain-name.com:443    748            rundll32:6800    [#54]        
56    401    HTTPS    autodiscover.domain-name.com    /autodiscover/autodiscover.xml    0    private    text/xml    rundll32:6800    [#55]        
57    401    HTTPS    autodiscover.domain-name.com    /autodiscover/autodiscover.xml    0    private    text/xml    rundll32:6800    [#56]        
58    401    HTTPS    autodiscover.domain-name.com    /autodiscover/autodiscover.xml    0    private    text/xml    rundll32:6800    [#57]        
59    200    HTTPS    autodiscover.domain-name.com    /autodiscover/autodiscover.xml    1,973    private    text/xml; charset=utf-8    rundll32:6800    [#58]        
60    401    HTTPS    mail.domain-name.com    /mapi/nspi/?MailboxId=SlJhanNpY0BsZHRvb2wuY29t    1,425    private    text/html    rundll32:6800    [#59]        
61    401    HTTPS    mail.domain-name.com    /mapi/nspi/?MailboxId=SlJhanNpY0BsZHRvb2wuY29t    1,425    private    text/html    rundll32:6800    [#60]        
62    401    HTTPS    mail.domain-name.com    /mapi/nspi/?MailboxId=SlJhanNpY0BsZHRvb2wuY29t    1,425    private    text/html    rundll32:6800    [#61]        
63    401    HTTPS    mail.domain-name.com    /mapi/nspi/?MailboxId=SlJhanNpY0BsZHRvb2wuY29t    1,425    private    text/html    rundll32:6800    [#62]        

Seems to indicate its reaching the mapi login so i put in the credentials of the user in both domain and UPN style and i keep getting the 401

HTTP/1.1 401 Unauthorized
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html
Server: Microsoft-IIS/8.5
request-id: d3e3e397-1969-4d94-8a21-41332401db13
X-ServerApplication: Exchange/15.01.1847.001
X-RequestId: {EE1D9ADE-21E7-41B1-A926-9B0646825157}:1
X-ClientInfo: {6CBF1C96-3D44-4252-8DAF-11AC618AE031}:80560005
X-RequestType: Bind
X-TunnelExpirationTime: 1800000
X-PendingPeriod: 30000
X-ExpirationInfo: 300000
X-ResponseCode: 0
Persistent-Auth: true
X-DiagInfo: SMARTERMAIL
X-BEServer: SMARTERMAIL
X-FEServer: SMARTERMAIL
X-CalculatedBETarget: mail.domain-name.com
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic Realm=""
Date: Wed, 03 Feb 2021 20:44:11 GMT
Proxy-Support: Session-Based-Authentication

50d
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">;
<html xmlns="http://www.w3.org/1999/xhtml">;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset></div>
</div>
</body>
</html>

61
DONE
X-StartTime: Wed, 03 Feb 2021 20:44:11 GMT
X-ElapsedTime: 120
Content-Type: text/html

c
Unauthorized
0

this is the response against the mapi mailbox prompt.
0
Karl Jones Replied
2/12/2021 at 3:42 PM
Just an update.... still not fixed.... the issue has nothing to do with DNS as both external and non domain joined computers can create an account using IMAP, activesync and MAPI. Soon as i try on a domain joined computer i get 401 not authorised so as far as i'm concerned it's a IIS or GPO related security problem.

This is a Smartermail autodiscover log showing that login attempts are reaching it and failing with MAPI. The only thing i see that i'm unsure of is the user-name@domain-name.com is logging in but the MAPI NTLM seems to show user-name@domain-name   (no .com) and says user not found.

[2021.02.11] 15:37:46.241 [192.168.10.100] IMAP Attempting to login user: user-name@domain-name.com
[2021.02.11] 15:37:46.241 [192.168.10.100] IMAP Login successful: With user user-name@domain-name.com
[2021.02.11] 15:38:32.788 [192.168.10.183] ActiveSync Attempting to login user: user-name@domain-name.com
[2021.02.11] 15:38:32.788 [192.168.10.183] ActiveSync Login successful: With user user-name@domain-name.com
[2021.02.11] 15:38:32.788 [192.168.10.183] EAS authentication for user-name@domain-name.com using Basic
[2021.02.11] 15:38:32.819 [192.168.10.183] EAS authentication for user-name@domain-name.com using Basic
[2021.02.11] 15:38:33.116 [192.168.10.183] EAS authentication for user-name@domain-name.com using Basic
[2021.02.11] 15:38:52.522 [192.168.10.183] EAS authentication for user-name@domain-name.com using Basic
[2021.02.11] 15:39:03.788 [192.168.10.183] Autodiscover NTLM; AuthenticateMessage; User not found [user-name@domain-name] [TlRMTVNTUAADAAAAGAAYAI4AAAAYABgApgAAAAwADABYAAAADgAOAGQAAAAcABwAcgAAAAAAAAC+AAAAFYKIIgoAYUoAAAAP19wKc9ThWFSK2oSx/sOuakwARABUAE8ATwBMAEoAUgBhAGoAcwBpAGMAVABVAFIATgBLAEUAWQBPAFAAUwAtAE0ARwBSAFxiEilCEsLQAAAAAAAAAAAAAAAAAAAAAMlFmK46cHihAkVL4Tkk0qbe5TJDeldeXg==]
[2021.02.11] 15:39:08.367 [192.168.10.183] EAS authentication for user-name@domain-name.com using Basic
[2021.02.11] 15:39:24.305 [192.168.10.183] EAS authentication for user-name@domain-name.com using Basic
[2021.02.11] 15:39:30.962 [192.168.10.100] User admin@ calling search logs, type: autodiscover, search: user-name
[2021.02.11] 15:39:40.306 [192.168.10.183] EAS authentication for user-name@domain-name.com using Basic
[2021.02.11] 15:39:54.915 [192.168.10.183] EAS authentication for user-name@domain-name.com using Basic
[2021.02.11] 15:39:55.071 [192.168.10.183] EAS authentication for user-name@domain-name.com using Basic
[2021.02.11] 15:46:34.713 [192.168.10.183] Autodiscover NTLM; AuthenticateMessage; User not found [user-name@domain-name] [TlRMTVNTUAADAAAAGAAYAI4AAAAYABgApgAAAAwADABYAAAADgAOAGQAAAAcABwAcgAAAAAAAAC+AAAAFYKIIgoAYUoAAAAPtIiGZnXIKuh8XfNtEV8w80wARABUAE8ATwBMAEoAUgBhAGoAcwBpAGMAVABVAFIATgBLAEUAWQBPAFAAUwAtAE0ARwBSAF0uZY+rOTdhAAAAAAAAAAAAAAAAAAAAAOqYeBdV91DERuTWywdWfXu6uJ6rcRQzvA==]
0
Douglas Foster Replied
2/13/2021 at 10:24 AM
The xml example is missing a protocol section for type EXPR.   In build 7619, you must have EAS or EWS enabled for it to appear.   The section will have a url tag pair for each of the Microsoft protocol variants.   Reported as a bug, ticket still pending, so I assume it also exists in all versions after mine.
1
Karl Jones Replied
2/13/2021 at 10:46 AM
Thanks for any input Douglas.
I do have EWS and EAS and MAPI enabled. Using the Priasoft autodiscovery tool both internally (domain joined) and externally i get this test result.

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">;
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">;
        <User>
            <DisplayName>User Name</DisplayName>
            <LegacyDN>/o=domain-name.com/ou=SmarterMail/cn=Recipients/cn=cfff6cabb81c4e0fa2603ecfcb30fec5-user-name</LegacyDN>
            <AutoDiscoverSMTPAddress>user-name@domain-name.com</AutoDiscoverSMTPAddress>
            <DeploymentId>fa8b72f9-14e6-4c60-b43d-608a13dea5d7</DeploymentId>
        </User>
        <Account>
            <AccountType>email</AccountType>
            <Action>settings</Action>
            <MicrosoftOnline>False</MicrosoftOnline>
            <ConsumerMailbox>False</ConsumerMailbox>
            <Protocol>
                <Type>EXPR</Type>
                <Server>mail.domain-name.com</Server>
                <AuthPackage>ntlm</AuthPackage>
                <LoginName>user-name@domain-name.com</LoginName>
                <DomainRequired>On</DomainRequired>
                <DomainName>domain-name.com</DomainName>
                <ASUrl>https://mail.domain-name.com/ews/exchange.asmx</ASUrl>;
                <EwsUrl>https://mail.domain-name.com/ews/exchange.asmx</EwsUrl>;
                <OOFUrl>https://mail.domain-name.com/ews/exchange.asmx</OOFUrl>;
            </Protocol>
            <Protocol>
                <Type>SMTP</Type>
                <Server>mail.domain-name.com</Server>
                <Port>465</Port>
                <LoginName>user-name@domain-name.com</LoginName>
                <DomainRequired>On</DomainRequired>
                <DomainName>domain-name.com</DomainName>
                <SPA>Off</SPA>
                <TLS>On</TLS>
                <AuthRequired>On</AuthRequired>
            </Protocol>
            <Protocol>
                <Type>IMAP</Type>
                <Server>mail.domain-name.com</Server>
                <Port>143</Port>
                <LoginName>user-name@domain-name.com</LoginName>
                <DomainRequired>On</DomainRequired>
                <DomainName>domain-name.com</DomainName>
                <SPA>Off</SPA>
                <SSL>On</SSL>
                <AuthRequired>On</AuthRequired>
            </Protocol>
        </Account>
    </Response>
</Autodiscover>

The issue is Outlook 2016 gives a not authorised error and i have no idea where this response is coming from.
0
Kyle Kerst Replied
2/17/2021 at 4:47 PM
Employee Post
Sorry for the delay on this Karl! You are correct, Tony was engaged with a meeting when I replied and we typically look out for all of our customers this way. So - sometimes you'll hear from me here on the community faster than Tony, and other times Tony will be the quick one to respond - ultimately it just depends on what is going on that week. 

I did review the ticket this afternoon though and it looks like Tony has the ball rolling in the right direction. I checked your essential autodiscover deployment and it looks to be in good shape (aside from the domain.com/autodiscover/autodiscover.xml redirect I noted previously), and so I think there might be something deeper at work here that we need to debug further. 

I'll keep an eye on the ticket and will add anything I feel can help as I see it. Thanks for your patience on this Karl, we'll get to the bottom of it for you!
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Karl Jones Replied
2/17/2021 at 5:42 PM
Hi Kyle, The domain.com/autodiscover/autodiscover.xml issue is not actually causing a problem as autodiscover does pass over it and external and non domain joined PC's manage to create the account using the autodiscover.domain.com/autodiscover/autodiscover.xml so it's not an autodiscover problem from what i can see, it's a authentication issue as the logs show unauthorized user and negotiate/NTLM failures. I still have a request in with the webmasters but for some reason they haven't gotten to it yet.
Because it's only domain joined PC's that cannot create accounts i was thinking that GPO's from the DC are the problem but haven't figured out which would affect Smartermail IIS integrated authentication.
0
Patrick Mattson Replied
4/16/2021 at 3:10 PM
Karl, did you ever get a fix? I am discovering the same thing. I have created a ticket, but not sure when I might hear back. I am also have another issue, but this MAPI one is driving me nuts.
0
Karl Jones Replied
4/16/2021 at 3:46 PM
No Patrick, i still have a ticket in with support, i have exported my DC GPO's and registry entries to attempt to figure out what is different but no luck figuring it out so far.... I stopped spending time changing things in my GPO test environment as i was just getting more frustrated, as well as having other projects including a server migration with another client.
I know my current DC was a migration from SBS 2003 and everything else has worked for years but i cannot, and neither can smartertools, figure out why domain joined PC's will not allow outlook to connect via MAPI.
0
Patrick Mattson Replied
4/16/2021 at 4:41 PM
Thanks for the update. I am seeing this at many customers while trying to set up MAPI. I was hoping to get away from EAS, when it is enabled I can connect fine, but there does not appear to be a good solution. I did try something from Kyle's notes above. Tried connect to the autodiscover, here is the results.

https://autodiscover.domain123.xyz/autodiscover/autodiscover.xml

I am prompted for a username and password. After trying the email and his password this comes up.

Invalid XML Request - Error: User does not exist.

Server stack trace:
   at MailService.Remoting.Mail.GetUserStatic(String email)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at SmarterMail.RemoteInterface.IMail.GetUser(String sessionStr, String emailAddress)
   at SmarterMail.Logic.Remoting.RemoteMail.GetUser(String sessionStr, String email)
   at SmarterMail.Web.SyncProtocols.AutoDiscover.AutoDiscoverProcessor.DoWork(Object workItemState),
0
Kyle Kerst Replied
4/19/2021 at 9:51 AM
Employee Post
Patrick - I recommend you submit a ticket on this so we can verify the domain directly. The password result you're seeing when browsing via a browser is expected, but if you're seeing the same behavior from Outlook you likely have a missing autodiscover component or a GPO setting (as noted above) that is preventing successful completion of the account set up. 
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Karl Jones Replied
7/12/2021 at 1:17 PM
I am bumping this to see if there are any tech geniuses out there who can help figure out why this is happening. Basically EWS connections work, LAN connected but non domain joined computers work but Domain joined computers fail and give an outlook account repeat password prompt.
0
Zach Sylvester Replied
7/12/2021 at 5:01 PM
Employee Post
Hey Karl, 

From reading this it seems you need to ask what is the difference between a computer on your domain and one that is not. Network settings would be the first thing I would check. Unless you haven't already tried this try changing the DNS server to a public DNS server like 1.1.1.1 and 8.8.8.8 on the client PC. Please let me know if this helps. 

Best Regards, 
Zach Sylvester System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Kiswire it Replied
2/23/2022 at 6:14 PM
@Patrick Mattson @Karl Jones
Before opening the ticket, I just wonder if I can get your wisdom.

My build is 8087 and I am getting the same message as below but it is benign:
[2021.02.11] 15:46:34.713 [192.168.10.183] Autodiscover NTLM; AuthenticateMessage; User not found [user-name@domain-name] 

In many cases, this message shows up whenever users start Outlook in their desktops. But for some users, it shows up about 2000 times in the SM log and I am concerning this could behave like DDOS.
0
Karl Jones Replied
5/26/2022 at 7:39 AM
I thought i had replied to this thread to give the result, seems not..
I finally fixed the problem... It turned out to be an AD problem, specifically the UPN suffix.
At some point in the past the server 2012 had been setup as a .local domain and sometime after that an additional UPN suffix was added for .com. the entry section can be seen in the attached picture. All domain users were logging in via domain workstations and all was well, until time to authenticate NTLM via the MAPI autodiscovery process in Outlook. The problem with Outlook was it was looking for NTLM authentication of the .local username and not the .com suffix being used in the Active directory users and computers. All i had to do was set the UPN suffix back to .local and when adding the Outlook account change the sometimes detected username from username@domain.local to the correct username@domain.com, input the password and all was well.
No idea why it failed as the UPN suffix should have allowed authentication of the user using the new .com and not the original .local suffix.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Set Up a MAPI Account in Outlook 2016 and Above for WindowsSmarterMail > Desktop and Mobile Synchronization
Configure eM Client for MAPI & EWSSmarterMail > Desktop and Mobile Synchronization
Domain Shares and Protocol BehaviorSmarterMail > Desktop and Mobile Synchronization
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management