3
Autodiscover not working for MAPI
Problem reported by Sébastien Riccio - 4/25/2021 at 11:14 AM
Resolved
Hello,

This is the our first attempt to provide MAPI support to a customer, but without success unfortunately.

After digging a bit I've discovered that Outlook is missing the informations for MAPI in the autodiscover.xml returned by SmarterMail.

It returns what is needed for imap, smtp, ews, etc but not for MAPI, even that it is enabled in the domain autodiscovery settings.

I tried to enable only EWS in autodiscover and then enable EWS + MAPI and there is no difference in the returned xml.

Enabling only MAPI in autodiscover returns a blank xml file.

I suspect there is something broken here. 



Autodiscover with only EWS enabled returned xml:

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">;
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">;
        <User>
            <DisplayName>madjik@mysuperdomain.ch</DisplayName>
            <LegacyDN>/o=mysuperdomain.ch/ou=SmarterMail/cn=Recipients/cn=0af54acf94314ac2b1c1e2633ace52ca-madjik</LegacyDN>
            <AutoDiscoverSMTPAddress>madjik@mysuperdomain.ch</AutoDiscoverSMTPAddress>
            <DeploymentId>5cb95953-7847-46c4-b8cb-0983e2047e2d</DeploymentId>
        </User>
        <Account>
            <AccountType>email</AccountType>
            <Action>settings</Action>
            <MicrosoftOnline>False</MicrosoftOnline>
            <ConsumerMailbox>False</ConsumerMailbox>
            <Protocol>
                <Type>EXPR</Type>
                <Server>mail01.mysuperserver.com</Server>
                <AuthPackage>ntlm</AuthPackage>
                <LoginName>madjik@mysuperdomain.ch</LoginName>
                <DomainRequired>On</DomainRequired>
                <DomainName>mysuperdomain.ch</DomainName>
                <ASUrl>https://mail01.mysuperserver.com/ews/exchange.asmx</ASUrl>;
                <EwsUrl>https://mail01.mysuperserver.com/ews/exchange.asmx</EwsUrl>;
                <OOFUrl>https://mail01.mysuperserver.com/ews/exchange.asmx</OOFUrl>;
            </Protocol>
        </Account>
    </Response>
</Autodiscover>




Autodiscover with EWS and MAPI enabled returned xml:


<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">;
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">;
        <User>
            <DisplayName>madjik@mysuperdomain.ch</DisplayName>
            <LegacyDN>/o=mysuperdomain.ch/ou=SmarterMail/cn=Recipients/cn=0af54acf94314ac2b1c1e2633ace52ca-madjik</LegacyDN>
            <AutoDiscoverSMTPAddress>madjik@mysuperdomain.ch</AutoDiscoverSMTPAddress>
            <DeploymentId>5cb95953-7847-46c4-b8cb-0983e2047e2d</DeploymentId>
        </User>
        <Account>
            <AccountType>email</AccountType>
            <Action>settings</Action>
            <MicrosoftOnline>False</MicrosoftOnline>
            <ConsumerMailbox>False</ConsumerMailbox>
            <Protocol>
                <Type>EXPR</Type>
                <Server>mail01.mysuperserver.com</Server>
                <AuthPackage>ntlm</AuthPackage>
                <LoginName>madjik@mysuperdomain.ch</LoginName>
                <DomainRequired>On</DomainRequired>
                <DomainName>mysuperdomain.ch</DomainName>
                <ASUrl>https://mail01.mysuperserver.com/ews/exchange.asmx</ASUrl>;
                <EwsUrl>https://mail01.mysuperserver.com/ews/exchange.asmx</EwsUrl>;
                <OOFUrl>https://mail01.mysuperserver.com/ews/exchange.asmx</OOFUrl>;
            </Protocol>
        </Account>
    </Response>
</Autodiscover>
Sébastien Riccio
System & Network Admin

14 Replies

Reply to Thread
0
Stefano Replied
Hello Sébastien, which DNS zone have you created for this domain?
1
Sébastien Riccio Replied
Hello Stefano,

I started the same test with a domain of mine and got the same results.

I use these DNS records:

autodiscover.cybermind.ch       3600    IN      CNAME   mail01.swisscenter.com.
_autodiscover._tcp.cybermind.ch 3600    IN      SRV     0 0 443 mail01.swisscenter.com.

Where mail01.swisscenter.com is the SmarterMail server.

When I do an autodiscover test from outlook (ctrl-shift right click on the outlook tray icon), the autodiscover process seems to work and it receives the xml file from the server.
But when trying to add an account it says that it is missing informations to connect to the server.

I have the feeling that either something is missing in the returned xml, or something is not activated server-side.

I'm using Outlook 2019 from Office 2019 pro.




Sébastien Riccio System & Network Admin https://swisscenter.com
1
Stefano Replied
On my server, I just have the SRV record, nothing about CNAME about autodiscover.
It's working fine with just that.
0
Gabriele Maoret - SERSIS Replied
Same here, it's all working like Stefano.
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
0
Sébastien Riccio Replied
Hello, great that it is working correctly for you guys, it gives me hope.

I probably did something wrong or forgot something on our side. I'll try again with the SRV record only.
I'm waiting a bit that the DNS caches flushes the entry I've removed.

Kind regards.

Sébastien Riccio System & Network Admin https://swisscenter.com
0
Sébastien Riccio Replied
No much luck either with only SRV entry.

On another hand I've enabled the deailed autodiscover log and it shows something interresting:

[2021.04.26] 15:55:19.881 [192.168.50.35]AD Detail Logs: AnchorMailbox madjik@cybermind.ch UserIdentity madjik@cybermind.ch MapiCapability 1 SupportedMapiVersion 2
[2021.04.26] 15:55:19.881 [192.168.50.35]AD Detail Logs: Parsed X-MapiHttpCapability version 1
[2021.04.26] 15:55:19.881 [192.168.50.35]AD Detail Logs: Parsing user agent Outlook version 16.0
[2021.04.26] 15:55:19.881 [192.168.50.35]AD Detail Logs: Unable to parse user agent Outlook version 0
[2021.04.26] 15:55:19.881 [192.168.50.35]AD Detail Logs: Supported Outlook version details False
[2021.04.26] 15:55:19.881 [192.168.50.35]AD Detail Logs: AnchorMailbox madjik@cybermind.ch UserIdentity madjik@cybermind.ch MAPI supported False
[2021.04.26] 15:55:19.881 [192.168.50.35]AD Detail Logs: madjik@cybermind.ch Non-mobile response
[2021.04.26] 15:55:19.881 [192.168.50.35]AD Detail Logs: madjik@cybermind.ch Adding protocol EWS to XML
[2021.04.26] 15:55:19.881 [192.168.50.35]Completed request
It returns some "MAPI supported False" ?

but on another side, earlier in the log it says:

Parsed X-MapiHttpCapability version 1
and also
 AnchorMailbox madjik@cybermind.ch UserIdentity madjik@cybermind.ch MapiCapability 1 SupportedMapiVersion 2
I don't get it, supported or not ? :)



Sébastien Riccio System & Network Admin https://swisscenter.com
0
Gabriele Maoret - SERSIS Replied
I think you need to open a ticket...
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
2
J Lee Replied
Don't know if this is the exact same issue but I did this to fix autodiscover. 

The workaround I found for this was that you need 2 certs, an SSL cert for both mail.domain.com and autodiscover.domain.com 

Outlook desktop now wants to see an SSL on autodiscover.domain.com 
J. Sebastian Lee Service2Client LLC 6333 E Mockingbird Ste 147 Dallas, TX 75214 - 877.251.3273
1
Kyle Kerst Replied
Employee Post
The suggestion above is the supported solution. Outlook leverages an account discovery service (at Microsoft) to probe the account and server, and so requires the following criteria are met for best results: 

1. https://mail.customer-domain.com should be reachable without security warnings from the client PC on a browser.
2. https://autodiscover.customer-domain.com should be reachable without security warnings from the client PC on a browser.  
3. SRV record should be reachable in DNS from client PC and should reference mail.customer-domain.com on port 443
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Sébastien Riccio Replied
Well, I partially disagree with this or at least it would be a SmarterMail special thing with MAPI.
We have plenty of hosted exchange customers with different domains on a "real" on-promise exchange server.
It never was a problem to use autodiscover CNAME and/or tcp SRV records and/or autodiscover.xml redirects on  our server hostname https://exchange01.ourdomain.com
This without the need to add the customer domain with his own certificates for these records on the server.

This of course if the first returned autodiscover.xml on the user domain is correctly redirected for example with a 301 or 302 to the server hostname.
For 5000 domains mail and autodiscver records, the need to add certificates for each domains would be a nightmare to handle.

So for my first tests I've configured the domains like we do for our hosted exchange service.

That being said and in doubt I've applied all recomendations on a test domain and the problem remains exactly the same. In this specific case it looks more like SmarterMail autodiscover thinks the client doesn't support MAPI and doesn't send out MAPI endpoints.

We have a ticket open for this.

Kind regards.
Sébastien Riccio System & Network Admin https://swisscenter.com
1
J Lee Replied
J. Sebastian Lee Service2Client LLC 6333 E Mockingbird Ste 147 Dallas, TX 75214 - 877.251.3273
3
Sébastien Riccio Replied
Marked As Resolution
Hello,

A little update for my original issue here.

As I suspected from start, this was not a DNS configuration issue but it was SM not able to identify the Outlook client version correctly.
Depending on the locale (internationalisation stuff again) it uses a dot or a comma for the version separator 16.0 -> 16,0., so SM wasn't returning the MAPI endpoint information to the client.

I've received a custom build that fixes this and it worked correctly at my first attempt with it.

EDIT: After this sucessful attempt, I rolled back all DNS entries from the suggested ones to their original ones (the same we usually use for the "real" exachange) and re-added the account, it also works like a charm. No need for gillions of per customer domain certificates, phew!

Kind regards,
Sébastien
Sébastien Riccio System & Network Admin https://swisscenter.com
1
Kyle Kerst Replied
Employee Post
Glad to see we could get this sorted Sebastien! Please note that the initial DNS troubleshooting is something that isn't required in all scenarios, but has been shown to prevent account set up in most cases and so we have to check those boxes! The fix we sent over to you will be included in our next public release as well so this should be good to go moving forward. Have a good one!
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
J Lee Replied
Thanks Sebastien 
J. Sebastian Lee Service2Client LLC 6333 E Mockingbird Ste 147 Dallas, TX 75214 - 877.251.3273

Reply to Thread