Kolab Activesync: unable to configure Outlook 2016 using Exchange

Discussion:

Adi Pircalabu

2018-09-26 06:14:46 UTC

Hi, using CentOS 7 with:
kolab-16.0.1-12.2.el7.kolab_16.x86_64
kolab-syncroton-2.3.12-1.13.el7.kolab_16.noarch
I'm trying to use activesync with Outlook 2016, without success so far.
Outlook user-agent logged is:
"Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.10730;
Pro)"

This is what Outlook 2016 is sending:
<?xml version="1.0" encoding="utf-8"?><Autodiscover
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006"><Request><EMailAddress>***@domain.com.au</EMailAddress><AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema></Request></Autodiscover>

And this is kolab's response:
---CUT HERE---
<?xml version="1.0" encoding="UTF-8"?>
<Autodiscover
xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Test User</DisplayName>

<AutoDiscoverSMTPAddress>***@domain.com.au</AutoDiscoverSMTPAddress>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>IMAP</Type>
<Server>pop3.domain.com.au</Server>
<Port>993</Port>
<LoginName>***@domain.com.au</LoginName>
<SPA>off</SPA>
<Encryption>SSL</Encryption>
</Protocol>
<Protocol>
<Type>POP3</Type>
<Server>imap.domain.com.au</Server>
<Port>995</Port>
<LoginName>***@domain.com.au</LoginName>
<SPA>off</SPA>
<Encryption>SSL</Encryption>
</Protocol>
<Protocol>
<Type>SMTP</Type>
<Server>smtp.domain.com.au</Server>
<Port>465</Port>
<LoginName>***@domain.com.au</LoginName>
<SPA>off</SPA>
<Encryption>SSL</Encryption>
</Protocol>
</Account>
</Response>
</Autodiscover>
---CUT HERE---

The IMAP / POP3 / SMTP settings are ok, yet outlook comes up with a
"Something went wrong" window. Where else should I look to make it work?
Thanks,

--
Adi Pircalabu

Aleksander Machniak

2018-09-26 07:12:09 UTC

Permalink

Post by Adi Pircalabu
kolab-16.0.1-12.2.el7.kolab_16.x86_64
kolab-syncroton-2.3.12-1.13.el7.kolab_16.noarch
I'm trying to use activesync with Outlook 2016, without success so far.
The IMAP / POP3 / SMTP settings are ok, yet outlook comes up with a
"Something went wrong" window. Where else should I look to make it work?

I don't know, but please note that you cannot auto-confgure Outlook to
use ActiveSync. To use this protocol you have to configure Outlook manually.

--
Aleksander Machniak
Senior Software Engineer
Kolab Systems AG: https://kolabsystems.com
PGP: 19359DC1

Mihai Badici

2018-09-26 09:34:44 UTC

Permalink

Post by Aleksander Machniak

I don't know, but please note that you cannot auto-confgure Outlook to
use ActiveSync. To use this protocol you have to configure Outlook manually.

I think you ( me for sure) tested with outlook2013. Seems there is no
such thing as "configure outlook manually" in 2016 ( there is a checkbox
but seems to be useless)

So we will need to upgrade the autodiscover somehow....

Aleksander Machniak

2018-09-26 09:51:26 UTC

Permalink

Post by Mihai Badici
I think you ( me for sure) tested with outlook2013. Seems there is no
such thing as "configure outlook manually" in 2016 ( there is a checkbox
but seems to be useless)
So we will need to upgrade the autodiscover somehow....

Indeed I didn't try Outlook 2016. It looks that a registry change may be
needed
https://support.microsoft.com/en-us/help/3189194/how-to-disable-simplified-account-creation-in-outlook-2016

I'd be happy to learn how to make auto-configuration working. Last time
I searched I didn't find a solution.

--
Aleksander Machniak
Senior Software Engineer
Kolab Systems AG: https://kolabsystems.com
PGP: 19359DC1

Adi Pircalabu

2018-09-27 02:00:39 UTC

Permalink

Post by Aleksander Machniak

Indeed I didn't try Outlook 2016. It looks that a registry change may be
needed
https://support.microsoft.com/en-us/help/3189194/how-to-disable-simplified-account-creation-in-outlook-2016
I'd be happy to learn how to make auto-configuration working. Last time
I searched I didn't find a solution.

I'm afraid we should all forget about auto-configuration in Outofluck
2016, it's broken. micro$$ft are doing a fantastic job breaking their
own products and not following their own protocols.
Went and patched /usr/share/kolab-autoconf/lib/AutodiscoverMicrosoft.php
to force mobilesync response if the HTTP user agent matches
"/(Microsoft.Office\/|Outlook.)16.0/" which got me past the first stage,
yay! (NOTE: I've selected "Exchange" account type). In the next window
Outlook asks for password and I duly oblige. Unfortunately it keeps
coming up with "Your account and password is incorrect", however I'm not
seeing any more HTTP requests into kolab. Using Wireshark it turns out
our beloved outlook 2016 is trying to authenticate the kolab user via
https against 23.101.222.246, which is, of course, some micro$$1t IP
address.
Thanks for looking into it.

--
Adi Pircalabu

Mihai Badici

2018-09-27 05:48:51 UTC

Permalink

Post by Adi Pircalabu

Post by Aleksander Machniak
Indeed I didn't try Outlook 2016. It looks that a registry change may be
needed
https://support.microsoft.com/en-us/help/3189194/how-to-disable-simplified-account-creation-in-outlook-2016
I'd be happy to learn how to make auto-configuration working. Last time
I searched I didn't find a solution.

I'm afraid we should all forget about auto-configuration in Outofluck
2016, it's broken. micro$$ft are doing a fantastic job breaking their
own products and not following their own protocols.
Went and patched
/usr/share/kolab-autoconf/lib/AutodiscoverMicrosoft.php to force
mobilesync response if the HTTP user agent matches
"/(Microsoft.Office\/|Outlook.)16.0/" which got me past the first
stage, yay! (NOTE: I've selected "Exchange" account type). In the next
window Outlook asks for password and I duly oblige. Unfortunately it
keeps coming up with "Your account and password is incorrect", however
I'm not seeing any more HTTP requests into kolab. Using Wireshark it
turns out our beloved outlook 2016 is trying to authenticate the kolab
user via https against 23.101.222.246, which is, of course, some
micro$$1t IP address.
Thanks for looking into it.

I suspect it first try to authenticate in the first stage to the
configured server and then to microsoft online account or something.

As I read till now, the autoconfigure is not running only at startup,
like before, but also at predefined intervals to intercept the changes
in infrastructure ( if documented, this can be useful because kolab also
support multiple servers ) . Probably when the protocol will be
documented we will have another outlook version, with a brand new
autoconfiguration protocol :)

The good news is the caldav plugin seems to work with 2016 :)

Mihai Badici

2018-09-28 12:55:43 UTC

Permalink

This post might be inappropriate. Click to display it.

Aleksander Machniak

2018-09-28 13:20:21 UTC

Permalink

Post by Mihai Badici
"GET
/autodiscover/autodiscover.json?Email=mihai.badici%40mydomain&Protocol=ActiveSync&RedirectCount=1
HTTP/1.1" 404 228

Thanks for bringing this. It gave me some new keywords for google search. It looks that it
is a new protocol. And the request seems to come from Office365 servers not directly from
Outlook.

I didn't find an official protocol spec, but I've found

https://www.msxfaq.de/exchange/autodiscover/autodiscover_v2.htm
and
https://github.com/mailcow/mailcow-dockerized/blob/master/data/web/autodiscover-json.php

I don't know though if implementing this in our autodiscover service is enough.

--
Aleksander Machniak
Senior Software Engineer
Kolab Systems AG: https://kolabsystems.com
PGP: 19359DC1

Mihai Badici

2018-09-28 13:46:15 UTC

Permalink

Post by Aleksander Machniak

Post by Mihai Badici
"GET
/autodiscover/autodiscover.json?Email=mihai.badici%40mydomain&Protocol=ActiveSync&RedirectCount=1
HTTP/1.1" 404 228

Thanks for bringing this. It gave me some new keywords for google search. It looks that it
is a new protocol. And the request seems to come from Office365 servers not directly from
Outlook.
I didn't find an official protocol spec, but I've found
https://www.msxfaq.de/exchange/autodiscover/autodiscover_v2.htm
and
https://github.com/mailcow/mailcow-dockerized/blob/master/data/web/autodiscover-json.php
I don't know though if implementing this in our autodiscover service is enough.

I didn't have enough time right now but I'm interested if we can solve
this because I'm lazy :) and some people already expect autoconfigure to
work so I will continue to investigate anyway .

The request is definitely from my IP not from office365 .

Mihai Badici

2018-09-30 20:57:41 UTC

Permalink

Post by Aleksander Machniak

Post by Mihai Badici
"GET
/autodiscover/autodiscover.json?Email=mihai.badici%40mydomain&Protocol=ActiveSync&RedirectCount=1
HTTP/1.1" 404 228

Thanks for bringing this. It gave me some new keywords for google search. It looks that it
is a new protocol. And the request seems to come from Office365 servers not directly from
Outlook.
I didn't find an official protocol spec, but I've found
https://www.msxfaq.de/exchange/autodiscover/autodiscover_v2.htm
and
https://github.com/mailcow/mailcow-dockerized/blob/master/data/web/autodiscover-json.php
I don't know though if implementing this in our autodiscover service is enough.

Ok, some temporary conclusions:

1. The autodiscovery can be broken in outlook 2016 for Exchange servers.

I used the json from your link by simply adding the autodiscover url.

if ($_GET['Protocol'] == 'ActiveSync') {
echo '{"Protocol":"ActiveSync","Url":"' .
"https://mydomain/Microsoft-Server-ActiveSync/" . '"}';

Outlook try the next step:

[30/Sep/2018:23:45:22 +0300] "OPTIONS /Microsoft-Server-ActiveSync
HTTP/1.1" 401 -

But it not use the username and it not ask for credentials.

If I manually configure activesync i have this line in apache's log:

domain\\mihai.badici [30/Sep/2018:23:44:45 +0300] "OPTIONS
/Microsoft-Server-ActiveSync HTTP/1.1" 200 -

My guess is they intent to put all the parameters in this json in the
future and deprecate the "old" protocol because for activeSync the url
is in fact the only information we need to configure outlook.

IMHO we need to refuse the new protocol and goes to

elseif ($_GET['Protocol'] == 'Autodiscoverv1') {
echo '{"Protocol":"AutodiscoverV1","Url":"https://' .
$_SERVER['HTTP_HOST'] . '/Autodiscover/Autodiscover.xml"}';

( in the original script there is an issue because outlook use
Autodiscoverv1 not AutodiscoverV1 but maybe that's version dependent,
the windows guy's don't respect the case in filenames..)

In the link in german you provided there are some indication about how
to refuse the ActiveSync protocol and make it use the old one but i
didn't tried yet.

The old protocol should be ok, I tested with their tool:

https://testconnectivity.microsoft.com/

Ramiro

2018-09-26 12:54:29 UTC

Permalink

Hello
You can also configure Outlook 2016 manualy, you have to go to the contropanel and then search for Mail, there you can manualy add accounts.

Post by Aleksander Machniak

Post by Adi Pircalabu
kolab-16.0.1-12.2.el7.kolab_16.x86_64
kolab-syncroton-2.3.12-1.13.el7.kolab_16.noarch
I'm trying to use activesync with Outlook 2016, without success so

far.

Post by Aleksander Machniak

Post by Adi Pircalabu
The IMAP / POP3 / SMTP settings are ok, yet outlook comes up with a
"Something went wrong" window. Where else should I look to make it

work?

Post by Aleksander Machniak
I don't know, but please note that you cannot auto-confgure Outlook

Post by Aleksander Machniak
use ActiveSync. To use this protocol you have to configure Outlook

manually.
I think you ( me for sure) tested with outlook2013. Seems there is no
such thing as "configure outlook manually" in 2016 ( there is a
checkbox
but seems to be useless)
So we will need to upgrade the autodiscover somehow....
_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users