The issue stems from how Exchange server responds to the EWS request when “Via” headers are present and how different clients respond to it. I also found an old reference on our knowledge base which provided some more details on the issue:
Email client for mac os x 10.4.11 mac#
At some point in our discussions, someone had mentioned that inserting “Via” headers are known to negatively impact Mac Mail client. When I saw these headers, I remembered the discussion I had with my talented support engineers at KEMP. KEMP LoadMaster uses X-ClientSide header by default. SNAT is recommended when load balancing Exchange servers. The X-ClientSide (or X-Forwarded-For) header is used by proxies and load balancers to preserve original client IP address when SNAT is in use. In this case it indicates the IP address of the load balancer. The “Via” header indicates presence of a proxy between client and server. While the headers gives you idea of what is included in a normal POST request from the client, for me, the first and last headers are very important. Here’s the most relevant piece of data from the trace file (I have removed unnecessary headers for brevity): When the error occurred, numerous xml files were created by IIS. Now that the trace is enabled and rule configured to capture HTTP 400 error condition, I launched Mac Mail client and reproduced the issue. – Change trace location or accept default and click “OK” – Click “Edit Site Tracing” option under Actions and click “Enable” – Accept the default selection for trace providers and click finish – In “Trace Conditions” dialog, select “Status Code(s)” and type 400 – Create a new rule and select “All Contents” in the “Specify Content to Trace” dialog – Using IIS Manager, select the “Default Web Site” and select “Failed Request Tracing Rules” I decided to use failed request tracing in IIS (big thanks to my Microsoft colleague Brad Hughes for the hint). However, in my test that did not work for some reason. One way to address this is to configure list of ciphers used by server similar to what I had done on KEMP LoadMaster. I was now facing the issue of capturing the headers from the server side. I had it configured this way only for troubleshooting purpose in my lab and no production data was in flight during testing. I don’t recommend this configuration in production and KEMP LoadMaster default setup uses more secure ciphers. I was able to decrypt client side traffic due to load balancer configuration of ciphers that didn’t use PFS. Due to newer ciphers which use PFS (Perfect Forward Secrecy) I couldn’t decrypt data being received from load balancer by the server despite having the private key used to encrypt the information. I needed to correlate this with the data being received on the Exchange server. The response included data that was requested by POST operation. Notice how the pattern looks similar to Mac Mail’s second POST request, however, it ends with 200 OK. POST /ews/exchange.asmx 401 Unauthorized POST /ews/exchange.asmx 401 Unauthorized POST /ews/exchange.asmx 200 OK When comparing that with Outlook for Mac, the pattern looked like the following: However, this time the pattern followed multiple 401 responses from server and ended with 400. At this point Mac Mail client started with another POST operation to EWS. Notice how initial dialog included challenge response for NTLM authentication and ended with 200 OK. POST /ews/exchange.asmx 401 Unauthorized POST /ews/exchange.asmx 401 Unauthorized POST /ews/exchange.asmx 400 Bad Request
+(2).jpg "email client for mac os x 10.4.11")
POST /ews/exchange.asmx 401 Unauthorized POST /ews/exchange.asmx 200 OK Looking at the trace captured using Wireshark on the client machine, I noticed the following HTTP dialog: Microsoft Outlook for Mac did not have issue connecting to Exchange even before we changed 100-continue handling to be RFC-7231 compliant.Īt this point, I decided to look at the network trace.
Since we addressed the 100-continue handling in Part 1 of this article, ExRCA tests did not indicate any more issues. Let’s see what we can do to get the Mac Mail to connect successfully to Exchange servers. We also discussed troubleshooting steps that addressed the issue of unable to pass EWS tests, however, we stopped there since Mac Mail failed to connect despite ExRCA EWS tests passed. In Part 1 of this article, we discussed symptoms of Mac Mail unable to connect to Exchange 2016 servers through KEMP LoadMaster load balancers.
0 kommentar(er)
