GNOME Bugzilla – Bug 659694
Evolution MAPI does not connect to Exchange from extranet.
Last modified: 2012-02-22 10:36:18 UTC
I've noticed strange behavior of evolution with evolution MAPI and Exchange 2007 account. I was able to setup account and connection to exchange from my company network. Everything seems to be working. But when I move my notebook to home or any other location, then I receive error while connecting to exchange server: "Unable to authenticate to Exchange MAPI server: MapiLogonEX: Failed to login into the server Please enter the MAPI password for username@exchangeserver.com" I have Windows Box also with Outlook 2010, I have the same settings for server connection, authorisation etc. And Outlook is working from external networks without any problems. It's quite hard for me to switch to web client when I'm out of office.
Thanks for a bug report. Could you try to run evolution from a console and see whether there will be anything useful, please? Maybe consider running evolution like this: $ MAPI_DEBUG=10 evolution &>log.txt which turns on detailed debugging on the libmapi side, thus the log should be full of debugging information and raw communication (beware, it can expose your secrets, like passwords, in the log). It should show in detail what failed. I think of kerberos setup too, do you have any such defined? Maybe when samba4 tries to work with it then it fails? It would be good to get a traceroute from your machine on both networks, to see the path it's using to reach your server. That only when the log.txt will not contain anything useful.
Thanks for fast reply and suggestions. I've started with traceroute, and now see what can be wrong. From intranet exchange server can be reached via exmbox.mycompany.com which seems to be private IP only (B class). Looking deeper in Outlook configuration to find out how it is able to connect to private IP from public network I found proxy entry (it encapsulates RPC in HTTP packets), which was pointing directly to webmail.mycompany.com (public IP). Is it possible to use such fallback in Evolution?
Evolution is using libmapi from OpenChange, which is using samba4 for connections. There is something called mapiproxy [1], but I have no experience with it, neither I know whether it would do the thing for you, I'm sorry. Evolution-mapi doesn't use the configured Evolution's proxy at all. On the other hand, if it's a standard proxy, then you might be able to connect to it "directly", instead to the server address? (some kind of specialized proxy/tunnel defined on your machine when you are not in the office) [1] http://mapiproxy.openchange.org/
Unfortunately this is not a standard proxy, but another "clever M$ idea", using it in place of standard exchange server address in MAPI, leads to login errors. Anyway thanks for help.
I was afraid of that. evolution-mapi in upcoming fedora 16 is using latest openchange 0.11, and even I've no idea whether they addressed anything from this pseudo-proxy part, then I suppose it might worth it to give it a try, at least from some virtual machine or something like that, with a LiveCD. Nonetheless, I'm not sure whether there can be done more for evo-mapi point of view. What do you think?
I'll be testing F16 as soon as beta will be published (end of September), so for sure I'll give a try for a new evo-mapi :) I don't think that evo-mapi can help until there will be working somewhere OWA support for Exchange 2007, which can be integrated as a proxy-support. But from the other hand, I heard that OWA will be abandoned for EWS support. For now as workaround I'm trying to play with davmail, which act as a proxy between Exchange 2007 OWA and Evolution. But it isn't speed daemon.
OK, I'm keeping this in need-info for your findings in F-16 beta/OpenChange 0.11, though I still have a feeling that there is nothing much what can be done within evolution-mapi as such.
Artur: Any news about the situation in Fedora 16?
Hi! No way for working MAPI in my case, the only solution is evolution-ews - I'm able to read my emails using it, but still can't send them - some authentication problems, still under investigation. Regards Artur
Hmm, can the server force RPC over HTTP then? There is bug #585638 for it. (I didn't think of this at the beginning. The MAPI log (sanitized, as it can expose passwords and server addresses) would be helpful here.
I don't know about forcing, but M$ Outlook have fallback mode to RCP over HTTP if MAPI fails. How can I produce debug file?
Thanks for the update. You can create a debug file as I suggested in comment #1, by running evolution like this: $ MAPI_DEBUG=10 evolution &>log.txt
Artur, ping, can you please provide log file ?
Sorry for delay. I forgot, that can't do tests, cause MAPI is restricted only to internal network, and on public network the same name (mail server name) is resolved to other server which only support RPC over HTTP/EWS. So from public network outlook will fail with MAPI connection and fallback to RPC over HTTP.
Thanks for the update. I'm marking as a duplicate of the bug which is about RPC-over-HTTP. The current state is that we are waiting for samba4 to implement it, and after also OpenChange integrates then the evolution-mapi will be able to use it. *** This bug has been marked as a duplicate of bug 585638 ***