Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Not able to connect to EWS/Exchange.asmx when NTLM authentication is enabled in Proxy Server RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    One of our customer has BlueCoat Proxy Server with NTLM authentication enabled.
    BlueCoat Proxy Server details: ProxySG S400-20 and SGOS 6.5.10.7

    Our application can successfully connect to login.microsoftonline.com and outlook.office365.com. But it fails to connect to  EWS/Exchange.asmx when NTLM authentication is enabled in Proxy Server.

    Our application can connect to  EWS/Exchange.asmx when authentication is disabled in Proxy Server.
    Below is the request-id for which it fails
    "request-id: c52908a1-d316-43bc-8e57-273a86d6cc99[\r][\n]"

    We are getting 401 Unauthorized, Please help

    2018/10/15 15:07:13:935 BST [DEBUG] MainClientExec - Executing request POST /EWS/Exchange.asmx HTTP/1.1
2018/10/15 15:07:13:935 BST [DEBUG] MainClientExec - Target auth state: UNCHALLENGED
2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "POST /EWS/Exchange.asmx HTTP/1.1[\r][\n]"
2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "User-Agent: JWebServices for Exchange 2.0, www.independentsoft.com[\r][\n]"
2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "Content-Length: 874[\r][\n]"
2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "Content-Type: text/xml; charset=utf-8[\r][\n]"
2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "Host: outlook.office365.com[\r][\n]"
2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "Connection: Keep-Alive[\r][\n]"
2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "Accept-Encoding: gzip,deflate[\r][\n]"
2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "[\r][\n]"
2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"  xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"><soap:Header><t:RequestServerVersion Version="Exchange2013"/><t:ExchangeImpersonation><t:ConnectingSID><t:PrimarySmtpAddress>26589@m01rbsworkspace.onmicrosoft.com</t:PrimarySmtpAddress></t:ConnectingSID></t:ExchangeImpersonation><t:DateTimePrecision>Milliseconds</t:DateTimePrecision></soap:Header><soap:Body><FindFolder Traversal="Shallow" xmlns="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"><FolderShape><t:BaseShape>AllProperties</t:BaseShape></FolderShape><ParentFolderIds><t:DistinguishedFolderId Id="conversationhistory"></t:DistinguishedFolderId></ParentFolderIds></FindFolder></soap:Body></soap:Envelope>"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "HTTP/1.1 401 Unauthorized[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Server: Microsoft-IIS/10.0[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "request-id: c52908a1-d316-43bc-8e57-273a86d6cc99[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "X-Powered-By: ASP.NET[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "X-FEServer: CWLP265CA0005[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "WWW-Authenticate: Basic Realm=""[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Date: Mon, 15 Oct 2018 14:07:13 GMT[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Content-Length: 0[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Cache-Control: proxy-revalidate[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Connection: Keep-Alive[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Set-Cookie: BCSI-CS-75dc950a0acd8d19=1; Path=/[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Proxy-support: Session-based-authentication[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Age: 0[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "[\r][\n]"
2018/10/15 15:07:14:013 BST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2018/10/15 15:07:14:013 BST [DEBUG] HttpAuthenticator - Authentication required
2018/10/15 15:07:14:013 BST [DEBUG] HttpAuthenticator - outlook.office365.com:443 requested authentication
2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Digest, NTLM, negotiate, Kerberos, Basic]
2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Challenge for negotiate authentication scheme not available
2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
2018/10/15 15:07:14:013 BST [DEBUG] HttpAuthenticator - Selected authentication options: [BASIC]
2018/10/15 15:07:14:013 BST [DEBUG] MainClientExec - Executing request POST /EWS/Exchange.asmx HTTP/1.1
2018/10/15 15:07:14:013 BST [DEBUG] MainClientExec - Target auth state: CHALLENGED
2018/10/15 15:07:14:013 BST [DEBUG] HttpAuthenticator - Generating response to an authentication challenge using basic scheme
2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "POST /EWS/Exchange.asmx HTTP/1.1[\r][\n]"
2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "User-Agent: JWebServices for Exchange 2.0, www.independentsoft.com[\r][\n]"
2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Content-Length: 874[\r][\n]"
2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Content-Type: text/xml; charset=utf-8[\r][\n]"
2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Host: outlook.office365.com[\r][\n]"
2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Connection: Keep-Alive[\r][\n]"
2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Accept-Encoding: gzip,deflate[\r][\n]"
2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Authorization: Basic Z2xlbm4uY2hhcmxlc0BtMDFyYnN3b3Jrc3BhY2Uub25taWNyb3NvZnQuY29tOk1haW50YWluMTI0[\r][\n]"
2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "[\r][\n]"
2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"  xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"><soap:Header><t:RequestServerVersion Version="Exchange2013"/><t:ExchangeImpersonation><t:ConnectingSID><t:PrimarySmtpAddress>26589@m01rbsworkspace.onmicrosoft.com</t:PrimarySmtpAddress></t:ConnectingSID></t:ExchangeImpersonation><t:DateTimePrecision>Milliseconds</t:DateTimePrecision></soap:Header><soap:Body><FindFolder Traversal="Shallow" xmlns="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"><FolderShape><t:BaseShape>AllProperties</t:BaseShape></FolderShape><ParentFolderIds><t:DistinguishedFolderId Id="conversationhistory"></t:DistinguishedFolderId></ParentFolderIds></FindFolder></soap:Body></soap:Envelope>"
2018/10/15 15:07:14:047 BST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
2018/10/15 15:07:14:047 BST [DEBUG] HttpAuthenticator - Authentication required
2018/10/15 15:07:14:047 BST [DEBUG] HttpAuthenticator - outlook.office365.com:443 requested authentication
2018/10/15 15:07:14:047 BST [DEBUG] HttpAuthenticator - Authorization challenge processed
2018/10/15 15:07:14:048 BST [DEBUG] HttpAuthenticator - Authentication failed
2018/10/15 15:07:14:051 BST [DEBUG] ResponseProcessCookies - Cookie accepted [BCSI-CS-75dc950a0acd8d19="1", version:0, domain:outlook.office365.com, path:/, expiry:null]
2018/10/15 15:07:14:056 BST [DEBUG] RequestAddCookies - CookieSpec selected: best-match
2018/10/15 15:07:14:056 BST [DEBUG] RequestAuthCache - Auth cache not set in the context
    • Moved by Manu Meng Tuesday, November 6, 2018 1:48 AM Because it is
    Wednesday, October 24, 2018 11:48 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    I recommend that you take this up with Blue Coat.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, October 24, 2018 7:04 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi nnayanaurs,

    Here are default settings on Exchange server for "EWS", we can see NTLM is enabled and supported:

    We don't know how it work with BlueCoat, I also would suggest you confirm with BlueCoat.

    By the way, this error message below may be useful, you can have a check about the the order of preference in your Exchange server and BlueCoat:

    2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Digest, NTLM, negotiate, Kerberos, Basic]

    Regards,

    Kyle Xu

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, October 25, 2018 8:47 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi nnayanaurs,

    Whether the above suggestion helps?

    If the above suggestion helps, please be free to mark it as answer for helping more people.

    Regards,

    Kyle Xu

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, October 29, 2018 2:49 AM