none
Not able to connect to EWS/Exchange.asmx when NTLM authentication is enabled in Proxy Server

    Pertanyaan

  • One of our customer has BlueCoat Proxy Server with NTLM authentication enabled.
    BlueCoat Proxy Server details: ProxySG S400-20 and SGOS 6.5.10.7

    Our application can successfully connect to login.microsoftonline.com and outlook.office365.com. But it fails to connect to  EWS/Exchange.asmx when NTLM authentication is enabled in Proxy Server.

    Our application can connect to  EWS/Exchange.asmx when authentication is disabled in Proxy Server.
    Below is the request-id for which it fails
    "request-id: c52908a1-d316-43bc-8e57-273a86d6cc99[\r][\n]"

    We are getting 401 Unauthorized, Please help

    2018/10/15 15:07:13:935 BST [DEBUG] MainClientExec - Executing request POST /EWS/Exchange.asmx HTTP/1.1
    2018/10/15 15:07:13:935 BST [DEBUG] MainClientExec - Target auth state: UNCHALLENGED
    2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "POST /EWS/Exchange.asmx HTTP/1.1[\r][\n]"
    2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "User-Agent: JWebServices for Exchange 2.0, www.independentsoft.com[\r][\n]"
    2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "Content-Length: 874[\r][\n]"
    2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "Content-Type: text/xml; charset=utf-8[\r][\n]"
    2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "Host: outlook.office365.com[\r][\n]"
    2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "Connection: Keep-Alive[\r][\n]"
    2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "Accept-Encoding: gzip,deflate[\r][\n]"
    2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "[\r][\n]"
    2018/10/15 15:07:13:936 BST [DEBUG] wire - http-outgoing-1 >> "<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"  xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"><soap:Header><t:RequestServerVersion Version="Exchange2013"/><t:ExchangeImpersonation><t:ConnectingSID><t:PrimarySmtpAddress>26589@m01rbsworkspace.onmicrosoft.com</t:PrimarySmtpAddress></t:ConnectingSID></t:ExchangeImpersonation><t:DateTimePrecision>Milliseconds</t:DateTimePrecision></soap:Header><soap:Body><FindFolder Traversal="Shallow" xmlns="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"><FolderShape><t:BaseShape>AllProperties</t:BaseShape></FolderShape><ParentFolderIds><t:DistinguishedFolderId Id="conversationhistory"></t:DistinguishedFolderId></ParentFolderIds></FindFolder></soap:Body></soap:Envelope>"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "HTTP/1.1 401 Unauthorized[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Server: Microsoft-IIS/10.0[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "request-id: c52908a1-d316-43bc-8e57-273a86d6cc99[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "X-Powered-By: ASP.NET[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "X-FEServer: CWLP265CA0005[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "WWW-Authenticate: Basic Realm=""[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Date: Mon, 15 Oct 2018 14:07:13 GMT[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Content-Length: 0[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Cache-Control: proxy-revalidate[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Connection: Keep-Alive[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Set-Cookie: BCSI-CS-75dc950a0acd8d19=1; Path=/[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Proxy-support: Session-based-authentication[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "Age: 0[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] wire - http-outgoing-1 << "[\r][\n]"
    2018/10/15 15:07:14:013 BST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
    2018/10/15 15:07:14:013 BST [DEBUG] HttpAuthenticator - Authentication required
    2018/10/15 15:07:14:013 BST [DEBUG] HttpAuthenticator - outlook.office365.com:443 requested authentication
    2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Digest, NTLM, negotiate, Kerberos, Basic]
    2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
    2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
    2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Challenge for negotiate authentication scheme not available
    2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
    2018/10/15 15:07:14:013 BST [DEBUG] HttpAuthenticator - Selected authentication options: [BASIC]
    2018/10/15 15:07:14:013 BST [DEBUG] MainClientExec - Executing request POST /EWS/Exchange.asmx HTTP/1.1
    2018/10/15 15:07:14:013 BST [DEBUG] MainClientExec - Target auth state: CHALLENGED
    2018/10/15 15:07:14:013 BST [DEBUG] HttpAuthenticator - Generating response to an authentication challenge using basic scheme
    2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "POST /EWS/Exchange.asmx HTTP/1.1[\r][\n]"
    2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "User-Agent: JWebServices for Exchange 2.0, www.independentsoft.com[\r][\n]"
    2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Content-Length: 874[\r][\n]"
    2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Content-Type: text/xml; charset=utf-8[\r][\n]"
    2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Host: outlook.office365.com[\r][\n]"
    2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Connection: Keep-Alive[\r][\n]"
    2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Accept-Encoding: gzip,deflate[\r][\n]"
    2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "Authorization: Basic Z2xlbm4uY2hhcmxlc0BtMDFyYnN3b3Jrc3BhY2Uub25taWNyb3NvZnQuY29tOk1haW50YWluMTI0[\r][\n]"
    2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "[\r][\n]"
    2018/10/15 15:07:14:014 BST [DEBUG] wire - http-outgoing-1 >> "<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"  xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"><soap:Header><t:RequestServerVersion Version="Exchange2013"/><t:ExchangeImpersonation><t:ConnectingSID><t:PrimarySmtpAddress>26589@m01rbsworkspace.onmicrosoft.com</t:PrimarySmtpAddress></t:ConnectingSID></t:ExchangeImpersonation><t:DateTimePrecision>Milliseconds</t:DateTimePrecision></soap:Header><soap:Body><FindFolder Traversal="Shallow" xmlns="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"><FolderShape><t:BaseShape>AllProperties</t:BaseShape></FolderShape><ParentFolderIds><t:DistinguishedFolderId Id="conversationhistory"></t:DistinguishedFolderId></ParentFolderIds></FindFolder></soap:Body></soap:Envelope>"
    2018/10/15 15:07:14:047 BST [DEBUG] MainClientExec - Connection can be kept alive indefinitely
    2018/10/15 15:07:14:047 BST [DEBUG] HttpAuthenticator - Authentication required
    2018/10/15 15:07:14:047 BST [DEBUG] HttpAuthenticator - outlook.office365.com:443 requested authentication
    2018/10/15 15:07:14:047 BST [DEBUG] HttpAuthenticator - Authorization challenge processed
    2018/10/15 15:07:14:048 BST [DEBUG] HttpAuthenticator - Authentication failed
    2018/10/15 15:07:14:051 BST [DEBUG] ResponseProcessCookies - Cookie accepted [BCSI-CS-75dc950a0acd8d19="1", version:0, domain:outlook.office365.com, path:/, expiry:null]
    2018/10/15 15:07:14:056 BST [DEBUG] RequestAddCookies - CookieSpec selected: best-match
    2018/10/15 15:07:14:056 BST [DEBUG] RequestAuthCache - Auth cache not set in the context
    
    24 Oktober 2018 11:48

Semua Balasan

  • I recommend that you take this up with Blue Coat.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    24 Oktober 2018 19:04
  • Hi nnayanaurs,

    Here are default settings on Exchange server for "EWS", we can see NTLM is enabled and supported:

    We don't know how it work with BlueCoat, I also would suggest you confirm with BlueCoat.

    By the way, this error message below may be useful, you can have a check about the the order of preference in your Exchange server and BlueCoat:

    2018/10/15 15:07:14:013 BST [DEBUG] TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Digest, NTLM, negotiate, Kerberos, Basic]

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    25 Oktober 2018 8:47
  • Hi nnayanaurs,

    Whether the above suggestion helps?

    If the above suggestion helps, please be free to mark it as answer for helping more people.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    29 Oktober 2018 2:49