O365 and Saml Ecp: Outlook Connectivity Test is failing at "Testing the MAPI Address Book"

Copper Contributor

Hi,

I am trying to authenticate O365 outlook client with SAML ECP, outlook is being repeatedly prompted for basic authentication after triggering the O365 Saml Ecp auth flow.

 

Validated using O365 outlook client and also using the Microsoft Remote Connectivity Analyser tool

 

On Windows client ran the following command to prevent modern authentication connections (force the use of basic authentication connections) to Exchange Online by Outlook 2013 or later clients:


Set-OrganizationConfig -OAuth2ClientProfileEnabled $false

 

Ensured MAPI,IMAP protocols are enabled for the respective user.

 

Shyrus_0-1643035609088.png

 

 

Ensured Basic Authentication is enabled for the tenant.

Shyrus_1-1643035643209.png

 

Adding the Connectivity analyser failure logs below.

Testing the MAPI Address Book endpoint on the Exchange server.An error occurred while testing the address book endpoint.

Collapse

Test Steps

Testing the address book "Check Name" operation for user<email> against server outlook.office365.com.An error occurred while attempting to resolve the name.

Additional Details

A protocol layer error occured. HttpStatusCode: 401 Failure LID: 47372 Failure Information: ###### REQUEST [2022-01-24T07:17:48.1956428Z] [ResolvedIPs: 52.98.84.98,52.98.71.210,40.100.55.2,40.100.28.178] ###### POST /mapi/nspi/?mailboxId=872463d3-8b6e-4a1d-9126-f3fee332fae9@shyrus.world HTTP/1.1 Content-Type: application/octet-stream User-Agent: MapiHttpClient X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 client-request-id: d6e3d5af-d7f3-4feb-ae40-5b8b81dc57d4 X-ClientApplication: MapiHttpClient/15.20.4108.1 X-RequestType: Bind Authorization: Basic [truncated] Host: outlook.office365.com Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToHJHKgCd/ZCA== Content-Length: 45 --- REQUEST BODY [+0.019] --- ..[BODY SIZE: 45] --- REQUEST SENT [+0.019] --- ###### RESPONSE [+0:01.011] ###### HTTP/1.1 401 Unauthorized request-id: 75ec043b-d665-14ff-837c-f129cb4142bf Alt-Svc: h3=":443",h3-29=":443" X-CalculatedBETarget: VI1PR0401MB2480.eurprd04.prod.outlook.com X-BackEndHttpStatus: 401 X-ServerApplication: Exchange/15.20.4909.017 X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 X-RequestType: Bind X-RUM-Validated: 1 X-DiagInfo: VI1PR0401MB2480 X-BEServer: VI1PR0401MB2480 X-Proxy-RoutingCorrectness: 1 X-FailureContext: BackEnd;401;VW5hdXRob3JpemVk;VW5hdXRob3JpemVk;;; X-Proxy-BackendServerStatus: 401 X-FirstHopCafeEFZ: XSP X-FEServer: SG2PR02CA0089 Content-Length: 0 Date: Mon, 24 Jan 2022 07:17:48 GMT Set-Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToOIpGgCd/ZCA==; path=/mapi/; secure; HttpOnly Server: Microsoft-IIS/10.0 WWW-Authenticate: Basic [truncated] X-Powered-By: ASP.NET --- RESPONSE BODY [+0:01.012] --- --- RESPONSE DONE [+0:01.012] --- ###### EXCEPTION THROWN [+0:01.012] ###### HTTP Response Headers: request-id: 75ec043b-d665-14ff-837c-f129cb4142bf Alt-Svc: h3=":443",h3-29=":443" X-CalculatedBETarget: VI1PR0401MB2480.eurprd04.prod.outlook.com X-BackEndHttpStatus: 401 X-ServerApplication: Exchange/15.20.4909.017 X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 X-RequestType: Bind X-RUM-Validated: 1 X-DiagInfo: VI1PR0401MB2480 X-BEServer: VI1PR0401MB2480 X-Proxy-RoutingCorrectness: 1 X-FailureContext: BackEnd;401;VW5hdXRob3JpemVk;VW5hdXRob3JpemVk;;; X-Proxy-BackendServerStatus: 401 X-FirstHopCafeEFZ: XSP X-FEServer: SG2PR02CA0089 Content-Length: 0 Date: Mon, 24 Jan 2022 07:17:48 GMT Set-Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToOIpGgCd/ZCA==; path=/mapi/; secure; HttpOnly Server: Microsoft-IIS/10.0 WWW-Authenticate: Basic Realm="" X-Powered-By: ASP.NET HTTP Status Code: 401 Unauthorized

 

 

0 Replies