Outlook access tokens not renewed automatically with Extended MAPI application

Adrian Drollinger 0 Reputation points
2024-05-10T10:06:06.8633333+00:00

I have an Extended MAPI application running as a Windows service and using a previously, manually configured Outlook profile that accesses mailboxes on M365.

This application has been running fine using the same Outlook profile for months or with some customers even years without intervention.

I can confirm it's running fine up to and including Version 2403 (Build 17425.20146).

Now, starting with Office Version 2403 (Build 17425.20176) it runs fine for 24 - 26 hours, then it starts logging errors on the first MAPI function following

MAPILogonEx (MAPI_EXTENDED | MAPI_NT_SERVICE | MAPI_NO_MAIL |MAPI_NEW_SESSION)

which is in my case

OpenAddressBook

and returns MAPI_W_ERRORS_RETURNED (The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action. MAPI was unable to load the information service EMSMDB.DLL. Be sure the service is correctly installed and configured.).

Sometimes, manually opening Outlook with the profile used by my application helps and it then runs again for 24 hours. Sometimes, I have to disconnect from the M365 account, reconnect, or create a new Outlook profile to get it working again.

Looks to me like automatically renewing the access token does not work anymore if you don't manually open Outlook once a day.

Does anyone know if Microsoft built-in some security into Build 17425.20176 that prevents a 3rd party application from using an Outlook profile without manually opening Outlook everyday?

The article

https://learn.microsoft.com/en-us/outlook/troubleshoot/authentication/expose-permissions-issue-with-mapi-oauth-tokens

says that Extended MAPI should be able to reuse Outlooks OAuth tokens, but it doesn't say that since this year it's only possible for 1 day.

How would you handle this? I've tried running Outlook when this error happens as a background application, starting it form my application, using the same Outlook profile with the /profile switch, and close it after 5 minutes and then try the logon / openadressbook again. It doesn't work. Outlook must be run interactively and closed to make my application work again.

When I try to open Outlook from my application it says on the next interactive launch of Outlook that it wasn't able to start last time and asks if I want to run it in Safe mode.

I see Security-SPP events listed to the Windows Application eventlog when Outlook is started, they sometimes appear right after the start, sometimes a couple of minutes after Outlook is started. This may have to do why sometimes opening Outlook helps and sometimes not to get my application going again.

Or is there a better way to do this, can acquiring the tokens be somehow triggered by restarting a service after starting Outlook or something? How would I have to start Outlook from my application so that it renews the tokens?

I know that 3rd party applications cannot request / renew OAuth tokens and that you have to let Outlook do the job, and then you can reuse them with Extended MAPI. But this worked before without having to manually run Outlook once every 24 hours, just since Build 17425.20176 I have this problem.

Or do I have to tell customers to go back to Build 17425.20146 of Outlook and disable Office updates until this is (hopefully) fixed my Microsoft?

Microsoft Exchange Online
Outlook
Outlook
A family of Microsoft email and calendar products.
4,044 questions
Office Development
Office Development
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Development: The process of researching, productizing, and refining new or existing technologies.
3,999 questions
Exchange Server Development
Exchange Server Development
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Development: The process of researching, productizing, and refining new or existing technologies.
549 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.