This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 38%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESJ%3C/text%3E%3C/svg%3E)
Hi,
I am trying to authenticate O365 outlook client with SAML ECP, outlook is being repeatedly prompted for basic authentication after triggering the O365 Saml Ecp auth flow.
Validated using O365 outlook client and also using the Microsoft Remote Connectivity Analyser tool
On Windows client ran the following command to prevent modern authentication connections (force the use of basic authentication connections) to Exchange Online by Outlook 2013 or later clients:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $false
Ensured MAPI,IMAP protocols are enabled for the respective user
Ensured Basic Authentication is enabled for the tenant.
Adding the Connectivity analyser failure logs below.
Testing the MAPI Address Book endpoint on the Exchange server.An error occurred while testing the address book endpoint.
Collapse
Test Steps
Testing the address book "Check Name" operation for user<email> against server outlook.office365.com.An error occurred while attempting to resolve the name.
Additional Details
A protocol layer error occured. HttpStatusCode: 401 Failure LID: 47372 Failure Information: ###### REQUEST [2022-01-24T07:17:48.1956428Z] [ResolvedIPs: 52.98.84.98,52.98.71.210,40.100.55.2,40.100.28.178] ###### POST /mapi/nspi/?mailboxId=872463d3-8b6e-4a1d-9126-f3fee332fae9@Shyrus .world HTTP/1.1 Content-Type: application/octet-stream User-Agent: MapiHttpClient X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 client-request-id: d6e3d5af-d7f3-4feb-ae40-5b8b81dc57d4 X-ClientApplication: MapiHttpClient/15.20.4108.1 X-RequestType: Bind Authorization: Basic [truncated] Host: outlook.office365.com Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToHJHKgCd/ZCA== Content-Length: 45 --- REQUEST BODY [+0.019] --- ..[BODY SIZE: 45] --- REQUEST SENT [+0.019] --- ###### RESPONSE [+0:01.011] ###### HTTP/1.1 401 Unauthorized request-id: 75ec043b-d665-14ff-837c-f129cb4142bf Alt-Svc: h3=":443",h3-29=":443" X-CalculatedBETarget: VI1PR0401MB2480.eurprd04.prod.outlook.com X-BackEndHttpStatus: 401 X-ServerApplication: Exchange/15.20.4909.017 X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 X-RequestType: Bind X-RUM-Validated: 1 X-DiagInfo: VI1PR0401MB2480 X-BEServer: VI1PR0401MB2480 X-Proxy-RoutingCorrectness: 1 X-FailureContext: BackEnd;401;VW5hdXRob3JpemVk;VW5hdXRob3JpemVk;;; X-Proxy-BackendServerStatus: 401 X-FirstHopCafeEFZ: XSP X-FEServer: SG2PR02CA0089 Content-Length: 0 Date: Mon, 24 Jan 2022 07:17:48 GMT Set-Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToOIpGgCd/ZCA==; path=/mapi/; secure; HttpOnly Server: Microsoft-IIS/10.0 WWW-Authenticate: Basic [truncated] X-Powered-By: ASP.NET --- RESPONSE BODY [+0:01.012] --- --- RESPONSE DONE [+0:01.012] --- ###### EXCEPTION THROWN [+0:01.012] ###### HTTP Response Headers: request-id: 75ec043b-d665-14ff-837c-f129cb4142bf Alt-Svc: h3=":443",h3-29=":443" X-CalculatedBETarget: VI1PR0401MB2480.eurprd04.prod.outlook.com X-BackEndHttpStatus: 401 X-ServerApplication: Exchange/15.20.4909.017 X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 X-RequestType: Bind X-RUM-Validated: 1 X-DiagInfo: VI1PR0401MB2480 X-BEServer: VI1PR0401MB2480 X-Proxy-RoutingCorrectness: 1 X-FailureContext: BackEnd;401;VW5hdXRob3JpemVk;VW5hdXRob3JpemVk;;; X-Proxy-BackendServerStatus: 401 X-FirstHopCafeEFZ: XSP X-FEServer: SG2PR02CA0089 Content-Length: 0 Date: Mon, 24 Jan 2022 07:17:48 GMT Set-Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToOIpGgCd/ZCA==; path=/mapi/; secure; HttpOnly Server: Microsoft-IIS/10.0 WWW-Authenticate: Basic Realm="" X-Powered-By: ASP.NET HTTP Status Code: 401 Unauthorized
@shyrus joseph Thanks for posting in our Q&A. For this issue, it is not related to windows 365. It is more related to office-exchange. To get accurate help, I will add office-exchange tag. Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Since your question is related to Exchange development, I have added the tag "office-exchange-server-dev" to it.
According to the result of Microsoft Remote Connectivity Analyzer, it seems basic authentication is still blocked.
You may use Basic Auth self-help diagnostic to check and modify the tenant settings.
Thanks @Kael Yao-MSFT , the suggested solution worked.
Thanks a lot.
Hi,
Glad to hear it works for you!
Please feel free to accept this reply as the answer to the question to help other community members.
To accept an answer in Q&A
If you have any questions or needed further help on this issue, please feel free to post back.