O365 and Saml Ecp: Outlook Connectivity Test is failing at "Testing the MAPI Address Book endpoint on the Exchange server"

shyrus joseph 1 Reputation point
2022-01-24T14:52:46.103+00:00

Hi,

I am trying to authenticate O365 outlook client with SAML ECP, outlook is being repeatedly prompted for basic authentication after triggering the O365 Saml Ecp auth flow.

Validated using O365 outlook client and also using the Microsoft Remote Connectivity Analyser tool

On Windows client ran the following command to prevent modern authentication connections (force the use of basic authentication connections) to Exchange Online by Outlook 2013 or later clients:

Set-OrganizationConfig -OAuth2ClientProfileEnabled $false

Ensured MAPI,IMAP protocols are enabled for the respective user
167942-image.png

Ensured Basic Authentication is enabled for the tenant.
167848-image.png

Adding the Connectivity analyser failure logs below.

Testing the MAPI Address Book endpoint on the Exchange server.An error occurred while testing the address book endpoint.

Collapse

Test Steps

Testing the address book "Check Name" operation for user<email> against server outlook.office365.com.An error occurred while attempting to resolve the name.

Additional Details

A protocol layer error occured. HttpStatusCode: 401 Failure LID: 47372 Failure Information: ###### REQUEST [2022-01-24T07:17:48.1956428Z] [ResolvedIPs: 52.98.84.98,52.98.71.210,40.100.55.2,40.100.28.178] ###### POST /mapi/nspi/?mailboxId=872463d3-8b6e-4a1d-9126-f3fee332fae9@Shyrus .world HTTP/1.1 Content-Type: application/octet-stream User-Agent: MapiHttpClient X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 client-request-id: d6e3d5af-d7f3-4feb-ae40-5b8b81dc57d4 X-ClientApplication: MapiHttpClient/15.20.4108.1 X-RequestType: Bind Authorization: Basic [truncated] Host: outlook.office365.com Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToHJHKgCd/ZCA== Content-Length: 45 --- REQUEST BODY [+0.019] --- ..[BODY SIZE: 45] --- REQUEST SENT [+0.019] --- ###### RESPONSE [+0:01.011] ###### HTTP/1.1 401 Unauthorized request-id: 75ec043b-d665-14ff-837c-f129cb4142bf Alt-Svc: h3=":443",h3-29=":443" X-CalculatedBETarget: VI1PR0401MB2480.eurprd04.prod.outlook.com X-BackEndHttpStatus: 401 X-ServerApplication: Exchange/15.20.4909.017 X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 X-RequestType: Bind X-RUM-Validated: 1 X-DiagInfo: VI1PR0401MB2480 X-BEServer: VI1PR0401MB2480 X-Proxy-RoutingCorrectness: 1 X-FailureContext: BackEnd;401;VW5hdXRob3JpemVk;VW5hdXRob3JpemVk;;; X-Proxy-BackendServerStatus: 401 X-FirstHopCafeEFZ: XSP X-FEServer: SG2PR02CA0089 Content-Length: 0 Date: Mon, 24 Jan 2022 07:17:48 GMT Set-Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToOIpGgCd/ZCA==; path=/mapi/; secure; HttpOnly Server: Microsoft-IIS/10.0 WWW-Authenticate: Basic [truncated] X-Powered-By: ASP.NET --- RESPONSE BODY [+0:01.012] --- --- RESPONSE DONE [+0:01.012] --- ###### EXCEPTION THROWN [+0:01.012] ###### HTTP Response Headers: request-id: 75ec043b-d665-14ff-837c-f129cb4142bf Alt-Svc: h3=":443",h3-29=":443" X-CalculatedBETarget: VI1PR0401MB2480.eurprd04.prod.outlook.com X-BackEndHttpStatus: 401 X-ServerApplication: Exchange/15.20.4909.017 X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 X-RequestType: Bind X-RUM-Validated: 1 X-DiagInfo: VI1PR0401MB2480 X-BEServer: VI1PR0401MB2480 X-Proxy-RoutingCorrectness: 1 X-FailureContext: BackEnd;401;VW5hdXRob3JpemVk;VW5hdXRob3JpemVk;;; X-Proxy-BackendServerStatus: 401 X-FirstHopCafeEFZ: XSP X-FEServer: SG2PR02CA0089 Content-Length: 0 Date: Mon, 24 Jan 2022 07:17:48 GMT Set-Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToOIpGgCd/ZCA==; path=/mapi/; secure; HttpOnly Server: Microsoft-IIS/10.0 WWW-Authenticate: Basic Realm="" X-Powered-By: ASP.NET HTTP Status Code: 401 Unauthorized

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,628 questions
Exchange Server Development
Exchange Server Development
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Development: The process of researching, productizing, and refining new or existing technologies.
556 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Kael Yao-MSFT 37,661 Reputation points Microsoft Vendor
    2022-01-25T06:04:12.183+00:00

    Hi @shyrus joseph

    Since your question is related to Exchange development, I have added the tag "office-exchange-server-dev" to it.


    According to the result of Microsoft Remote Connectivity Analyzer, it seems basic authentication is still blocked.
    168163-12.png
    You may use Basic Auth self-help diagnostic to check and modify the tenant settings.
    168106-13.png

    3 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.