This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 71%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
Hello, sir's.
After setting up kerberos acc, changing virtual directories authorization from pure ntlm to negotiate, we got some strange work with haproxy.
Periodically, outlook lost connect thought mapi to server. Outlook restart not help, its just show error, that not possible to open folder list. Whats i see in this moment atn fiddler:
First mapi connect with
X-RequestType Connect Authorization Negotiate got 200, and exchange server response gives cookie: Set-Cookie X-BackEndCookie.
Second request with X-RequestType: Execute and with returned X-BackEndCookie gives 200, but in response this interesting message:
"HTTP/1.1 200 ErrorMsg:Unable to find session context based on cookie. [ResponseCode=ContextNotFound];ErrorCode:;ErrorHints:ContextNotFoundException"
Third request: Same, but
X-RequestType Disconnect
and again this error
HTTP/1.1 200 ErrorMsg:Unable to find session context based on cookie. [ResponseCode=ContextNotFound];ErrorCode:;ErrorHints:ContextNotFoundException
So this is continues like 3-10 times for each mailbox, including mapped mb's, that its start work normally for some time.
After some activity in outlook, like opening folder etc this cycle repeats.
If clients targets directly to exch server - no problem at all. Before we changed iis from ntlm to negotiate - no problem at all.
Can anyone make advice, where should we search?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Hi @Roman Havryliuk ,
According to your describe ,it shows that there is no problem in connecting directly to the exchange, therefore this issues may be related to haproxy . Since we don't know much about this product, it is suggested that you could post a question in this community(HAProxy community). Thanks for your understanding!
Notes:
Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 45%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHJ%3C/text%3E%3C/svg%3E)
Hi @Roman Havryliuk ,
did you solved the problem? I´ve the same problem with EX2016 and Haproxy 2.6
dublicate
@Hartmann Jan sadly, but nope. Without negotiate - its worked properly. You check for headers and http version (only 1. http works) and its case intensive checks headers name and values.
@Hartmann Jan sadly, but nope. Only if i disable negotiate (that not apply in my env) - it works correctly. Several windows services with negotiate auth works perfect, but not outllok through haproxy. Now, its repeats continuously (ask for creds and show that exch online)
And you should check http version on haproxy (https 1 needs) and headers names for case intensive, if haproxy didnt change headers name - maybe on that version haproxy it can start to work..