Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Marcde_J
New Contributor II

Created on ‎07-13-2023 04:19 AM

Virtual Server - Outlook > Exchange

Please can someone urgently assis.t

 

I have upgrade to os 7.4 on my 200E.

 

Created virtual servers for my internal setups.

 

The Virtual Server for Microsoft Exchange / Email connectivity (HTTPS) works perfectly on mobile (IOS, Android)
But refuses to work on Outlook ? 

No errors in logs etc. Any ideas?

Labels:
1581
0 Kudos
24 REPLIES 24
BK_Bianko
New Contributor
In response to Marcde_J

Created on ‎03-27-2024 07:28 AM

Hi @Marcde_J ,

I am facing a very similar issue with Mapi Over HTTP, reported also on several other communities, also with other firewall equipments.In my case I have a Fortigate 100E.

 

Can you please elaborate a bit further on how did you manage to:

@Marcde_J wrote:

 

We have observed the same behaviour when changing from VIP to Virtual Server - and can see the connection gets reset on POST from outlook trying to get the Autodiscover XML file.

 

I tried both from Exchange with "netsh trace" and from the Fortigate with the packet capture but all I can see is encrypted traffic. Did you manage to see traffic in clear? Have you solved?

 

Thank you,

Francesco

 

 
 

 

 

323
0 Kudos
smaruvala
Staff
Staff

Created on ‎03-27-2024 10:12 PM

Hi,

 

- What was the previous version in which it was working?
- I am suspecting the issue is seen with the mpai communication. 

- Can you test with disabling the http2 version support on the virtual server.

set h2-support disable

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Virtual-server-stops-working-after-u...

 

Regards,

Shiva

306
BK_Bianko
New Contributor
In response to smaruvala

Created on ‎03-28-2024 01:40 AM

Hi @smaruvala ,

 

nope, Outlook does use HTTP/1.1. Here below the Fiddler capture while starting Outlook:

fiddler.jpg
290
0 Kudos
smaruvala
Staff
Staff
In response to BK_Bianko

Created on ‎04-01-2024 11:20 PM

Hi, 

 

- Are there any communication towards the server which uses http2?

- Are you using Fiddler Classic? If I am not wrong fiddler classic does not support h2 protocol. 

- I would suggest to test with disabling the http2 in the virtual server and verifying it. I have seen couple of issues related exchange servers which was related to http2 version. 

 

Regards,

Shiva

255
BK_Bianko
New Contributor
In response to smaruvala

Created on ‎04-02-2024 12:53 AM

- Not that I am aware of. Best way to gather this info?

- Yes, Fiddler Classic. It is the only tool I know that allows to see traffic encrypted with ECDH algorithms.

- I do not have any option available to do that. Fortigate 100E fw7.0.14

20240402.jpg

227
0 Kudos
smaruvala
Staff
Staff
In response to BK_Bianko

Created on ‎04-02-2024 01:01 AM

Hi @BK_Bianko ,

 

- I dont think the command is available in older version as http2 is supported for virtual server from 7.2.4 onwards. Hence your issue may different than that of the original community post which is related to 7.4 version.

- For the mapi communication are you getting any response?

- We may have to take wad debugs and verify the communication in frontend and backend to see if there are any issues. wad debugs will have unencrypted data which gets exchanged. 

 

Regards,

Shiva

223
BK_Bianko
New Contributor
In response to smaruvala

Created on ‎04-02-2024 01:34 AM

Hi @smaruvala ,

 

- Ok, I believed that I was having the same exact issue, I overlooked the fw version of the OP.

- The credential prompt happens just before any mapi communication. It occurs on the initial phase of the "autodiscover" process. Somehow Exchange does not like, I suppose, the NTLM hash that the client passes to him. By providing the correct credentials then everything works, until I restart Outlook. This does not happen when the client is locally attached to the LAN. Here you can see the capture of the traffic when the issue occurs:

20240402.png

 

- Regarding wad debug I need guidance on how to do it. I did a basic capture on the Fortigate through the packet capture GUI tool but it is useless for the purpose since it is all TLS encrypted traffic.

 

Thank you,

Francesco

217
0 Kudos
smaruvala
Staff
Staff
In response to BK_Bianko

Created on ‎04-02-2024 01:45 AM

Hi,

 

You can refer the below KB to run the WAD Debug.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Example-of-wad-debugging-for-Explici...

Please note that wad debug outputs are huge. I would suggest you to run this when there is less traffic through the device. Make sure you enable logging in the Putty or SecureCRT.

 

Regards,

Shiva

214
0 Kudos
BK_Bianko
New Contributor
In response to smaruvala

Created on ‎04-02-2024 02:18 AM Edited on ‎04-02-2024 02:19 AM

- Is it huge even with filters set for single ip address?

- The traffic shown with wad debug, when does it happen? I mean, is the captured traffic the same as is seen by Exchange or does the captured traffic still need to be processed by Fortigate and then forwarded to Fortigate?

 

Thank you,

Francesco

205
0 Kudos
smaruvala
Staff
Staff
In response to BK_Bianko

Created on ‎04-02-2024 03:29 AM

Hi,

 

As per the screenshot which you attached the server is sending 401 message. If you see the POST message we don't see any Security header which will have the NTLM Authorisation data. This could be the reason why the server is sending the 401 message. Hence it does not look like firewall modifying the NTLM hash.

 

Regards,

Shiva

200
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.