Please can someone urgently assis.t
I have upgrade to os 7.4 on my 200E.
Created virtual servers for my internal setups.
The Virtual Server for Microsoft Exchange / Email connectivity (HTTPS) works perfectly on mobile (IOS, Android)
But refuses to work on Outlook ?
No errors in logs etc. Any ideas?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @Marcde_J ,
I am facing a very similar issue with Mapi Over HTTP, reported also on several other communities, also with other firewall equipments.In my case I have a Fortigate 100E.
Can you please elaborate a bit further on how did you manage to:
@Marcde_J wrote:We have observed the same behaviour when changing from VIP to Virtual Server - and can see the connection gets reset on POST from outlook trying to get the Autodiscover XML file.
I tried both from Exchange with "netsh trace" and from the Fortigate with the packet capture but all I can see is encrypted traffic. Did you manage to see traffic in clear? Have you solved?
Thank you,
Francesco
Hi,
- What was the previous version in which it was working?
- I am suspecting the issue is seen with the mpai communication.
- Can you test with disabling the http2 version support on the virtual server.
set h2-support disable
Regards,
Shiva
Hi @smaruvala ,
nope, Outlook does use HTTP/1.1. Here below the Fiddler capture while starting Outlook:
Hi,
- Are there any communication towards the server which uses http2?
- Are you using Fiddler Classic? If I am not wrong fiddler classic does not support h2 protocol.
- I would suggest to test with disabling the http2 in the virtual server and verifying it. I have seen couple of issues related exchange servers which was related to http2 version.
Regards,
Shiva
- Not that I am aware of. Best way to gather this info?
- Yes, Fiddler Classic. It is the only tool I know that allows to see traffic encrypted with ECDH algorithms.
- I do not have any option available to do that. Fortigate 100E fw7.0.14
Hi @BK_Bianko ,
- I dont think the command is available in older version as http2 is supported for virtual server from 7.2.4 onwards. Hence your issue may different than that of the original community post which is related to 7.4 version.
- For the mapi communication are you getting any response?
- We may have to take wad debugs and verify the communication in frontend and backend to see if there are any issues. wad debugs will have unencrypted data which gets exchanged.
Regards,
Shiva
Hi @smaruvala ,
- Ok, I believed that I was having the same exact issue, I overlooked the fw version of the OP.
- The credential prompt happens just before any mapi communication. It occurs on the initial phase of the "autodiscover" process. Somehow Exchange does not like, I suppose, the NTLM hash that the client passes to him. By providing the correct credentials then everything works, until I restart Outlook. This does not happen when the client is locally attached to the LAN. Here you can see the capture of the traffic when the issue occurs:
- Regarding wad debug I need guidance on how to do it. I did a basic capture on the Fortigate through the packet capture GUI tool but it is useless for the purpose since it is all TLS encrypted traffic.
Thank you,
Francesco
Hi,
You can refer the below KB to run the WAD Debug.
Please note that wad debug outputs are huge. I would suggest you to run this when there is less traffic through the device. Make sure you enable logging in the Putty or SecureCRT.
Regards,
Shiva
Created on 04-02-2024 02:18 AM Edited on 04-02-2024 02:19 AM
- Is it huge even with filters set for single ip address?
- The traffic shown with wad debug, when does it happen? I mean, is the captured traffic the same as is seen by Exchange or does the captured traffic still need to be processed by Fortigate and then forwarded to Fortigate?
Thank you,
Francesco
Hi,
As per the screenshot which you attached the server is sending 401 message. If you see the POST message we don't see any Security header which will have the NTLM Authorisation data. This could be the reason why the server is sending the 401 message. Hence it does not look like firewall modifying the NTLM hash.
Regards,
Shiva
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.