6.0.0-git
2021-01-18

[#11624] ActiveSync Autodiscovery for Apple iOS devices (easy to fix)
Summary ActiveSync Autodiscovery for Apple iOS devices (easy to fix)
Queue Horde Framework Packages
Queue Version Git master
Type Bug
State Resolved
Priority 1. Low
Owners mrubinsk (at) horde (dot) org
Requester torben (at) dannhauer (dot) info
Created 2012-11-02 (2999 days ago)
Due
Updated 2012-11-05 (2996 days ago)
Assigned 2012-11-05 (2996 days ago)
Resolved 2012-11-05 (2996 days ago)
Milestone
Patch Yes

History
2012-11-05 21:22:58 arjen+horde (at) de-korte (dot) org Comment #15 Reply to this comment

[Show Quoted Text - 20 lines]
What I initially tried was just 'user@domain.tld'. That doesn't work 
(although ExRCA accepts that as input).
2012-11-05 21:18:03 torben (at) dannhauer (dot) info Comment #14 Reply to this comment

[Show Quoted Text - 25 lines]
Hmm, for me ExRCA works.
I have the full email adresse as username, so I have to input 
domain.tld/user@domain.tld and it passes the test!


2012-11-05 21:17:26 Michael Rubinsky Comment #13 Reply to this comment

[Show Quoted Text - 25 lines]
Sorry, the rest of that comment got deleted somehow before I sent it. 
I know ExRCA doesn't. I was simply letting you know you don't need to 
input that data on clients that do not require it - and that you can 
input ANYTHING as that value in clients that require SOMETHING there.
2012-11-05 21:12:35 arjen+horde (at) de-korte (dot) org Comment #12 Reply to this comment

[Show Quoted Text - 20 lines]
Sure, but ExRCA doesn't. It will not accept the '\username' that is 
acceptable for Horde here. This is what I initially tried, but that is 
not accepted as input. You must fill in either 'domain\user' or 
'user@domain' where the latter doesn't work, but the first does.
2012-11-05 21:06:58 Michael Rubinsky Comment #11
State ⇒ Resolved
Reply to this comment

[Show Quoted Text - 17 lines]
Just an FYI, you don't need anything special as the Domain. Horde 
ignores this data
With the above settings I get a green checkmark for the connectivity test.

I use a SRV record (_autodiscover._tcp.example.com) by the way. This 
is an elegant way to direct the /Autodiscover/Autodiscover.xml to 
the ActiveSync server if the SSL certificate is for something else 
than 'example.com' or 'autodiscover.example.com'. It would be even 
better, if Android would only support this... :-(
2012-11-05 21:02:49 arjen+horde (at) de-korte (dot) org Comment #10 Reply to this comment
Never mind, even hard-coding the address will make this test fail with

     An HTTP 401 Unauthorized response was received from the remote
Unknown server.
Where are you seeing this error? That is not something Horde should 
be outputting anywhere.
It was ExRCA reporting this. But never mind, this was due to user 
error. I assumed that I could just repeat the e-mail addres in the 
'Domain\User Name (or UPN)' field (according to the popup windows), 
but this is not the case. What worked here was

    E-mail address: username@example.com
    Domain\User Name (or UPN): example.com/username (not: username@example.com)

With the above settings I get a green checkmark for the connectivity test.

I use a SRV record (_autodiscover._tcp.example.com) by the way. This 
is an elegant way to direct the /Autodiscover/Autodiscover.xml to the 
ActiveSync server if the SSL certificate is for something else than 
'example.com' or 'autodiscover.example.com'. It would be even better, 
if Android would only support this... :-(
2012-11-05 20:39:59 Michael Rubinsky Comment #9
State ⇒ Feedback
Reply to this comment
Never mind, even hard-coding the address will make this test fail with

     An HTTP 401 Unauthorized response was received from the remote 
Unknown server.
Where are you seeing this error? That is not something Horde should be 
outputting anywhere.
2012-11-05 20:38:40 Michael Rubinsky Comment #8 Reply to this comment
Microsoft makes the exact same error in their implementation of the 
Microsoft Remote Connectivity Analyzer 
(https://www.testexchangeconnectivity.com/). This too uses 
'/Autodiscover/Autodiscover.xml' in the Exchange ActiveSync 
Autodiscover tests, so we can't really blame Apple here. In fact, by 
not accepting this, Horde would fail the above test immediately.
FWIW, my server passes this test, including autodiscovery even without 
the case insensitive matching patches. Though this is due to the fact 
that I have configured my redirect rules as indicated in the wiki 
which clearly says to redirect to the lowercase version in order to 
deal with broken clients.


2012-11-05 20:13:02 arjen+horde (at) de-korte (dot) org Comment #7 Reply to this comment
Which makes the above test pass, if only the '@domain' would be 
stripped from the e-mail adress (but this could be due to the fact 
that I'm not fully up-to-date with Git).
Never mind, even hard-coding the address will make this test fail with

     An HTTP 401 Unauthorized response was received from the remote 
Unknown server.

I can login to the ActiveSync server with the same credentials, so not 
stripping the '@domain' part is definitly not the problem (when run in 
a PHP-shell, the stripping works as expected).
2012-11-05 19:45:46 torben (at) dannhauer (dot) info Comment #6 Reply to this comment

[Show Quoted Text - 21 lines]
Hmm, in this documentation it is domumentet in lower case: 
http://officeimg.vo.msecnd.net/en-us/files/212/753/AF010210506.doc
2012-11-05 19:39:04 arjen+horde (at) de-korte (dot) org Comment #5 Reply to this comment
The ActiveSync AutoDiscovery does no work for iOS (iOS 6.0.1) because
the REQUEST_URI is checked case sensitive for
"autodiscover/autodiscover.xml" while iOS uses the URI
"Autodiscover/Autodiscover.xml"
Well, iOS is plain wrong then. Then documentation *clearly* states 
that the URL is all lowercase.  Then again, it's not a big surprise 
the Apple has screwed up a communication protocol.
In that case, Microsoft makes the exact same error in their 
implementation of the Microsoft Remote Connectivity Analyzer 
(https://www.testexchangeconnectivity.com/). This too uses 
'/Autodiscover/Autodiscover.xml' in the Exchange ActiveSync 
Autodiscover tests, so we can't really blame Apple here. In fact, by 
not accepting this, Horde would fail the above test immediately.
Nevertheless, I've added the case insensitive matching.
Which makes the above test pass, if only the '@domain' would be 
stripped from the e-mail adress (but this could be due to the fact 
that I'm not fully up-to-date with Git).
2012-11-05 14:51:15 torben (at) dannhauer (dot) info Comment #4 Reply to this comment

[Show Quoted Text - 11 lines]
I agree, apple is very careless regarding some protocols. Besides this 
bug you fixed, it has also some other major flaws regarding the 
exchange autodiscover protocol: It DOES obey a redirect DNS entry, but 
it does not restart the autodiscover with the new URL in a clean way: 
It still compares the old URL with the new URL SSL cert which leads to 
an invalid SSL cert warning. Lots of sysadmins have trouble 
integrating iOS devices....
I assume this bug happens because MS is not as case sensitive as other 
OS are and they have tested it with a MS exchange server.

Thanks for fixing this issue anyway!
2012-11-05 14:43:18 Michael Rubinsky Comment #3
State ⇒ Resolved
Reply to this comment
The ActiveSync AutoDiscovery does no work for iOS (iOS 6.0.1) 
because the REQUEST_URI is checked case sensitive for 
"autodiscover/autodiscover.xml" while iOS uses the URI 
"Autodiscover/Autodiscover.xml"
Well, iOS is plain wrong then. Then documentation *clearly* states 
that the URL is all lowercase.  Then again, it's not a big surprise 
the Apple has screwed up a communication protocol.

Nevertheless, I've added the case insensitive matching.

2012-11-05 14:42:37 Git Commit Comment #2 Reply to this comment
Changes have been made in Git (master):

commit a86c01f0a9aafc49fd14215174bc5676b305df3b
Author: Michael J Rubinsky <mrubinsk@horde.org>
Date:   Mon Nov 5 09:39:37 2012 -0500

     Bug: 11624 Work around for iOS's broken AUTODISCOVER request.

  framework/Rpc/lib/Horde/Rpc/ActiveSync.php |    6 +++---
  horde/rpc.php                              |    2 +-
  2 files changed, 4 insertions(+), 4 deletions(-)

http://git.horde.org/horde-git/-/commit/a86c01f0a9aafc49fd14215174bc5676b305df3b
2012-11-02 13:30:07 Michael Rubinsky Assigned to Michael Rubinsky
State ⇒ Assigned
Priority ⇒ 1. Low
 
2012-11-02 12:19:37 torben (at) dannhauer (dot) info Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 3. High
Summary ⇒ ActiveSync Autodiscovery for Apple iOS devices (easy to fix)
Queue ⇒ Horde Framework Packages
Milestone ⇒
Patch ⇒ Yes
Reply to this comment
The ActiveSync AutoDiscovery does no work for iOS (iOS 6.0.1) because 
the REQUEST_URI is checked case sensitive for 
"autodiscover/autodiscover.xml" while iOS uses the URI 
"Autodiscover/Autodiscover.xml"

Please adapt the following files and use stripos(..) instead of 
strpos(..) or "=="
- Horde/Rpc/ActiveSync.php (3x)
- /horde/rpc.php (1x)

I tested with iOS6, with case insensitive comaprisions the 
autodiscovery works.

Saved Queries