6.0.0-git
2019-05-19

[#13831] autodiscover.xml error code 401 Unauthorized
Summary autodiscover.xml error code 401 Unauthorized
Queue Synchronization
Queue Version FRAMEWORK_5_2
Type Bug
State Not A Bug
Priority 1. Low
Owners mrubinsk (at) horde (dot) org
Requester horde (at) vdorst (dot) com
Created 2015-01-29 (1571 days ago)
Due
Updated 2015-02-05 (1564 days ago)
Assigned 2015-01-30 (1570 days ago)
Resolved 2015-02-05 (1564 days ago)
Milestone
Patch No

History
2015-02-05 14:31:34 Michael Rubinsky Comment #11
State ⇒ Not A Bug
Reply to this comment
The way Autodiscovery works is that the client is *supposed* to send 
an XML data structure containing, among other things, the user's email 
address as part of the structure.

Some clients (from what I've seen, mostly Android) don't send ANY of 
this structure but instead pass the email address as the username in 
the HTTP_AUTHORIZATION header. This is outright incorrect, but we have 
code in place to attempt to catch this and try out best to get an 
accurate username from it. This is probably way your wget attempts 
(and other tests that were not sourced directly from an EAS client) 
worked.

If you want to provide a wiretrace, I'll take a look to be sure we 
can't improve the code, but otherwise, I'm closing this ticket.
2015-02-03 19:15:40 horde (at) vdorst (dot) com Comment #10 Reply to this comment
Now it is working by changing the following setting
$conf['activesync']['autodiscovery'] = 'full' -> 'user'

I still wondering why all GET methods are working with WGET.


2015-02-02 19:03:23 horde (at) vdorst (dot) com Comment #9
New Attachment: microsofttest.png Download
Reply to this comment
missing attachment
2015-02-02 19:02:43 horde (at) vdorst (dot) com Comment #8 Reply to this comment
Microsoft test fails too. See also attachment.
157.56.138.143 - - [02/Feb/2015:19:54:13 +0100] "OPTIONS 
/Autodiscover/Autodiscover.xml HTTP/1.1" 401 3417 "-" 
"Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
157.56.138.143 - - [02/Feb/2015:19:54:13 +0100] "POST 
/Autodiscover/Autodiscover.xml HTTP/1.1" 401 827 "-" 
"Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
157.56.138.143 - <mydomain>\\microsoft [02/Feb/2015:19:54:14 +0100] 
"POST /Autodiscover/Autodiscover.xml HTTP/1.1" 401 634 "-" 
"Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

But with firefox it works fine.
<ip> - - [02/Feb/2015:19:54:44 +0100] "GET 
/Autodiscover/Autodiscover.xml HTTP/1.1" 401 3604 "-" "Mozilla/5.0 
(X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"
<ip> - <mydomain>\\microsoft [02/Feb/2015:19:54:56 +0100] "GET 
/Autodiscover/Autodiscover.xml HTTP/1.1" 200 1825 "-" "Mozilla/5.0 
(X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"

2015-02-02 16:08:02 Michael Rubinsky Comment #7
Assigned to Michael Rubinsky
Reply to this comment
Something else you should do: Use Microsoft's Connectivity Analyzer ( 
https://testconnectivity.microsoft.com/ ) and run the Autodiscovery 
tests. It will tell you if there is any issue with your Autodiscovery 
setup and exactly what the issue is.
2015-02-01 11:04:46 horde (at) vdorst (dot) com Comment #6 Reply to this comment
Also my wives phone Moto G LTE(4G) with kitkat 4.4.4 has this issue.
192.168.10.124 - lisa [30/Jan/2015:18:09:58 +0100] "POST 
/autodiscover/autodiscover.xml HTTP/1.1" 401 3515 "-" 
"peregrine_reteu/KXB21.14-L1.56"
Which is strange because the stock mail client complains about "can't 
connect to server".  I think because of the disables SSLv3 or the 
cisphers I am using.
So i installed Nine mail client with works as expeced. But doesn´t use 
autodiscovery. No showing up in the logfiles.

I also checked the logs.
My BB tries it directly with a username.
<ip> - rene [28/Jan/2015:18:10:07 +0100] "POST 
/autodiscover/autodiscover.xml HTTP/1.1" 401 3676 "-" 
"RIM-Z10-STL100-2/10.3.1.1154"

I do see it with wget. wget tries it first without a username and gets 
401 then tries it with a username and succeds.
192.168.10.250 - - [31/Jan/2015:08:06:53 +0100] "POST 
/autodiscover/autodiscover.xml HTTP/1.1" 401 3673 "-" "Wget/1.15 
(linux-gnu)"
192.168.10.250 - rene [31/Jan/2015:08:06:53 +0100] "POST 
/autodiscover/autodiscover.xml HTTP/1.1" 200 1799 "-" "Wget/1.15 
(linux-gnu)"


Hmm a trace... I will try.





2015-01-31 21:15:53 Michael Rubinsky Comment #5 Reply to this comment
Are you able to trace the connection? Maybe the client isn't sending 
the credentials after it receives the first 401?

I don't have a BB device in my testing array, and I haven't been able 
to get the simulator to even issue the request at all so I can't test 
locally.
2015-01-31 07:12:00 horde (at) vdorst (dot) com Comment #4 Reply to this comment
Both POST and GET methode are working with wget.


root@Thirsty:/home/rra# wget --post-data="bla" --http-user=rene 
--http-password=<pw> https://<url>/autodiscover/autodiscover.xml
--2015-01-31 08:06:33--  https://<url>/autodiscover/autodiscover.xml
Resolving <url> (<url>)... 2a01:670:xxxx:x01::1, 192.168.10.250
Connecting to <url> (<url>)|2a01:670:xxxx:x01::1|:443... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to [<url>]:443.
HTTP request sent, awaiting response... 200 OK
Length: 947 [text/xml]
Saving to: ?autodiscover.xml?

100%[======================================================================================================================================>] 947         --.-K/s   in 
0.003s

2015-01-31 08:06:33 (290 KB/s) - ?autodiscover.xml? saved [947/947]

root@Thirsty:/home/rra# wget --http-user=rene --http-password=<pw> 
https://<url>/autodiscover/autodiscover.xml
--2015-01-31 08:06:38--  https://<url>/autodiscover/autodiscover.xml
Resolving <url> (<url>)... 2a01:670:xxxx:x01::1, 192.168.10.250
Connecting to <url> (<url>)|2a01:670:xxxx:x01::1|:443... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to [<url>]:443.
HTTP request sent, awaiting response... 200 OK
Length: 947 [application/vnd.ms-sync.wbxml]
Saving to: ?autodiscover.xml.1?

100%[======================================================================================================================================>] 947         --.-K/s   in 
0.004s

2015-01-31 08:06:38 (255 KB/s) - ?autodiscover.xml.1? saved [947/947]

root@Thirsty:/home/rra# wget -4 --post-data="bla" --http-user=rene 
--http-password=<pw> https://<url>/autodiscover/autodiscover.xml
--2015-01-31 08:06:53--  https://<url>/autodiscover/autodiscover.xml
Resolving <url> (<url>)... 192.168.10.250
Connecting to <url> (<url>)|192.168.10.250|:443... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to <url>:443.
HTTP request sent, awaiting response... 200 OK
Length: 947 [text/xml]
Saving to: ?autodiscover.xml.2?

100%[======================================================================================================================================>] 947         --.-K/s   in 
0.003s

2015-01-31 08:06:53 (308 KB/s) - ?autodiscover.xml.2? saved [947/947]

root@Thirsty:/home/rra# wget -4 --http-user=rene --http-password=<pw> 
https://<url>/autodiscover/autodiscover.xml
--2015-01-31 08:07:08--  https://<url>/autodiscover/autodiscover.xml
Resolving <url> (<url>)... 192.168.10.250
Connecting to <url> (<url>)|192.168.10.250|:443... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to <url>:443.
HTTP request sent, awaiting response... 200 OK
Length: 947 [application/vnd.ms-sync.wbxml]
Saving to: ?autodiscover.xml.3?
2015-01-30 16:58:07 Michael Rubinsky Comment #3
State ⇒ Feedback
Reply to this comment
Does it work using wget if you use GET instead of POST? I'm trying to 
duplicate this locally, but I can't get the simulator to even issue 
the autodiscover request at all.
2015-01-29 07:55:51 horde (at) vdorst (dot) com Comment #2 Reply to this comment
I did tried with WGET with succes.

wget --post-data="bla" --http-user=rene --http-password=<PW>   
https://<url>/autodiscover/autodiscover.xml
Apache2 log: <ip> - rene [29/Jan/2015:08:51:25 +0100] "POST 
/autodiscover/autodiscover.xml HTTP/1.1" 200 1799 "-" "Wget/1.15 
(linux-gnu)"
2015-01-29 07:45:45 horde (at) vdorst (dot) com Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ autodiscover.xml error code 401 Unauthorized
Queue ⇒ Synchronization
Milestone ⇒
Patch ⇒ No
Reply to this comment
I setup autodiscover.
When my Blackberry Z10 connects, apache2 returns 401 Unauthorized
Apache log: <ip> - rene [28/Jan/2015:18:10:07 +0100] "POST 
/autodiscover/autodiscover.xml HTTP/1.1" 401 3676 "-" 
"RIM-Z10-STL100-2/10.3.1.1154"

But via my browser I get the XML data with the same login.
Apache log: <ip> - rene [29/Jan/2015:08:34:07 +0100] "GET 
/autodiscover/autodiscover.xml HTTP/1.1" 200 1691 "-" "Mozilla/5.0 
(X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"

Any ideas?

Info:
OS: Ubuntu 14.10 64-bit.
Horde: Webedition installed via pear, openldap user backend.
Apache 2.4.10
Smartphone: Blackberry Z10 STL100-2 OS: 10.3.1.1154

Saved Queries