Answered by:
Outlook 2011 SP2 Mac Clients - Mail could not bve received at this time...
-
After Upgrading to Office SP2 for the Mac, our Mac Clients can no longer Connect to the Exchange server
Server: Version 14.1 (Build 218.15) / 0.1 (8.0.535.0)
Client:14.2.2 (1202421)
The Error we get just after launch is:
Mail could not be received at this time. The server for account "" returned the error "Logon failure: unknown user name or bad password." Your username/password or security setting may be incorrect. Would like to try re-entering your password?
When this happens and you click yes, to try to enter your password again, your account typically gets locked out on the AD Domain after a few attempts.
We have tried the keychain workaround/solution to no avail, we have rebuilt Profiles, Cleaned and Compressed the Identity Database, etc... No Love
I can login to the https://mail.domain.com//EWS/Exchange.asmx url and it comes back with the WSDL file.
The only thing I have found that Might be a possible solution was this:
http://www.exchangeranger.com/2011/03/mac-outlook-2011-clients-getting-bad.html
Basically says to: Removed the EWS VirtualDirectory and recreated the EWS VirtualDirectory
Okay that's fine and all if None of our EWS services were working, though we have several other systems (non Mac) that are talking to the Exchange server via EWS (Web, Custom VB Apps, SQL SSIS, Azure Compute Service and many more) So I really don't want to Blow away the EWS if everything else is working fine.
Question
Answers
-
I ended up calling MS Support and getting help.
The issue seemed to be that Digest Authentication had been enabled on the EWS web.
I disabled Digest Authentication and the Mac Clients seemed much much happier!
Thanks,- Marked as answer by Scooter_ Friday, September 21, 2012 4:14 PM
All replies
-
-
It really seems like it is an Authentication communication issue.
I've noticed when I connect to the EWS Directory in Firefox, It says that the Authentication method is requesting Digest.
I was able to then remove the DOMAIN\ infront of my user credentials and was able to connect for a bit, then came back with the familiar "Mail could not be received at this time" dialog.
-
-
-
Hi Scooter,
I just experienced the same issue as you today with a Mac running Office 2011 with the latest SP2 updates trying to connect to a new Exchange 2010 on-premise server where it kept prompting for a password.
I was able to resolve the issue by removing any Exchange entry in the Keychain, deleting then re-adding the account back into Outlook, then denying Autodiscover to auto configure the account. That fixed the issue for me. Hope this will help.
Jim
-
Thank you for the reply Jim. I think I tried that except for the denying Autodiscover. Though I know we do not have an Autodiscover.domain.com DNS entry and we end up entering in the EWS URL manually for the server. Though it's worth a shot! Thanks! Scott<-
-
Thanks again for the reply. I tried it out on my Macbook Pro with Office 14.1.4.
Removed all Identities.
Removed All Keychanin refernces to Exchange and our mailserver's Internet names.
Created new Outlook Identity
Created Exchange account
Unchecked Auto Configure
Entered the Server URL the same as the one for Apple Mail (which works fine)Seconds later I get the same error "Logon failure: unknown user name or bad password." Your username/password or security setting may be incorrect...."
No Love. Every other Application we have talking EWS is working fine, though they are all PC Apps and not Macs except the Apple Mail Clients.
Thanks,
-
-
-
Yes, I'm still having the issue. I will look at the Log on the Exchange server to see if there is anything related in there.
One other post I saw said something about dumping the IIS ActiveSync Directory and re-creating it. That option kind of scares me a bit. My macs work using the same URL using Mac Mail. All of the iPhones, iPads, Android and other Mobile devices all work well too. So Chucking the IIS Web for them and re-creating it seems like a bad Idea if my issues are ONLY limited to Outlook 2011 on the Mac.
I should also mention that there is no IMAP/POP3 support on the Exchange Server.
we use the URL:
https://mail.domain.com/EWS/Exchange.asmx
Thanks
-
Here are the log entries from the IIS web:
I'm guessing these first three entries are from iCal, that is working fine.
2012-09-17 03:50:23 10.1.1.15 POST /EWS/Exchange.asmx - 443 - 10.11.3.9 Mac+OS+X/10.8.1+(12B19)+CalendarAgent/47 401 0 0 15
2012-09-17 03:50:23 10.1.1.15 POST /EWS/Exchange.asmx - 443 - 10.11.3.9 Mac+OS+X/10.8.1+(12B19)+CalendarAgent/47 401 0 0 30
2012-09-17 03:50:23 10.1.1.15 POST /EWS/Exchange.asmx - 443 - 10.11.3.9 Mac+OS+X/10.8.1+(12B19)+CalendarAgent/47 401 0 0 15
This is where I started Outlook:
2012-09-17 03:51:57 10.1.1.16 POST /autodiscover/autodiscover.xml - 443 - 10.11.3.9 MacOutlook/14.2.3.120616+(Intel+Mac+OS+X+10.8.1) 401 0 0 264
2012-09-17 03:51:57 10.1.1.16 POST /autodiscover/autodiscover.xml - 443 - 10.11.3.9 MacOutlook/14.2.3.120616+(Intel+Mac+OS+X+10.8.1) 401 1 2148074254 46
2012-09-17 03:51:58 10.1.1.16 POST /autodiscover/autodiscover.xml - 443 DOMAIN\Username 10.11.3.9 MacOutlook/14.2.3.120616+(Intel+Mac+OS+X+10.8.1) 200 0 0 1025
2012-09-17 03:51:58 10.1.1.16 POST /EWS/Exchange.asmx - 443 - 10.11.3.9 MacOutlook/14.2.3.120616+(Intel+Mac+OS+X+10.8.1) 401 0 0 46
2012-09-17 03:51:58 10.1.1.16 POST /EWS/Exchange.asmx - 443 - 10.11.3.9 MacOutlook/14.2.3.120616+(Intel+Mac+OS+X+10.8.1) 401 0 0 46
2012-09-17 03:51:58 10.1.1.16 POST /EWS/Exchange.asmx - 443 - 10.11.3.9 MacOutlook/14.2.3.120616+(Intel+Mac+OS+X+10.8.1) 401 1 2148074252 77
2012-09-17 03:51:58 10.1.1.16 POST /EWS/Exchange.asmx - 443 DOMAIN\Username 10.11.3.9 MacOutlook/14.2.3.120616+(Intel+Mac+OS+X+10.8.1) 200 0 0 186
2012-09-17 03:51:58 10.1.1.16 POST /EWS/Exchange.asmx - 443 - 10.11.3.9 MacOutlook/14.2.3.120616+(Intel+Mac+OS+X+10.8.1) 401 0 0 15
2012-09-17 03:51:58 10.1.1.16 POST /EWS/Exchange.asmx - 443 - 10.11.3.9 MacOutlook/14.2.3.120616+(Intel+Mac+OS+X+10.8.1) 401 1 2148074252 46
2012-09-17 03:51:58 10.1.1.16 POST /EWS/Exchange.asmx - 443 - 10.11.3.9 MacOutlook/14.2.3.120616+(Intel+Mac+OS+X+10.8.1) 401 1 2148074257 31
Connecting to: https://mail.domain.com/autodiscover/autodiscover.xml
comes back with a Username and Password Prompt, and then displays:
<errorcode style="font-family:Times;font-size:medium;line-height:normal;">600</errorcode> <message style="font-family:Times;font-size:medium;line-height:normal;">Invalid Request</message>
Connecting to: https://mail.domain.com/EWS/Exchange.asmx
Redirects me to the following URL: https://mail.domain.com/EWS/Services.wsdl
What else do you need?
-
I'm also seeing this in the Security Event Log:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: <UserName>
Account Domain: <DOMAIN>
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xc000006d
Sub Status: 0xc000006d
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: -
Source Network Address: 10.11.3.9
Source Port: 55122
Detailed Authentication Information:
Logon Process: WDIGEST
Authentication Package: WDigest
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested. -
Dear all,
regarding your extract of the IIS log file. !! This is default behavoir !!
The first client request to the server comes ever with anonymous. That produced the first 401. The server say him, i am authorise e.g. with NTLM. The client send him his NTLM hash. The server says you get at first a start sequence and generate the next 401. After that the client is authorised and the server writes the first 200 in his log.
Depending on individual IIS settings comes 2 or 3 401 errors in the IIS log.
Regards Uwe
-
I ended up calling MS Support and getting help.
The issue seemed to be that Digest Authentication had been enabled on the EWS web.
I disabled Digest Authentication and the Mac Clients seemed much much happier!
Thanks,- Marked as answer by Scooter_ Friday, September 21, 2012 4:14 PM
-
-
-
Yes you have a solution that works for you but I need to have Digest Authentication on because of some other programs needing on the EWS directory. You have a workaround and not a solution. I have been working with Microsoft since May of 2013 and nobody will fix this. It has been outsourced to india. Wasted hours of my time and theirs from taking trace logs on Exchange and the Outlook client and now they want to do traces from my domain controllers. Nobody wants to resolve this issue.
-
-