none
Outlook 2016 with Exchange 2010 defaults to IMAP connection

    问题

  • I am having a problem with Outlook 2016 Version 1708 (Build 8431.2242 Click-to-Run) clients connecting to Exchange 2010 SP3 RU 20. 

    When configuring Outlook for the first time from a domain joined PC, Outlook defaults its configuration to IMAP rather than MAPI. This behaviour only occurs when setting up a profile from the Outlook start screen. The issue does not occur when setting up a profile from Control Panel > Mail.

    Both IMAP and MAPI function. The problem is that since domain joined users are defaulting to IMAP, they don't have access to all Exchange features.

    Using Wireshark and Fiddler, i can see that when configuring the profile from the outlook start screen there is no HTTP/HTTPS traffic to the Exchange Server. When configuring from Control Panel > Mail i can see the expected HTTP/HTTPS traffic to the expected autodiscover domains.

    Autodiscover XML is included below

    <?xml version="1.0" encoding="utf-8"?>
    <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
      <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
        <User>
          <DisplayName>USER</DisplayName>
          <LegacyDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=USER</LegacyDN>
          <AutoDiscoverSMTPAddress>USER@DOMAIN.COM</AutoDiscoverSMTPAddress>
          <DeploymentId>9330e91a-ce5f-4439-a841-a72904543db1</DeploymentId>
        </User>
        <Account>
          <AccountType>email</AccountType>
          <Action>settings</Action>
          <Protocol>
            <Type>EXCH</Type>
            <Server>SERVER.DOMAIN.COM</Server>
            <ServerDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCHANGE02</ServerDN>
            <ServerVersion>7383807B</ServerVersion>
            <MdbDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCHANGE02/cn=Microsoft Private MDB</MdbDN>
            <PublicFolderServer>SERVER.DOMAIN.COM</PublicFolderServer>
            <AD>DC.DOMAIN.COM</AD>
            <ASUrl>https://SERVER.DOMAIN.COM/EWS/Exchange.asmx</ASUrl>
            <EwsUrl>https://SERVER.DOMAIN.COM/EWS/Exchange.asmx</EwsUrl>
            <EcpUrl>https://SERVER.DOMAIN.COM/ecp/</EcpUrl>
            <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
            <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
            <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
            <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
            <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
            <OOFUrl>https://SERVER.DOMAIN.COM/EWS/Exchange.asmx</OOFUrl>
            <UMUrl>https://SERVER.DOMAIN.COM/EWS/UM2007Legacy.asmx</UMUrl>
            <OABUrl>http://SERVER.DOMAIN.COM/OAB/79607bdd-cd14-4b30-9d5c-5c4fb8916140/</OABUrl>
          </Protocol>
          <Protocol>
            <Type>EXPR</Type>
            <Server>/SERVER.DOMAIN.COM</Server>
            <SSL>On</SSL>
            <AuthPackage>Basic</AuthPackage>
            <ASUrl>https:///SERVER.DOMAIN.COM/EWS/Exchange.asmx</ASUrl>
            <EwsUrl>https:///SERVER.DOMAIN.COMEWS/Exchange.asmx</EwsUrl>
            <EcpUrl>https:///SERVER.DOMAIN.COM/ecp/</EcpUrl>
            <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
            <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
            <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
            <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
            <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
            <OOFUrl>https:///SERVER.DOMAIN.COM/EWS/Exchange.asmx</OOFUrl>
            <UMUrl>https:///SERVER.DOMAIN.COM/EWS/UM2007Legacy.asmx</UMUrl>
            <OABUrl>http:///SERVER.DOMAIN.COM/OAB/79607bdd-cd14-4b30-9d5c-5c4fb8916140/</OABUrl>
            <CertPrincipalName>msstd:domain.com</CertPrincipalName>
          </Protocol>
          <Protocol>
            <Type>WEB</Type>
            <Internal>
              <OWAUrl AuthenticationMethod="Basic, Fba">https:///SERVER.DOMAIN.COM/owa/</OWAUrl>
              <Protocol>
                <Type>EXCH</Type>
                <ASUrl>https://SERVER.DOMAIN.COM/EWS/Exchange.asmx</ASUrl>
              </Protocol>
            </Internal>
          </Protocol>
        </Account>
      </Response>
    </Autodiscover>


    -DK

    2018年5月10日 17:17

答案

  • Problem "solved" ... partially at least.

    The problem is that "Simplified Profile Creation" was added to the click-to-run version. It uses a different process to create the profile. I opened a ticket with MS and was advised to disable Simplified Profile Creation through GPO.

    It doesn't explain why "Simplified Profile Creation" fails when the Connectivity Analyzer succeeds. CSS was unable to assist with troubleshooting that. But at least I have a next step.

    Here is the link. https://support.microsoft.com/en-us/help/3189194/how-to-disable-simplified-account-creation-in-outlook-2016

    And here is the response from CSS:

    I can confirm that this behavior is by design.
    The behavior is PG’s direction to go towards Office365.
    This is not a workaround but a solution provided by PG as it is officially published.
    As a general idea, starting Outlook 2016 autodiscover looks for Office365 first and starting Outlook 2019 we will not have MSI version.
    The registry change via GPO can be applied if an automation is needed.
     
    As we have stated in the article, this is a feature introduced and not an issue.
    The fact that PG offers the possibility to disable this feature is not an workaround, but the possibility to use the product in a different way than designed.
     
    “The Simplified Account Creation feature was first introduced in Click-to-Run installations of Outlook, starting with version 16.0.6769.2015. You must be signed in to an Office 365 account to activate this feature”
    https://support.microsoft.com/en-us/help/3189194/how-to-disable-simplified-account-creation-in-outlook-2016



    -DK

    2018年5月18日 18:37

全部回复

  • Is Outlook Anywhere enabled and configured on the Exchange server?

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    2018年5月10日 22:32
  • Ed, it is enabled and configured. Here is the config.

    [PS] C:\Windows\system32>Get-OutlookAnywhere | fl
    
    
    RunspaceId                      : 4b55df3c-bc0f-42aa-90ad-3dac7f713e7b
    ServerName                      : SERVER
    SSLOffloading                   : False
    ExternalHostname                : SERVER.DOMAIN.COM
    ClientAuthenticationMethod      : Basic
    IISAuthenticationMethods        : {Basic}
    XropUrl                         :
    MetabasePath                    : IIS://SERVER.DOMAIN.COM/W3SVC/1/ROOT/Rpc
    Path                            : C:\Windows\System32\RpcProxy
    ExtendedProtectionTokenChecking : None
    ExtendedProtectionFlags         : {}
    ExtendedProtectionSPNList       : {}
    Server                          : SERVER
    AdminDisplayName                :
    ExchangeVersion                 : 0.10 (14.0.100.0)
    Name                            : Rpc (Default Web Site)
    DistinguishedName               : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=SERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=DOMAIN,CN=Microsoft
                                       Exchange,CN=Services,CN=Configuration,DC=impact,DC=dc
    Identity                        : SERVER\Rpc (Default Web Site)
    Guid                            : 929aa01f-e53f-44a4-9672-04f6c69c2157
    ObjectCategory                  : DOMAIN.COM/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
    ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
    WhenChanged                     : 10/03/2018 16:23:09
    WhenCreated                     : 10/03/2018 16:22:47
    WhenChangedUTC                  : 10/03/2018 15:23:09
    WhenCreatedUTC                  : 10/03/2018 15:22:47
    OrganizationId                  :
    OriginatingServer               : DC01.DOMAIN.COM
    IsValid                         : True
    


    -DK

    2018年5月11日 7:55
  • Hi David,

    For Exchange 2010, it's RPC over HTTP or RPC over TCP (i.e. MAPI), instead of MAPI over HTTP.

    In domain-joined PC, they can communicate with AD and query the SCP object, then use this endpoint to query Outlook settings and auto-configure Outlook profile.

    Therefore, I want to check the SCP object first, run below command:
    Get-ClientAccessServer | FL Identity,AutoDiscoverServiceInternalUri
    Then, browser "AutoDiscoverServiceInternalUri" in IE and check the result, ensure it's 600.

    PS: Can you enter your email address and password (don't select "Manually setup....") when new Outlook profile? Figure as below:

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    2018年5月11日 10:30
    版主
  • Allen, here is the Autodiscover URI

    [PS] C:\Windows\system32>Get-ClientAccessServer | FL Identity,AutoDiscoverServiceInternalUri
    
    
    Identity                       : SERVER
    AutoDiscoverServiceInternalUri : https://autodiscover.DOMAIN.COM/Autodiscover/Autodiscover.xml
    
    
    
    [PS] C:\Windows\system32>

    the AutodiscoverServiceInternalURI was SERVER.DOMAIN.COM yesterday but i changed it to autodiscover.DOMAIN.COM last night. With both settings the problem is the same.

    To your second question, let me try to clarify the problem.

    When i configure the profile from this screen (after opening a new outlook client) the profile gets automatically configured as IMAP.

    

    If instead i go to Control Panel > Mail > Show Profiles > Add ... and then create a new profile, everything works perfectly and uses RPC/HTTP

    Here are the exact steps followed to recreate the problem

    1. Open Outlook for the first time
    2. Enter user@domain.com and click "Connect"
    3. Prompted for internet mail settings. Enter username and password. Click "OK"
    4. Account shows as configured
    5. However connection is IMAP

    -DK

    2018年5月11日 11:35
  • Allen, i forgot to answer your other question. Yes, autodiscover returns 600 as expected when going through the browser.

    Here is the result:


    -DK

    2018年5月11日 14:24
  • Are you using an SKU of Outlook 2016 that supports MAPI?

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    2018年5月11日 17:44
  • Ed, i believe so but not certain how to check.

    Again though, when I setup from control Panel > Mail everything works and Outlook connects over RPC/HTTP.


    -DK

    2018年5月11日 17:50
  • This might be an Outlook specific problem.

    Outlook 2007/2010 work fine

    Outlook 2016, when creating a profile as shown above does not work

    Outlook 2016 when creating a profile in Control Panel > Mail (Outlook 2016) works fine


    -DK

    2018年5月11日 18:19
  • I hate posting +1 posts<g class="gr_ gr_20 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation multiReplace" data-gr-id="20" id="20">....</g>

    but...

    +1.

    Any update on this issue? I am having the exact same problem.

    2018年5月17日 21:29
  • I hate when people post with HTML stuff that I can't read.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    2018年5月18日 5:50
  • Problem "solved" ... partially at least.

    The problem is that "Simplified Profile Creation" was added to the click-to-run version. It uses a different process to create the profile. I opened a ticket with MS and was advised to disable Simplified Profile Creation through GPO.

    It doesn't explain why "Simplified Profile Creation" fails when the Connectivity Analyzer succeeds. CSS was unable to assist with troubleshooting that. But at least I have a next step.

    Here is the link. https://support.microsoft.com/en-us/help/3189194/how-to-disable-simplified-account-creation-in-outlook-2016

    And here is the response from CSS:

    I can confirm that this behavior is by design.
    The behavior is PG’s direction to go towards Office365.
    This is not a workaround but a solution provided by PG as it is officially published.
    As a general idea, starting Outlook 2016 autodiscover looks for Office365 first and starting Outlook 2019 we will not have MSI version.
    The registry change via GPO can be applied if an automation is needed.
     
    As we have stated in the article, this is a feature introduced and not an issue.
    The fact that PG offers the possibility to disable this feature is not an workaround, but the possibility to use the product in a different way than designed.
     
    “The Simplified Account Creation feature was first introduced in Click-to-Run installations of Outlook, starting with version 16.0.6769.2015. You must be signed in to an Office 365 account to activate this feature”
    https://support.microsoft.com/en-us/help/3189194/how-to-disable-simplified-account-creation-in-outlook-2016



    -DK

    2018年5月18日 18:37
  • Great, thanks for your sharing and effort.
    Please mark your solution as Answer, it will highlight this solution for other communities.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    2018年5月21日 3:11
    版主