On Sunday 13 December 2009 23:08:13 Julien Kerihuel wrote:
> I've found an interesting article detailing why native Outlook 2003
> clients can't connect to Exchange 2010 [2].
Those two articles gave me enough to figure out how to disable
the encryption requirement (the second part of the first
article is better than the second article for the specific powershell
cmdlet you need to use):
http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-
exchange-2010-part2.html
After disabling encryption, we are better:
[bradh-...@repens merging]$ ./bin/openchangeclient --mailbox
+ Mailbox - test user1
|---+ Calendar : (Total: 0 / Unread: 0 - Container
class: IPF.Appointment) [FID: 0x1d00000000000001]
|---+ Contacts : (Total: 0 / Unread: 0 - Container
class: IPF.Contact) [FID: 0x1e00000000000001]
|---+ Conversation Action Settings : (Total: 0 / Unread: 0
- Container class: IPF.Configuration) [FID: 0x7400000000000001]
|---+ Deleted Items : (Total: 0 / Unread: 0 - Container
class: IPF.Note) [FID: 0x1700000000000001]
|---+ Drafts : (Total: 0 / Unread: 0 - Container
class: IPF.Note) [FID: 0x1f00000000000001]
|---+ Inbox : (Total: 0 / Unread: 0 - Container
class: IPF.Note) [FID: 0x1400000000000001]
|---+ Journal : (Total: 0 / Unread: 0 - Container
class: IPF.Journal) [FID: 0x2000000000000001]
|---+ Junk E-Mail : (Total: 0 / Unread: 0 - Container
class: IPF.Note) [FID: 0x7000000000000001]
|---+ Notes : (Total: 0 / Unread: 0 - Container
class: IPF.StickyNote) [FID: 0x2100000000000001]
|---+ Outbox : (Total: 0 / Unread: 0 - Container
class: IPF.Note) [FID: 0x1500000000000001]
|---+ Sent Items : (Total: 0 / Unread: 0 - Container
class: IPF.Note) [FID: 0x1600000000000001]
|---+ Tasks : (Total: 0 / Unread: 0 - Container
class: IPF.Task) [FID: 0x2200000000000001]
[bradh-...@repens merging]$ ./bin/openchangeclient --userlist
[EX] Administrator:
Name: Administrator
Email: /o=First Organization/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Recipients/cn=Administrator
[EX] DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}:
Name: Discovery Search Mailbox
Email: /o=First Organization/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Recipients/cn=DiscoverySearchMailbox
D919BA05-46A6-
[EX] testuser1:
Name: test user1
Email: /o=First Organization/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Recipients/cn=test user1
[EX] testuser2:
Name: test user2
Email: /o=First Organization/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Recipients/cn=test user2
> I'm not sure what kind of encryption is used between Outlook and
> Exchange, but I'd be tempted to say Kerberos. If this is the case, a
> correct setup + minor fixes in OpenChange Profile creation and EMSMDB
> connect calls may fix this.
A little more research with MS-OXCRPC shows that ecNotEncrypted
(0x00000970) means that:
"The server is configured to require encryption and the binding
handle, hBinding, authentication is not set with
RPC_C_AUTHN_LEVEL_PKT_PRIVACY. For more information
about setting the authentication and authorization, see
RpcBindingSetAuthInfoEx. The client attempts the call again
with new binding handle that is encrypted."
(with a link to http://msdn.microsoft.com/en-us/library/aa375608(VS.85).aspx)
I couldn't find a specific description of what "encrypted" means
in this context, but there is a bit of description in MS-RPCE
(Section 3.3.1.5.2.2 "Using a Security Context")
> Finally we may definitely need to implement and use the Exchange2003
> pipe versions (EcDoConnectEx and EcDoRpcExt2).
It looks like backwards compatibility may have saved us :-) This isn't to
suggest we don't need those at all (and indeed we may need them for
the encrypted case here).
I raised a ticket to track this issue (http://trac.openchange.org/ticket/223)
Brad
_______________________________________________
devel mailing list
[email protected]
http://mailman.openchange.org/listinfo/devel
