You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I used DavMail with success for many years but there must have been an update to our corporate Exchange Server because DavMail now cannot login to it. I was using DavMail version 5.4.0-3135 when the error appeared for the first time. I tried an updated 5.5.1-3299 version (that I had downloaded but apparently didn't use) and I had the same error. I also downloaded and tried the last version 6.2.2-3546 with no success.
I tried accessing our "Outlook on the Web" URL (that has the form of https://email.corp.company/owa/) with Firefox to see if there was a problem with my user/password pair but it worked, I could access my emails.
The same URL in DavMail and the same user/password in Thunderbird yield an "Unauthorized" error...
In the log file I can see the NTLM handshake and it looks like it's just a user/pass problem yielding an invalid challenge response (but again, user/pass are valid):
(User ID, Workstation name, Domain and URL have been changed to not give away company info)
Using the DEBUG log level, I was able to capture the NTLM authentication tokens, and with Firefox I also captured the NTLM tokens of a successful Auth and tried a comparison:
Type1Msg are different. Firefox used blank Domain and Workstation fields whereas DavMail used the correct values WORK and WKSNAME.
Type2Msg are very similar (so I guess the different Type1 didn't matter that much) except of course for the challenge value and the server timestamp.
Type3Msg are quite different, and from my point of view, these differences may explain the login failure. I cannot share the tokens here, but I can share their anonymized decoding by ntlmdecoder.py:
DavMail Type3Msg:
Msg Type: 3 (Response)
LM Resp: '????a??z?5?v?Pe???lxqp?' [<anonymized non null hex values>] (24b @64)
NTLM Resp: '<string containing, among other things, values from Type2Msg: server timestamp?, AD domain name, Server Name, DNS domain name, FQDN, Parent DNS domain, timestamp again?>' [<corresponding hex values>] (256b @88)
Target Name: u'WORK' [<corresponding hex values>] (8b @344)
User Name: u'USERIDXX' [<corresponding hex values>] (16b @352)
Host Name: u'WKSNAME' [<corresponding hex values>] (14b @368)
Session Key: '' [] (0b @0)
OS Ver: '????????'
Flags: 0x88201 ["Negotiate Unicode", "Negotiate NTLM", "Negotiate Always Sign", "Negotiate NTLM2 Key"]
Firefox Type3Msg:
Msg Type: 3 (Response)
LM Resp: u'????????????' [000000000000000000000000000000000000000000000000] (24b @118)
NTLM Resp: '<string containing, among other things, values from Type2Msg: server timestamp?, AD domain name, Server Name, DNS domain name, FQDN, Parent DNS domain + unidentified data but containing HTTP/email.corp.company in unicode near the end>' [<corresponding hex values>] (396b @142)
Target Name: '' [] (0b @88)
User Name: u'USERIDXX' [<corresponding hex values>] (16b @88)
Host Name: u'WKSNAME' [<corresponding hex values>] (14b @104)
Session Key: '' [] (0b @538)
OS Ver: '????????'
Flags: 0x-5d777dfb ["Negotiate Unicode", "Request Target", "Negotiate NTLM", "Negotiate Always Sign", "Negotiate NTLM2 Key", "Negotiate Target Info", "unknown", "Negotiate 128", "Negotiate 56"]
The differences that caught my attention are:
Firefox doesn't set the LM response. Can this weak algorithm be refused by the Exchange Server?
Firefox gives a larger NTLM response (396b vs 256b) with more information. Maybe my work Exchange Server now requires this additional information?
Firefox doesn't set Target Name, maybe because I didn't use WORK\USERIDXX as my login but only USERIDXX ?
Firefox sets more flags, that are maybe related to the additional data it gives in the NTLM token?
What is your opinion on this?
Are there other tests I can do to pinpoint more precisely the problem?
Is there a way to fix this problem?
Thanks!
The text was updated successfully, but these errors were encountered:
Ok, I have put: davmail.defaultDomain=WORK
into the davmail64.ini file in the program directory. I still have the problem and the flags didn't change (0x88201)...
Any other idea ? How can I make DavMail provide the same info as Firefox does when logging in ?
Thanks!
Hi,
I used DavMail with success for many years but there must have been an update to our corporate Exchange Server because DavMail now cannot login to it. I was using DavMail version 5.4.0-3135 when the error appeared for the first time. I tried an updated 5.5.1-3299 version (that I had downloaded but apparently didn't use) and I had the same error. I also downloaded and tried the last version 6.2.2-3546 with no success.
I tried accessing our "Outlook on the Web" URL (that has the form of https://email.corp.company/owa/) with Firefox to see if there was a problem with my user/password pair but it worked, I could access my emails.
The same URL in DavMail and the same user/password in Thunderbird yield an "Unauthorized" error...
In the log file I can see the NTLM handshake and it looks like it's just a user/pass problem yielding an invalid challenge response (but again, user/pass are valid):
(User ID, Workstation name, Domain and URL have been changed to not give away company info)
Using the DEBUG log level, I was able to capture the NTLM authentication tokens, and with Firefox I also captured the NTLM tokens of a successful Auth and tried a comparison:
DavMail Type3Msg:
Firefox Type3Msg:
The differences that caught my attention are:
What is your opinion on this?
Are there other tests I can do to pinpoint more precisely the problem?
Is there a way to fix this problem?
Thanks!
The text was updated successfully, but these errors were encountered: