[Akonadi] [Bug 390798] Akonadi EWS failed to authenticate with Exchange Server

Alexander bugzilla_noreply at kde.org
Tue Jun 11 20:58:11 BST 2019 

https://bugs.kde.org/show_bug.cgi?id=390798

Alexander <maniac at pzskc383.dp.ua> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |maniac at pzskc383.dp.ua

--- Comment #21 from Alexander <maniac at pzskc383.dp.ua> ---
Encountered this bug while setting up exchange connection. Here are debug logs
from kio_http and pim.ews with username, domain, cookies and ntlm
challenge/response data redacted:

org.kde.pim.ews: Setting up authentication
org.kde.pim.ews: Using password-based authentication
org.kde.pim.ews: Initializing authentication
org.kde.pim.ews: requestPassword: start
org.kde.pim.ews: requestPassword: password already set
org.kde.pim.ews.client.proto: "<?xml version=\"1.0\"?><soap:Envelope
xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"
xmlns:m=\"http://schemas.microsoft.com/exchange/services/2006/messages\"
xmlns:t=\"http://schemas.microsoft.com/exchange/services/2006/types\"><soap:Header><t:RequestServerVersion
Version=\"Exchange2007_SP1\"/></soap:Header><soap:Body><m:GetFolder><m:FolderShape><t:BaseShape>IdOnly</t:BaseShape><t:AdditionalProperties><t:FieldURI
FieldURI=\"folder:DisplayName\"/><t:ExtendedFieldURI
PropertySetId=\"9bf757ae-69b5-4d8a-bf1d-2dd0c0871a28\"
PropertyName=\"GlobalTags\" PropertyType=\"StringArray\"/><t:ExtendedFieldURI
PropertySetId=\"9bf757ae-69b5-4d8a-bf1d-2dd0c0871a28\"
PropertyName=\"GlobalTagsVersion\"
PropertyType=\"Integer\"/></t:AdditionalProperties></m:FolderShape><m:FolderIds><t:DistinguishedFolderId
Id=\"msgfolderroot\"/><t:DistinguishedFolderId
Id=\"inbox\"/></m:FolderIds></m:GetFolder></soap:Body></soap:Envelope>\n"
org.kde.pim.ews.client.request: Starting GetFolder request
((EwsId(Distinguished: msgfolderroot), EwsId(Distinguished: inbox)))
kf5.kio.kio_http: 
kf5.kio.kio_http:
QUrl("https://DOMAIN_NAME%5CUSERNAME@EXCHANGE_ADDR/EWS/Exchange.asmx")
kf5.kio.kio_http:
QUrl("https://DOMAIN_NAME%5CUSERNAME@EXCHANGE_ADDR/EWS/Exchange.asmx")
kf5.kio.kio_http: Window Id = ""
kf5.kio.kio_http: ssl_was_in_use = ""
kf5.kio.kio_http: 
kf5.kio.kio_http: 
kf5.kio.kio_http: 
kf5.kio.kio_http: 
kf5.kio.kio_http: 
kf5.kio.kio_http: Proxy URLs: ()
kf5.kio.kio_http: TCP_NODELAY: QVariant(int, 0)
kf5.kio.kio_http: ============ Sending Header:
kf5.kio.kio_http: "POST /EWS/Exchange.asmx HTTP/1.1"
kf5.kio.kio_http: "Host: EXCHANGE_ADDR"
kf5.kio.kio_http: "Connection: keep-alive"
kf5.kio.kio_http: "User-Agent: Mozilla/5.0 (X11; Linux x86_64; English)
KHTML/5.58.0 (like Gecko) Konqueror/5 KIO/5.58"
kf5.kio.kio_http: "Pragma: no-cache"
kf5.kio.kio_http: "Cache-control: no-cache"
kf5.kio.kio_http: "Accept: text/html, text/*;q=0.9, image/jpeg;q=0.9,
image/png;q=0.9, image/*;q=0.9, */*;q=0.8"
kf5.kio.kio_http: "Accept-Encoding: gzip, deflate, x-gzip, x-deflate"
kf5.kio.kio_http: "Accept-Charset: utf-8,*;q=0.5"
kf5.kio.kio_http: "Accept-Language: en-US,en;q=0.9"
kf5.kio.kio_http: "Cookie:
X-BackEndCookie=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
exchangecookie=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
kf5.kio.kio_http: "Content-Type: text/xml"
kf5.kio.kio_http: sent it!
kf5.kio.kio_http: sending data (size= 898 )
kf5.kio.kio_http: "Content-Length: 898"
kf5.kio.kio_http: 
kf5.kio.kio_http: ============ Received Status Response:
kf5.kio.kio_http: "HTTP/1.1 401 Unauthorized"
kf5.kio.kio_http:
QUrl("https://DOMAIN_NAME%5CUSERNAME@EXCHANGE_ADDR/EWS/Exchange.asmx") response
code:  401 previous response code: 0
kf5.kio.kio_http: wasAuthError= false isAuthError= true sameAuthError= false
kf5.kio.kio_http:  -- full response: 
"HTTP/1.1 401 Unauthorized\r\nrequest-id:
5d252ae0-ddd8-4e94-ab13-aa75e76fafa0\r\nWWW-Authenticate:
Negotiate\r\nWWW-Authenticate: NTLM\r\nX-FEServer: E24\r\nDate: Tue, 11 Jun
2019 19:16:16 GMT\r\nContent-Length: 0\r\nX-Content-Type-Options:
nosniff\r\nStrict-Transport-Security: max-age=31536000;
includeSubDomains\r\nContent-Security-Policy: script-src 'self' 'unsafe-inline'
'unsafe-eval'\r\nX-XSS-Protection: 1; mode=block\r\nReferrer-Policy:
no-referrer\r\nAccess-Control-Allow-Origin: null\r\nCache-Control: private,
no-cache, no-store, must-revalidate, max-age=0\r\nExpires: 0"
kf5.kio.kio_http: Trying authentication scheme: "Negotiate"
kf5.kio.kio_http.auth: gss_init_sec_context failed: "Unspecified GSS failure. 
Minor code may provide more information SPNEGO cannot find mechanisms to
negotiate "
kf5.kio.kio_http: isError= true needCredentials= false forceKeepAlive= false
forceDisconnect= false
kf5.kio.kio_http: Blacklisting auth "Negotiate"
kf5.kio.kio_http: Trying authentication scheme: "NTLM"
kf5.kio.kio_http: isError= false needCredentials= false forceKeepAlive= false
forceDisconnect= false
kf5.kio.kio_http: "0" bytes left.
kf5.kio.kio_http: bytesReceived: 0  m_iSize: 0  Chunked: false  BytesLeft: 0
kf5.kio.kio_http: EOD received! Left = "0"
kf5.kio.kio_http: 
kf5.kio.kio_http: 
kf5.kio.kio_http: 
kf5.kio.kio_http: 
kf5.kio.kio_http: ============ Sending Header:
kf5.kio.kio_http: "POST /EWS/Exchange.asmx HTTP/1.1"
kf5.kio.kio_http: "Host: EXCHANGE_ADDR"
kf5.kio.kio_http: "Connection: keep-alive"
kf5.kio.kio_http: "User-Agent: Mozilla/5.0 (X11; Linux x86_64; English)
KHTML/5.58.0 (like Gecko) Konqueror/5 KIO/5.58"
kf5.kio.kio_http: "Pragma: no-cache"
kf5.kio.kio_http: "Cache-control: no-cache"
kf5.kio.kio_http: "Accept: text/html, text/*;q=0.9, image/jpeg;q=0.9,
image/png;q=0.9, image/*;q=0.9, */*;q=0.8"
kf5.kio.kio_http: "Accept-Encoding: gzip, deflate, x-gzip, x-deflate"
kf5.kio.kio_http: "Accept-Charset: utf-8,*;q=0.5"
kf5.kio.kio_http: "Accept-Language: en-US,en;q=0.9"
kf5.kio.kio_http: "Cookie:
X-BackEndCookie=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
exchangecookie=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
kf5.kio.kio_http: "Content-Type: text/xml"
kf5.kio.kio_http: "Authorization: NTLM
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
kf5.kio.kio_http: sent it!
kf5.kio.kio_http: 
kf5.kio.kio_http: ============ Received Status Response:
kf5.kio.kio_http: "HTTP/1.1 401 Unauthorized"
kf5.kio.kio_http:
QUrl("https://DOMAIN_NAME%5CUSERNAME@EXCHANGE_ADDR/EWS/Exchange.asmx") response
code:  401 previous response code: 401
kf5.kio.kio_http: wasAuthError= true isAuthError= true sameAuthError= true
kf5.kio.kio_http:  -- full response: 
"HTTP/1.1 401 Unauthorized\r\nrequest-id:
185fe6d4-09ef-4c75-bca7-245401827487\r\nWWW-Authenticate: NTLM
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\r\nWWW-Authenticate:
Negotiate\r\nX-FEServer: E24\r\nDate: Tue, 11 Jun 2019 19:16:16
GMT\r\nContent-Length: 0\r\nX-Content-Type-Options:
nosniff\r\nStrict-Transport-Security: max-age=31536000;
includeSubDomains\r\nContent-Security-Policy: script-src 'self' 'unsafe-inline'
'unsafe-eval'\r\nX-XSS-Protection: 1; mode=block\r\nReferrer-Policy:
no-referrer\r\nAccess-Control-Allow-Origin: null\r\nCache-Control: private,
no-cache, no-store, must-revalidate, max-age=0\r\nExpires: 0"
kf5.kio.kio_http: Trying authentication scheme: "NTLM"
kf5.kio.kio_http: looks like the user canceled the authentication dialog
kf5.kio.kio_http: Previous Response: 401
kf5.kio.kio_http: Current Response: 401
kf5.kio.kio_http: "0" bytes left.
kf5.kio.kio_http: bytesReceived: 0  m_iSize: 0  Chunked: false  BytesLeft: 0
kf5.kio.kio_http: EOD received! Left = "0"
kf5.kio.kio_http: 
kf5.kio.kio_http: keepAlive = true
kf5.kio.kio_http: 
kf5.kio.kio_http: keep alive ( 60 )
org.kde.pim.ews.client.proto: data KIO::TransferJob(0x55f70b415fa0) ""
org.kde.pim.ews.client.proto: response dumped to
"/tmp/akonadi-ews-ndWdUle/ews_xmldump_QDtcEwr.xml"
org.kde.pim.ews.client: Failed to process EWS request - HTTP code 401
ERROR "Failed to process EWS request - HTTP code 401"
org.kde.pim.ews: requestAuthFailed - going offline
kf5.kio.kio_http: 
kf5.kio.kio_http: 
kf5.kio.kio_http: 
kf5.kio.kio_http: 
kf5.kio.kio_http: keepAlive = false
kf5.kio.kio_http: 
kf5.kio.kio_http: 

I didnt set up kerberos at all, I have domain, username and email set in ews
resource rc, querying with dbus shows hasDomain=true and enableNTLMv2=true.

I tried to find source of this bug myself with no results, this whole thing is
quite complex. What bothers me is 'looks like the user canceled the
authentication dialog' line, like kio_http tries to fetch data again after
getting NTLM challenge, but abandons attempt immediately. 

Versions installed: kde-frameworks/kio: 5.58.0, kde-apps/kdepim-runtime:
19.04.2, akonadi-ews-resource's about dialog shows version: 5.11.2.

Hope this helps.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list