ActiveSync with Open-Xchange quitting with HTTP 405

[deadmanIsARabbit]

Hi,

I'm trying to connect TbSync with an OX installation. While Android and iOS devices have no problem to connect via EAS TbSync keeps quitting with the following messages:

With Provisioning enabled:

Wed May 10 2017 16:16:06 GMT+0200 (CEST) [setSyncState] : State: syncing, Account: EAS IP Based test

Wed May 10 2017 16:16:06 GMT+0200 (CEST) [setSyncState] : State: requestingprovision, Account: EAS IP Based test

Wed May 10 2017 16:16:06 GMT+0200 (CEST) [Sending data requestingprovision (WBXML)] : 3 1 6a 0 0 e 45 46 47 48 3 4d 53 2d 45 41 53 2d 50 72 6f 76 69 73 69 6f 6e 69 6e 67 2d 57 42 58 4d 4c 0 1 1 1 1

Wed May 10 2017 16:16:06 GMT+0200 (CEST) [Sending data requestingprovision (XML)] : <?xml version="1.0"?>

MS-EAS-Provisioning-WBXML

Wed May 10 2017 16:16:06 GMT+0200 (CEST) [sending] : POST http://IP.OF.OX.SERVER/Microsoft-Server-ActiveSync?Cmd=Provision&User=MYUSER&DeviceType=Thunderbird&DeviceId=mztb9a217ad00e0ef89fb656a7267d2f

Wed May 10 2017 16:16:06 GMT+0200 (CEST) [PolicyKey used] : 0

Wed May 10 2017 16:16:06 GMT+0200 (CEST) [finishSync(): Error @ Account EAS IP Based test] : Communication error (HTTP status 405).

Wed May 10 2017 16:16:06 GMT+0200 (CEST) [setSyncState] : State: done, Account: EAS IP Based test

Wed May 10 2017 16:16:06 GMT+0200 (CEST) [setSyncState] : State: accountdone, Account: EAS IP Based test

Wed May 10 2017 16:16:08 GMT+0200 (CEST) [setSyncState] : State: idle

Without Provisioning:

Wed May 10 2017 16:18:10 GMT+0200 (CEST) [setSyncState] : State: syncing, Account: EAS IP Based test

Wed May 10 2017 16:18:10 GMT+0200 (CEST) [setSyncState] : State: requestingfolders, Account: EAS IP Based test

Wed May 10 2017 16:18:10 GMT+0200 (CEST) [Sending data requestingfolders (WBXML)] : 3 1 6a 0 0 7 56 52 3 30 0 1 1

Wed May 10 2017 16:18:10 GMT+0200 (CEST) [Sending data requestingfolders (XML)] : <?xml version="1.0"?>

0

Wed May 10 2017 16:18:10 GMT+0200 (CEST) [sending] : POST http://IP.OF.OX.SERVER/Microsoft-Server-ActiveSync?Cmd=FolderSync&User=MYUSER&DeviceType=Thunderbird&DeviceId=mztb9a217ad00e0ef89fb656a7267d2f

Wed May 10 2017 16:18:10 GMT+0200 (CEST) [finishSync(): Error @ Account EAS IP Based test] : Communication error (HTTP status 405).

Wed May 10 2017 16:18:10 GMT+0200 (CEST) [setSyncState] : State: done, Account: EAS IP Based test

Wed May 10 2017 16:18:10 GMT+0200 (CEST) [setSyncState] : State: accountdone, Account: EAS IP Based test

Wed May 10 2017 16:18:11 GMT+0200 (CEST) [setSyncState] : State: idle

Calling the site with method OPTIONS results in:

curl -i -k -X OPTIONS http://IP.OF.OX.SERVER/Microsoft-Server-ActiveSync 'HTTP/1.1 200 OK Date: Wed, 10 May 2017 14:20:43 GMT Server: grizzly/2.2.22 Public: OPTIONS, POST MS-ASProtocolVersions: 2.5,12.0,12.1 MS-ASProtocolCommands: Sync,FolderCreate,FolderDelete,FolderSync,FolderUpdate,GetAttachment,GetHierarchy,GetItemEstimate,MeetingResponse,MoveItems,Ping,Provision,ResolveRecipients,Search,SendMail,SmartForward,SmartReply,ValidateCert,Settings,ItemOperations Pragma: no-cache Allow: GET, HEAD, POST, TRACE, OPTIONS Via: 1.1 HOST.DOMAIN.TLD Keep-Alive: timeout=5, max=100 Content-Length: 0 Accept-Ranges: none Connection: keep-alive

Do you have any idea why or is there no implementation for open-xchange planned?

[jobisoft]

This looks strange, your server complains, that the POST method is not allowed, but EAS MUST use POST requests. I am lost. Furthermore, your server states that it does support POST.

Could you capture a request (including url and binary data) issued by your other devices, which apparently do not fail? Does it look differently to the one I am using?

Could you use curl to issue such a POST request by hand to your server?

Does it make any difference using https?

If open-xchange supports EAS, it should work with TbSync... maybe someone else knows more about this.

[deadmanIsARabbit]

Sure here we go. That's from the access log when connecting with my Android Device:

10.0.0.250 - - [11/May/2017:11:02:32 +0200] "POST /Microsoft-Server-ActiveSync?Cmd=Ping&User=MYUSER&DeviceId=androidc331384742&DeviceType=SonyD6603 HTTP/1.1" 200 433 "-" "SonyD6603/6.0.1-EAS-2.0" 10.0.0.250 - - [11/May/2017:11:02:33 +0200] "POST /Microsoft-Server-ActiveSync?Cmd=Sync&User=MYUSER&DeviceId=androidc331384742&DeviceType=SonyD6603 HTTP/1.1" 200 612 "-" "SonyD6603/6.0.1-EAS-2.0" 10.0.0.250 - - [11/May/2017:11:02:36 +0200] "POST /Microsoft-Server-ActiveSync?Cmd=FolderSync&User=MYUSER&DeviceId=androidc331384742&DeviceType=SonyD6603 HTTP/1.1" 200 598 "-" "SonyD6603/6.0.1-EAS-2.0"

This is from the EAS Debug log when I'm syncing my android:

2017-05-11 11:17:12.609: b02ef622-0453-4025-b18c-1a67423bc441 --- POST: MYUSER(10.0.0.250) application/vnd.ms-sync.wbxml --- 10:183:MYUSER:EAS:androidc331384742: Sync executed in 302 ms, 4 OX calls took 253 ms.

Fun Fact the TbSync connection attempt does not even reach the EAS Debug log. Making a CURL Post seems to work:

curl -i -k -X POST --data 'Cmd=FolderSync&User=MYUSER&DeviceType=Thunderbird&DeviceId=mztb9a217ad00e0ef89fb656a7tp://MYUSSER:MYPASSWRD@IP.OF.EAS.SERVER/Microsoft-Server-ActiveSync HTTP/1.1 200 OK Date: Thu, 11 May 2017 09:25:38 GMT Server: grizzly/2.2.22 Pragma: no-cache Content-Type: application/vnd.ms-sync.wbxml Set-Cookie: JSESSIONID=7314191431804231759.APP1; Expires=Thu, 18-May-2017 09:25:38 GMT; Path=/; HttpOnly Via: 1.1 HOST.DOMAINNAME.TLD Keep-Alive: timeout=5, max=100 Content-Length: 14 Accept-Ranges: none Connection: keep-alive

This also results in an positiv entry in the EAS Debug log:

2017-05-11 11:25:38.358: 75d99fdc-6f1d-48ef-a160-59b36b535944 --- POST: MYUSER(10.0.0.250) application/x-www-form-urlencoded --- 10:183:MYUSER:EAS:mztb9a217ad00e0ef89fb656a7267d2f: FolderSync executed in 2 ms, no OX calls made.

/EDIT: Using HTTPS doesn't make any difference.

[jobisoft]

This is very strange and really I want to get to the bottom of this... but I am still lost.

Is it correct, that you use EAS protocol version 2.5? Just for the record.

If my POST requests do not show up in your EAS log, they do not make it through to your OX service. Could you grep your other log files (for example the actual web server or firewall etc.) if they show up there?

You could also try to fiddle around with the code. Maybe this if-else is wrong for you (that is original TzPush code and not my work, I have no idea why this is there): https://github.com/jobisoft/TbSync/blob/master/content/provider/eas/eas.js#L741-L757

This is where the post request is being set up: https://github.com/jobisoft/TbSync/blob/master/content/provider/eas/eas.js#L658-L678

You can get the latest code here: https://github.com/jobisoft/TbSync/archive/master.zip

Unpack, make changes, repack, rename to xpi and install again, or link the unpacked folder directly to Thunderbird. The second method is much easier for dev, you just have to restart Thunderbird, to make it catch changes to the source folder. I described that method here (for another AddOn): https://github.com/jobisoft/CategoryManager/blob/v2.05/INSTALL.md#link-the-source-directly-to-your-thunderbird-profile

The file must be called tbsync@jobisoft.de instead of sendtocategory@jobisoft.de

I could of course also create test versions for you, if you tell me what to change.

[jobisoft]

Did you find any more helpful hints in your logfiles, why POSTs from TbSync do not get through your OX service?

Is your OX service an "out-of-the-box" service, that could be setup in a VM, so I can test it myself?

[deadmanIsARabbit]

Sorry for the late answer, but no. Sadly i haven't found any solution yet. I've tried to rewrite the POST requests and the way tbsync authenticates against the Apache but with no luck. I will keep on investigating the issue anytime i have a new idea and will report back as soon as i have a solution.

[jobisoft]

Could you try with the latest version (master branch) or include this commit in your copy:

https://github.com/jobisoft/TbSync/commit/a9b3c18e260c1269e940598d42c78fafb9d013ff

Another idea: TbSync only supports EAS v2.5 and v14.0. Does your server support any of these two?

[jobisoft]

Can you retry with the latest beta TbSync v0.6.8.3 (2017.12.28) ?

[deadmanIsARabbit]

Still no luck. I get the good old HTTP 405) error. And sorry, I didn't saw your commend from November 7th. I can't tell which version Open-Xchange is using as i can't find any documentation about it. I'm honestly not quite sure anymore if it makes sense to search for a solution. I guess there aren't that many people out there using OX. Kopane seems to be the new way to go.

[jobisoft]

One last idea/test: Could you try, if tzpush is working for you? TbSync started as a fork of tzpush 1.9.9.7, but i have changed almost every line in the source... maybe I messed something up?

https://addons.mozilla.org/de/thunderbird/addon/tzpush/

I am running out of ideas and I will eventually have to close this issue unfixed.

[jobisoft]

closing this :-(

[deadmanIsARabbit]

No need to reopen this issue as i have not solved this yet. BUT(!) to whomever may come here and stumble upon this error shall know that there is a OX variable called 'ox/caldav/useragent/whitelist'. This is a pipe (|) seperated list of client user-agents which are allowed to access the caldav ressource. This list is expanded into /etc/apache2/sites-available/ox.conf Simplý add "RewriteCond %{HTTP_USER_AGENT} Thunderbirdi\ ActiveSync\ Lightning [OR] " into to Rewrite block. This is where the 405 error came from.

FYI.

I'll be back.

[deadmanIsARabbit]

Okay... so we have a new open-XChange Server and it all works now together with the 'Provider for Caldav&Carddav' out of the box.

[jobisoft]

YEAH!!! Thanks for reporting this.

What version of Open-XChange is it, so I can add it to the wiki. The whitelist addition is still needed?

[deadmanIsARabbit]

It's Open-Xchange 7.10 with open-xchange-eas, open-xchange-eas-provisioning, open-xchange-eas-provisioning-core installed. We have not modified the whitelist.