"Authentication failed" in 6.x

[bukephalos]

When I tried to update from a 5.x version to 6.1.0 I could no longer connect from Thunderbird. To help fixing the issue I did two tests, one with 6.1.0, the second with 5.5.1, which still works fine but might not be a good choice security-wise. I tested both versions on the same machine with the same Thunderbird and the same davmail.properties, both with logging set to DEBUG. I also did a short test with 6.0.1 which also fails with the same error, so it seems a bug introduced with 6.x.

I have little knowledge about the inner workings but I see two main differences: 1. the Accept-Encoding header in 6.1.0 (probably not important) and 2. the missing Cookie in 6.1.0. It seems to be set only after the 401 response from the server. 5.5.1 seems to get it early enough. Of course I might be on the wrong track but still hope for a fix ;-) If you need any further info/test-output, just let me know.

Here is the difference I found (slightly shortened):

# 6.1.0:
http-outgoing-2 >> "POST /ews/exchange.asmx HTTP/1.1[\r][\n]"
http-outgoing-2 >> "Content-Length: 429[\r][\n]"
http-outgoing-2 >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
http-outgoing-2 >> "Host: our.server.tld[\r][\n]"
http-outgoing-2 >> "Connection: Keep-Alive[\r][\n]"
http-outgoing-2 >> "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Edg/90.0.818.49[\r][\n]"
http-outgoing-2 >> "Accept-Encoding: gzip,deflate[\r][\n]"
http-outgoing-2 >> "Authorization: NTLM [some auth hash][\r][\n]"
http-outgoing-2 >> "[\r][\n]"
http-outgoing-2 >> "<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages"><soap:Header></soap:Header><soap:Body><m:GetFolder><m:FolderShape><t:BaseShape>IdOnly</t:BaseShape></m:FolderShape><m:FolderIds><t:DistinguishedFolderId Id="root"/></m:FolderIds></m:GetFolder></soap:Body></soap:Envelope>"

# Answer:
http-outgoing-2 << "HTTP/1.1 401 Unauthorized[\r][\n]"
http-outgoing-2 << "Server: Microsoft-IIS/8.0[\r][\n]"
http-outgoing-2 << "request-id: ab77a050-e1d9-4950-ad7d-273e232e0fef[\r][\n]"
http-outgoing-2 << "Set-Cookie: ClientId=OXWQGAB9UOYPEKFYDDZAG; expires=Fri, 03-May-2024 17:13:53 GMT; path=/; HttpOnly[\r][\n]"
http-outgoing-2 << "X-OWA-Version: 15.0.1497.48[\r][\n]"
http-outgoing-2 << "WWW-Authenticate: Negotiate[\r][\n]"
http-outgoing-2 << "WWW-Authenticate: NTLM[\r][\n]"
http-outgoing-2 << "X-Powered-By: ASP.NET[\r][\n]"
http-outgoing-2 << "X-FEServer: Servername[\r][\n]"
http-outgoing-2 << "Date: Thu, 04 May 2023 17:13:52 GMT[\r][\n]"
http-outgoing-2 << "Content-Length: 0[\r][\n]"
http-outgoing-2 << "[\r][\n]"
2023-05-04 19:13:53,394 DEBUG [ImapConnection-59066] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: ClientId][value: OXWQGAB9UOYPEKFYDDZAG][domain: our.domain.tld][path: /][expiry: Fri May 03 19:13:53 CEST 2024]
2023-05-04 19:13:53,400 INFO  [ImapConnection-59066] davmail.connection  - FAILED - 127.0.0.1:59066 user@domain.tld
2023-05-04 19:13:53,403 ERROR [ImapConnection-59066] davmail  - Authentication failed: invalid user or password
davmail.exception.DavMailAuthenticationException: Authentication failed: invalid user or password
        at davmail.exchange.ews.EwsExchangeSession.checkEndPointUrl(EwsExchangeSession.java:228)
        at davmail.exchange.ews.EwsExchangeSession.buildSessionInfo(EwsExchangeSession.java:237)
        at davmail.exchange.ews.EwsExchangeSession.<init>(EwsExchangeSession.java:176)
        at davmail.exchange.ews.EwsExchangeSession.<init>(EwsExchangeSession.java:205)
        at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:192)
        at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:93)
        at davmail.imap.ImapConnection.run(ImapConnection.java:155)
2023-05-04 19:13:53,405 DEBUG [ImapConnection-59066] davmail  - > 87 NO LOGIN failed

# 5.5.1:
httpclient.wire.header  - >> "POST /ews/exchange.asmx HTTP/1.1[\r][\n]"
httpclient.wire.header  - >> "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; Microsoft Outlook 15.0.4420)[\r][\n]"
httpclient.wire.header  - >> "Content-Length: 429[\r][\n]"
httpclient.wire.header  - >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
httpclient.wire.header  - >> "Authorization: NTLM [some auth hash][\r][\n]"
httpclient.wire.header  - >> "Host: our.server.tld[\r][\n]"
httpclient.wire.header  - >> "Cookie: $Version=0; ClientId=ADZDIJCDEUBFTFVTDXKG; $Path=/[\r][\n]"
httpclient.wire.header  - >> "[\r][\n]"
httpclient.wire.content  - >> "<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages"><soap:Header></soap:Header><soap:Body><m:GetFolder><m:FolderShape><t:BaseShape>IdOnly</t:BaseShape></m:FolderShape><m:FolderIds><t:DistinguishedFolderId Id="root"/></m:FolderIds></m:GetFolder></soap:Body></soap:Envelope>"

httpclient.wire.header  - << "HTTP/1.1 200 OK[\r][\n]"

[mguessan]

Ok this one may be tricky... from DavMail 5 to 6 we switched from the old HttpClient 3 with a DavMail specific NTLM implementation to HttpClient 4 and its integrated NTLM authentication module.

In your case it seems that the NTLM authentication fails => would need to compare the actual NTLM messages to understand what may be wrong.

Of course don't share those publicly, please send me a private message

[UlyssesZh]

Got similar errors recently here. The server (davmail 6.1.0) ran almost flawlessly until I moved my place (geographically).

2023-06-24 23:06:12,322 DEBUG [ImapConnection-48680] davmail  - < LOGIN ********
2023-06-24 23:06:12,322 DEBUG [ImapConnection-48680] davmail.exchange.ExchangeSession  - Direct EWS authentication
2023-06-24 23:06:12,348 DEBUG [ImapConnection-48680] davmail.http.DavGatewaySSLSocketFactory  - createSocket outlook.office365.com 443
2023-06-24 23:06:13,125 DEBUG [ImapConnection-48680] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: exchangecookie][value: a74cfe44688e421fb3d583ede5889774][domain: outlook.
office365.com][path: /][expiry: Mon Jun 24 23:06:13 PDT 2024]
2023-06-24 23:06:13,125 INFO  [ImapConnection-48680] davmail.connection  - FAILED - 127.0.0.1:48680 ulysseszhan@outlook.com
2023-06-24 23:06:13,125 ERROR [ImapConnection-48680] davmail  - Authentication failed: invalid user or password
davmail.exception.DavMailAuthenticationException: Authentication failed: invalid user or password
        at davmail.exchange.ews.EwsExchangeSession.checkEndPointUrl(EwsExchangeSession.java:228)
        at davmail.exchange.ews.EwsExchangeSession.buildSessionInfo(EwsExchangeSession.java:237)
        at davmail.exchange.ews.EwsExchangeSession.<init>(EwsExchangeSession.java:176)
        at davmail.exchange.ews.EwsExchangeSession.<init>(EwsExchangeSession.java:205)
        at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:192)
        at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:93)
        at davmail.imap.ImapConnection.run(ImapConnection.java:128)
2023-06-24 23:06:13,125 DEBUG [ImapConnection-48680] davmail  - > K1 NO LOGIN failed

Not necessarily related to @bukephalos 's problem because the problem persists even if I downgrade to 5.5.1.

[mguessan]

@bukephalos sorry for the late response.

I believe the issue is related to windows domain name in NTLM message, with upn usernames (user@company.com) the NT domain is missing so appears empty in NTLM message.

One workaround may be to force default domain in DavMail settings or switch back to domain\username for client authentication. Please resend new NTLM messages on my private mail if you still have the issue

[bukephalos]

Thanks for further looking into it. Can I try these workarounds myself or do I need a newer version for it?

Regarding default domain: can I see the exact name of the windows domain somewhere within the Outlook web app? And how can I switch back to domain\username for client authentification?

[mguessan]

Windows domain is visible on windows through cmd: echo %userdomain%

[duriantang]

Same issue here, only latest 5.x version works.

[mguessan]

I double checked NTLM flags: latest version uses the same flags as DavMail v5 with HttpClient 3. Thus it may be that we have different values for username/domain/workstation.

I added a few log statements in trunk (downloadable from GitHub) to help us investigate this further

[UlyssesZh]

Last time I fixed this without knowing how. Now I came across the exact same problem after trying to migrate my davmail deployment to another server. The error is the same as https://github.com/mguessan/davmail/issues/288#issuecomment-1605890718. I have three outlook accounts, and only one of them is having this issue while others can log in fine.

[esabol]

Exactly which version of DavMail are you using, @UlyssesZh ?

[UlyssesZh]

I am running 6.2.2.

[esabol]

Good! That means you have the additional NTLM logging that @mguessan added in order to investigate this issue. So what you need to do is post a DEBUG log file of your DavMail attempting to authenticate and failing for @mguessan to look at it.

I suggest opening a new issue unless you're absolutely certain the problem you're having is the same one as what is being discussed in this old issue.

[UlyssesZh]

Something strange happened. I suddenly can log in now without doing anything special. I haven't even restarted davmail, but my client can log in this morning while it couldn't last night.

The log about failing to authenticate is now unavailable. I cleared the logs before I attempted to reproduce the problem today so that I could have a cleaner log to share.

[kstephan-wescale]

I have the same issue and are stuck to v5.5.1. Here’s the repeating log output for v6.2.2:

Using system provided JRE
openjdk version "22" 2024-03-19
OpenJDK Runtime Environment (build 22)
OpenJDK 64-Bit Server VM (build 22, mixed mode, sharing)
2024-06-03 10:36:41,455 DEBUG [main] davmail.DavGateway  - Start DavMail in server mode
2024-06-03 10:36:41,470 INFO  [main] davmail  - DavMail Gateway 6.2.2-3546 listening on SMTP port 1025 POP port 1110 IMAP port 1143 CALDAV port 1080 LDAP port 1389
2024-06-03 10:37:00,393 DEBUG [davmail.imap.ImapServer] davmail  - Connection from /127.0.0.1 on port 1143
2024-06-03 10:37:00,407 INFO  [davmail.imap.ImapServer] davmail.connection  - CONNECT - 127.0.0.1:35764
2024-06-03 10:37:00,515 DEBUG [ImapConnection-35764] davmail.http.DavGatewaySSLSocketFactory  - createSocket SERVER 443
2024-06-03 10:37:00,735 DEBUG [ImapConnection-35764] davmail.exchange.ExchangeSession  - Test configuration status: 302
2024-06-03 10:37:00,736 DEBUG [ImapConnection-35764] davmail  - > * OK [CAPABILITY IMAP4REV1 AUTH=LOGIN MOVE SPECIAL-USE UIDPLUS] IMAP4rev1 DavMail 6.2.2-3546 server ready
2024-06-03 10:37:00,822 DEBUG [ImapConnection-35764] davmail  - < LOGIN ********
2024-06-03 10:37:00,852 DEBUG [ImapConnection-35764] davmail.http.DavGatewaySSLSocketFactory  - createSocket SERVER 443
2024-06-03 10:37:00,948 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Creating NTCredentials for user USER@DOMAIN workstation HOST domain https://SERVER
2024-06-03 10:37:00,950 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - GET https://SERVER/owa
2024-06-03 10:37:00,974 DEBUG [ImapConnection-35764] davmail.http.DavGatewaySSLSocketFactory  - createSocket SERVER 443
2024-06-03 10:37:01,064 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Redirect https://SERVER/owa to https://SERVER/owa/auth/logon.aspx?url=https%3a%2f%2fSERVER%2fowa&reason=0
2024-06-03 10:37:01,088 DEBUG [ImapConnection-35764] davmail.http.DavGatewaySSLSocketFactory  - createSocket SERVER 443
2024-06-03 10:37:01,215 DEBUG [ImapConnection-35764] davmail.exchange.ExchangeSession  - Form based authentication detected
2024-06-03 10:37:01,246 DEBUG [ImapConnection-35764] davmail.exchange.ExchangeSession  - Detected script based logon, redirect to form at https://SERVER/owa/auth/logon.aspx?replaceCurrent=1&url=https://SERVER/owa
2024-06-03 10:37:01,246 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - GET https://SERVER/owa/auth/logon.aspx?replaceCurrent=1&url=https://SERVER/owa
2024-06-03 10:37:01,313 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: PBack][value: 0][domain: SERVER][path: /][expiry: null]
2024-06-03 10:37:01,313 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - POST https://SERVER/owa/auth.owa
2024-06-03 10:37:01,313 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - [destination=https://SERVER/owa, forcedownlevel=0, isUtf8=1, username=USER@DOMAIN, password=OI7e2LfvU3AJTMy3ZdTXYq6o7, trusted=4, flags=4]
2024-06-03 10:37:01,342 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: cadata][value: VXo8JicErveztFEQ8Dlv8Gv+kU2th4YPZjVKLzMCgbfg6laHhFH2sapYsOg5k4TFR6YbV9Yd1jyoRY10sxsc7xikvXW/aS+SA5A6eZZQF9tRuWipdmiz015aZ1rw2MQRGTu5Oh/2Solt6rfY5zZE191f0LkmxG8Y09Vf5nqevx0=][domain: SERVER][path: /][expiry: null]
2024-06-03 10:37:01,342 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: cadataTTL][value: JYI4DJs+0JNDKevOMSqN+Q==][domain: SERVER][path: /][expiry: null]
2024-06-03 10:37:01,342 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: cadataKey][value: CddBj6eFi+YBGam4Ai9g9VKXsy0Pd6xVkm/aq4LykOyZwRNC1Fc19mlGwpr8gcEjZmwqxqf6x/woF7OgB/7WjvMnUYv7uur+y3/i+u7xcWPQSO3Aq/nq/KMAPcidJWEPwAPvRPSnVUDIsE7nwcxRv5S/xLZXKtfXvto70RHBdIn1SCyS1meMOLpSZ21ldfsIdZTqdMtFMqGBvBt2FMvtl+G+tMWfHq6LgR9eKvKLtxY5W1qNs9suhOOmFCAMnRLLy6Zmh1Lb3x1ABVXFCCgHB1/fioO4/ZeFRQVw7GMHY+7PgNboORcY8Diao2EEkzI70SWYo2pFOss2Tc6sjjB/dA==][domain: SERVER][path: /][expiry: null]
2024-06-03 10:37:01,343 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: cadataIV][value: bJaKcItckiGh37sgoYY/b8E5YsyuRCXd8Dx0Itlb/zcQB0v7r1EjOwhsVlcOtNtyjs3TBHDpTxejlSUC0Uclfx1QhyfYpdwNGC7XvyUxy0k04LqpKGgD8AYuyR7QM641YSeCqtGkdXRhBorGWGdpdvmP3CrswewLNzIyZ9LM2ARBQVp+Ldf2MWAKdjpQpyAP4smezA291zJTuX1EzYMIJSnYGjZIrJAQ3t0qaJQkMl633Ueu+GPIF4Q00UYwJV2k6PTHTs0NqGf2VeIqvilBLKjA62yUvYMCNhW8kJJJ0tXJeaftTZ4wvtiPlP6+gkuDAR1xANr7F1KhTgaG+bgo0Q==][domain: SERVER][path: /][expiry: null]
2024-06-03 10:37:01,343 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: cadataSig][value: B1KlHETljQWSUKENdIajgRC5tjaa4Q/Q1013/QrRLhw=][domain: SERVER][path: /][expiry: null]
2024-06-03 10:37:01,343 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Redirect https://SERVER/owa/auth.owa to https://SERVER/owa
2024-06-03 10:37:01,367 DEBUG [ImapConnection-35764] davmail.http.DavGatewaySSLSocketFactory  - createSocket SERVER 443
2024-06-03 10:37:01,533 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: ClientId][value: 5C12027B52E1454E9847E87708C90B29][domain: SERVER][path: /][expiry: Tue Jun 03 10:37:01 CEST 2025]
2024-06-03 10:37:01,533 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: UC][value: ea5291b35521491c8902b991c54ab46e][domain: SERVER][path: /][expiry: null]
2024-06-03 10:37:01,533 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: X-BackEndCookie][value: S-1-5-21-560141573-2994008497-170213316-1405=u56Lnp2ejJqBmsybyp6azcbSzMzOz9LLx57P0seezs3SypydzJ3Gy8/Knc/MgYHNz83L0s/I0s/Mq8/HxczIxc/O][domain: SERVER][path: /owa][expiry: Wed Jul 03 10:37:01 CEST 2024]
2024-06-03 10:37:01,534 DEBUG [ImapConnection-35764] davmail.http.HttpClientAdapter  - Redirect https://SERVER/owa/auth.owa to /owa/auth/errorfe.aspx?httpCode=500&msg=2531718342&owaError=Microsoft.Exchange.Data.Storage.TooManyObjectsOpenedException&owaVer=15.1.2507.39&be=SRV-MX-201&ts=133618774214936353&ClientRequestId=638530006214660893&fe=SRV-MX-202&reqid=6920a747-559e-493f-b307-f270ca5d478f&creqid=&cid=&inex=Microsoft.Mapi.MapiExceptionSessionLimit&rt=Form15&et=DefaultPage&pal=0&dag=DagNotFound&forest=central-it-services.de&te=0&refurl=https%3a%2f%2fsrv-mx-201.central-it-services.de%3a444%2fowa
2024-06-03 10:37:01,566 DEBUG [ImapConnection-35764] davmail.http.DavGatewaySSLSocketFactory  - createSocket SERVER 443
2024-06-03 10:37:01,688 ERROR [ImapConnection-35764] davmail.exchange.ExchangeSession  - Exchange login exception: Internal Server Error
2024-06-03 10:37:01,688 INFO  [ImapConnection-35764] davmail.connection  - FAILED - 127.0.0.1:35764 USER@DOMAIN
2024-06-03 10:37:01,688 ERROR [ImapConnection-35764] davmail  - Exchange login exception: Internal Server Error
davmail.exception.DavMailException: Exchange login exception: Internal Server Error
        at davmail.exchange.auth.ExchangeFormAuthenticator.authenticate(ExchangeFormAuthenticator.java:238)
        at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:208)
        at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:93)
        at davmail.imap.ImapConnection.run(ImapConnection.java:128)
2024-06-03 10:37:01,689 DEBUG [ImapConnection-35764] davmail  - > 1 NO LOGIN failed
2024-06-03 10:37:01,689 INFO  [ImapConnection-35764] davmail.connection  - DISCONNECT - 127.0.0.1:35764

[esabol]

@kstephan-wescale : Recent commits within the past week by @mguessan have modified the NTLM implementation. I recommend that you download a recent trunk build (refer to the README.md) and try that.

[kstephan-wescale]

Thanks! With the trunk version the error is DavMailAuthenticationException: Authentication failed: invalid user or password:

Using system provided JRE
openjdk version "22" 2024-03-19
OpenJDK Runtime Environment (build 22)
OpenJDK 64-Bit Server VM (build 22, mixed mode, sharing)
2024-06-03 11:22:08,139 DEBUG [main] davmail.DavGateway  - Start DavMail in server mode
2024-06-03 11:22:08,154 INFO  [main] davmail  - DavMail Gateway 6.2.2-trunk listening on SMTP port 1025 POP port 1110 IMAP port 1143 CALDAV port 1080 LDAP port 1389
Started DavMail Gateway.
2024-06-03 11:22:20,405 DEBUG [davmail.imap.ImapServer] davmail  - Connection from /127.0.0.1 on port 1143
2024-06-03 11:22:20,420 INFO  [davmail.imap.ImapServer] davmail.connection  - CONNECT - 127.0.0.1:48540
2024-06-03 11:22:20,518 DEBUG [ImapConnection-48540] davmail.http.DavGatewaySSLSocketFactory  - createSocket owa.SERVER 443
2024-06-03 11:22:20,743 DEBUG [ImapConnection-48540] davmail.exchange.ExchangeSession  - Test configuration status: 302
2024-06-03 11:22:20,745 DEBUG [ImapConnection-48540] davmail  - > * OK [CAPABILITY IMAP4REV1 AUTH=LOGIN MOVE SPECIAL-USE UIDPLUS] IMAP4rev1 DavMail 6.2.2-trunk server ready
2024-06-03 11:22:20,840 DEBUG [ImapConnection-48540] davmail  - < LOGIN ********
2024-06-03 11:22:20,870 DEBUG [ImapConnection-48540] davmail.http.DavGatewaySSLSocketFactory  - createSocket owa.SERVER 443
2024-06-03 11:22:20,964 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Creating NTCredentials for user USER@DOMAIN workstation WORKSTATION domain https://owa.SERVER
2024-06-03 11:22:20,966 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - GET https://owa.SERVER/owa
2024-06-03 11:22:20,991 DEBUG [ImapConnection-48540] davmail.http.DavGatewaySSLSocketFactory  - createSocket owa.SERVER 443
2024-06-03 11:22:21,095 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Redirect https://owa.SERVER/owa to https://owa.SERVER/owa/auth/logon.aspx?url=https%3a%2f%2fowa.SERVER%2fowa&reason=0
2024-06-03 11:22:21,120 DEBUG [ImapConnection-48540] davmail.http.DavGatewaySSLSocketFactory  - createSocket owa.SERVER 443
2024-06-03 11:22:21,247 DEBUG [ImapConnection-48540] davmail.exchange.ExchangeSession  - Form based authentication detected
2024-06-03 11:22:21,276 DEBUG [ImapConnection-48540] davmail.exchange.ExchangeSession  - Detected script based logon, redirect to form at https://owa.SERVER/owa/auth/logon.aspx?replaceCurrent=1&url=https://owa.SERVER/owa
2024-06-03 11:22:21,276 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - GET https://owa.SERVER/owa/auth/logon.aspx?replaceCurrent=1&url=https://owa.SERVER/owa
2024-06-03 11:22:21,342 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: PBack][value: 0][domain: owa.SERVER][path: /][expiry: null]
2024-06-03 11:22:21,342 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - POST https://owa.SERVER/owa/auth.owa
2024-06-03 11:22:21,342 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - [destination=https://owa.SERVER/owa, forcedownlevel=0, isUtf8=1, username=USER@DOMAIN, password=OI7e2LfvU3AJTMy3ZdTXYq6o7, trusted=4, flags=4]
2024-06-03 11:22:21,370 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: cadata][value: d5JfrJoQ2zB7nS0IcC79wkFDuqVD2HpALugd7R0JDSDH1Akv4f3W4cIMbRUaRikWalxtN1kxBzb5/pME/nLqNPHbXXenH8YoLe2tfM8pfLC/jrNGAln459403H1MhggJUIutK6dOnufF7gaZg33GxfwcF1zkxehWIovuzietcwU=][domain: owa.SERVER][path: /][expiry: null]
2024-06-03 11:22:21,370 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: cadataTTL][value: slH4gXnxzswQEsssgTYm/A==][domain: owa.SERVER][path: /][expiry: null]
2024-06-03 11:22:21,370 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: cadataKey][value: J21U9hxH5jVW3uDW9GiYk6HREUzU7gV4L47fFBEdgUYpIKxLjyT8wZt4CCINwHBKkSTMUV3x8WK9OO2OiVqTK7iDTW9Dvcm6myzNGCyUQjEkhTnPestc8lnGzEQnk1o4ImK97flnC/SuiZknseD5CSN8dijzqVFmpXw4Da+DqRxL6EEnJcOr3qXh7VDqz/7YTsqrPeIP0M/I3XlSxEVup64l7hXwkbnGfodECfXvw3zG2OUs2IUq5oIDXDvC9wSYa14qrP2OvrS8EYDINzKE6Nxx48fFRwaSKsDueaEqWZbV3arjM9yPa5mPv1ZZjj7Y9m5blH5e4HRsLZpAjITehA==][domain: owa.SERVER][path: /][expiry: null]
2024-06-03 11:22:21,371 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: cadataIV][value: lgDLWHiz++OvSgxS1DSK7YAEGncJzJPfZm9AkZymAJPwYdU/fkSxoD0fCMNKOG+fH5OO7Mciz8hl8Zij/SKD621DI7cS326wipAmoJgKluTZS/9ciZZ2cg+kMeEVFciynxFUpIl40arG64+m+4U2wdkgNyBOHwgN1NIMu3rkgWy2iFAa6/VtzkloIFSs6Kda8HrBF8PUi1faIB6nXoMn5eRefaydcWcMIHp36UJMVCWyOz1v++JYg7QGI81uixSQV4cKK9zA0nkffkK8YWFpsUjHsl5S52KnzZcQlTa/gAlLrRAReHjgPMSGHhiuZs3Ef8VD67w6vHd/zF++3MV45g==][domain: owa.SERVER][path: /][expiry: null]
2024-06-03 11:22:21,371 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: cadataSig][value: KFmBUxQ4zMJc7KXazqE6KjRNVZJmZksWBXPzgqiXiAo=][domain: owa.SERVER][path: /][expiry: null]
2024-06-03 11:22:21,371 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Redirect https://owa.SERVER/owa/auth.owa to https://owa.SERVER/owa
2024-06-03 11:22:21,395 DEBUG [ImapConnection-48540] davmail.http.DavGatewaySSLSocketFactory  - createSocket owa.SERVER 443
2024-06-03 11:22:21,596 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: ClientId][value: 8BC6752237554717BE4B028B83662E74][domain: owa.SERVER][path: /][expiry: Tue Jun 03 11:22:21 CEST 2025]
2024-06-03 11:22:21,597 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: UC][value: 4d7f930510fb4aaabb1fb5992cbe768e][domain: owa.SERVER][path: /][expiry: null]
2024-06-03 11:22:21,597 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: X-BackEndCookie][value: S-1-5-21-560141573-2994008497-170213316-1405=u56Lnp2ejJqBmsybyp6azcbSzMzOz9LLx57P0seezs3SypydzJ3Gy8/Knc/MgYHNz83L0s/I0s/Mq8/Gxc3Nxc3O][domain: owa.SERVER][path: /owa][expiry: Wed Jul 03 11:22:21 CEST 2024]
2024-06-03 11:22:21,598 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Redirect https://owa.SERVER/owa/auth.owa to /owa/
2024-06-03 11:22:21,622 DEBUG [ImapConnection-48540] davmail.http.DavGatewaySSLSocketFactory  - createSocket owa.SERVER 443
2024-06-03 11:22:21,755 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: X-OWA-CANARY][value: enK5H2e4kkSx5LLlluVEndDtQKyug9wIolmnb3znDi3Ww6gc3vIn2NrzHTftS1l3Q2OmET_sZB8.][domain: owa.SERVER][path: /][expiry: null]
2024-06-03 11:22:21,756 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: X-BackEndCookie][value: S-1-5-21-560141573-2994008497-170213316-1405=u56Lnp2ejJqBmsybyp6azcbSzMzOz9LLx57P0seezs3SypydzJ3Gy8/Knc/MgYHNz83L0s/I0s/Mq8/Gxc3Nxc3O][domain: owa.SERVER][path: /owa][expiry: Wed Jul 03 11:22:21 CEST 2024]
2024-06-03 11:22:21,797 DEBUG [ImapConnection-48540] davmail.exchange.ExchangeSession  - Successfully authenticated to https://owa.SERVER/owa/
2024-06-03 11:22:21,870 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Add cookie [version: 0][name: X-BackEndCookie][value: S-1-5-21-560141573-2994008497-170213316-1405=u56Lnp2ejJqBmsybyp6azcbSzMzOz9LLx57P0seezs3SypydzJ3Gy8/Knc/MgYHNz83L0s/I0s/Mq8/Gxc3Nxc3O][domain: owa.SERVER][path: /owa][expiry: Wed Jul 03 11:22:21 CEST 2024]
2024-06-03 11:22:22,014 WARN  [ImapConnection-48540] davmail.exchange.ExchangeSession  - Public folders not available: owa.SERVER:443 failed to respond
2024-06-03 11:22:22,014 DEBUG [ImapConnection-48540] davmail.exchange.ExchangeSession  - Unable to get user email with alias null or null or null
2024-06-03 11:22:22,014 DEBUG [ImapConnection-48540] davmail.exchange.ExchangeSession  - Current user email is unknown@SERVER, alias is unknown, mailPath is /exchange/unknown@SERVER/ on Exchange2007
2024-06-03 11:22:22,039 DEBUG [ImapConnection-48540] davmail.http.DavGatewaySSLSocketFactory  - createSocket owa.SERVER 443
2024-06-03 11:22:22,132 ERROR [ImapConnection-48540] davmail.exchange.ExchangeSession  - owa.SERVER:443 failed to respond
2024-06-03 11:22:22,132 DEBUG [ImapConnection-48540] davmail.exchange.ExchangeSession  - Unable to get mail folder at /exchange/unknown@SERVER/, Webdav not available on Exchange server, retry with EWS
2024-06-03 11:22:22,146 DEBUG [ImapConnection-48540] davmail.http.HttpClientAdapter  - Creating NTCredentials for user USER@DOMAIN workstation WORKSTATION domain https://owa.SERVER
2024-06-03 11:22:22,174 DEBUG [ImapConnection-48540] davmail.http.DavGatewaySSLSocketFactory  - createSocket owa.SERVER 443
2024-06-03 11:22:22,274 DEBUG [ImapConnection-48540] davmail.http.DavMailNTLMEngineImpl  - generateType1Msg domain='HTTPS://owa.SERVER' workstation='WORKSTATION'
2024-06-03 11:22:22,302 DEBUG [ImapConnection-48540] davmail.http.DavMailNTLMEngineImpl  - generateType3Msg type2Flags -1568046571 target='CENTRALIT username='USER@DOMAIN'
2024-06-03 11:22:22,343 INFO  [ImapConnection-48540] davmail.connection  - FAILED - 127.0.0.1:48540 USER@DOMAIN
2024-06-03 11:22:22,344 ERROR [ImapConnection-48540] davmail  - Authentication failed: invalid user or password
davmail.exception.DavMailAuthenticationException: Authentication failed: invalid user or password
        at davmail.exchange.ews.EwsExchangeSession.checkEndPointUrl(EwsExchangeSession.java:228)
        at davmail.exchange.ews.EwsExchangeSession.buildSessionInfo(EwsExchangeSession.java:237)
        at davmail.exchange.ews.EwsExchangeSession.<init>(EwsExchangeSession.java:176)
        at davmail.exchange.ews.EwsExchangeSession.<init>(EwsExchangeSession.java:205)
        at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:216)
        at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:93)
        at davmail.imap.ImapConnection.run(ImapConnection.java:128)
2024-06-03 11:22:22,347 DEBUG [ImapConnection-48540] davmail  - > 1 NO LOGIN failed
2024-06-03 11:22:22,347 INFO  [ImapConnection-48540] davmail.connection  - DISCONNECT - 127.0.0.1:48540

[mguessan]

Ok so this looks like latest version.

the domain does not seem right, are you sure it's a url? => please remove the davmail default domain setting

It seems you have form authentication and DAV/EWS failover: => try to use /EWS/Exchange.asmx as path in OWA url and set mode to EWS to authenticate straight to EWS endpoint

If it's still working with an older DavMail version it's probably not a channel binding issue: was not implemented in older DavMail versions

[kstephan-wescale]

I replaced the real values, SERVER, DOMAIN, USER and WORKSTATION are placeholders, sorry if that’s confusing.

Changing the settings as you proposed helped! In detail I did:

• set davmail.url=https://owa.(…)/EWS/Exchange.asmx
• set davmail.mode=EWS
• remove the davmail.defaultDomain line

Thanks a lot!

[esabol]

@kstephan-wescale wrote

Changing the settings as you proposed helped!

So it's working correctly for you now? If so, that's great!

[kstephan-wescale]

Yes, with the trunk as well as the latest release version.

[geor-g]

@esabol @mguessan

I'm possibly running into the same problem, after upgrading Debian bullseye to bookworm, that is, 5.5.1.3299-5 to 6.0.1.3390-7. I've tested 6.2.2.3546-1, which is the lastest release currently available via Debian, and according to comments above, I would like to test the recent changes in regards to NTLM auth.

However, it seems appveyor removes build artifcats 30 days past a CI job, which is why the latest trunk artificats are not available anymore: {"message":"Artifact not found or access denied."} if trying to pull https://ci.appveyor.com/api/projects/mguessan/davmail/artifacts/dist%2Fdavmail_6.2.2-trunk-1_all.deb?job=Environment%3A%20JAVA_HOME%3DC%3A%5CProgram%20Files%5CJava%5Cjdk1.8.0, given in the README.

Any chance of triggering a new build?

Thanks so much for your work on davmail -- it's a great piece of software.