Monday, 2 November 2015

Exchange 2013 and Exchange 2016 MAPI over HTTP

When you first install Exchange 2016, MAPI over HTTP isn't enabled and you'll see a warning like the one below. In this post, we’ll look at what MAPI over HTTP is, the benefits and impact then how to configure it.

MAPI over HTTP, the preferred Outlook desktop client connectivity with Exchange server, is currently not enabled. Consider enabling it using: Set-OrganizationConfig -MapiHttpEnabled $true

clip_image001


What is MAPI over HTTP?

In Exchange 2010, internal clients connected using RPC and external clients connected using RPC over HTTP (Outlook Anywhere). Exchange 2013 no longer supports RPC and all clients (internal and external) need to connect using RPC over HTTP.

MAPI over HTTP was released with Exchange 2013 SP1 and is the preferred connectivity method for Outlook for Exchange 2013 SP1 and later. 


How can I work out if MAPI over HTTP is already enabled?

In Outlook, you can see how you are connected. To do this, hold down CTRL and right click on the Outlook icon on the system tray then click on Connection Status. You should see a window like the one below.

clip_image002

Above, we can see that we're connected to Exchange using RPC/HTTP. 

You can also check using Exchange by running the command below: 

Get-OrganizationConfig | fl *mapi*

clip_image003

As you can see above, MAPI over HTTP is not enabled.

What are the benefits of MAPI over HTTP?

  • More visibility of transport errors
  • Enhanced recoverability
  • Faster reconnection times after resuming from hibernation or switching networks


What is the impact of MAPI over HTTP?

When you enable MAPI over HTTP, any Outlook clients that are running will prompt for a restart of Outlook. RPC over HTTP remains active so if for some reason the clients cannot connect using MAPI over HTTP, they can still connect using RPC over HTTP. This is the case for earlier versions of Outlook that don't support MAPI over HTTP. See the MAPI over HTTP requirements below.

If you're still using public folders on Exchange 2010 or 2007 then you shouldn't enable MAPI over HTTP until the public folders have been moved to Exchange 2013 as there may be problems where Outlook clients connecting using MAPI over HTTP are unable to connect to the public folders.


What are the requirements for MAPI over HTTP?

MAPI over HTTP requires both your CAS servers running Exchange 2013 SP1 or later and either Outlook 2013 SP1 or Outlook 2010 SP2 with KB2956191 and KB2965295.
Upgrading the MBX servers is also recommended to remove the Outlook client restart requirement after a database failover.

There are reports of poor performance with Outlook 2013 and MAPI over HTTP but this has been fixed in this hotfix.

How do you enable MAPI over HTTP?

To enable MAPI over HTTP, go through the steps below:

1) Upgrade all clients to Outlook 2013 SP1 or Outlook 2010 SP2 with KB2956191 and KB2965295

2) Upgrade all CAS and MBX servers to Exchange 2013 SP1 or later

3) Ensure Microsoft .NET Framework 4.5.2 is installed on the Exchange 2013 servers.
This is part of the pre-requisites for Exchange 2013 and Exchange 2016. If you have installed a previous version then install .Net 4.5.2 from here. Accept the license terms and click install:

clip_image004

clip_image005

clip_image006

4) Add the COMPLUS_DisableRetStructPinning windows environment variable
Open the command prompt and run systempropertiesadvanced

clip_image007

Click on environment variables:

clip_image008

Click New to add a new system variable and enter the below details:

clip_image009

Click OK. You should now see your new entry:

clip_image010

Click OK twice to close the windows and save your changes.

5) Configure SSL certificates

In this example, I have an Exchange server called LITEX01 running Exchange 2013 CU10 and another server called LITEX02 running Exchange 2016 RTM am using the FQDN mail.litwareinc.com for Outlook Anywhere.

I already have mail.litwareinc.com as a name on the certificate I'm using for the IIS service on both servers. You can continue to use the same name as you use for Outlook Anywhere or you can use a different name. If you use a different name then you need to make sure that this is included on your SSL certificate. If you find that you need to add a new name to your certificate see here on instructions to generate a new certificate.

6) Configure MAPI virtual directory

MAPI over HTTP requires configuration. You can configure it as you configure other virtual directories such as the OAB virtual directory. Run the commands below to configure the MAPI virtual directory for each server:

Get-MapiVirtualDirectory -Server litex01 | Set-MapiVirtualDirectory -InternalUrl https://mail.litwareinc.com/mapi -ExternalUrl https://mail.litwareinc.com/mapi

Get-MapiVirtualDirectory -Server litex02 | Set-MapiVirtualDirectory -InternalUrl https://mail.litwareinc.com/mapi -ExternalUrl https://mail.litwareinc.com/mapi

clip_image011

7) Recycle the MSExchangeAutodiscoverAppPool

Exchange will eventually start pushing out the new MAPI virtual directory settings to clients but if you want to force Exchange to do this immediately then recycle the MSExchangeAutodiscoverAppPool from IIS Manager by highlighting the app pool and then clicking on recycle on the right.

clip_image012

8) Update your load balancer and reverse proxy rules

If you're using a load balancer or reverse proxy then you may need to configure it to accept the new protocol.

9) Enable MAPI over HTTP in your Exchange Organization

To do this, run the below command:

Set-OrganizationConfig -MapiHttpEnabled $true

clip_image013

9) Test Outlook AutoConfiguration

To do this, hold CTRL and right click on the Outlook icon in the system tray then click on Test E-mail AutoConfiguration. Untick all options except for Use Autodiscover then enter your email address and password then click on Test. You should see a window like below:

clip_image014

As you can see above, there is a new MAPI HTTP section in the Autodiscover response

10) Confirm Outlook is now using MAPI over HTTP

To do this, hold CTRL then right click on the Outlook icon on the system tray and click on Connection Status.

clip_image015

As above, you can see that Outlook is connecting using HTTP instead of RPC/HTTP and that it is using the new MAPI virtual directory (https://mail.litwareinc.com/mapi).

11) Test Outlook Connectivity

To do this, run the below commands to check MAPI over HTTP is working on your Exchange servers. In our case we will check both our Exchange 2013 server, Litex01 and our Exchange 2016 server, Litex02:

Test-OutlookConnectivity -RunFromServerId litex01 -ProbeIdentity OutlookMapiHttpSelfTestProbe

Test-OutlookConnectivity -RunFromServerId litex02 -ProbeIdentity OutlookMapiHttpSelfTestProbe

As you can see below, our tests have come back successful:

clip_image016

MAPI over HTTP is now enabled and configured correctly.

34 comments:

  1. Gr8 explanation, there is also workaround to force outlook 2016 to use RCP over HTTP: http://blog.domelowo.pl/2015/11/22/outlook-2016-i-problem-z-konfiguracja-konta-microsoft-exchange/

    ReplyDelete
  2. Nice detailed article. Could someone explain the advantage of mapi vs. RPC over HTTPS? Also what is the impact for people who take a laptop from inside the office on the domain to outside the office?

    ReplyDelete
  3. rpc over https is short for mapi-over-rpc-over-https.
    Outlook started with mapi-over-rpc. Due to firewall issue's, they added '-over https'. But the mapi-rpc-https contains an rpc layer, that doesn't do anything anymore. So to simplify, they made mapi-https (without rpc in the middle.)

    ReplyDelete
  4. Does COMPLUS_DisableRetStructPinning need to be run on both the Exchange 2013 and Exchange 2016 server or just one of them?

    ReplyDelete
  5. Brilliant! Had issues connecting Outlook. Had to set the externalUrl for MAPI. Thanks for the blog post

    ReplyDelete
  6. you need to enable authentication as NTML and Negotiate, if you select basic, it will give you password popup issue.

    Set-MapiVirtualDirectory -Identity "MBX01\mapi (Default Web Site)" -IISAuthenticationMethods NTML,Negotiate

    ReplyDelete
  7. Hello

    Reading this I know you will be able help fix my issue.

    I have a new Exchange 2016 server. In the process of migrating from 2010. All virtual directories are set to the mail domain on the certificate like you have done. I installed the cert and added the services of IIS, SMTP and IMAP (I dont know if that was a mistake to add it to IMAP)

    All the internal/external DNS has the mail domain pointing to the server IP. OWA works and certs show as good.

    But my outlook 2013 clients cant setup a user profile, it resolves the user e-mail address then fails as it cant connect to the 2016 server. outlook 2010 creates the profile but pops up a message saying the exchange computer name is not on the certificate, which it wont do, I then ignore that and then get a proxy error 10 saying cert error computer name not on cert.

    It then connects and works and when I look at the connection status it shows its connecting to the server name over HTTP and not the mail domain set in the virtual directory.

    Could you point me in the direction on why its trying to connect to server name rather than mail domain?

    Thank you!
    Sean

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
    2. I fixed the issue. The proxy was affecting the connection even tho it was set to bypass and the mail domain was in the exception list.

      Delete
  8. Very helpful article, it describes the stepwise guidelines to how to migrate exchange server 2013 to exchange server 2016. I also take a look at this site ( https://softcart.wordpress.com/exchange-server-migration/ ) which provides an easy way to directly migrate Exchange 2013 Server to Exchange 2016 Server and hassle free cross-domain migrations between Exchange Servers.

    ReplyDelete
  9. A great article! I would highly recommend EdbMails Edb to PST converter software for its easy to use User interface and fast export performance.EdbMails is a one stop solution for all exchange server recovery needs. It is quick and uses deep scan to recover most data out of even corrupted databases.It supports public, private folder recovery. And also supports migration to Live exchange and Office 365. Archive mailbox migration is also supported by edbmails

    ReplyDelete
  10. ASIC Antminer S9 For Sale Bitmain Chinese Store
    We are manufacturer, exporter and supplier bitcoin and altcoin ASIC mining products ASIC Antminer S9 For Sale it is ready to ship to your address any where in the world
    ASIC Antminer S9 For Sale at Cheap Rate
    with Free express shipping

    ReplyDelete
  11. Drive more Traffic to website.simple ways to increase the amount of traffic that you are getting to your website or Blog to become brand
    Drive more Traffic to Website

    ReplyDelete
  12. Thanks, for such an excellent article I would like to introduce Bitdataconversion Exchange Server Migration tool which is easy to use and do the migration task quickly and accurately. The tool helpful for those users who want risk free and safe migration between Exchange to Live-Exchange, Exchange to office 365 and Exchange to Outlook PST. The tool able to migrates public folders and archive mailboxes as well.

    For more info visit here: Read more

    ReplyDelete
  13. You make so many great points here that I read your article a couple of times. Your views are in accordance with my own for the most part. This is great content for your readers. https://www.technicalactiongroup.ca/what-tag-can-do/managed-it/

    ReplyDelete
  14. I need your position. It is really finer quality than see anyone explain in words from the basis in addition to legibility for this issue needed place are generally handily found. idm crack

    ReplyDelete
  15. I would like most of the accounts, Favor actually enjoyed, We wish addiitional details regarding it, because it will be comparatively outstanding., Respect only for proclaiming. kmspico

    ReplyDelete
  16. Thank you again for all the knowledge you distribute,Good post. I was very interested in the article, it's quite inspiring I should admit. I like visiting you site since I always come across interesting articles like this one.Great Job, I greatly appreciate that.Do Keep sharing! Regards, keyword: idm crack

    ReplyDelete
  17. Looking for Microsoft Office 365 help call on 08081642786 , visit on: Microsoft Office 365 help

    ReplyDelete
  18. Crack software! Here at Crackzoom you will get all your favorite software. Our site has a collection of useful software. That will help for your, Visite here and get all your favorite and useful software free.

    ReplyDelete
  19. I am sure this post has touched all the internet users, its really really fastidious article on building up new weblog.

    ccleaner pro crack complete version is an great application to easy probably unwanted documents and invalid Windows Registry entries from the laptop. This is an terrific system purifier for Microsoft Windows, Mac, and Android. It is the award-prevailing PC optimization device containing advanced functions for power users. Also, it is simple to apply and allows you to optimize your PC in seconds with a single click on. Moreover, this software stops all the applications that run in the history silently. In this manner, it permits you to paintings quicker via disabling unneeded packages. ccleaner pro crack trendy download gives new lifestyles on your old PC and allows to perform in real-time. It immediately makes your PC faster by way of cleaning unused documents and settings taking on difficult pressure area. With the passage of time, your registry reasons mistakes and broken settings which results in crashes. Therefore, the brand new ccleaner pro crack right here gives you a registry cleanser that cleans these files and makes your PC extra stable. While the use of the net, you aren't secure because hackers can music your sports by cookies left to your browser. ccleaner pro crack has the potential to smooth these cookies routinely as you switch off your browser.

    ReplyDelete
  20. Helloo Bhrother It’s amazing to visit this website and reading the views of all
    friends concerning this article, while I am also zealous of
    getting experience.and this is my first time go to see at here and i am genuinely pleassant
    to read everthing at one place.thanks for admin. autocad crack
    autocad 2021 Download
    autocad 2021 Crack Download
    autocad 2021

    ReplyDelete
  21. Helloo Bhrother It’s amazing to visit this website and reading the views of all
    friends concerning this article, while I am also zealous of
    getting experience.and this is my first time go to see at here and i am genuinely pleassant
    to read everthing at one place.thanks for admin. autocad 2021 Crack Download
    autocad 2021 Crack Download
    autocad 2021

    ReplyDelete
  22. Highly Compressed PC Games
    This is a good website of games. Here, on our website, we offer great online and offline games.

    ReplyDelete
  23. Fiberglass is a cloth that will absorb moisture from the ground.Aufstellbecken

    ReplyDelete
  24. Wow! Such an amazing and helpful post this is. I really really love it. It's so good and so awesome. I am just amazed. I hope that you continue to do your work like this in the future also. https://meerasimulation.com/

    ReplyDelete
  25. AntiBrowserSpy Pro Crack
    With Retail [ Latest Guru Permit Crucial is applications built to provide users a secure surfing knowledge. The web gifts you of their better chances for hacks to gain accessibility to the personal pc system of one. It isn't just a secret in which internet web browser makers are currently incorporating d =features inside their browsers, which ship data.New Crack

    ReplyDelete