Posted on August 14, 2015 · Posted in Exchange

Exchange 2013: MAPI over HTTP

In Exchange 2013 SP1 there appeared a new protocol for client connections to a mailbox — MAPI over HTTP (MAPI/HTTP). This protocol is to improve stability and reliability of Outlook connection to the Exchange server due to moving traffic to HTTP level. In this article, we’ll tell about the architecture and peculiarities of this protocol together with a short instruction on how to configure it.

In its previous versions, Outlook could interact with Exchange over RPC. In Exchange 2003 another connection protocol appeared — RPC over HTTP (or Outlook Anywhere). This protocol was used mainly for  secure connect external clients to the Exchange server. In Exchange 2013, Outlook Anywhere is used in the interaction with both internal and external clients by default. In general, when using this protocol, MAPI traffic firstly wrapped in RPC, then RPC in HTTP, and then the HTTP packet was sent to the server. The main disadvantage of RPC over HTTP is its instability in unstable connections (in public Wi-Fi networks or in the Internet).

MAPI over HTTP Exchange 2013 SP1 Architecture

MAPI over HTTP (in fact, HTTPS is used) eliminates RPC from the scheme and is based on HTTP 1.1, so to interact with the server, the clients use POST command. Outlook using MAPI over HTTP works in the same way as EWS, EAS or OWA. When using it, the scenarios, like switching between networks, recovery after network failures, wake from sleep or hibernation, etc., work better.

Advantages of MAPI over HTTP

  • Fast reconnection after link break (only TCP is reconnected, not RPC)
  • Independence of the session contents from connections (a user can change the connection network during  session)
  • Authentication using the HTTP protocol

Firstly, client-side MAPI/HTTP was supported only in Outlook 2013 SP1, but now after the update 2899591 (https://support.microsoft.com/en-us/kb/2899591/en-us) has been installed, it works in Outlook 2010 as well.

To enable MAPI over HTTP support, the system has to meet the following requirements:

  • Exchange 2013 SP1 should be installed on CAS servers
  • For optimal MAPI/HTTP performance, .NET framework 4.5.2 should be installed
  • Outlook 2013 SP1 or Outlook 2010 with the update KB2899591 should be used as clients

After Exchange 2013 SP1 is installed, MAPI virtual directory appears on a CAS server. However, MapiOverHTTP is disabled.

MAPI virtual directory in IIS

Make sure that ExternalUrl attribute is empty:

Get-MapiVirtualDirectory | ft server, *url*

Get-MapiVirtualDirectory

As we can see, ExternalUrl is empty, and we have to fill it. (In this example, we’ll specify both ExternalUrl and Internal Url; bear in mind that the Exchange certificate has to correspond to the addresses specified as the external and internal URLs.)

Get-MapiVirtualDirectory | Set-MapiVirtualDirectory -InternalUrl https://mail.contoso.com/mapi –ExternalUrl https://mail.contoso.com/mapi -IISAuthenticationMethods NTLM,Negotiate

Now you only have to activate MAPI over HTTP on the Exchange level. Make sure that the protocol is disabled:

Get-OrganizationConfig | FL *mapi*

Get-OrganizationConfig

Also, make sure that Outlook is using RPC/HTTP to connect to Exchange.

Outlook RPC/HTTP protocol

Activate MAPI/HTTP support on the server side:

Set-OrganizationConfig -MapiHttpEnabled $true

Set-OrganizationConfig-MapiHttpEnabled

After you run the command, wait for about an hour so the changes are applied on the Exchange side. If necessary, it can be done faster by restarting MS Exchange Host Service and Autodiscover pool on Mailbox server.

During autodiscovery (Autodiscover), Outlook requests MAPI over HTTP (X-MapiHttpCapability) support from the server. If the server supports this protocol, the client gets  a response containing HTTP data.

When changing a protocol, Outlook shows this warning:

The Microsoft Exchange administrator has made a change that requires you quit and restart Outlook.

Set-OrganizationConfig-MapiHttpEnabled

After the restart, Outlook has to connect to the mailbox using MAPI over HTTP. This is evidenced by HTTP line in the Protocol column in Outlook connection properties.

Outlook connect exchange over HTTP

You can check if it’s possible to connect over the new protocol by following this link https://mail.contoso.com/mapi/emsmdb. We’ll get the name of the CAS server, on which we have authenticated, and the name of Mailbox server.

emsmdb

Adding ?Showdebug=yes to the URL, we can display some more interesting information.(https://mail.contoso.com/mapi/emsmdb/?showdebug=yes)

Also you can check if the new protocol works using a PowerShell cmdlet Test-OutlookConnectivity:

Test-OutlookConnectivity -RunFromServerId serv3 -ProbeIdentity OutlookMapiHttpSelfTestProbe

Test-OutlookConnectivity

Troubleshooting:

The logs of the new protocol are stored here:

  • CAS: %ExchangeInstallPath%\Logging\HttpProxy\Mapi\
  • Mailbox Server: %ExchangeInstallPath%\Logging\MAPI Client Access\
  • Mailbox Server: %ExchangeInstallPath%\Logging\MAPI Address Book Service\

If MAPI over HTTP is enabled in the DAG group, all servers have to support it, otherwise clients won’t be able to use their mailboxes.

According to Microsoft estimates, MAPI over HTTP slightly increases the CPU load on CAS servers, but reduces the memory use by 50-60% for each user.

The new protocol of Outlook connection to Exchange mailboxes is better both in its performance and network flexibility. According to Microsoft developers, MAPI over HTTP will become the main connection protocol in Exchange Server 2016, and RPC over HTTP will be abandoned.

Previous:
Next:
Related Articles