MAPI over HTTP Outlook connectivity with Exchange 2013
One of the new and improved methods to connect Outlook 2013 clients to Microsoft Exchange 2013 SP1 is MAPI (Messaging Application Programming Interface) over HTTP (Hypertext Transfer Protocol).
It is a changeover from RPC/HTTP to MAPI/HTTP. MAPI over HTTP improves the stability of the Outlook and Exchange connections. MAPI/HTTP removes the complexity of Outlook Anywhere dependency on RPC.
Uses of MAPI over HTTP:
=>MAPI/HTTP reduces the amount of time user waiting for outlook to connect.
=>Enables authentication by using an HTTP based protocol.
=>Faster reconnection in case of any communication break because it’s only TCP connections.
=>When we change to a different network, the server maintains the session context for a configurable period of time.
How it works?
If simplified this is how it works:
Outlook Client begins an Autodiscover POST Request (When the request is sent by the Outlook a new attributeX-MapiHTTPCapability =1 for MAPi/HTTP is sent) => Exchange Server receives the connection & sees that it is coming from a MAPI/HTTP client & responds as how to connect using MAPI/HTTP => In response to the request Outlook is prompted for a restart (only the first time), post which Outlook uses MAPI/HTTP for communication with the Exchange Server.
So how do we configure MAPI/HTTP & what are the requirements?
Requirements:
=> All Exchange 2013 Client Access Servers should be update to Exchange Server 2013 SP1 or later.
=> All the clients must have Office 2013 SP1 recommended to be updated with the latest patch.
=> On the Exchange Servers that are not running on Windows 2012 R2, you will have to upgrade the Microsoft .NET Framework to 4.5.1.
=> We need one of the following Hotfix for .NET Framework 4.5.1 on all Exchange 2013 SP1 servers according to the OS version:
Windows Server 2012 R2
http://support.microsoft.com/en-in/kb/2908387
Windows Server 2012
http://support.microsoft.com/en-in/kb/2908385
Windows Server 2008 R2 Service Pack 1
http://support.microsoft.com/en-in/kb/2908383
=>Add the following Registry Key on all the Exchange Server 2013 Client Access Servers:
HKLMSoftwareMicrosoft.NETFramework => create a new DWORD with the name “DisableRetStructPinning” with value 1.
=> Add the following in all the CAS servers:
Open command prompt=> type systempropertiesadvanced => click Environment Variables => Under
system variables section click New => Variable name “COMPLUS_DisableRetStructPinning” => Set Variable Value 1 => Click Ok.
How to Configure MAPI/HTTP?
=> Create a Virtual Directory on the Exchange Server (we need to create the Virtual Directory for both Internal & External Directory)
Set-MapiVirtualDirectory -Identity “Domainmapi (Default Web Site)” -InternalUrl https://domain.com/mapi -IISAuthenticationMethods Negotiate
=>The certificate used in the Exchange servers must have the internal url & external url specified while creating MAPI virtual directory.
=>Make sure the Firewalls, proxyservers, Load balancers are all configured to allow acess to MAPI/HTTP directories.
=> Run the following command to enable MAPI over HTTP. After running this command the clients will a prompt to restart outlook to use MAPI/HTTP:
Set-OrganizationConfig -MapiHttpEnabled $true
=> Finally to test the MAPI/HTTP we can run the following command:
Test-OutlookConnectivity -RunFromServerId ContosoMail -ProbeIdentity OutlookMapiHttpSelfTestProbe
=> The Logs for the MAPI/HTTP can be seen in the following location:
ExchangeInstallPathLoggingMAPI Address Book Service
ExchangeInstallPathLoggingMAPI Client Access
ExchangeInstallPathLoggingHttpProxyMapi
Points to Note:
=> If we enable MAPI/HTTP, Outlook 2013 SP1 that connects through the Exchange 2013 SP1 will not be able to access public folders in the same forest of earlier versions of Exchange (Exchange 2007/Exchange 2010). It is not recommended to enable MAPI over HTTP until the Public Folders are moved to Exchange 2013 Server.
=>Also check if all the client machine that is running Outlook 2013 has the trusted certificate installed & make sure there are no certificate errors.
=>After enabling MAPI/HTTP is you want a client to use RPC /HTTP you can use the following registry key. This will not take effect until the exchange servers attempts another query for AutoDiscovery.
HKEYCURRENTUSERSoftwareMicrosoftExchange => create a new DWORD “MapiHttpDisabled” with value 1.
To enable the MAPI/HTTP back delete the above Key or set the Value to 0.
Ratish Nair
Microsoft MVP | Exchange Server
Team @MSExchangeGuru
April 5th, 2015 at 10:40 pm
[…] MAPI over HTTP Outlook connectivity with Exchange 2013 – […]
April 5th, 2015 at 10:41 pm
[…] MAPI over HTTP Outlook connectivity with Exchange 2013 – […]
April 15th, 2016 at 8:04 am
Remember if u do this changes it may take a while until they start to work. It really depends Ive seen situation from 15 min to even couple of hours not knowing why.
June 13th, 2016 at 4:00 am
Yes, it will take 15 mins because of the default connection lifetime which is 900 seconds or the user needs to restart his clients
January 13th, 2017 at 5:42 pm
Hi Ratish, very intersting article, thank you!
I tested Outlook connectivity with MAPI-Enabled.
I use 2 Exchange servers with all roles(MBX/CAS). Servers are DAG members and replicate mailboxdatabases. I do not use RRobin/HLB/NLB.
One user is connected with Outlook to his mailbox on SRV1.
When you stop SRV1, Outlook client needs more than 30 mns to establish communication with EXCH2, even if I restart Outlook. MAPI seems to keep session with SRV1.. with RPC/HTTP, I believe that the client was redirected after few seconds (Outlook restart needed). What do you think about it?
July 7th, 2017 at 9:26 am
I have SAN certificate installed on exchange servers, and root certificate on desktop machines.
With RPC/HTTP outlook profile, I dont get certificate errors.
But with MAPI/HTTP outlook profile , I get certificate errors. certificate in error pop up is self signed certificate for other exchange servers.
How to fix this?
July 15th, 2017 at 3:14 am
if you have a 3rd party cert installed with iis service enabled then you should not get popup