OWA with Enterprise Vault and SSO

Hm, I'm not sure if this is really an issue with the APM and SSO. Because I disabled APM for the EV-links and then the NTLM popup will be displayed (as expected). After entering the correct credentials with:

• IE: everything seems to be fine, body of the mail will be displayed. Also downloading the email via icon on the top right works fine.
• FF: body-part of the email still stays blank/white. Besides that the download icon on the top right also don't function correctly. I'm getting the following error (after a few seconds): GetOnlineAttachmentFileSize 0x80072AF9

Is this maybe related to any specific setting in one of the profiles? Or do I have to adjust something special?

Thank you!

Ciao Stefan :)

In the meanwhile I could at least identify the root cause for the APM error message when using IE.

The content of the mail will be loaded with such a request:

/EnterpriseVault/Properties.asp?content=1&VaultID=1BE4A431283....

but for whatever reason the APM session-cookies are NOT included. All previous requests incl. images and css are fine including the required APM session-cookies.

Any idea what's the reason for this or how this can be solved?

Thank you!

Ciao Stefan 🙂

Found out another strange thing. I tried it with a third browser (Chrome) and here everything is fine.

So this means it's more a local browser issue, but I currently have no idea where and what to search for.

Any ideas or hints would be very useful.

Ciao Stefan :)

Almost there, but still not working :(

During further investigation with Fiddler I found out the reason, why the above mentioned URL is not including the cookies in IE. It's an embedded iframe. Around this topic there is a very interesting discussion here.

But adding the mentioned P3P header within the HTTP_RESPONSE event still don't solves the issue. Additionally I see that this iframe has the security="restricted"-flag set. Not sure if this has any additional drawbacks. I tried to remove it with a stream-profile, but didn't get that working at all.

Maybe someone else is more familiar with this topic and can help me here!

At the end it's again "thanks to Microsoft and IE"!!!

Ciao Stefan :)

Hi Ruben,

yes I implemented a workaround for IE in the meanwhile, which seems to work fine. The only small drawback of this solution is, it assumes that each parallel connected client has a unique IP-address (so no NATing in between).

I added the following lines at the beginning of the HTTP_REQUEST event:

if an email from the archive will be opened, the APM session-ID will be stored
in the session table based on the source-IP (assuming it's unique for all clients)
if { [HTTP::uri] starts_with "/EnterpriseVault/ViewMessage.asp" } {
    table set -subtable [IP::client_addr] lastmrh_session [HTTP::cookie LastMRH_Session] 900
    table set -subtable [IP::client_addr] mrhsession [HTTP::cookie MRHSession] 900
}
the content if the email is embedded via an iframe, where IE is blocking all cookies
therefor the cookie will be added based on the information from the session table
if { [HTTP::uri] starts_with "/EnterpriseVault/Properties.asp" } {
    HTTP::cookie insert name "LastMRH_Session" value [table lookup -subtable [IP::client_addr] lastmrh_session]
    HTTP::cookie insert name "MRHSession" value [table lookup -subtable [IP::client_addr] mrhsession]
}

But still have no workaround for FF, where the issue seems that FF is not sending the iFrame request at all. Chrome was working fine from the beginning and iOS devices haven't been tested yet.

Hope that helps or at least point you in the right direction.

Ciao Stefan 🙂