Local Exchange without SMG
Configuring a local Exchange server without SMG (Secure Mail Gateway) can easily fail. For this reason, we have identified common causes and recorded appropriate solutions. To check basic connectivity, there are four steps to perform.
Here you need the log from the reverse proxy (e.g. nginx) for further analysis
on Linux the log is located in the following directory
for Windows e.g. in your nGinx installation path
If the mails are retrieved on the end device, the log should contain a reference to the following URL
If nothing is entered in the log, the URL must be entered in the browser whether it is generally accessible.
If the URL is called, an entry must be left in the nginx log.
- If no entry is generated, the infrastructure must be checked.
- If the entry can be found, probably the settings of the Exchange configuration in the Relution policy are not set correctly or are invalid.
Checking the connection
A curl command can be used to check the connection from Relution to the Exchange server:
curl https://outlook.XXX.de/Microsoft-Server-ActiveSync --user Our-Exchange-host\\Exchangeuser@Domain.de:ExchangePWvomUser --verbose --http1.1 -i
You might get an output with a certificate error as shown:
Connected to outlook.XXX.de (172.000.000.000) port 443 (#0)
schannel: disabled automatic use of client certificate
ALPN: offers http/1.1
schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - *The certificate chain was issued by an untrusted certificate authority.
Closing connection 0
curl: (60) schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - *The certificate chain was issued by an untrusted certificate authority.
More details here: https://curl.se/docs/sslcerts.html
If the error message is displayed as above, the CA’s certificate is not stored in the server’s operating system, so depending on the operating system, the certificate must be installed accordingly.
Read out HTTPS communication
In Springboot Admin you can check the HTTPS communication between Relution and the Exchange and read it in the logfile.
org.apache.http.wire : DEBUG
A communication must be triggered by the device to fill the log with hints about the cause.
The log level must be set back to
INFO after the analysis.
Subsequently, the increased log level can be searched for conspicuous clues. For example, if the user and user credentials are not correct, the login fails and a 401 Unauthorized message is entered, which may look like this in basic Auth:
This can be decoded in the browser console to compare the transmitted password and the user