Windows Phone 7 mail clients can't login
Dan White
dwhite at olp.net
Thu Dec 9 09:52:24 EST 2010
On 09/12/10 15:41 +0100, Sebastian Hagedorn wrote:
>Hi,
>
>today I became aware that apparently all our users with Windows Phone
>7 phones can't login. There appears to be more than one problem. This
>is what happens when you enable SSL on the phone:
>
>- the phone first attempts a successful connection to imaps and fails
>when it tries to login using NTLM. It doesn't fall back to any other
>SASL mechanism, and there's nothing to configure on the phone
>- after that it connects to port 143 and issues the STARTTLS command,
>but this results in the following:
>
>Dec 9 15:10:47 lvr13 imap[18998]: unknown protocol in SSL_accept() -> fail
>Dec 9 15:10:47 lvr13 imap[18998]: STARTTLS negotiation failed: [redacted]
>
>When SSL is turned off on the phone, the NTLM error is a little more
>explicit:
>
>Dec 9 14:59:10 lvr13 imap[786]: badlogin:[redacted] NTLM [SASL(0):
>successful result: security flags do not match required]
Are you offering digest-md5? What are your sasl and allowplaintext
settings in imapd.conf?
>My guess is that the phone tries to use NTLMv2, but of course the
>SASL plug-in only supports NTLMv1. The worst part is that there
>doesn't seem to be a client-side option to use another mechanism
>instead. I'm hesitant to disable NTLM server-side, because a few of
>our users use it successfully.
What version of imapd and sasl are you using?
>Has anyone else noticed this problem? Or do you have successful
>logins using Windows Phone 7, If so, do you offer NTLM? What
>mechanism does the phone use when it's successful?
--
Dan White
More information about the Info-cyrus
mailing list