SOAPUI 5.3.0 calls to online Exchange Web Services fail with 401 Unauthorized
I can no longer login to online Exchange Web Services using SOAPUI after updating from 5.2.1 to 5.3.0
All calls fail with a "HTTP/1.1 401 Unauthorized" error
What has not changed:
- The SOAPUI test calls I'm doing (with all their parameters; e.g. Authentication type NTLM)
- Any administrative settings for Office/Exchange online
- I have *no* issues whatsoever with Internet connectivity, or using SOAPUI *or* my Delphi code against our in-house Exchange 2010, 2013 or 2016 test servers, or against (3) other web services that I regularly use. The Delphi program also works fine with Exchange Online.
- I'm running SOAPUI/Delphi Seattle under Win7 in VMWare Workstation 12.1.1
I get ONLY one HTTP Response:
HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/8.5
request-id: 8d593b7a-d934-480d-a890-16ad3f7baa0b
X-Powered-By: ASP.NET
X-FEServer: VI1PR07CA0015
WWW-Authenticate: Basic Realm=""
Date: Wed, 11 Jan 2017 14:21:12 GMT
Content-Length: 0
If I communicate with Exchange 2016, I also see this response initially, but then *additional* requests/response are fired to properly authenticate - as it should be.
[Edit 16 Jan 2017]:
I have gone back to an old VM with SOAPUI 5.2.1 and can confirm that that still works.
When comparing the project XML files I see only minor differences that can't have this effect.
[Edit 3-4-2017]:
Changing with settings 'follow-redirects' or 'authenticate preemptively' make no difference
FWIW, this is my soapui-settings.xml settings file:
<?xml version="1.0" encoding="UTF-8"?>
<con:soapui-settings xmlns:con="http://eviware.com/soapui/config"><con:setting id="WsdlSettings@excluded-types"><con:entry xmlns:con="http://eviware.com/soapui/config">schema@http://www.w3.org/2001/XMLSchema</con:entry></con:setting><con:setting id="WebRecordingSettings@excluded-headers"><![CDATA[<xml-fragment><con:entry xmlns:con="http://eviware.com/soapui/config">Cookie</con:entry><con:entry xmlns:con="http://eviware.com/soapui/config">Set-Cookie</con:entry><con:entry xmlns:con="http://eviware.com/soapui/config">Referer</con:entry><con:entry xmlns:con="http://eviware.com/soapui/config">Keep-Alive</con:entry><con:entry xmlns:con="http://eviware.com/soapui/config">Connection</con:entry><con:entry xmlns:con="http://eviware.com/soapui/config">Proxy-Connection</con:entry><con:entry xmlns:con="http://eviware.com/soapui/config">Pragma</con:entry><con:entry xmlns:con="http://eviware.com/soapui/config">Cache-Control</con:entry><con:entry xmlns:con="http://eviware.com/soapui/config">Transfer-Encoding</con:entry><con:entry xmlns:con="http://eviware.com/soapui/config">Date</con:entry></xml-fragment>]]></con:setting><con:setting id="WsdlSettings@name-with-binding">true</con:setting><con:setting id="HttpSettings@http_version">1.1</con:setting><con:setting id="HttpSettings@max_total_connections">2000</con:setting><con:setting id="HttpSettings@response-compression">true</con:setting><con:setting id="HttpSettings@leave_mockengine">true</con:setting><con:setting id="UISettings@auto_save_projects_on_exit">true</con:setting><con:setting id="UISettings@show_descriptions">true</con:setting><con:setting id="WsdlSettings@xml-generation-always-include-optional-elements">true</con:setting><con:setting id="WsaSettings@useDefaultRelatesTo">true</con:setting><con:setting id="WsaSettings@useDefaultRelationshipType">true</con:setting><con:setting id="UISettings@show_startup_page">false</con:setting><con:setting id="UISettings@gc_interval">60</con:setting><con:setting id="WsdlSettings@cache-wsdls">true</con:setting><con:setting id="WsdlSettings@pretty-print-response-xml">true</con:setting><con:setting id="HttpSettings@include_request_in_time_taken">true</con:setting><con:setting id="HttpSettings@include_response_in_time_taken">true</con:setting><con:setting id="UISettings@auto_save_interval">0</con:setting><con:setting id="WsaSettings@soapActionOverridesWsaAction">true</con:setting><con:setting id="WsaSettings@overrideExistingHeaders">true</con:setting><con:setting id="WsaSettings@enableForOptional">true</con:setting><con:setting id="VersionUpdateSettings@auto-check-version-update">true</con:setting><con:setting id="WSISettings@location">C:\Program Files\SmartBear\SoapUI-5.2.0/wsi-test-tools</con:setting><con:setting id="RecentProjects"><![CDATA[<xml-fragment xmlns:con="http://eviware.com/soapui/config">
<con:entry key="" value="Test Exchange 2016"/>
<con:entry key="Test-Exchange-2013-soapui-project.xml" value="Test Exchange 2013"/>
<con:entry key="" value="Test Exchange 2013"/>
<con:entry key="D:\Testing\Web\Exchange Web Services\SoapUI\Tests-Exchange-soapui-project.xml" value="Tests Exchange"/>
<con:entry key="D:\Testing\Exchange server\SoapUI\Test-Exchange-2013-soapui-project.xml" value="Test Exchange 2013"/>
<con:entry key="D:\Testing\Exchange Server\SoapUI\Test-Exchange-soapui-project.xml" value="Test Exchange"/>
<con:entry key="D:\SOAPUIData\Test-Office-365-soapui-project.xml" value="Test Office 365"/>
</xml-fragment>]]></con:setting><con:setting id="GlobalPropertySettings@properties"><xml-fragment/></con:setting><con:setting id="GlobalPropertySettings@security_scans_properties"><![CDATA[<xml-fragment xmlns:con="http://eviware.com/soapui/config">
<con:property>
<con:name>~(?s).*(s|S)tack ?(t|T)race.*</con:name>
<con:value>[Stacktrace] Can give hackers information about which software or language you are using</con:value>
</con:property>
[.. similar property lines removed ..]
</xml-fragment>]]></con:setting><con:setting id="HttpSettings@user-agent"/><con:setting id="HttpSettings@request-compression">None</con:setting><con:setting id="HttpSettings@disable_response_decompression">false</con:setting><con:setting id="HttpSettings@close-connections">false</con:setting><con:setting id="HttpSettings@chunking_threshold"/><con:setting id="HttpSettings@authenticate-preemptively">false</con:setting><con:setting id="HttpSettings@expect-continue">false</con:setting><con:setting id="HttpSettings@encoded_urls">false</con:setting><con:setting id="HttpSettings@forward_slashes">false</con:setting><con:setting id="HttpSettings@bind_address"/><con:setting id="HttpSettings@socket_timeout"/><con:setting id="HttpSettings@max_response_size"/><con:setting id="HttpSettings@max_connections_per_host"/><con:setting id="HttpSettings@enable_mock_wire_log">false</con:setting><con:setting id="ProxySettings@host">127.0.0.1</con:setting><con:setting id="ProxySettings@port">8888</con:setting><con:setting id="ProxySettings@username"/><con:setting id="ProxySettings@password"/><con:setting id="ProxySettings@excludes"/><con:setting id="ProxySettings@enableProxy">false</con:setting><con:setting id="SSLSettings@keyStore"/><con:setting id="SSLSettings@keyStorePassword"/><con:setting id="SSLSettings@enableMockSSL">false</con:setting><con:setting id="SSLSettings@mockPort"/><con:setting id="SSLSettings@mockKeyStore"/><con:setting id="SSLSettings@mockPassword"/><con:setting id="SSLSettings@mockKeyStorePassword"/><con:setting id="SSLSettings@mockTrustStore"/><con:setting id="SSLSettings@mockTrustStorePassword"/><con:setting id="SSLSettings@needClientAuthentication">false</con:setting><con:setting id="WsdlSettings@xml-generation-type-example-value">false</con:setting><con:setting id="WsdlSettings@xml-generation-type-comment-type">false</con:setting><con:setting id="WsdlSettings@attachment-parts">false</con:setting><con:setting id="WsdlSettings@allow-incorrect-contenttype">false</con:setting><con:setting id="WsdlSettings@schema-directory"/><con:setting id="WsdlSettings@strict-schema-types">false</con:setting><con:setting id="WsdlSettings@compression-limit"/><con:setting id="WsdlSettings@pretty-print-project-files">false</con:setting><con:setting id="WsdlSettings@trim-wsdl">false</con:setting><con:setting id="UISettings@close-projects">false</con:setting><con:setting id="UISettings@order-projects">false</con:setting><con:setting id="UISettings@order-services">false</con:setting><con:setting id="UISettings@order-requests">false</con:setting><con:setting id="UISettings@create_backup">true</con:setting><con:setting id="UISettings@backup_folder"/><con:setting id="UISettings@normalize_line-breaks">false</con:setting><con:setting id="UISettings@desktop-type">Default</con:setting><con:setting id="UISettings@native-laf">false</con:setting><con:setting id="UISettings@dont-disable-groovy-log">false</con:setting><con:setting id="UISettings@show_logs_at_startup">false</con:setting><con:setting id="UISettings@disable_tooltips">false</con:setting><con:setting id="UISettings@raw_response_message_size_show">10000</con:setting><con:setting id="UISettings@raw_request_message_size_show">10000</con:setting><con:setting id="UISettings@wrap_raw_messages">false</con:setting><con:setting id="UISettings@disable-browser">false</con:setting><con:setting id="UISettings@disable-browser-plugins">false</con:setting><con:setting id="UISettings@editor-font">Monospaced.plain 11</con:setting><con:setting id="UISettings@no_resize_request_editor">false</con:setting><con:setting id="UISettings@start_with_request_tabs">false</con:setting><con:setting id="UISettings@auto_validate_request">false</con:setting><con:setting id="UISettings@abort_on_invalid_request">false</con:setting><con:setting id="UISettings@auto_validate_response">false</con:setting><con:setting id="UISettings@show_xml_line_numbers">false</con:setting><con:setting id="UISettings@show_groovy_line_numbers">false</con:setting><con:setting id="ToolsSettings@jbossws_wstools"/><con:setting id="ToolsSettings@axis_1_X"/><con:setting id="ToolsSettings@axis_2"/><con:setting id="ToolsSettings@jwsdp_wscompile"/><con:setting id="ToolsSettings@jwsdp_wsimport"/><con:setting id="ToolsSettings@javac"/><con:setting id="ToolsSettings@dotnet_wsdl"/><con:setting id="ToolsSettings@cxf"/><con:setting id="ToolsSettings@xfire"/><con:setting id="ToolsSettings@gsoap"/><con:setting id="ToolsSettings@ant"/><con:setting id="ToolsSettings@xmlbeans"/><con:setting id="ToolsSettings@jaxb"/><con:setting id="ToolsSettings@tcpmon"/><con:setting id="ToolsSettings@wsa"/><con:setting id="ToolsSettings@wadl2java"/><con:setting id="ToolsSettings@hermesjms"/><con:setting id="WSISettings@verbose">false</con:setting><con:setting id="WSISettings@results_type">all</con:setting><con:setting id="WSISettings@messageEntry">false</con:setting><con:setting id="WSISettings@failureMessage">false</con:setting><con:setting id="WSISettings@assertionDescription">false</con:setting><con:setting id="WSISettings@showLog">false</con:setting><con:setting id="WSISettings@outputFolder"/><con:setting id="GlobalPropertySettings@enableOverride">false</con:setting><con:setting id="SecuritySettings@shadowProxyPassword"/><con:setting id="LoadUISettings@loadui_path"/><con:setting id="LoadUISettings@cajo_port">1199</con:setting><con:setting id="LoadUISettings@cajo_soapui_port">1198</con:setting><con:setting id="com.eviware.soapui.SoapUI@versionToSkip">5.1.2</con:setting><con:setting id="HttpSettings@start_mock_service">true</con:setting><con:setting id="UISettings@disable_analytics">true</con:setting><con:setting id="UISettings@analytics_opt_out_version">5.2</con:setting><con:setting id="NextAU">1483707576871</con:setting></con:soapui-settings>
The trick was changing the changing the Authentication type to Basic:
Why this is, I have no idea. Earlier Exchange versions still work with NTLM authentication.
As suggested in my question, it looks as if something changed with Exchange Online in the same period that I upgraded SOAPUI.
The MS article Authentication and EWS in Exchange dated 9. March 2015:
- says that NTLM is for *Exchange on-premises only* - which definitely was not true during the larger parts of 2015 and 2016, when I used SOAPUI with the NTLM setting;
- suggests that I stop using Basic as well, but for now it's a solution.
