Apple Snow Leopard and Exchange: the real story

Apple’s Snow Leopard (OS 10.6) came out last week, and one of its most hyped features is native support for Microsoft Exchange. Here’s what Apple says:

With Snow Leopard, the Mac is the only computer with built-in support for the latest version of Microsoft Exchange Server. So you can use your Mac — with all the features and applications you love — at home and at work and have all your messages, meetings, and contacts in one place.

What this means is that eager Mac users will be upgrading to Snow Leopard and expecting to be able to connect to Exchange at work with Apple-style “it just works” ease of configuration.

The truth is more complex; and I’m disappointed with both Apple’s publicity and the number of reviews that have simply reported its claims without investigation. That said, it is a tricky subject, and I have some sympathy with Apple, which is doing more or less the right thing at a technical level.

Configuring Snow Leopard Mail to use Exchange

The first thing to understand is that there are myriad ways of connecting to Exchange, including:

  • MAPI, which is Microsoft’s proprietary API
  • IMAP, which is a standard protocol for server-based email
  • ActiveSync, which is a Microsoft protocol used for mobile devices
  • RPC over HTTPS, effectively MAPI over SSL, enabling Outlook to connect from outside the network without VPN
  • Outlook Web Access, a web UI for Outlook
  • WebDAV, now deprecated
  • Exchange Web Services, which communicate using SOAP XML messages

Which of these protocols are actually enabled, and whether they are published beyond the internal network, is a matter for Exchange admins to configure.

The usual generic method to connect to Exchange from a miscellaneous client is IMAP, and this is exactly what Apple supported in Mail before Snow Leopard, and still supports. IMAP works pretty well in my experience, but it is only for email and does not expose any Exchange-specific features.

Snow Leopard adds support for Exchange Web Services (EWS), giving a much richer level of access to Exchange. First snag: EWS is only supported in Exchange 2007, which is why Apple says in its small print:

requires Microsoft Exchange Server 2007 Service Pack 1 Update Rollup 4

Second snag: even EWS does not all the features of MAPI, and some features (notably public folder support) were only added in Exchange 2007 SP2, which has just been released. This probably explains why Mail does not (as far as I can tell) support public folders.

The key thing to understand is that Snow Leopard is not using the same protocol as Outlook and therefore does not have access to the same set of features.

What works and what doesn’t

Let’s assume that you have Snow Leopard and Exchange 2007 SP1. What works and what doesn’t? Based on my experience so far:

  • You will be able to connect on an internal network or VPN, provided that EWS is enabled, which it usually is. You may need to install a digital certificate to avoid warning messages.
  • Mail, Calendar (iCal), tasks and notes in your Exchange mailbox all appear nicely.
  • When outside the network, you will only be able to connect over the Internet if EWS is published externally, which it often is not. You cannot use RPC over HTTPS.
  • There is no access to public folders (note that these are deprecated, but still widely used).
  • It is not possible to send from an email address other than the default.
  • You cannot use Exchange delegation features, such as accessing other mailboxes.
  • Mail will download the entire mailbox; you cannot set it only to download recent items. There is no “online mode” as there is with Outlook.
  • When offline, you can access existing items, but new messages have to be saved as drafts. This is unlike Outlook, which gives you full access to send mail, delete etc, and synchronises on re-connect.

Snow Leopard vs Entourage

You might imagine that Microsoft’s own Entourage product would do a better job than Apple Mail at connecting to Exchange. This is not necessarily the case. The problem is that Entourage 2008 doesn’t use MAPI either. In its first incarnation it uses WebDAV. This proved so problematic that Microsoft quietly released a new Web Services Edition that uses EWS, like Snow Leopard. Even this is a temporary expedient, as the Mac Business Unit has announced Outlook for the Mac. The implication is that it will be closer to feature-parity with Outlook on Windows, though it’s not clear to me whether this means MAPI, or EWS, or who knows what?

My view is that unless you need some specific feature of Entourage, or find that Entourage mysteriously works where Snow Leopard does not, you are likely better off without it. This presumes Exchange 2007, of course. The fundamental reason is that Mail and iCal are nicely integrated with the operating system, whereas Entourage is not so good in this respect; there have also been quality issues with Entourage.

It would be good to see a detailed technical note from Apple and/or Microsoft on Snow Leopard’s Exchange support, how to configure Exchange for it, and any implications for security etc. In the meantime, there is an interesting discussion on Apple’s forums which highlights the issues.

For all its (many) faults, Outlook on Windows remains a better Exchange client than either Snow Leopard or Entourage.

28 thoughts on “Apple Snow Leopard and Exchange: the real story”

  1. One thing M$ should note is that Apple have managed to add (some new) features, improve performance *and* reduce the overall size of the software. M$ have always been bullish about the size of their OS and I think have long lost, or cant be bothered to spend time in the art of optimising code.

    Gary

  2. To some extent Microsoft are stuck, as they still have a certain degree of backwards compatibility they have to include. So naturally every time they introduce a new API it bloats the OS having to keep the old ones around.

    That said, they did supposedly drop plenty of backwards compatibility from Vista so why Vista/7 is so large is a real puzzle. It certainly should not have increased in size as dramatically as it has.

  3. 9/2/09 5:42:16 PM Address Book[1072] -[SOAPParser:0x10062bb40 parser:didStartElement:namespaceURI:qualifiedName:attributes:] Type not found in SOAPDocument for html (html)
    9/2/09 5:42:16 PM Address Book[1072] -[SOAPParser:0x1006a5c70 parser:didStartElement:namespaceURI:qualifiedName:attributes:] Type not found in SOAPDocument for html (html)
    9/2/09 5:42:16 PM Address Book[1072] -[SOAPParser:0x10066a6a0 parser:didStartElement:namespaceURI:qualifiedName:attributes:] Type not found in SOAPDocument for html (html)

    Anyone have any idea this would happen? For some reason I am able to sync with Mail.app just fine, but Address Book and iCal are giving me this error. Other reports from people using the same system claim that their iCal and ABook work fine both from home and work. Others still suggest that everything only works at Work, with address book and iCal failing to work from Home.

  4. Thank you for the posting, it was a great help. Please share new Snow Leopard/Exchange discoveries as the situation develops.

  5. @Joel

    A further observation is that I find send/receive just stops sometimes. The solution is to exit and restart Mail. It probably doesn’t help that I have a large mailbox.

    Another small irritation: if you have a “distribution group” in your Exchange contacts, it is not available in Mail.

    Tim

  6. I am not able to create exchange server inbox sub folders in Snow Leopard mail client. Any comments?

  7. A bit of self promotion (which might be interesting in the context): We develop the ZideOne plugin for Outlook which does the reverse thing. That is, allowing Outlook to access CalDAV/CardDAV servers (eg the iCal Server / AddressBook Server contained in Snow Leopard Server).

  8. I also find that fetching mails stop working and you have to restart mail to get it working again! For me this happens almost immediately. Could there be a bug managing large inboxes? Mine is about 4000 mails with 500 unread…

  9. another one,
    it is NOT possible to move items, or even delete them,

    when trying to move either by drag&drop or right click move to, it says that there was a problem and the item cannot be moved

    when deleting am item it says that it’s nto possible to move item to trash

    they say this bug will be taken care in 10.6.1, let’s see.
    Moiro

  10. Just got off the phone with Apple support about an issue with sending out large messages. I send out every week a scanned portion of my expense report to my company (roughly 25-39 MB) depending on the week I’ve had. Entourage had no problem sending these messages with attachments. It did take 2-3 minutes to send but eventually it did. The new Snow Leopard with Exchange Mail however will not. Apple support says Mail will only send up to 20 MB. I see this becoming a BIG problem with a lot of people. Back to MS Entourage I go…….

  11. @Devin — I, too, am seeing the “[SOAPParser:0x17bbb250 parser:didStartElement:namespaceURI:qualifiedName:attributes:] Type not found in SOAPDocument for html (html)” error suddenly. Things were good until earlier today. I’m waiting to hear back from our Exchange admin about the issue.

  12. The lack of PUBLIC FOLDERS in iCal or Mail when connecting to an EXCHANGE server is a great loss. One of the few collaborative tools that is widely used in Exchange are group calendars which can easily be consulted, booking rooms, coordinating events, etc. This works very well with Outlook (even juxtaposing a personal and public folder calendar). Since MS in Exchange 2007 removed Public Folders from any other web browser beyond IE, and Apple did not take up the task to integrate Public Folders into Snow Leopard’s tools, this only leaves a very slow Entourage as the vehicle to view Exchange 2007 Public Folders on the Mac. Apple’s hype does not nearly meed our collective expectations. We are better off with Google Apps on any platform then Snow Leopard’s modest enterprise gain.

  13. Hi,

    I got also the “[SOAPParser:0xxxxxxxxx parser:didStartElement:namespaceURI:qualifiedName:attributes:] Type not found in SOAPDocument for html (html)” error message in the syslog.

    iCAL has a ! in the exchange-category and if I click on it, it asks me for a valid mail address. So I’m not able to sync my calendar.

    Any suggestions?

  14. I fixed the reported error. It was a configuration failure of the used hostname. They use more than one domain name for ther server and I have to use the suggested one.

    Maybe it helps someone?

    Cheers!

  15. Digging deeper I see that our Exchange server is giving the error:

    soap:Client
    System.Web.Services.Protocols.SoapException: The requesting account does not have permission to serialize tokens.
    at Microsoft.Exchange.Services.RequestSoapHeaderServiceExtension.ProcessProxySecurityContext(SoapUnknownHeader header, AuthZClientInfo callerClientInfo)
    at Microsoft.Exchange.Services.RequestSoapHeaderServiceExtension.ProcessSoapHeaders(SoapMessage message, Object responsibleObject)
    at Microsoft.Exchange.Services.ServiceExtensionManager.DoAfterDeserializeRequest(SoapMessage message)
    at Microsoft.Exchange.Services.ServiceExtensionManager.<>c__DisplayClass1.<ProcessMessage>b__0()
    at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)
    at Microsoft.Exchange.Diagnostics.ExWatson.SendReportOnUnhandledException(MethodDelegate methodDelegate, IsExceptionInteresting exceptionInteresting, Boolean terminating)
    at Microsoft.Exchange.Services.Core.ServiceDiagnostics.TraceErrorOnUnhandledException(MethodDelegate methodDelegate)
    at System.Web.Services.Protocols.SoapMessage.RunExtensions(SoapExtension[] extensions, Boolean throwOnException)
    at System.Web.Services.Protocols.SoapServerProtocol.CreateServerInstance()
    at System.Web.Services.Protocols.WebServiceHandler.Invoke()
    at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()

    ErrorTokenSerializationDenied
    The requesting account does not have permission to serialize tokens.

    I’m having our admin look into: http://technet.microsoft.com/en-us/library/bb125182%28EXCHG.140%29.aspx

  16. I discovered a huge problem: since i’ve installed snow leopard that connects with our exchange servers 2007 at work, it works more or less perfect. I can read mails, connect agenda/contacts, work in my folders created in my mailbox.

    BUT…. my internettraffic is now a terrible 15 GB in 4 days… i’ve checked with an internet traffic meter and the open MAIL with exchange uses 300kbps constantly. The only way to stop it is not to disable the exchange account even… i have to stop mail, restart (with exchange disabled). As soon as i enable it again, the stream starts again.

    This doesn’t happen with IMAP or POP accounts. As far as i can see, only with the new exchange 2007 EWS connector.

    Anyone has the same problem ?

    Rgds
    Joachim

  17. Finally solved, for myself anyway. Our admin rebooted the Exchange server. Although Apple gave me the following advice:

    Engineering has determined that this issue originates with the 3rd party clients based on the following information:

    Microsoft explicitly recommends that 3rd party EWS clients (like Mail) should avoid any kind of token serialization support for server-to-server authentication.

    For details on how to fix this server error, please refer the customer’s Exchange Server admins to the topic “Token Serialization Right” under section “Types of S2S Authentication Requests” in Chapter 19 Server to Server authentication, “Inside Microsoft Exchange Server 2007 Web Services”. (In particular Listing 19-14: Adding the token serialization right by using Add-ADPermission).

  18. @Joachim, yes i’m having exactly the same issue.
    I’ve not long been running exchange 2007, connecting to work from home. When Mail is running the network activity monitor ticks over constantly. I used up all my download for a month in just 2 days!

    I just have to turn off Mail when i’m away from my mac.

    No solution yet.

    Rob

  19. Has anyone heard any official word from Apple on the issues with large mailboxes? I bought a mac when Snow Leopard came out but I have a very large Exchange 2007 mailbox (3-4GB) and it just wouldn’t sync it. It would get stuck.

    I spent a couple days with Apple support but they couldn’t help me. I saw lots of other reports on this online so I decided to return the mac while I was within the 2 week return period.

    I still want to buy a mac but I want to wait until these large Exchange mailbox issues are fixed. I am just not sure how I will know when that happens since it sounds like Apple is still not acknowledging the issue.

  20. My client is having a heck of a time setting up her exchange server with mail. Here’s the error she gets after setting up everything excatly as outlined:

    1/20/10 9:42:07 AM Mail[262] -[SOAPParser:0x11539b5f0 parser:didStartElement:namespaceURI:qualifiedName:attributes:] Type not found in SOAPDocument for html (html

    Any suggestions?

  21. I have the same problem with a large Exchange mailbox and the Mac Mail client randomly refusing to download any mail or stopping mid stream. Restarting doesn’t fix the problem. Mail cannot handle large mailboxes well, apparently.

  22. Tim, there’s a lot of reports of companies (such as Rentokil) moving to Google Mail, have you looked at this option? Is it the real solution for Mac people that need the features of Exchange? Or is it just another can of worms?

  23. @John Is Google Mail a smoother experience on a Mac then Exchange? Quite likely though I haven’t tried it. I guess most users aren’t in a position to choose (though you could forward to Google Mail and do it that way).

    Tim

Comments are closed.