"Too many concurrent connections opened." connecting to exchange online with EWS using Microsoft OAuth2

0 votes
asked Jun 24 by vanchuri (140 points)

Hello,

Able to successfully connect to outlook/exchange online with EWS using Microsoft Identity Platform.
But getting following exception:
"Too many concurrent connections opened., Cannot open mailbox (ErrorInternalServerError)"

This has started happening when using OAuth, which was not the case with basic authentication.

Also came across following issue, which discusses the same thing. Unable to figure out how to apply the solution on Rebex EWS library?
https://github.com/OfficeDev/ews-managed-api/issues/237

Can you please help?

Applies to: Rebex Secure Mail

1 Answer

0 votes
answered Jun 24 by Pavel Matyska (13,340 points)

Hello,

I tried to reproduce the issue described in the link you provided, but the issue did not manifest. We did a search what mentioned header "X-AnchorMailbox" from the same link is used for and it turned out it is used when you need to impersonate a user in certain circumstances. See this Microsoft document.

Are you using impersonation? Can you share more information about the issue? How can we reproduce it using our EWS component? Which server you are connecting to?

commented Jun 25 by vanchuri (140 points)
Hello Pavel,

We are connecting to outlook.office365.com with EWS. We are using impersonation.
To reproduce the issue please keep few connections open and try to open new connection. The error should show up on login or FolderExists call.
commented Jun 25 by Pavel Matyska (13,340 points)
Hello,

It seems you encountered on the limits set on the server known as throttling. Here is a Microsoft documentation page which explains what it is and why it is implemented:
https://docs.microsoft.com/en-us/exchange/mail-flow/message-rate-limits?view=exchserver-2019

In short, if you keep open connections, you consume all resources on the server you can get and the server will reject any new connection. According to the documentation you should have 20 connection available.
commented Jun 25 by vanchuri (140 points)
Hello Pavel,

Have ran the following scenario using basic and OAuth authentication method:
    Open EWS connection
    Connect
    Login
    FolderExists
   
Have ran 10 iteration of the above code and finally closing connection at the end:
    basic authentication: opens the connection for all the 10 times, without any error
    OAuth authentication: opens the connection for first 3-4 iteration and starts showing the error mentioned
If it is about the limit on the server, it should have shown error in both the case which is not the case.
So what EWS is doing differently when using OAuth authentication?
Can you please try the scenario and help on it
commented Jun 25 by Pavel Matyska (13,340 points)
Hello,

EWS uses different HTTP headers for each authentication type. So it may result in adding some headers into our implementation.

I just tried your scenario using OAuth authentication without impersonation using 20 opened connections and it worked fine.
I need to enable impersonation on Azure and try it again. I'll keep you informed after that test.
commented Jun 25 by Pavel Matyska (13,340 points)
Hello,

I just tried your scenario with impersonation on 20 connections and everything works fine.
Just a note, I obtained one OAuth token and used this one in all of my connections. Also I used impersonation using properties described on our page here: https://www.rebex.net/secure-mail.net/features/ews-advanced.aspx#impersonation

I also made a test, just to be sure, run those connections in parallel and list my inbox folder by 5 mails per page, so it take several minutes to complete. Also worked fine.

Can you please point out what I did differently? I still cannot reproduce the issue.
commented Jun 25 by Pavel Matyska (13,340 points)
After consulting with my colleauge we'll try to enable adding the "X-AnchorMailbox" header and send you a version to try. Once it is done, you should be able to test it on your environment.
commented Jun 26 by vanchuri (140 points)
Hello,

To reproduce the issue, i have written following code.
    public void Connect(string token)
        {
            try
            {
                Ews ewsConnection = new Ews();
                connections.Add(ewsConnection);
                ewsConnection.Connect(ServerName, ServerPort, SslMode.Implicit);

                ewsConnection.Settings.Impersonation = new EwsImpersonation();
                ewsConnection.Settings.Impersonation.SmtpAddress = UserName;

                ewsConnection.Login(token, EwsAuthentication.OAuth20);
            }
            catch (Exception ex)
            {
                Console.WriteLine($"Exception: {ex.Message}");
            }
        }
       
I am generating OAuth access token once and calling connect method multiple times.
The connections are closed at the end once.
commented Jun 26 by Pavel Matyska (13,340 points)
Hello,

that is exactly the same code I made based on your description. Just a side note what version of our component are you using?

On monday you can expect a version that uses X-AnchorMailbox header to try.
commented Jun 29 by vanchuri (140 points)
We are using "2020 R2" version.
commented Jun 29 by Pavel Matyska (13,340 points)
Hello,

here you can download a trial version of our Secure Mail beta build with support of X-AnchorMailbox header.

https://www.rebex.net/getfile/764bc38b5b3941f3827e9ba320ad1d1c/RebexSecureMail-BetaBuild7486-Trial-Binaries-X-AnchorMailbox.zip

please give it a try and let us know whether it helps you.
commented Jun 29 by vanchuri (140 points)
Thanks Pavel,

Tried with more that 20 connection, i don't see the issue.
Is their any flag which controls adding X-AnchorMailbox header or it will be added always?

How can we continue to use these binaries, as these are trial?
commented Jun 29 by Pavel Matyska (13,340 points)
Hello,

the X-AnchoMailbox header is added when impersonation is used. Without impersonation we have no mail address we can provide to the X-AnchorMailbox header value.

If you have active support contract, please let us know on support@rebex.net for full version of this build.
commented 7 hours ago by dominik.foral (100 points)
Hello,

I have run into same issue. Unfortunately the link you provided for beta build is not valid anymore.

Could you please provide a valid link? I really need to solve this issue.

If it helps, i will contact support for full version.

Thanks.
commented 6 hours ago by Pavel Matyska (13,340 points)
Hello,

I just reenabled the link, so you can download a package again. For the convenience I copy the link in this comment.

https://www.rebex.net/getfile/764bc38b5b3941f3827e9ba320ad1d1c/RebexSecureMail-BetaBuild7486-Trial-Binaries-X-AnchorMailbox.zip

Sorry for the inconvenience.
...