Event Hijacking with Exchange
Greetings fellow implementers and users…
I know many of you out there have implemented Apple products like iCal, iPhones and iPads within Exchange 2007 and 2010 organizations. I’m seeking information on a very specific problem that rears its ugly head on occasion.
Have any of you witnessed a “meeting hijack” problem with your device? Namely, you are an attendee on a meeting and suddenly you find yourself the organizer. Usually you find this out when you send a decline for whatever reason.
I’m trying to reproduce this issue in a lab environment to document the problem but we’re having a hell of a time pulling the data together. If any of you have data to share, please do so in the comments. Thanks!
Categories: Cross-Platform, iPad, iPhone, OS X Client calendaring, exchange, ICal, ios, iPad, iPhone
Jason,
We have seen this issue quite a bit, but like you I am looking for exact steps to reproduce to understand if we should be going to Microsoft or Apple on this issue. Can you tell me if you ever were able to come up with accurate steps to reproduce this issue?
Ken…
Sorry, I should have posted a follow up to this. There are actually many different scenarios that can cause hijacking. The prevalent issue for us was the use of an external distribution list (like a mailman distribution list) as the attendee for a meeting. This eventually confuses iOS and causes it to hijack the meeting. There was no solution offered by either vendor for this issue. However, Microsoft did point out that Exchange 2010′s calendar repair agent is able to successfully fix hijacked meetings of this nature.
Another key takeaway from this disaster… Even though Microsoft documents not to write to the originator property of the meeting in the ActiveSync spec, they will not stop an EAS client from doing it. Me? I would think the protocol would disallow the operation if it is documented that way. Microsoft continued to argue that if they documented it and someone did it anyway it wasn’t their problem.
Another workaround that was successfully implemented: if you have a list of known distribution list addresses in your GAL and they are external distribution lists (as in not Active Directory or Exchange groups) then write a transport rule to reject meeting invites sent to those addresses.
There are a plethora of nightmarish issues with non-Windows-Outlook clients and Exchange. One day I will share more. But if your org cares about standardization and supporting clients other than Windows Office, they need to start considering other products on the server.
[WORDPRESS HASHCASH] The poster sent us ’0 which is not a hashcash value.