iOS6 devices hijack ownership of an Exchange meeting

It has been brought to our attention that Apple devices which have been upgraded to iOS6 may encounter an issue when responding to meeting requests in Exchange. The behaviour has been described as ‘meeting hijacking’ and seems to relate to situations where a user opens a meeting request in Outlook but takes action on it from iOS6.

The effect is that, under certain circumstances, taking action on a meeting request (such as accepting a meeting) has the unfortunate side-effect of simultaneously taking ownership of that meeting. Under those circumstances the meeting updates, cancellations and confirmations would be directed to the new owner rather than the original organiser of that meeting.

Both Apple and Microsoft are reported to be investigating this problem and, at the time of writing, the advice is to contact Apple for an update.

Microsoft have documented this issue here: http://support.microsoft.com/kb/2768774.
The Apple discussion forums discuss it here: https://discussions.apple.com/thread/4368289?tstart=30

This issue appears to be confined to those devices which run iOS6 AND have been configured to connect to Exchange using ActiveSync. If you use a different protocol (such as IMAP4 or POP3), you have a non-Apple device, or you’ve not upgraded your iDevice to iOS6 you should be unaffected.

UPDATES:

The Exchange Team Blog reports on the issue here: http://blogs.technet.com/b/exchange/archive/2012/10/23/ios6-devices-erroneously-take-ownership-of-meetings.aspx

Michael Rose’s blog also documents this behaviour as an even longer-running issue. His article describes a user who reproduced the problem:

At some point, the iOS device syncs the calendar via ActiveSync and suddenly becomes confused about who the owner of the meeting should be (the organizer, in Exchange-speak). The iPhone decides that its owner should become the organizer, since it has no idea who the real owner is, and syncs this property change back to the Exchange server. Exchange 2007 now has a disconnected copy of the meeting with a different owner. Exchange is agnostic about this.
Now the iPhone owner declines the meeting for whatever reason. Exchange automatically generates a cancellation or decline notice and sends it out to everyone since the disconnected copy of the meeting has a different owner. This results in mass confusion and sometimes will delete the meeting from the other calendars.
We verified this problem against iOS 4, 5 and 6 with Exchange 2007 and 2010. In Exchange 2010, Microsoft introduced a “calendar repair agent” that is supposed to detect this problem and resolve it. This calendar repair agent is a daily timer job. Microsoft did release patches on Exchange 2007 SP2 and up to correct some of the issues that are similar to this, but this particular problem was never resolved.

It seems that blame can be applied to both parties in this. Michael’s user’s analysis suggests that:

¬†Apple’s manipulation of the organizer field is against the ActiveSync specification. However, ActiveSync will not stop iOS from doing this regardless of the fact that it is “against the specification.” ActiveSync will happily accept the change and write the properties from the mobile device even if the ActiveSync spec says that Exchange explicitly should not do this.

Based on this it reads to me that blame should be apportioned in both directions:

  • ¬†Apple: wrote code that attempts to do something it shouldn’t.
  • Microsoft: wrote code that accepts a change that it shouldn’t.

Now we just need one of them to take ownership and fix the issue.

 

Posted in Uncategorized | Leave a comment

Leave a Reply