question

AndriiMaslov-1341 avatar image
0 Votes"
AndriiMaslov-1341 asked StevenReddy-8241 commented

User is authenticated but not connected

Greetings!

I have a web app that uses oauth authentication with IMAP/SMTP protocols to access emails in office365/outlook mailboxes. But a few customers had a problem connecting through those protocols Server returns A0003 BAD User is authenticated but not connected after selecting mailbox. I've tested oauth flow with my personal outlook and office365 accounts - and I haven't experienced such error.

Customers that have this problem has a normal mailbox, not shared one. Also SMPT/IMAP options are turned on. The problem began a couple days ago, no changes in oauth flow in my web application were done.

I've did some research on my own but didn't find much. So my questions are :

  • what could cause this error and what actions needed to be applied to solve it?

  • is it from my end(oauth flow) or customer(o365/azure portals settings)?


azure-ad-authentication-protocols
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am currently experiencing this issue too, for us it seems to be an issue with any account that is synched via AD-Connect... all cloud only accounts work fine (i.e create a user in O365 portal it will work, either with user@domain.onmicrosoft.com, or any of our other non-synched domains in the tenant but the onprem sync is giving issues). Not sure if there are missing attribute from our onprem AD schema that is required for modern authentication or if its a similar issue as others here?

If anyone has solved it would love to hear how.

0 Votes 0 ·
MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

Hi @AndriiMaslov-1341,

I have not encountered this issue myself, but have seen some similar cases where this can happen if someone enters a bad password or credentials, or unsuccessful MFA. It will look like there was a successful authentication when there wasn't one.

I found an issue where someone else received this error, and it looks like it can happen due to an incorrect CLI command.

The solution listed in the thread:

proper CLI arguments for imapsync are: --authuser2 "office365_admin@domain.tld" --user2 "user_to_be_migrated@domain.tld" --office2

Before that, the following PowerShell command must be executed: Add-MailboxPermission -identity user_to_be_migrated@domain.tld -user office365_admin@domain.tld -accessrights fullaccess -inheritancetype all


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndriiMaslov-1341 avatar image
0 Votes"
AndriiMaslov-1341 answered

Hi @MarileeTurscak,

Thank you for your response.

I'm using xoauth method for authorization with IMAP/SMTP protocols so it's only token passed there, but sign-in process and obtaining access token are successful. I've tried to enter invalid pass myself and it just fails on sing-in with appropriate error message. Also, there are no MFA methods enabled for these users.

Were there some policies introduced, like default Security policy, that can block such access? Customer also says there are no Failure in Sign-in logs.

I myself do not have access to those user's azure/o365 admin portals, so running shell commands isn't option right now.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndriiMaslov-1341 avatar image
0 Votes"
AndriiMaslov-1341 answered

I can describe whole oauth flow with my app, maybe it has some flaws that you could point out.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PulkitChowdry-1626 avatar image
0 Votes"
PulkitChowdry-1626 answered

Hi @AndriiMaslov-1341

Did you find a solution for this?

If you can share it in case you have found it.

Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

nikhilar-6937 avatar image
0 Votes"
nikhilar-6937 answered nikhilar-6937 published

Hi @AndriiMaslov-1341

Did you find a solution for this?

If you can share it in case you have found it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.