osTicket O365 E-mail Retrieval & Sending Stopped Working: Page 2

osTicket O365 E-mail Retrieval & Sending Stopped Working

KevinTheJedi

You shouldn’t have any issues if you follow the steps in the documentation and if you keep the resource details endpoint, scopes, and email attribute settings as default in the OAuth2 config. I can still connect to my O365 account with no issues, also we have no reports of this in our hosted platform so it is very odd that you are running into this.

Make sure you didn’t skip any steps like enabling the Access/ID Tokens checkboxes and enabling the appropriate API Permissions (with admin consent applied).

Cheers.

rblake

KevinTheJedi I can assure you that I followed the documentation. 🙂

I copied my ClientID from the App Registration and I used the same Client Secret as well as a new one I just created, both do not work.

Authorization Endpoint: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize
Token Endpoint: https://login.microsoftonline.com/organizations/oauth2/v2.0/token
Resource Details Endpoint: https://outlook.office.com/api/v2.0/me
Scopes: offline_access https://outlook.office.com/Mail.ReadWrite
Email Address Attribute: EmailAddress

KevinTheJedi

rblake

And when you submit that popup what happens?

Cheers.

rblake

KevinTheJedi It takes me to the consent page where I consent for my org. It then takes me back to the e-mail page and in green letters tells me it's successful. I can then go back into the Config page and I can see the token was issued (albeit for a brief time before expiration, which I presume it just refreshes as needed).

KevinTheJedi

rblake

Okay and then when you see the new Token tab in the popup what happens when you enable imap and smtp and save changes?

Cheers.

rblake

KevinTheJedi Gives this error when on the Remote Mailbox tab:

Gives this error on the SMTP page:

KevinTheJedi

rblake

Okay try deleting the email from osTicket completely and re-add and reconfigure it and see.

The smtp error is coming directly from MS so that definitely needs to be handled by them. The IMAP error I’m not so sure. I think that’s just generic when something happens with the connection where it can connect but can’t do anything else.

Cheers.

rblake

KevinTheJedi So I created an entirely new e-mail account and assigned a license and also disabled SmtpClientAuthDisable with: Set-CASMailbox -Identity test@domain.tld -SmtpClientAuthenticationDisabled $false

So this is a brand new mailbox and it also has the same behavior.

KevinTheJedi

rblake

So that email hasn’t been added to osTicket before until now?

Cheers.

rblake

KevinTheJedi Yes, that's right, brand new account.

KevinTheJedi

rblake

Very interesting indeed. I think at this point you would need to look at the logs on the O365 side to see what is going on. You can also debug the mail connection itself from the code side of things.

Can you also setup a new test osTicket install from scratch to see if it’s something with your current database/code/setup?

Cheers.

rblake

KevinTheJedi That's the tricky part, there aren't any logs saying anything is failing outside of what's being reported from osTicket. How can I debug the email logs? I already have it set to "DEBUG" in the system.

I can stand up a new server and test with the newly created e-mail address.

KevinTheJedi

rblake

From the osTicket side it will be all manual debug statements. If it’s not producing a warning or error then it won’t output anything. You can check your system logs in the dashboard to see if it’s giving a more detailed error.

Cheers.

rblake

KevinTheJedi I just stood up another server and installed osTicket. However, I'm still getting the same error message with the test account as I was receiving on my primary server.

KevinTheJedi

rblake

Then it’s got to be something with the account or maybe tenant configurations?

Someone else ran into this a while back and said this addressed their issues:

In case anyone else runs into this issue it was the azure license type applied to this account. I had to have it changed from A1 to A5 and then it started working.

Here is where they said what their issue was and here is where they mentioned the solution.

Cheers.

rblake

KevinTheJedi I have an Exchange Online (Plan 2) assigned to the user. I even, just for testing, assigned a Microsoft 365 E5 license to the test user and it still didn't work. Keep in mind that I have another ticketing system that we use for our IT helpdesk and it also uses OAUTH2 without any issues.

KevinTheJedi

rblake

Using the same account or? If not then can you compare the accounts to see what’s different?

Cheers.

rblake

KevinTheJedi I just tested using the same test account on the other system and it works without any issues. Sent a test e-mail and it created a ticket.

KevinTheJedi

rblake

What’s the platform difference and how are you deploying the code on both?

Cheers.

rblake

KevinTheJedi The working solution is Quest KACE. It's a virtual appliance deployed using an OVA. No root access. No code to deploy, I just enter the ClientID, Secret, and click to generate an auth key. I have to use the e-mail account I want to authorize and then it's done.

KevinTheJedi

rblake

Is there a difference in osTicket versions? Plugins versions? PHP setup/configurations/extensions? Something has to be different between the two setups if one is working and one isn’t.

Cheers.

« Previous Page Next Page »