Martijn Posted March 11, 2022 Share Posted March 11, 2022 Setting up a shared mailbox - Created new user / shared mailbox in ExO - Removed MFA requiredment for this user. - Password is long but does not contain special chars - Created keysafe for that user. - Setup new shared mailbox in hornbill using created keysafe. (when testing all green ) - Does not import email but can send email - EspMailImporter log > Error Bad user is authenticated but not connected. Classic auth seem to work fine, but want to move a way from that for obvious reasons. Looking at the email importer log, seems to suggest something is wrong. How to setup a sharedmailbox with Keysafe ? Link to comment Share on other sites More sharing options...
James Ainsworth Posted March 15, 2022 Share Posted March 15, 2022 Hi @Martijn I wanted to see if you have had any luck with setting this up yet. Have you managed to read through this wiki document on configuring OAuth with Outlook? Link to comment Share on other sites More sharing options...
Martijn Posted March 16, 2022 Author Share Posted March 16, 2022 HI @James Ainsworth I followed the wiki there, setup of keysafe is straightforward. Setup the shared mailbox in hornbill and testing the connections works, with IMAP. But still end up with the error mentioned above (and no email in hornbill mail client) i can send email from that box to external / interternal email adresses. Link to comment Share on other sites More sharing options...
Martijn Posted April 26, 2022 Author Share Posted April 26, 2022 That last sentence maybe a bit confusing reading this back. I can sent email for internal domain and extranal domains from the hornbill email client. but not receive any (in the hornbill client) Looking in outlook webmail i see the new email landing in there. Link to comment Share on other sites More sharing options...
Martyn Houghton Posted April 27, 2022 Share Posted April 27, 2022 @Martijn In your screenshot the the credential states xxxxxx Shared Mailboxes, so is the account you have used to create the KeySafe entry the owner of the mailbox or are using permissions to give it access the mailbox in question? I believe there is some additional steps/permissions to the Hornbill Connector account created in Exchange when you create the Keysafe entry if using a single account to access other mailboxes. I try to see if I can get some more information from our IT team. Cheers Martyn Link to comment Share on other sites More sharing options...
Martijn Posted May 2, 2022 Author Share Posted May 2, 2022 @Martyn Houghton The account used in the keysave was given Full mailbox rights on the shared mailbox. Shared mailbox = Infosec@domain Keysafe user= gensemail (we call this a service account) I did the login thereafter with the same account gensemail then it prompet for admin consent for the app, im able to do that for my business. Cheers. Martijn Link to comment Share on other sites More sharing options...
Martijn Posted June 15, 2022 Author Share Posted June 15, 2022 @James Ainsworth@Martyn Houghton Comming back to this after having a chat with support, they point to azure /office being an issue. i disagree with that for reasons below. - Have no logs from a azure / o365 point of view that there is a account issue. - i can connect to shared mailbox user powershell with chillkat (trial) - i can access mailbox via Postman. - i can connect to mailbox using EAGetMail with .net (also trial) / other acount details both console app / desktop app. So did some more digging, turns out its a BUG (imho) When you get the first login for the "email" user you want to save in the keysafe, it prompts you thereafter to consent.. this where it goes wrong. The process saves the "Consenting" user details instead of the "email user" (managed to intercept the JWT token during the callback after Azure login) Further you cant save credetials when not consenting directly in that flow. which is also broken (imo), why can't i just save credentials without consenting. what if i want to consent in another browser session i have open to azure ? The only way for me to get it working is to disable the consent, and allow the "email " user to consent during the creation of the keysafe. Link to comment Share on other sites More sharing options...
Martyn Houghton Posted June 15, 2022 Share Posted June 15, 2022 @Martijn I will leave @James Ainsworth to respond from a product point of view and detail how we have got this working for us using the current capability. Each Shared Mailbox as a KeySafe Microsoft365 Mail connector entry for the mailbox owner, i.e. a one to one relationship logging in as the mailbox user. They are an actual mailbox not a shared mailbox. For each email domain, we use one of the above KeySafe credentials to login via SMTP and add the 'SendAs' permission to all the email addresses associated with Shared Mailbox. Cheers Martyn Link to comment Share on other sites More sharing options...
Martijn Posted June 15, 2022 Author Share Posted June 15, 2022 @Martyn Houghton Once the keysafe was saved i can connect / interact with the mailbox as intended. For some reason it would not save with consent setting set to Admin Only in azure. 1 Link to comment Share on other sites More sharing options...
James Ainsworth Posted June 15, 2022 Share Posted June 15, 2022 Hi @Martijn Thanks. I'll feed back your findings to the development team. Link to comment Share on other sites More sharing options...
Martijn Posted June 16, 2022 Author Share Posted June 16, 2022 Thanks @James Ainsworth if they need evidence on the subject, i can provide that. I do wonder if its only our tenant / hornbill instance which are not playing nice for some reason. Did other customers face the same issue i had ? Link to comment Share on other sites More sharing options...
Martijn Posted July 5, 2022 Author Share Posted July 5, 2022 Hi @James Ainsworth Any feedback from the dev team ? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now