/build/static/layout/Breadcrumb_cap_w.png

Kace 1000 emailing broken after move to 365 online Exchange

Recently moved to 365 online exchange (Hybrid configuration). Now the email through Kace no longer works. Default security is enabled in the online exchange. This means that mail using SMTP cannot authenticate with the server. The options laid out in this document https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365 do not work. Has anyone else run into this issue and was able to resolve it.


0 Comments   [ + ] Show comments

Answers (9)

Posted by: KevinG 4 months ago
Red Belt
0

What version of the SMA?

What is defined in Settings › Control Panel › Network Settings > Email Configuration?


What is defined in Service Desk › Configuration › Service Desk Queue Email Settings | "Name of your Service Desk" under Inbound and Outbound?


You can use the Email Sending test to troubleshoot your email configuration issue.
Settings › Support › Diagnostic Utilities

Posted by: Rigger718 4 months ago
Yellow Belt
0

KevinG,

I am now at version 14.1.95

Settings › Control Panel › Network Settings >Enable SMTP Server:smtp.office365.com Port 587 Login: kaceinternal@xxxx.ca and the account password

Service Desk › Configuration › Service Desk Queue Email Settings | "Name of your Service Desk" under Inbound and Outbound 

General|email address: helpdesk@xxx-kace1000.xxx.local, Alternate: helpdesk@xxxx.ca

Both inbound and outbound are configured using the Office365 button with a certificate created in the entra admin center and the MS 365 API Service: Microsoft 365 GCC - This configuration is now working for inbound emails from users to create tickets

Outbound email from Kace is not currently working. now getting this error when testing the SMTP server settings. I have sucessfully logged into the kaceinternal account by going to smtp.office365.com. I believe this issue is a result of the default security setting in the 365 tenant

efPm0qBBg+ghwzAMwzAOV77++mv5fwvFn6lwKpdzAAAAAElFTkSuQmCC



Comments:
  • use the Email Sending test to troubleshoot your email configuration issue, not the Service Desk Queue SMTP connection test
    Settings › Support › Diagnostic Utilities - KevinG 4 months ago
  • according to the error message the used user is blocked through the security settings. You may need to unblock it or use another one. - Nico_K 4 months ago
    • Nico_K, the security settings are the default security settings that are enabled for all mailboxes on newly created tenants. It is not an option to disable this as the sysadmin is determined to leave it on and I understand that decision. This default security system will not allow for legacy SMTP and there is no way to disable this on a individual basis. - Rigger718 4 months ago
      • well, if Security Setting _LOCK_ a user who is trying to authenticate, you cannot use _THIS_ user. Maybe the security settings are ... MICROSOFT like not smart or another user should be used _OR_ the user should be reenabled.
        If you try to use a locked out user this will never work. Thats why you lock out users, that they cannot login.

        Therefore it is not a KACE issue but an OSI8 issue with configuring O365 correctly and using the right user and password. - Nico_K 4 months ago
Posted by: Rigger718 4 months ago
Yellow Belt
0

Thank you,

ran the diagnotic as you recommended. It took some time but enventually i started receiving test emails from all my service desk queue's. There was also a substancial log created that indicated the same errors as posted earlier. I have attached this log to the Quest trouble ticket for further anaylisis. Hopefully a solution is forthcoming

Posted by: pamzhao 4 months ago
Senior Yellow Belt
0

We just encountered the same issue; our KACE service portal configuration is the same as yours. I'm wondering if you have any solution for this issue?

Thank you,

Pam

Posted by: Rigger718 4 months ago
Yellow Belt
0

Pam, the following works for incoming email allowing Kace to create tickets from useer email:

Create aapplication for the mailbox using the “Microsoft Entra Admin Center”

Login tothe Entra Admin Center

SelectApplications>app Registrations

Add a newregistration, provide a descriptive name, select “accounts in any organizationaldirectory”

Under “Redirect URI", select Web platform andprovide the redirect kace URL. ie...https://your kace FQDN/common/authorize.php  

Selectregister

Next windowis the App registration that was just created

Copy and notethe “Application (client) ID” you will require this when creating thecredential on Kace

LocateClient Credentials and select “Add a certificate or secret”

In the nextwindow create a “New Client Secret” provide a descriptive name and a expirytime then select add

VeryImportant step to copy and record the Value and secret ID. The value is onlyavailable at this step and you will need this when creating the credential on the kace server

Select the “Overview”and confirm everything is correct

Log in toyou Microsoft 365 admin center

Select themailbox you are configuring in Kace

Goto themail and select Manage email apps

Ensure allapps are checked including “Authenticated SMTP”Create the credentialin Kace

Sign into kace admin using the https://URL Note: you must use the secure https this will not work if using just http

Go tosettings>credentials

In “ChooseAction” select new

Provide requiredinformation in this form:

Name: descriptive name,

Type: pull down and select “Office365 OAuth”

Client ID: insert he the client ID you recordedearlier

Client Secret: This is the “Value” you recordedearlier

Azure AD Tenant Type: Make sure this is thesame as what is configured in Entra

Scroll downand “Authorize Credential”

Authenticateusing the account for the mailbox. You will require the login name and passwordfor the mailbox

Carry outthe MFA

Once theMFA is complete then the “Add Credential” on Kace Status will indicateAuthorized

Save tocontinue

Your newcredential is now available

Go to “ServiceDesk”>Configuration>Email Configuration>Configure department emailsettings

Pull downthe Help desk you are configuring

In "General",confirm all settings are correct

Select the “InboundTab” and highlight the Office365 radio button

Select thecredential you just created and leave the Microsoft 365 API Service as default

Select the “Outbound”tab, highlight the “Queue specific settings”>”Office365” and select the credentialyou just created and leave the Microsoft 365 API Service as default

Save yourwork

Send a test email to the service desk to confirm the settings work


As a side note, i ended up have to use the Kace Self Signed certificate as the sever UI would stop responding if i used a cert from my CA and would not accept a Cert from godaddy. Quest Engineers are working on this issue

Posted by: pamzhao 4 months ago
Senior Yellow Belt
0

Hi, 

Thank you so much for your quick response. The process seems complicated, and our KACE SMA uses the internal CA certificate. Do you know if the internal CA certificate will create an issue here? My workaround is using our internal SMTP server for the service portal outbound emails. 

Posted by: Rigger718 4 months ago
Yellow Belt
0

Pam, 

The reason I used a selfsigned cert is because my internal CA Cert cause the kace web application to hang. It was doing this while Quest was online with me and their shortterm suggestion was to use a selfsigned until they reviewed to logs as to the cause of the hanging. There is no reason I can see that a CA signed cert would cause any problems with mail configuration. Complication comes part in parcel when using MS documentation, it is often incomplete and inconsistant as they are always updating the software/process and not the documentation

Posted by: pamzhao 4 months ago
Senior Yellow Belt
0

How about the outbound email setting? Here is my configuration. Our SMA service desk inbound has no issue, but the outbound email is not working, and the portal email account keeps receiving undeliverable emails. KACE support is pointing this to O365.

wFdDYr0DxtkNwAAAABJRU5ErkJggg==

AAAAABJRU5ErkJggg==

Posted by: KevinG 4 months ago
Red Belt
0

Based on the screenshots above of the service desk queue settings, Incoming is using the Microsoft API to pull down an email from Office365 (Not SMTP)

All outgoing email from the SMA uses SMTP regardless of the incoming protocol.

The error message reported is from the external Office365 SMTP server (not SMA) that authentication failed.

Did you verify that an Office365 client can log in to that mailbox using the same credentials in the Outbound Email Settings?

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ