You are viewing limited content. For full access, please sign in.

Question

Question

Email Archiver IMAP Issue

Import Agent Laserfiche Administration
Updated March 24, 2023
asked on June 21, 2021

Hello, 

I am helping a client move their Laserfiche Email Archiver over from SMTP to IMAP. We were able to get OAuth to work, but for security reasons they prefer to use the standard configuration. When we type in the information into the standard configuration for the shared mailbox we are unable to connect. Here are some details. Any ideas?

  • 365 Mailbox in the cloud. 
  • Shared Mailbox
  • Fully licensed user that has full control delegation access

 

Thanks

1 0

Replies

replied on June 21, 2021

Hi Christopher,

I can't help but think your client has inadvertently gotten their security preferences backward. Microsoft is aggressively trying to kill off Basic authentication for O365 as it's incredibly insecure compared to Modern auth (OAuth). So much so they're proactively disabling Basic auth in tenants they detect aren't using it on behalf of customers. I've heard dozens of requests to move from Basic auth to OAuth and this is the first time I've ever heard it the other way.

See: Microsoft - Exchange Online depreciating Basic Authentication

Modern vs. Basic Authentication:  Hopefully by now we don’t need to expand upon the virtues of Modern Authentication.  Enabled by default for all new tenants since August 1, 2017, Modern Auth is the superior alternative for all users and applications connecting to Office 365.  If you haven’t turned Modern Authentication on yet we certainly recommend it. 

If you have OAuth working, I'm not aware of a legitimate security case for switching back to using a method that Microsoft is actively working to depreciate because it's insecure.

In short, I'd really sanity check that's what they want and why before spending any further time troubleshooting an auth method that's liable to be forcibly disabled in a year.

0 0
View 9 previous replies
replied on June 22, 2021 Show version history

After discussing with my client we decided to try OAuth. Within the configuration we are able to connect. Once I click 'okay' to save the configuration I receive this. Do you know what could be causing this? "Key not valid for use in specified state."

 

 

0 0
replied on June 22, 2021

Could you please check the Email Archive event log to see if there is a more detailed error message with a stack trace and if so post it here?

It would be under:

Event Viewer -> Applications and Services Logs -> Laserfiche -> EmailArchive -> Service -> Admin

Also, what identity is the Laserfiche Email Archive Service running as?

0 0
replied on June 22, 2021

Nothing appears here. 

They are running Laserfiche Email Archive Service with a service account. 

0 0
replied on June 22, 2021

Could you try temporarily switching the Email Archive Service to run as the Local System account, restart the service, and see if you get the same error when saving the configuration?

I did some searching and came across some cases where the root cause of that error was the service account lacking permissions to certain certificate keys. The Local System account should have full access to all keys, so if the error doesn't appear when EAS is running as Local System, that would indicate that some permissions are missing on the current service account.

0 0
replied on June 23, 2021 Show version history

We are still receiving the same error while using the Local System account. When using the Local System account we see the error above. Once clicking okay, we see another error. "Object reference not set to an instance of an object"

0 0
replied on June 23, 2021

Thanks for checking. Can you please open a support case referencing this post so we can assist further?

0 0
replied on July 7, 2021

Hey Samuel, was there a resolution to this case?

0 0
replied on July 7, 2021

Hi Brett,

Chris' case (#217941) is still open and awaiting an update from his side. Have you encountered a similar issue?

0 0
replied on July 7, 2021

It was a coworker's issue. I just double checked, and the errors are not the same.  The behavior is similar though. Thanks!

0 0
replied on December 16, 2021

We have the same issue.  Our security folk are pressuring to get off of these old "legacy" protocols.  Another service we use implemented this type of functionality with a cached OAuth ticket.  Seems to work well.

0 0
replied on March 24, 2023

Hey @████████, did you ever get this resolved?

0 0
replied on March 24, 2023 Show version history

Wasn't my case, but I checked the notes on Chris' and it was marked as resolved with this note:

Performing the following steps has resolved the customer's issue:

1. Go to C:\ProgramData\Laserfiche\EmailArchiveService\Auth folder, backup 'keys' file to some place
2. Delete 'keys' file from the folder
3. Close Configuration dialog, and launch it again to create a new profile

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...