Share via

"Authentication unsuccessful, federated STS service was unreachable." This error started to show without any change on our side.

Marek Kiš 5 Reputation points
2024-07-29T07:29:58.7633333+00:00

Hello,

we use ADFS (Windows Server 2016). We also have Exchange hybrid environment configured. All recipients are in the cloud (Exchange Online). We use Azure AD Connect for syncing on-prem users to the cloud.

We use service accounts for sending notifications via SMTP (smtplib library in Python). We have this setup for years and everything was fine until July 18 2024. From that date we are unable to send emails via service accounts as we receive this error: "Authentication unsuccessful, federated STS service was unreachable."

  • we did not update smtplib (same error is showing when trying to send email via PowerShell)
  • we did not enable Security defaults in the tenant
  • we did not enable SSPR (user is not asked to register auth methods)
  • service accounts are able to login via GUI just fine (no MFA interruption)
  • yes, in Get-TransportConfig there is SmtpClientAuthenticationDisabled set to FALSE (so it is not disabled)
  • yes, service accounts have the property SmtpClientAuthenticationDisabled in Get-CASMailbox set to FALSE (so SMTP is enabled)
  • cloud only accounts (created directly in EXO for test purposes) are able to send emails via the same PowerShell or Python script just fine (there is no need for them to contact federated STS as they are cloud only)

Before you ask me a lot of questions, let me mention it again - we did not change anything for years in this setup (except changing certificates on ADFS server regularly). Did Microsoft changed something again without telling us?

We need to have this issue fixed as we are not able send email via SMTP.

Microsoft Exchange Online
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,154 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,264 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Muffuh Bertrand Akehmbom 0 Reputation points
    2024-07-31T07:27:35.26+00:00

    Hello Marek Kiš

    Good day and hope you are doing well.

    Based on the information provided, it appears you are having error message "Authentication unsuccessful, federated STS service was unreachable." I will recommend you contact experts in Microsoft authentication Microsoft Authenticator - Microsoft Q&A to investigate the root cause and troubleshoot accordingly.

    Hope this helps!

    In good faith,

    Bertrand

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.