SMTP AUTHentication is not working after federation of domain configured

Yusuf Uzunay 0 Reputation points
2024-01-06T07:14:49.32+00:00

after the federation of my domain, the users, who were able to send mail before the federation via SMTP AUTHENTICATION like printers, and firewalls etc, CAN't send emails anymore. the error is:

535 5.7.139 Authentication unsuccessful, the user credentials were incorrect. [FR3P281CA0205.DEUP281.PROD.OUTLOOK.COM 2024-01-06T06:47:15.406Z 08DC0D684FC78FFE]

I disabled the default security policy in Azure which disables the SMTP AUTH login method.

and also enabled SMTP AUTH for the users.

as I mentioned the same users were able to send e-mails before the federation of the domain.

what is he problem and what should be done?

Screenshot 2024-01-06 093051 (003)

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,192 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. RevelinoB 2,775 Reputation points
    2024-01-06T08:01:35.4033333+00:00

    Hi Yusuf,

    I saw your problem before, the old "535 5.7.139 Authentication unsuccessful" error, a classic scenario especially after changes like domain federation. It seems like you've covered some ground already by disabling the default security policy and enabling SMTP AUTH for users. Here's what might be worth a second look:

    • Double-check Credentials: It might be a good idea to revisit the credentials being used. After federation changes, these can often be the culprits.
    • Confirm SMTP AUTH Status: Have you had a chance to check that SMTP AUTH is active for all affected accounts? Sometimes, settings need a second look to catch any that might have been missed.
    • Reassess Access Policies: I'd suggest reviewing any conditional access policies. They have a way of influencing SMTP authentication in unexpected ways.
    • Password Synchronization: It’s worth taking another look at the password hash synchronization status. Ensuring this is functioning as intended could be key.
    • SMTP Server Settings: Could there be any overlooked changes in your SMTP server setup post-federation? Sometimes the smallest change can have a big impact.
    • Verify IP Allowlist: If you use IP allowlisting, confirming that the necessary IPs are still authorized to send emails could clear up some issues.
    • Explore Detailed Logs: Diving into the SMTP service logs may reveal more insights. There might be a hint there waiting to be discovered.
    • Test with a Reliable Account: Trying to authenticate with a proven account can sometimes help isolate whether the issue lies with the user accounts or the device setup.

    I hope this helps with your query?

    0 comments