User is authenticated but not connected

Andrii Maslov 31 Reputation points
2021-02-19T09:25:15.717+00:00

Greetings!

I have a web app that uses oauth authentication with IMAP/SMTP protocols to access emails in office365/outlook mailboxes. But a few customers had a problem connecting through those protocols Server returns A0003 BAD User is authenticated but not connected after selecting mailbox. I've tested oauth flow with my personal outlook and office365 accounts - and I haven't experienced such error.

Customers that have this problem has a normal mailbox, not shared one. Also SMPT/IMAP options are turned on. The problem began a couple days ago, no changes in oauth flow in my web application were done.

I've did some research on my own but didn't find much. So my questions are :

  • what could cause this error and what actions needed to be applied to solve it?
  • is it from my end(oauth flow) or customer(o365/azure portals settings)?
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,853 questions
{count} vote

6 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 34,786 Reputation points Microsoft Employee
    2021-02-20T00:54:20.487+00:00

    Hi @Andrii Maslov ,

    I have not encountered this issue myself, but have seen some similar cases where this can happen if someone enters a bad password or credentials, or unsuccessful MFA. It will look like there was a successful authentication when there wasn't one.

    I found an issue where someone else received this error, and it looks like it can happen due to an incorrect CLI command.

    The solution listed in the thread:

    proper CLI arguments for imapsync are: --authuser2 "office365_admin@domain.tld" --user2 "user_to_be_migrated@domain.tld" --office2

    Before that, the following PowerShell command must be executed: Add-MailboxPermission -identity user_to_be_migrated@domain.tld -user office365_admin@domain.tld -accessrights fullaccess -inheritancetype all

    0 comments No comments

  2. Andrii Maslov 31 Reputation points
    2021-02-20T09:41:27.887+00:00

    Hi @MarileeTurscak,

    Thank you for your response.

    I'm using xoauth method for authorization with IMAP/SMTP protocols so it's only token passed there, but sign-in process and obtaining access token are successful. I've tried to enter invalid pass myself and it just fails on sing-in with appropriate error message. Also, there are no MFA methods enabled for these users.

    Were there some policies introduced, like default Security policy, that can block such access? Customer also says there are no Failure in Sign-in logs.

    I myself do not have access to those user's azure/o365 admin portals, so running shell commands isn't option right now.

    0 comments No comments

  3. Andrii Maslov 31 Reputation points
    2021-03-03T20:48:30.413+00:00

    I can describe whole oauth flow with my app, maybe it has some flaws that you could point out.

    0 comments No comments

  4. Pulkit Chowdry 1 Reputation point
    2021-07-16T12:19:52.873+00:00

    Hi @Andrii Maslov

    Did you find a solution for this?

    If you can share it in case you have found it.

    Thanks

    0 comments No comments

  5. nikhil ar 1 Reputation point
    2021-08-23T06:13:12.07+00:00

    Hi @Andrii Maslov

    Did you find a solution for this?

    If you can share it in case you have found it.

    0 comments No comments