Jack Lindasy
asked on
pop/imap/smtp fails after implementing AD FS
Hi All,
over the weekend i moved a tenant's domain from managed to federated with ADFS. imap etc was working fine before i implemented ADFS, but now it fails. i've tried configuring on a couple of different email clients to confirm and also did an imap test on ping ability which comes up with this error
Protocol IMAP
Error
ProtocolException: No login methods supported!
i'm about to raise another microsoft ticket, but thought i'd ask the question here - google doesn't have much to say on the matter
thanks
Jack
over the weekend i moved a tenant's domain from managed to federated with ADFS. imap etc was working fine before i implemented ADFS, but now it fails. i've tried configuring on a couple of different email clients to confirm and also did an imap test on ping ability which comes up with this error
Protocol IMAP
Error
ProtocolException: No login methods supported!
i'm about to raise another microsoft ticket, but thought i'd ask the question here - google doesn't have much to say on the matter
thanks
Jack
Have you configured any claims rules apart from the default ones? Have you made sure an externally accessible AD FS proxy server/WAP is available? What do the AD FS audit events show?
ASKER
Hi Vasil,
ADFS is completely standard out of the box - not done anything with claims rules. ADFS/WAP is working off and on site, and i can access the mailbox through OWA. i've looked through the ADFS admin log and can't see anything appearing for the mailbox in question.
ADFS is completely standard out of the box - not done anything with claims rules. ADFS/WAP is working off and on site, and i can access the mailbox through OWA. i've looked through the ADFS admin log and can't see anything appearing for the mailbox in question.
Make sure you have the auditing settings properly configured: https://jorgequestforknowledge.wordpress.com/2013/07/08/enabling-auditing-of-issued-claims-in-adfs-v2-x-and-adfs-v3-x/
Do you have any form of 2FA enabled for these accounts, such as Azure MFA?
Do you have any form of 2FA enabled for these accounts, such as Azure MFA?
ASKER
Enabled those options no change under the Admin log. under the security log it reports the user successfully logged on. not using any 2FA
IMAP/POP/SMTP uses basic authentication for ADFS implementations. https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_security/office-365-imap-and-pop3-authentication-flow/8f214fd6-5434-4a1f-bd2b-c414b810d0fa explains how the process works. How long ago did you implement ADFS? If I remember correctly, it can take up to 24 hours for backend changes to apply in O365 for IMAP/POP3/SMTP to function after implementing ADFS.
ASKER
Hi Adam,
are you referring to the Primary Authentication screen? if so, under extranet Forms authentication is enabled and under intranet Windows Authentication is enabled...
ADFS was implemented on Saturday
are you referring to the Primary Authentication screen? if so, under extranet Forms authentication is enabled and under intranet Windows Authentication is enabled...
ADFS was implemented on Saturday
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
365 - no exchange on site
ASKER
oh - to add. before the domain was managed, it was federated on another solution (that wasn't very good) and imap etc was working on that account then as well
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Time critical so used a work around