Link to home
Start Free TrialLog in
Avatar of Jack Lindasy
Jack Lindasy

asked on

pop/imap/smtp fails after implementing AD FS

Hi All,

over the weekend i moved a tenant's domain from managed to federated with ADFS.  imap etc was working fine before i implemented ADFS, but now it fails.  i've tried configuring on a couple of different email clients to confirm and also did an imap test on ping ability which comes up with this error

Protocol      IMAP
Error      
ProtocolException: No login methods supported!

i'm about to raise another microsoft ticket, but thought i'd ask the question here - google doesn't have much to say on the matter

thanks
Jack
Avatar of Vasil Michev (MVP)
Vasil Michev (MVP)
Flag of Bulgaria image

Have you configured any claims rules apart from the default ones? Have you made sure an externally accessible AD FS proxy server/WAP is available? What do the AD FS audit events show?
Avatar of Jack Lindasy
Jack Lindasy

ASKER

Hi Vasil,
ADFS is completely standard out of the box - not done anything with claims rules.  ADFS/WAP is working off and on site, and i can access the mailbox through OWA.  i've looked through the ADFS admin log and can't see anything appearing for the mailbox in question.
Make sure you have the auditing settings properly configured: https://jorgequestforknowledge.wordpress.com/2013/07/08/enabling-auditing-of-issued-claims-in-adfs-v2-x-and-adfs-v3-x/

Do you have any form of 2FA enabled for these accounts, such as Azure MFA?
Enabled those options no change under the Admin log.  under the security log it reports the user successfully logged on.  not using any 2FA
IMAP/POP/SMTP uses basic authentication for ADFS implementations. https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_security/office-365-imap-and-pop3-authentication-flow/8f214fd6-5434-4a1f-bd2b-c414b810d0fa explains how the process works. How long ago did you implement ADFS? If I remember correctly, it can take up to 24 hours for backend changes to apply in O365 for IMAP/POP3/SMTP to function after implementing ADFS.
Hi Adam,
are you referring to the Primary Authentication screen?  if so, under extranet Forms authentication is enabled and under intranet Windows Authentication is enabled...
ADFS was implemented on Saturday
SOLUTION
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
365 - no exchange on site
oh - to add.  before the domain was managed, it was federated on another solution (that wasn't very good) and imap etc was working on that account then as well
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Time critical so used a work around