Hi Phoneboy,

the Oauth is working but i dont see any e-mails the client logs attached

09.02 10:13:59 ║ERROR║ ║BMCDSTACK║ <RequiredFoldersMappingOperation (122): 0x2827d0980> -[LoadFoldersInformationOperation beginAsyncProcess]_block_invoke_4 RequiredFoldersMappingOperation failed: Error Domain=SyncCPConnectionErrorDomain Code=5 "(null)" UserInfo={ErrorMessageKey=Error Domain=NSURLErrorDomain Code=-1 "(null)", StatusCodeKey=403}

09.02 10:13:59 ║INFO║ <RequiredFoldersMappingOperation (122): 0x2827d0980> -[AsyncOperation completeAsyncProcess] Ending

09.02 10:13:59 ║ERROR║ ║BMCDSTACK║ <0x282870b40> -[LoadFoldersInformationOperation completeAsyncProcess] Operation failed: Error Domain=SyncCPConnectionErrorDomain Code=5 "(null)" UserInfo={ErrorMessageKey=Error Domain=NSURLErrorDomain Code=-1 "(null)", StatusCodeKey=403}

Unfortunately, there's not enough there for me to suggest.
TAC has suggested some other debugs that we'll probably need.
I'm also checking with R&D to see what they suggest here.

Yes today i have generated all the requested logs again with the new situation that the oauth is working but no emails showing. I would really appriciate if you can please check that for me.

Lars,

Apologies for the delay.

Our client had a similar environment to yours where custom domain is used to log into M365 rather than the *.onmicrosoft.com.

While OATH is working (when OATH is configured correctly using the onmicrosoft.com domain), Capsule failed to retrieve email or log into Exchange Online.

We have worked around it by having users logged in, directly, to M365. See screenshots attached. Users are prompted to login to M365 (once) and following sessions used the locally cached credentials. Of course if the password changes, they will be prompted to log in again.

Hi thanks for the reply i dont know what you mean.

If Oauth is working correctly as in my case the user gets prompted in the login process of capsule to login to exchange online.

This process is working good.

What do you mean by "having users logged in, directly, to M365" ?

Ok i think i understand by setting the setting in the first screenshot SSO_config you force the users to login to o365.

If they login there are they using their custom domain UPN email address or the onmicrosoft.com one ?

UPN uses the custom domain name not “@onmicrosoft.com”

I am totally lost here.

This is what the engineer just wrote on TAC.

How can you think of changing all users their upn's

Hi Lars,

I understand the situation, however, having a different suffix is not supported. Per sk103721:

The account's 'E-mail' field must be in the form of:

username@myofficeaccount.onmicrosoft.com

(According to the username and domain name specified in the Office 365 account)

Alternatively, you may configure internal users (on the Smart Console) whose username is in the form of:

username@myofficeaccount.onmicrosoft.com

Hope this answers your question.

Best regards,

Hi our problem was related to the way capsule is working after the upgrade from basicauthentication to Oauth.

Capsule is now setting up the connection to EWS directly and not with the firewall in between like it did with basic auhentication.

We are not allowed to allow connections from the public network to EWS and thats the reason we bought capsule lics.

With basic authtication enabled only the firewall needs access to EWS to read te mailboxes.

Now Oauth is introduces Capsule needs to make a direct connection to EWS after authentication so no way we can use the product anymore because than we need to allow EWS from all public network.

Tnx for the attention