OAuth2 token for "znuny365" has expired.

[FSF]

Hello

I'm tired of constantly having mini problems.

Here is the last one:

The server is running Debian 12

OAuth2 token for "znuny365" has expired.

Error requesting token for token config ID 7 with authorization code '1.ASAASSc_xxxxxxxxxxx-qgFVFj-iywxxxxxxxxgAA.AxxxxxxxxxxxxxxxxxxpDw-3AAi3hB...

Backend ERROR: OTRS-CGI-38 Perl: 5.36.0 OS: linux Time: Fri Feb 14 09:42:08 2025

Message: Response for request for token config with ID 7 and request type 'TokenByAuthorizationCode' was not '200 OK'. invalid_client (error code 7000222): AADSTS7000222: The provided client secret keys for app '6f746876-80aa-4555-8fe8-b21f9c56a1f2' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: d1e18473-666f-47e5-a9b2-afa54f9d0800 Correlation ID: 7ea72ad7-c3a4-440d-bd0a-5517637ac9ec Timestamp: 2025-02-14 08:42:08Z

RemoteAddress: 172.16.0.16
RequestURI: /otrs/get-oauth2-token-by-authorization-code.pl?code=1.ASAASSc_5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Traceback (398257):
Module: Kernel::System::OAuth2Token::RequestTokenByAuthorizationCode Line: 757
Module: Kernel::Modules::AdminOAuth2TokenManagement::_RequestTokenByAuthorizationCode Line: 106
Module: Kernel::Modules::AdminOAuth2TokenManagement::Run Line: 53
Module: Kernel::System::Web::InterfaceAgent::Run Line: 1144
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_get_2doauth2_2dtoken_2dby_2dauthorization_2dcode_2epl::handler Line: 52
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32

Can you please help me?

and also tell me why overnight the connection seems to be dead between znuny and 365?

Many thanks in advance

[root]

Hi,

The error message is clear:
"The provided client secret keys for app '6f746876-80aa-4555-8fe8-b21f9c56a1f2' are expired"

Secrets in MS Azure have a limited lifetime. This is something you have to oversee. There is no way to check for a token how long the secret is still valid. I recommend using a maintenance calendar and plan secret rollover.

I recommend creating a new token configuration with the same Application ID and a new secret.

- Roy

[FSF]

Thanks for your message

So I did go into azure to redo a certificate for my znuny connector.
The connector ID has not changed but the value has.

I then went to Znuny and the Oauth2 configuration
Opened my connector, which was in use before. I changed the value in this connector (paste from azure)

Saved and clicked on request new token, but unfortunately I got another error message

Code: Select all

Backend ERROR: OTRS-CGI-38 Perl: 5.36.0 OS: linux Time: Mon Feb 17 11:32:35 2025

 Message: Error requesting token for token config ID 7 with authorization code '1.xxxxxxxxxxxxxx'. Error: invalid_client

 RemoteAddress: 172.16.0.16
 RequestURI: /otrs/get-oauth2-token-by-authorization-code.pl?code=1.xxxxxxxxxxxx

 Traceback (723186): 
   Module: Kernel::Output::HTML::Layout::Error Line: 1038
   Module: Kernel::Output::HTML::Layout::ErrorScreen Line: 1019
   Module: Kernel::Modules::AdminOAuth2TokenManagement::_RequestTokenByAuthorizationCode Line: 120
   Module: Kernel::Modules::AdminOAuth2TokenManagement::Run Line: 53
   Module: Kernel::System::Web::InterfaceAgent::Run Line: 1144
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_get_2doauth2_2dtoken_2dby_2dauthorization_2dcode_2epl::handler Line: 52
   Module: (eval) (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
   Module: ModPerl::Registry::handler (v1.99) Line: 32

What have I done wrong to end up like this?

Thanks in advance for any help

[root]

I then went to Znuny and the Oauth2 configuration
Opened my connector, which was in use before. I changed the value in this connector (paste from azure)

Saved and clicked on request new token, but unfortunately I got another error message

Hi,

And this is why I recommend doing it another way.

- Roy

[FSF]

Hello

I started all over again from 0
I deleted all the certificates from my znuny connector in azure to create a new and unique one.

I retrieved its value and then went to znuny/oauth2, edited the only “OAuth2 token configurations” present, and replaced the old “secret client” with the new one and saved.

When I click on request new token, I get the following error message:

Code: Select all

Backend ERROR: OTRS-CGI-38 Perl: 5.36.0 OS: linux Time: Tue Feb 18 09:49:07 2025

 Message: Error requesting token for token config ID 7 with authorization code '1.ASAASSc_51pdq0e4uL6a_MlBDnZodG-qgFVFj-here is a large alphanumeric sequenceYhvk'. Error: invalid_client

 RemoteAddress: 172.16.0.16
 RequestURI: /otrs/get-oauth2-token-by-authorization-code.pl?code=1.ASAASSc_51pdq0e4uL6a_MlBDnZodG-qgFVFj-here is the same large alphanumeric sequencehvk&state=TokenConfigID7&session_state=0012cc99-9eb9-ca47-2ca8-ef7b3d521c69

 Traceback (108910): 
   Module: Kernel::Output::HTML::Layout::Error Line: 1038
   Module: Kernel::Output::HTML::Layout::ErrorScreen Line: 1019
   Module: Kernel::Modules::AdminOAuth2TokenManagement::_RequestTokenByAuthorizationCode Line: 120
   Module: Kernel::Modules::AdminOAuth2TokenManagement::Run Line: 53
   Module: Kernel::System::Web::InterfaceAgent::Run Line: 1144
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_get_2doauth2_2dtoken_2dby_2dauthorization_2dcode_2epl::handler Line: 52
   Module: (eval) (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
   Module: ModPerl::Registry::handler (v1.99) Line: 32

it says "invalid client", but I'm sure the correct client ID is entered

I tried creating a new “OAuth2 token configurations” but now I get a new error message

Code: Select all

Backend ERROR: OTRS-CGI-38 Perl: 5.36.0 OS: linux Time: Tue Feb 18 09:54:45 2025

 Message: Response data for authorization code request for token config ID 10 does not contain authorization code.

 RemoteAddress: 172.16.0.16
 RequestURI: /otrs/get-oauth2-token-by-authorization-code.pl?error=invalid_request&error_description=AADSTS50194%3a+Application+%276f746876-80aa-4555-8fe8-b21f9c56a1f2%27(znuny365)+is+not+configured+as+a+multi-tenant+application.+Usage+of+the+%2fcommon+endpoint+is+not+supported+for+such+applications+created+after+%2710%2f15%2f2018%27.+Use+a+tenant-specific+endpoint+or+configure+the+application+to+be+multi-tenant.+Trace+ID%3a+63ab9e5f-a5ce-4e4e-ac68-4a4765cc1400+Correlation+ID%3a+d9ecc54f-3b8e-4863-8230-58c5efd31920+Timestamp%3a+2025-02-18+08%3a54%3a45Z&state=TokenConfigID10

 Traceback (108910): 
   Module: Kernel::System::OAuth2Token::GetAuthorizationCodeParameters Line: 559
   Module: Kernel::Modules::AdminOAuth2TokenManagement::_RequestTokenByAuthorizationCode Line: 94
   Module: Kernel::Modules::AdminOAuth2TokenManagement::Run Line: 53
   Module: Kernel::System::Web::InterfaceAgent::Run Line: 1144
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_get_2doauth2_2dtoken_2dby_2dauthorization_2dcode_2epl::handler Line: 52
   Module: (eval) (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
   Module: ModPerl::Registry::handler (v1.99) Line: 32

So after modifying the connector authentication in azure and switching to "Accounts in an organization directory (any Microsoft Entra ID tenant - Multi-tenant)"

I recreated a new "OAuth2 token configuration" and upon validation and launching a “request new token” there was no error message.

But Now, how can I delete the first OAuth2 token configuration that's no longer useful? I don't have the delete option available for it.

On the other hand, now that the token problem seems to have been solved, mails in the inbox don't show up in znuny.

[FSF]

Here's the error I got in the logs:

Code: Select all

Tue Feb 18 11:00:04 2025 (Europe/Paris) 	error 	OTRS-otrs.Console.pl-Maint::PostMaster::MailAccountFetch-38 	Error while retrieving the messages 'IMAPS': Could not select: 

I've changed the Oauth token configuration in the postmaster email account but I've got this error coming up

Code: Select all

Tue Feb 18 11:27:22 2025 (Europe/Paris) 	error 	OTRS-CGI-38 	Error while retrieving the messages 'IMAPS': Could not select:

is it a setting problem in znuny (if so, what should I change?) or in my microsoft tenant (what should I change, if you know?)?

Thanks in advance

[FSF]

Hello

My problem is still there

Code: Select all

Thu Feb 20 08:40:20 2025 (Europe/Paris) 	error 	OTRS-otrs.Console.pl-Maint::PostMaster::MailAccountFetch-38 	Error while retrieving the messages 'IMAPS': Could not select:
Thu Feb 20 08:30:18 2025 (Europe/Paris) 	error 	OTRS-otrs.Console.pl-Maint::PostMaster::MailAccountFetch-38 	CommunicationLog(ID:1248350,AccountType:-,AccountID:-,Direction:Incoming,Transport:Email,ObjectLogType:Connection,ObjectLogID:2277282)::Kernel::System::MailAccount::IMAPS => IMAPS: Can't connect to outlook.office365.com: Unable to connect to outlook.office365.com: IO::Socket::IP configuration failed

If it helps:

Code: Select all

su -c "/opt/otrs/bin/otrs.Console.pl Maint::PostMaster::MailAccountFetch --debug" -s /bin/bash otrs

Spawning child process to fetch incoming messages from mail accounts...

outlook.office365.com (IMAPS)...
IMAPS: Connection to outlook.office365.com closed.

Started at Thu Feb 20 09:37:50 2025
Using Mail::IMAPClient version 3.43 on perl 5.036000
Connecting with IO::Socket::SSL PeerAddr outlook.office365.com PeerPort 993 Proto tcp Timeout 600 Debug 1 SSL_verify_mode 0
Connected to outlook.office365.com
Read:   * OK The Microsoft Exchange IMAP4 service is ready. [UABBADcAUAAyADYANABDAEEAMAAwADgAMQAuAEYAUgBBAFAAMgA2ADQALgBQAFIATwBEAC4ATwBVAFQATABPAE8ASwAuAEMATwBNAA==]
Sending: 1 AUTHENTICATE XOAUTH2
Sent 24 bytes
Read:   +
Sending: [Redact: Count=1 Showcredentials=OFF]
Sent 3342 bytes
Read:   1 OK AUTHENTICATE completed.
Sending: 2 SELECT INBOX
Sent 16 bytes
Read:   2 BAD User is authenticated but not connected.
ERROR: 2 BAD User is authenticated but not connected. at /usr/share/perl5/Mail/IMAPClient.pm line 1388.
        Mail::IMAPClient::__ANON__("2 BAD User is authenticated but not connected.\x{d}\x{a}") called at /usr/share/perl5/Mail/IMAPClient.pm line 1424
        Mail::IMAPClient::_get_response(Mail::IMAPClient=HASH(0x55ddf0730120), 2, undef) called at /usr/share/perl5/Mail/IMAPClient.pm line 1350
        Mail::IMAPClient::_imap_command_do(Mail::IMAPClient=HASH(0x55ddf0730120), "SELECT INBOX") called at /usr/share/perl5/Mail/IMAPClient.pm line 1248
        Mail::IMAPClient::_imap_command(Mail::IMAPClient=HASH(0x55ddf0730120), "SELECT INBOX") called at /usr/share/perl5/Mail/IMAPClient.pm line 864
        Mail::IMAPClient::select(Mail::IMAPClient=HASH(0x55ddf0730120), "INBOX") called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 301
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 305
        Kernel::System::MailAccount::IMAP::__ANON__("select", "INBOX") called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 331
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 345
        Kernel::System::MailAccount::IMAP::_Fetch(Kernel::System::MailAccount::IMAPS=HASH(0x55ddef7430e8), "CMD", 1, "Comment", "", "Password", "********", "IMAPFolder", ...) called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 157
        Kernel::System::MailAccount::IMAP::Fetch(Kernel::System::MailAccount::IMAPS=HASH(0x55ddef7430e8), "Debug", 1, "ChangeTime", "2025-02-18 15:34:39", "ValidID", 1, "QueueID", ...) called at /opt/znuny-6.5.4/Kernel/System/MailAccount.pm line 649
        Kernel::System::MailAccount::MailAccountFetch(Kernel::System::MailAccount=HASH(0x55ddef58acd8), "AuthenticationType", "oauth2_token", "ID", 1, "IMAPFolder", "INBOX", "Password", ...) called at /opt/znuny-6.5.4/Kernel/System/Console/Command/Maint/PostMaster/MailAccountFetch.pm line 171
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/Console/Command/Maint/PostMaster/MailAccountFetch.pm line 163
        Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch::Run(Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch=HASH(0x55ddec4b9b30)) called at /opt/znuny-6.5.4/Kernel/System/Console/BaseCommand.pm line 461
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/Console/BaseCommand.pm line 455
        Kernel::System::Console::BaseCommand::Execute(Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch=HASH(0x55ddec4b9b30), "--debug") called at /opt/znuny-6.5.4/Kernel/System/Console/InterfaceConsole.pm line 81
        Kernel::System::Console::InterfaceConsole::Run(Kernel::System::Console::InterfaceConsole=HASH(0x55ddeed6f798), "Maint::PostMaster::MailAccountFetch", "--debug") called at /opt/otrs/bin/otrs.Console.pl line 37
ERROR: 2 BAD User is authenticated but not connected. at /usr/share/perl5/Mail/IMAPClient.pm line 1298.
        Mail::IMAPClient::_imap_command(Mail::IMAPClient=HASH(0x55ddf0730120), "SELECT INBOX") called at /usr/share/perl5/Mail/IMAPClient.pm line 864
        Mail::IMAPClient::select(Mail::IMAPClient=HASH(0x55ddf0730120), "INBOX") called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 301
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 305
        Kernel::System::MailAccount::IMAP::__ANON__("select", "INBOX") called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 331
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 345
        Kernel::System::MailAccount::IMAP::_Fetch(Kernel::System::MailAccount::IMAPS=HASH(0x55ddef7430e8), "CMD", 1, "Comment", "", "Password", "********", "IMAPFolder", ...) called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 157
        Kernel::System::MailAccount::IMAP::Fetch(Kernel::System::MailAccount::IMAPS=HASH(0x55ddef7430e8), "Debug", 1, "ChangeTime", "2025-02-18 15:34:39", "ValidID", 1, "QueueID", ...) called at /opt/znuny-6.5.4/Kernel/System/MailAccount.pm line 649
        Kernel::System::MailAccount::MailAccountFetch(Kernel::System::MailAccount=HASH(0x55ddef58acd8), "AuthenticationType", "oauth2_token", "ID", 1, "IMAPFolder", "INBOX", "Password", ...) called at /opt/znuny-6.5.4/Kernel/System/Console/Command/Maint/PostMaster/MailAccountFetch.pm line 171
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/Console/Command/Maint/PostMaster/MailAccountFetch.pm line 163
        Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch::Run(Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch=HASH(0x55ddec4b9b30)) called at /opt/znuny-6.5.4/Kernel/System/Console/BaseCommand.pm line 461
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/Console/BaseCommand.pm line 455
        Kernel::System::Console::BaseCommand::Execute(Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch=HASH(0x55ddec4b9b30), "--debug") called at /opt/znuny-6.5.4/Kernel/System/Console/InterfaceConsole.pm line 81
        Kernel::System::Console::InterfaceConsole::Run(Kernel::System::Console::InterfaceConsole=HASH(0x55ddeed6f798), "Maint::PostMaster::MailAccountFetch", "--debug") called at /opt/otrs/bin/otrs.Console.pl line 37
ERROR: OTRS-otrs.Console.pl-Maint::PostMaster::MailAccountFetch-38 Perl: 5.36.0 OS: linux Time: Thu Feb 20 09:37:52 2025

 Message: Error while retrieving the messages 'IMAPS': Could not select:


 Traceback (198039):
   Module: Kernel::System::MailAccount::IMAP::_Fetch Line: 347
   Module: Kernel::System::MailAccount::IMAP::Fetch Line: 157
   Module: Kernel::System::MailAccount::MailAccountFetch Line: 649
   Module: (eval) Line: 171
   Module: Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch::Run Line: 163
   Module: (eval) Line: 461
   Module: Kernel::System::Console::BaseCommand::Execute Line: 455
   Module: Kernel::System::Console::InterfaceConsole::Run Line: 81
   Module: /opt/otrs/bin/otrs.Console.pl Line: 37

Sending: 3 CLOSE
Sent 9 bytes
Read:   3 BAD User is authenticated but not connected.
        * BYE Connection closed. 14
ERROR: 3 BAD User is authenticated but not connected. at /usr/share/perl5/Mail/IMAPClient.pm line 1388.
        Mail::IMAPClient::__ANON__("3 BAD User is authenticated but not connected.\x{d}\x{a}") called at /usr/share/perl5/Mail/IMAPClient.pm line 1424
        Mail::IMAPClient::_get_response(Mail::IMAPClient=HASH(0x55ddf0730120), 3, undef) called at /usr/share/perl5/Mail/IMAPClient.pm line 1350
        Mail::IMAPClient::_imap_command_do(Mail::IMAPClient=HASH(0x55ddf0730120), "CLOSE") called at /usr/share/perl5/Mail/IMAPClient.pm line 1248
        Mail::IMAPClient::_imap_command(Mail::IMAPClient=HASH(0x55ddf0730120), "CLOSE") called at /usr/share/perl5/Mail/IMAPClient.pm line 2379
        Mail::IMAPClient::close(Mail::IMAPClient=HASH(0x55ddf0730120)) called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 301
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 305
        Kernel::System::MailAccount::IMAP::__ANON__("close") called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 521
        Kernel::System::MailAccount::IMAP::_Fetch(Kernel::System::MailAccount::IMAPS=HASH(0x55ddef7430e8), "CMD", 1, "Comment", "", "Password", "********", "IMAPFolder", ...) called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 157
        Kernel::System::MailAccount::IMAP::Fetch(Kernel::System::MailAccount::IMAPS=HASH(0x55ddef7430e8), "Debug", 1, "ChangeTime", "2025-02-18 15:34:39", "ValidID", 1, "QueueID", ...) called at /opt/znuny-6.5.4/Kernel/System/MailAccount.pm line 649
        Kernel::System::MailAccount::MailAccountFetch(Kernel::System::MailAccount=HASH(0x55ddef58acd8), "AuthenticationType", "oauth2_token", "ID", 1, "IMAPFolder", "INBOX", "Password", ...) called at /opt/znuny-6.5.4/Kernel/System/Console/Command/Maint/PostMaster/MailAccountFetch.pm line 171
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/Console/Command/Maint/PostMaster/MailAccountFetch.pm line 163
        Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch::Run(Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch=HASH(0x55ddec4b9b30)) called at /opt/znuny-6.5.4/Kernel/System/Console/BaseCommand.pm line 461
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/Console/BaseCommand.pm line 455
        Kernel::System::Console::BaseCommand::Execute(Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch=HASH(0x55ddec4b9b30), "--debug") called at /opt/znuny-6.5.4/Kernel/System/Console/InterfaceConsole.pm line 81
        Kernel::System::Console::InterfaceConsole::Run(Kernel::System::Console::InterfaceConsole=HASH(0x55ddeed6f798), "Maint::PostMaster::MailAccountFetch", "--debug") called at /opt/otrs/bin/otrs.Console.pl line 37
ERROR: * BYE Connection closed. 14 at /usr/share/perl5/Mail/IMAPClient.pm line 1439.
        Mail::IMAPClient::_get_response(Mail::IMAPClient=HASH(0x55ddf0730120), 3, undef) called at /usr/share/perl5/Mail/IMAPClient.pm line 1350
        Mail::IMAPClient::_imap_command_do(Mail::IMAPClient=HASH(0x55ddf0730120), "CLOSE") called at /usr/share/perl5/Mail/IMAPClient.pm line 1248
        Mail::IMAPClient::_imap_command(Mail::IMAPClient=HASH(0x55ddf0730120), "CLOSE") called at /usr/share/perl5/Mail/IMAPClient.pm line 2379
        Mail::IMAPClient::close(Mail::IMAPClient=HASH(0x55ddf0730120)) called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 301
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 305
        Kernel::System::MailAccount::IMAP::__ANON__("close") called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 521
        Kernel::System::MailAccount::IMAP::_Fetch(Kernel::System::MailAccount::IMAPS=HASH(0x55ddef7430e8), "CMD", 1, "Comment", "", "Password", "********", "IMAPFolder", ...) called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 157
        Kernel::System::MailAccount::IMAP::Fetch(Kernel::System::MailAccount::IMAPS=HASH(0x55ddef7430e8), "Debug", 1, "ChangeTime", "2025-02-18 15:34:39", "ValidID", 1, "QueueID", ...) called at /opt/znuny-6.5.4/Kernel/System/MailAccount.pm line 649
        Kernel::System::MailAccount::MailAccountFetch(Kernel::System::MailAccount=HASH(0x55ddef58acd8), "AuthenticationType", "oauth2_token", "ID", 1, "IMAPFolder", "INBOX", "Password", ...) called at /opt/znuny-6.5.4/Kernel/System/Console/Command/Maint/PostMaster/MailAccountFetch.pm line 171
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/Console/Command/Maint/PostMaster/MailAccountFetch.pm line 163
        Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch::Run(Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch=HASH(0x55ddec4b9b30)) called at /opt/znuny-6.5.4/Kernel/System/Console/BaseCommand.pm line 461
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/Console/BaseCommand.pm line 455
        Kernel::System::Console::BaseCommand::Execute(Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch=HASH(0x55ddec4b9b30), "--debug") called at /opt/znuny-6.5.4/Kernel/System/Console/InterfaceConsole.pm line 81
        Kernel::System::Console::InterfaceConsole::Run(Kernel::System::Console::InterfaceConsole=HASH(0x55ddeed6f798), "Maint::PostMaster::MailAccountFetch", "--debug") called at /opt/otrs/bin/otrs.Console.pl line 37
ERROR: * BYE Connection closed. 14 at /usr/share/perl5/Mail/IMAPClient.pm line 1298.
        Mail::IMAPClient::_imap_command(Mail::IMAPClient=HASH(0x55ddf0730120), "CLOSE") called at /usr/share/perl5/Mail/IMAPClient.pm line 2379
        Mail::IMAPClient::close(Mail::IMAPClient=HASH(0x55ddf0730120)) called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 301
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 305
        Kernel::System::MailAccount::IMAP::__ANON__("close") called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 521
        Kernel::System::MailAccount::IMAP::_Fetch(Kernel::System::MailAccount::IMAPS=HASH(0x55ddef7430e8), "CMD", 1, "Comment", "", "Password", "********", "IMAPFolder", ...) called at /opt/znuny-6.5.4/Kernel/System/MailAccount/IMAP.pm line 157
        Kernel::System::MailAccount::IMAP::Fetch(Kernel::System::MailAccount::IMAPS=HASH(0x55ddef7430e8), "Debug", 1, "ChangeTime", "2025-02-18 15:34:39", "ValidID", 1, "QueueID", ...) called at /opt/znuny-6.5.4/Kernel/System/MailAccount.pm line 649
        Kernel::System::MailAccount::MailAccountFetch(Kernel::System::MailAccount=HASH(0x55ddef58acd8), "AuthenticationType", "oauth2_token", "ID", 1, "IMAPFolder", "INBOX", "Password", ...) called at /opt/znuny-6.5.4/Kernel/System/Console/Command/Maint/PostMaster/MailAccountFetch.pm line 171
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/Console/Command/Maint/PostMaster/MailAccountFetch.pm line 163
        Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch::Run(Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch=HASH(0x55ddec4b9b30)) called at /opt/znuny-6.5.4/Kernel/System/Console/BaseCommand.pm line 461
        eval {...} called at /opt/znuny-6.5.4/Kernel/System/Console/BaseCommand.pm line 455
        Kernel::System::Console::BaseCommand::Execute(Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch=HASH(0x55ddec4b9b30), "--debug") called at /opt/znuny-6.5.4/Kernel/System/Console/InterfaceConsole.pm line 81
        Kernel::System::Console::InterfaceConsole::Run(Kernel::System::Console::InterfaceConsole=HASH(0x55ddeed6f798), "Maint::PostMaster::MailAccountFetch", "--debug") called at /opt/otrs/bin/otrs.Console.pl line 37

[root]

Hi,

This is a permission error. Probably the user who signed in when the token was retrieved by a user that has no access to the mailbox.

- Roy

[FSF]

I don't see what the problem is with permission:

I only have 2 users in znuny

1/ the admin account, which was created during installation

OTRSdebug2.jpg

2/ the account I use every day - it's with this account that I updated the Oauth2 configuration and the token

OTRSdebug3.jpg

user 2 with his email address has the right delegation in the exchange365 shared mailbox, which is user 1's email address

as far as Oauth2 configuration is concerned, everything seems fine to me.

OTRSdebug4.jpg

and for Postmaster mail account/

* Type: IMAPS
* Authentication type: OAuth2 token
* Username: support@domain.com
* OAuth2 token configuration:znuny

* Host: outlook.office365.com
IMAP Folder: INBOX

Only modify this if you need to fetch mail from a different folder than INBOX.
* Trusted: No
* Dispatching: Dispatching by email To: field.
* Validity: valid

I've really run out of ideas, and what's more, it's the kind of little problem that's going to ruin your life, because what could be more normal in an application than updating a certificate... but if this simple operation becomes a nightmare, it's a real problem.

I've contacted microsoft support to see if there's a problem with my tenant

If you have any solutions to give me please don't hesitate, thanks for your help.

[root]

Hi,

Do you really think it's the permission inside of Znuny when the error is coming from Microsoft?

- Roy