Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Anyone have luck setting up OAUTH for ticket email accounts in AAD when Admin Consent requests are required?

I am trying to switch over to OAUTH access to our email accounts but it appears SolarWinds has not programmed this feature correctly to take Admin Consent requests into account. When I try to authorize an OAUTH request, the user account we want to use is presented with the justification screen (as they should). However it appears WHD doesn't store the token to use later once the admin consent request has been granted and instead deletes the token and gives the following error message "Failed to authorize Office 365 email access: Authorization failed with error access_denied AADSTS65004: User declined to consent to access the app." This of course isn't true. The user didn't decline consent, it is simply waiting for approval.

If I use a Global Admin account, who can approve the request as it's being made, works. So I know it isn't an issue with the configuration. I of course do not want to use a Global admin account to approve access to our email and shouldn't have to do so.

Just wondering if anyone's gotten this to work.

Find more posts tagged with

Accepted answers

All comments

cchambersCAP

Also I notice they are using depreciated API's. They should be using the Microsoft Graph API.

kscull1231

Curious, as we are having the some problem switching over to oAuth. Were you able to find a work around?

cchambersCAP

This issue should be fixed in 12.7.8. In the release notes, it lists a fix for "An administrator can now use the Microsoft Azure directory to authorize incoming email that requires administrator consent." One of the case numbers listed is the one I opened for this issue (ticket was opened in November of 2021). I have not yet had a chance to test it.

kscull1231

Thank you for the response. I will be attempting an upgrade to 12.7.9 and will let you know if this does fix it.

cchambersCAP

Thanks! If your upgrading from 12.7.6 or earlier, be sure to note the requirement to upgrade to 12.7.7 first!

pabely

I helped a customer implement this yesterday OK, they are using 12.7.8 + HF2.

We made the existing Inbound connector inactive and changed the mail account name and default Request Type to free up these links.

They then created a new Inbound Connector using O365 OAUTH with the required details, Authorized as that account and it connected fine and became the live Inbound connector to Mail.

joseedwin

i had no issues when making the change to OAuth while on same server. steps say you do have to change dns name to localhost, i changed it back to what i had after oauth was successfully authenticated. documentation.solarwinds.com/.../helpdeskconfigureincomingemailaccountforoffice365.htm

pabely

This is misleading from manual, you do not have to use localhost, a DNS name will work.

aanthonisse

It used to work on our Windows server with WHD 12.7.4. I migrated to a CentOS server with 12.7.9 HF1 and it stopped working. Authentication works, but I keep getting the error Error processing mailbox messages: Mailbox does not exist. We opened a case with Solarwinds.

pabely

Yes sounds like the way to go, set the system into Debug Log mode. Repeat the test and supply resulting log files to them for review.