pabely ✭✭✭✭✭

I don't know if we have to be "Connected", I have sent a connection request again.

It is not an acknowledged bug within WHD so cannot see whether SW can implement of fix for something which is not reproducible. How did SW Support get on installing on a fresh 3rd Server which you said 17 days ago?

Are you able to PM me the current settings for the permissions on the API within EntraID of the Registered App?

Bet you wished you had gone with two Registered Apps in EntraID, one for Inbound and the other for Outbound!?

Yes already have a case with Support and it has been acknowledged as a bug to be fixed in the upcoming 12.8.5 release.

Sure, use the PM to me on this forum. 

Good. What is confusing is this On-Line document https://documentation.solarwinds.com/en/success_center/whd/content/helpdeskconfigureincomingemailaccountoffice365.htm is wrong. It does talk about two options which can be used 1. Exchange Web Services (EWS) or 2. Microsoft Graph API. I think MS have given notice on EWS…

I have this logged with them as well. I will let you know what the advise

keystore.jks holds the certificate store.

Did you get a solution for this reported issue on your two Servers?

No problem, fingers crossed it works for you!

Sent a PM via Thwack.

I can PM you the API / Permission screen from my EntraID if you wish so you can review that they are similar?

I had to create a new secret because I did not have a record of the existing one (going back into EntraID it does not show it anymore). I validated the Inbound connection with the new secret then used same details for the Outbound, validated and it was all good. Obviously the new permission was added to Graph for…

We have implemented this by adding relevant permissions into the EntraID Registered App which is currently used for the Inbound Mail via OAUTH and it seems to work well.

Which release version of WHD are you using?

What release version of WHD are you using?

Looks good.

Just for context, which flavor of Linux are you using?

I have not experienced this issue, what did the support say?

I would not use the Setup -> General -> Certificates procedure to update the certificate but would use the Portecle Tool to generate your updated keystore.jks file.

That's good to know. I believe the internal Postgres is the issue with later releases, but hopefully, that will be addressed with later releases next year.

I am pleased this worked for you, easy to miss as it is only in the 12.8.3+HF3 release notes and has not made it into the 12.8.4 Admin Guide yet as per other wrapper switches - I have already brought this to the attention of SW.

I think most people give the Auditor a Tech login and away they go....

Definitely yes. Any changes to the wrapper files require a reboot.

As you came form 12.8.3+HF2 you may have missed this in HF3 which would apply to 12.8.4 as well. Resolved issue with JVM argument to allow users to opt out of IP binding enforcement. Note: This fix is available in HF3 with the default configuration (no entry in the wrapper_template file). JVM argument to allow users to opt…

Are you behind a load balancer/proxy that might dynamically allocate IP addresses?

No crashes so far, upgraded about 6 hours ago and been pumping various test scenarios through. Errors just being reported in logs just a frequently as the CSRF errors used to show.

Yes mine Lab seems to be clean with those now but plenty of "ERROR w.helpdesk.com.macsdesign.whd.daemon - Error while triggering session in com.macsdesign.whd.daemon.ServletPulseDaemon: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find…