Infos:
- Used Zammad version: 5.2.x
- Used Zammad installation type: (source, package, docker-compose, …)package
- Operating system: Ubuntu Server 20.04.5 LTS
- Browser + version: Edge 129.0.2792.65
Expected behavior:
- Zammad is able to send and receive email using the Microsoft 365 channel
Actual behavior:
- Zammad is unable to reauthenticate an account after changing the Client Secret.
- It says “Can’t use Channel::Driver::Imap: #<Net::IMAP::BadResponseError: User is authenticated but not connected.>”
- Zammad is not able to retrieve new emails sent to that account.
Steps to reproduce the behavior:
- Have emails fail because the Microsoft 365 Client Secret has expired
- Go to Azure and create a new client secret. Delete the expired one.
- In Zammad, go to Settings > Channels> Microsoft 365 > Configure App and replace the Client Secret with the new one. Submit.
- Go to the Microsoft 365 account in Zammad and select “Reauthenticate”
- Get the error message “Can’t use Channel::Driver::Imap: #<Net::IMAP::BadResponseError: User is authenticated but not connected.>”
I have rebooted the server a few times but that has not helped, and have also created and added new Client Secrets a few times without success.
I have also deleted the email account in Zammad and re-added it, with the same result.
In the Zammad production.log I see this entry:
E, [2024-10-07T01:16:46.076609 #813-18318820] ERROR – : Request failed! ERROR: invalid_client (AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app 'f6xxxx-f4c5-4a9d-98eb-1bxxxxaed79’. Trace ID: 2a0bc5eb-41fb-4970-8xxxxxx-4c394700 Correlation ID: eazzzzba-cac7-45cf-aa75-411xxxx52c Timestamp: 2024-10-07 01:16:46Z, params: {“client_id”:“XXXXXX-1b18d8baed79”,“client_secret”:“XXXXXX_Hb.udsrFAiYbKV”,
In that log entry, the app ID starting with f667… is correct and matches the app ID in Azure. However, the client_secret starting with knx81hr5q is NOT correct. I believe that is the original expired client secret that was replaced in Zammad - it definitely does not match the secret that is currently entered into Zammad.
So it seems that Zammad is not sending the correct secret to Microsoft.
Any suggestions on how to get Zammad to apply the change?
Thanks for any help