Zammad is unable to reauthenticate an account after changing the Microsoft 365 Client Secret

Infos:

  • Used Zammad version: 5.2.x
  • Used Zammad installation type: (source, package, docker-compose, …)package
  • Operating system: Ubuntu Server 20.04.5 LTS
  • Browser + version: Edge 129.0.2792.65

Expected behavior:

  • Zammad is able to send and receive email using the Microsoft 365 channel

Actual behavior:

  • Zammad is unable to reauthenticate an account after changing the Client Secret.
  • It says “Can’t use Channel::Driver::Imap: #<Net::IMAP::BadResponseError: User is authenticated but not connected.>”
  • Zammad is not able to retrieve new emails sent to that account.

Steps to reproduce the behavior:

  • Have emails fail because the Microsoft 365 Client Secret has expired
  • Go to Azure and create a new client secret. Delete the expired one.
  • In Zammad, go to Settings > Channels> Microsoft 365 > Configure App and replace the Client Secret with the new one. Submit.
  • Go to the Microsoft 365 account in Zammad and select “Reauthenticate”
  • Get the error message “Can’t use Channel::Driver::Imap: #<Net::IMAP::BadResponseError: User is authenticated but not connected.>”

I have rebooted the server a few times but that has not helped, and have also created and added new Client Secrets a few times without success.

I have also deleted the email account in Zammad and re-added it, with the same result.

In the Zammad production.log I see this entry:

E, [2024-10-07T01:16:46.076609 #813-18318820] ERROR – : Request failed! ERROR: invalid_client (AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app 'f6xxxx-f4c5-4a9d-98eb-1bxxxxaed79’. Trace ID: 2a0bc5eb-41fb-4970-8xxxxxx-4c394700 Correlation ID: eazzzzba-cac7-45cf-aa75-411xxxx52c Timestamp: 2024-10-07 01:16:46Z, params: {“client_id”:“XXXXXX-1b18d8baed79”,“client_secret”:“XXXXXX_Hb.udsrFAiYbKV”,

In that log entry, the app ID starting with f667… is correct and matches the app ID in Azure. However, the client_secret starting with knx81hr5q is NOT correct. I believe that is the original expired client secret that was replaced in Zammad - it definitely does not match the secret that is currently entered into Zammad.

So it seems that Zammad is not sending the correct secret to Microsoft.

Any suggestions on how to get Zammad to apply the change?

Thanks for any help

Hello Ralph

First of all i will recomend to you to edit your post to hide our private information.

You are runing an old version of zammad, you should consider to update, like you can think many bug have been solved since .

According to @MrGeneration Updating the secret is not enough. You will also have to re-authenticate each affected channel so that it takes over the new secret configuration.

I had changed some of the characters in the private information so it wasn’t valid. It looks like someone else Xed out portions of it also, so thanks.

I did re-authenticate the affected channels - that was where I received the error.

It seems like the problem had something to do with using Microsoft Edge while doing this. We have Entra ID set up with single-sign-on, and I believe Edge was using my user credentials when attempting to re-authenticate the email accounts used in Zammad.

When I switched over to using Firefox, which is not set up for single-sign-on, the process succeeded.

As far as upgrading, you are correct, I am a couple of years out of date, upgrading is on my projects list.

1 Like

I doesn’t appear that I have the ability to make edits in the original post now. Is that normal?

Should be working now. Hopefully.

Yes, it is now. Thank you.