Customer has moved from OnPremise to O365. So had to change URL for Inbound server.
Getting Error : Failed to connect to Inbound Email server. Details EOF on socket).
Please suggest any resolution.
Yes that old version only supports basic authentication.
We now support more modern security and authentication protocols (STARTTLS and OAuth2.0) for email servers starting v7.2.1. They should upgrade if they want to have those features.
Reference: New Feature: Email Security
I did a quick search and while not an exact match this seems to fit.
000037631 - Could not connect to message store for POP3 in RSA Identity Governance & Lifecycle
Thanks for your response.
I went through the link, but not sure if it is the correct resolution. Because, the old configuration was working until now, the only update was made is the Inbound/Reply server URL and port.
What is the version and service pack of RSA IG&L?
Its not just the URL that changed, there is a different type of Microsoft mail server at the new URL. I think O365 has different authentication requirements.
Noted that there is an open support case 01660293 for this issue.
We are at 7.1.0 P9 version now.
I believe the KB article quoted does match on of the symptoms. It looks like your SMTP endpoint requires authentication which is not available in this version of IG&L.
I can see at least one obvious error in the screen capture.
There is a conflict with the port and SSL mode selected for your POP server.
for POP3 the port is 110 (unsecure)
for POP3s the port is 995 (secure)
You cannot configure POP3 (unsecure) on the 995 secure port.
Noting that Microsoft Exchange may be configured to restrict the logon options.
During our last call with the customer when we clicked on "Test Email" we got an invalid credentials error. Customer's concern is that what credentials should we use it, and how does the authentication work, what criteria decides that we should get authenticated.
I have sent the following information to the customer:
" The credentials used here could be from any exchange user. Also, in version 7.1.0 there is only one password that is used for outbound and inbound mail servers. If the current configuration requires a different password for each server this cannot be accomplished on 7.1.0. This issue is resolved in current versions.
For the mechanism for the authentication to work this would be specific to the email server and you can contact your exchange server admin for any recommendations and there is no specific recommendation for this for IGL. Its a part of the email protocol. It could be possible that the exchange administrator has disabled basic authentication. These issues can be discussed with the exchange server team."
Customer had questions if there is any future enhancements to be added and I have shared the following link:-
Customer has few more questions on the case#01660293:
"Q1 : If the current configuration requires a different password for Outbound and In bound server ?
Ans : There is only 1 password regardless of email directionality
Q2: It could be possible that the exchange administrator has disabled basic authentication ?
Ans : By default we have basic authentication disabled.
I have few queries:
1. As the basic authentication is disabled, Is it causing the credential failure error?2. If customer will enable the basic authentication, will the issue get resolved ?3. Customer is interested to know in which version Modern Authentication is supported in RSA IGL, So could you please confirm the version?"
Please advise what information could be shared with the customer.
As basic authentication is disabled, customer wants to know if they enable basic authentication, will it help to resolve the invalid credentials error or if there can be a workaround in this scenario.
We can't guarantee everything will work when they enable basic authentication as there may be another hidden issue afterwards … but we can guarantee it will not work if basic authentication is disabled :)
Future enhancements are not required. This feature is included in the 7.2.1 version of the product. These new features will not be back ported to older versions.
There are no satisfactory work arounds for this issue. This old version of IG&L does not support the newer authentication methods the customer wants to use. If they want to use the latest Exchange authentication methods they must upgrade to a version of IG&L that supports them.
Customer is testing this issue by enabling basic authentication to see the behavior and has another question:
"I am being asked where the authentication is coming from on this account. Do you know if you would be hitting O365 servers via the Internet or would you be coming through the VPN tunnel and hitting O365 via our Internet?"
I have referred to this link:
Implementing VPN split tunneling for Office 365 - Microsoft 365 Enterprise | Microsoft Docs
Please let me know if we should suggest the customer to approach their ops team regarding the same.
What do you mean "where the authentication is coming from"? Its coming from IG&L?
I don't think we can help the customer with the VPN setup. The customer is the only one that would know these details.
Retrieving data ...