I have two servers:
S1 is Exchange2010
S2 is Exchange 2007
Both servers are in the same domain in ActiveDirectory.
Idea is to have "service account" on S1 with enabled impersonation of users from both servers. My app is using credentials of "service account" and then starts to iterate through a list of smtp addresses. It impersonates each smtp address and does some processing on content of mailbox of that account.
That is a theory, now time for problems.
I can connect as a service account and can access its mailbox but when I try to access mailbox of impersonated user I get exception saying that "SMTP address has no mailbox associated with it". And exception happens for both servers.
I started to debug and google about possible reasons and out of nothing I changed this:
svc.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, smtpAddress);
into this:
svc.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.PrincipalName, smtpAddress);
and it worked which is very strange because month ago I had different setup only with one server and using SmtpAddress enum worked and my admin swears that config of impersonation is exactly the same.
Now, if anyone could provide me with some hints on why I cannot use ConnectingIdType.SmtpAddress and what I should do to make it possible to work?
Of course it turned out that admin did something different way for my current configuration. New environment has a policy that account name is different than smtp address for an account and smtp has a dot between name and surname of a user. So, for example on old config I could impersonate User100#example.com no matter what ConnectingIdType I chose but on new environment I have to set proper id type depending if I'm using smtp or account name as impersonated id.
Hope it will help in case somebody else's admin "didn't changed anything" too :)
Related
I am creating a web app that offers a membership access with a trial period. However, I need to be sure the users cannot create a new account with other credentials just to get another trial period and so on.
I was considering using req.connection.remoteAddress; to know if a client already claimed its trial but I am not sure this ip address will be unique to a specific machine.
Any idea ?
I'm in a bind with Azure login account. I've forgotten my password for my account that I use for a client's DevOps. It wasn't until I ended up created another account today to troubleshoot the problem that I might understand the issue, but still can't fix it.
About a year ago, my client added me as a Guest in their Active Directory. I did not have an active directory myself. I got the notice from Microsoft in an invite email to get started, which created an account to get access to their Azure Portal and DevOps. I've been logged in for a year, but was trying test a feature which required me to login to DevOps during the process. I tried what I thought was my password, but that didn't work. No problem, I'll just click on the reset password feature. That ended up informing me that "password reset isn't properly set up for your organization." Knowing who setup my account up, I ask them to reset my password. The response was we do not have control to reset your password because you're a guest.
Through several discussions, and seeing what was available to them, and how a Guest was set up, it was suggested to setup an account within Microsoft for the email. I did that, and when I went back to try and login to their portal, I was presented with two options after I entered my email address. There was a work account and a personal account. Both with the same email address. The work account indicated it was created by "your IT department". Which we did not create this, it was a result of the client adding us as a guest, then finishing the process to gain access. So I can only assume, either an active directory was created for my domain, or I was added to a generic active directory.
In either case, I still can't change the password for the work account, and researching has not helped, as it keeps resetting my personal account.
Does anyone have any suggestions on how to resolve this issue?
Here is what I'm currently seeing.
Thank you,
Marc
You don't have an AAD tenant. So I assume that your account is an Microsoft personal account.
Although you are added as the guest user in your client's tenant, the password management is not handled by that tenant. It is still handled by Microsoft personal account.
You can reset your password here: click on Sign In, enter your account and click on Forgot password?.
I have purchased an SSL cert for my site and the cert has three steps you need to do in order to have it fully configured. The first step is "Key Vault Status" which I then click on and it shows the following error:
You do not have permission to get the service prinicipal information needed to assign a Key Vault to your certificate. Please login with an account which is either the owner of the subscription or an admin of the Active Directory to configure Key Vault settings.
This is very confusing because I am the owner of this subscription and I also went and created a new Key Vault just in case it was due to not having one created in the first place. In addition I checked the Access Control for this cert and I am also listed as Owner.
Any help is appreciated.
Ok, so I finally got to the bottom of it - I'll outline the story here as this was the solution but may not work for everyone.
When I first created my Azure account I did so under email address 1
A few years later I had migrated most of my email to email address 2. To get status updates and other things I transferred the subscription to email address 2.
Every other service has worked fine accept for this SSL issue as well as not being able to buy a support plan (it popped open an email app to send to email address 1)
In speaking with the AzureSupport twitter account they agreed that it was strange and arranged for a one time ticket for support.
The support agent asked me to check my Access Policies for the Key Vault I had created. This showed that email 1 is indeed a user in the Azure Active Direction and they mentioned that I'd need to have the admin add it. Since I had noticed the irregularities with email address 1 showing up in the URL and in the email for adding support I logged into Azure using email address 1 and went to Azure Active Directory->Users under that account.
I then selected the guest account, selected Directory Role, and added a new role of Application Administrator. Now all of it is working as expected!
My subscription was attached to employer Active Directory and I can't change my role in it.
I solve this problem by creating my own Active Directory and by moving subscription to this AD.
I need to click the activation links in our Azure B2C accounts which end with x.onmicrosoft.com.
How can I accomplish that?
Should we set up an email server or is there a more practical way to accomplish this task?
You can't, basically. onmicrosoft.com is the parent domain owned by Microsoft and the do not allow you to specify the required DNS changes that would allow you to setup a mail server for say joeblogs.onmicrosoft.com. You need to either collect valid email addresses at registration time or disable email activation.
I have deployed Orchard on azure and enable Email Messaging module. Enabling says it enables successfully and asks for email settings. I provided it the mail server setting. Strange thing is, User setting does not show me the settings which are dependent on email messaging module (Contact us email address and public site name) and does not show me ("Lost your password") link . Also I have built a module which sends email. This module is not sending email.
Same orchard package works fine and also email on my dev server with same mail server settngs(gmail smtp settings.) But email is not working on azure.
What am i Missing ?
thanx
Just FYI for anyone else who visits this Question, I just got this working from Azure using the gmail SMTP server without any third party add-ons. I simply added the following SMTP details:
Then used the contact form to send an email to myself. The first email gives me an alert to my gmail account:
Hi Simon,
Someone recently tried to use an application to sign in to your Google Account - XXX#gmail.com.
We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:
Monday, April 8, 2013 9:33:46 PM UTC
IP Address: 65.52.168.70
Location: United States
...blah blah blah
If this was you, and you are having trouble accessing your account, complete the troubleshooting steps listed at http://support.google.com/mail?p=client_login
Following the link give you the option to allow an application to login with your credentials. Just follow the link in step 3 and then you have 10 minutes to send another email from your orchard site. The next test message I received without issue.
Got it. Windows Azure itself does not allow sending email neither it allows to use SMTP. WE have to use third party email service like PostMark,SendGrid etc
http://blogs.msdn.com/b/publicsector/archive/2011/10/14/sending-and-receiving-email-in-windows-azure.aspx
So, I'm just curious how does WordPress, installed on Windows Azure (gallery), able to send emails?
http://coffee2code.com/wp-plugins/configure-smtp/
There are still too many different suggestions on the subject so i thought i should write what I've found useful. Here's what i did to get it to work:
My SMTP settings:
Sender address: myname#gmail.com
Hostname: smtp#gmail.com
Port: 587 (25 will also do)
SSL Communications: Checked
Credentials: My Gmail address and my password
These settings should work on your local environment just fine. But on the cloud you may need to do the following:
As your Azure VM may be at some arbitrary location, Gmail marks the login attempts as suspicious and blocks them. If this is the case, you should see a mail informing you about this suspicious activity in your inbox. Just follow the instructions there and mark the login as trusted. It will remain that way until somehow your IP on the cloud changes (e.g. deleting your deployment slot). VM relocation shouldn't be an issue since the IP still remains the same. You may have to do this separately for your staging and production slots.
Lastly, I enabled full trust for my web role as shown here:
http://blogs.msdn.com/b/windowsazure/archive/2009/03/18/hosting-roles-under-net-full-trust.aspx
I hope this helps others having this problem.
Cheers
No more third-party with GitLab 15.5 (October 2022):
Deliver emails using Microsoft Graph API with client credentials flow
If you’ve enabled security defaults in Azure AD,
legacy authentication protocols for SMTP are blocked.
You can now configure your GitLab instance to deliver emails using
Microsoft Graph API
with OAuth 2.0 client credentials flow.
See Epic, Documentation and Merge Request.
The gitlab.rb would include:
gitlab_rails['microsoft_graph_mailer_enabled'] = true
# The unique identifier for the user. To use Microsoft Graph on behalf of the user.
gitlab_rails['microsoft_graph_mailer_user_id'] = "YOUR_USER_ID"
# The directory tenant the application plans to operate against, in GUID or domain-name format.
gitlab_rails['microsoft_graph_mailer_tenant'] = "YOUR_TENANT_ID"
# The application ID that's assigned to your app. You can find this information in the portal where you registered your app.
gitlab_rails['microsoft_graph_mailer_client_id'] = "YOUR_CLIENT_ID"
# The client secret that you generated for your app in the app registration portal.
gitlab_rails['microsoft_graph_mailer_client_secret'] = "YOUR_CLIENT_SECRET_ID"
gitlab_rails['microsoft_graph_mailer_azure_ad_endpoint'] = "https://login.microsoftonline.com"
gitlab_rails['microsoft_graph_mailer_graph_endpoint'] = "https://graph.microsoft.com"