Ask a Question

IMAP via oauth20 sometimes raise exception "User is authenticated but not connected (BAD)"

0 votes
by (180 points)

We have implemented oauth20 in o365 and now we have sometimes exception "User is authenticated but not connected (BAD)". But in the next connection (5 minutes later) is all ok.
It is any solution for this problem ?
Rebex version: Rebex IMAP/SSL (R6.5) for .NET 4.0-4.8

Thank you

Applies to: Rebex Secure Mail

1 Answer

0 votes
by (144k points)
edited by

We have seen many occurrences of this strange error message. Microsoft 365 servers occasionally report this, but there are multiple possible causes.

The error message itself is apparently wrong, because from the point-of-view of the IMAP client, it doesn't make any sense for a server to report that the "user is authenticated but not connected" after the user has just connected and authenticated successfully. Perhaps the error message might be trying to suggest that Microsoft cloud-based Exchange server is unable to connect to the mail storage? Unfortunately, we are not in a position to be able to tell – this seems to be a generic internal o365 error that indicates something went wrong inside Microsoft's cloud (between their IMAP endpoint and the actual mail storage). To be able to tell what's going on for sure, you would have to get in touch with Microsoft - it's their service. It's really a pity that their servers report bogus "user is not connected" messages instead of something meaningful.

Some known causes:

  • The error has been observed when connecting to a shared mailbox using an incorrect login scheme.

  • The OAuth token owner lacks sufficient permissions to access the mailbox. What kind of OAuth 2.0 authentication do you use? App-only (unattended) authentication in particular is very tricky to get right, and all the steps described in our blog post are actually important. Unfortunately, the process is quite complicated and it's very simple to mismatch various IDs that all look the same).

  • It is known to occur when accessing O365 or Exchange mailboxes with improperly configured impersonation – see this Q&A for an example.

  • An unlicensed account is being used.

  • It might be a Microsoft mechanism to shut down clients that login to an account too frequently.

It might be useful to try logging into the account using Microsoft's web UI - this might reveal some information, or there might be a dialog that needs to be confirmed.

Whatever the cause, this error is quite common with O365 mailboxes and is not specific to our libraries, so it might be worth checking some other sources as well via Google.

Update: This might also have been related to recent cyberattacks on Microsoft's cloud platform.

...