...
Before addition of Graph API connections, EWS API connections were used. This connection type can still be created via the “create” button in the JEMHC UI, but will be removed at a later date.
Common Problems
Our support doesn’t extent to 3rd party mailhost configuration, we regret we are unable to help with detailed analysis, the following is mean to offer some insight and push you in the right direction for a resolution:
The provided grant has expired due to it being revoked, a fresh auth token is needed
You may be notified of a Message Source being offline:
SimpleHttpClientException: EWS. invalid_grant - AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '2022-07-19T15:24:40.8668421Z' and the TokensValidFrom date (before which tokens are not valid) for this user is '2023-03-13T20:21:32.0000000Z'…
This typically means that the Authentication of the inbound Source has not been used for period of time, and has been revoked by the mailhost. A re-authentication step is required in the Incoming Mail Source to get a auth token.
Device object was not found in the tenant
SimpleHttpClientException: EWS. invalid_grant - AADSTS700003: Device object was not found in the tenant ….
The offered solution seems to be:
The reason that the tokens are rejected is because the presence of the deviceId claim indicates a binding to that device and when this device is not found in the directory it indicates a revocation action where the device was deleted or disabled and tokens for that device will no longer be valid.
Work with the tenant administrator to get the device record restored https://learn.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal#device-management-tasks%22
Acquire a new set of tokens, including a new refresh token.
HttpErrorException: The remote server returned an error: (401)
Typically this means that the mailserver is disallowing the use of the mailbox. As observed https://stackoverflow.com/questions/45725630/ews-connection-to-office365-fails-401-unauthorized it may be the case you need to request through your mailhost admin that the related mailbox to be specifically accessible for this app
Harmless problems
Some problems are transitory, there is nothing to typically do in these cases as connections are retried, examples of problems that can typically be ignored are:
SocketTimeoutException: Read timed out
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...