Description
This article provides information regarding errors when testing SMTP connection with the MS Graph API.
Common Error Messages in Jamf Pro SMTP Connection
The following is a list of error messages that may be found in the JAMFSoftwareServer.log when testing SMTP using the MS Graph API fails to send:
ErrorInvalidUser
2024-05-06 19:09:06,283 [ERROR] [Tomcat-39 ] [crosoftGraphApiMailSender] - Problem with sending mail with Graph API com.microsoft.graph.http.GraphServiceException: Error code: ErrorInvalidUser Error message: The requested user 'example@company.com' is invalid.
The "Sender Email Address" configured in Jamf Pro was set to a user who does not exist. This error message will also print if the email address is not a member of the Mail-enabled security group.
Troubleshooting Steps: Set the "Sender Email Address" in the Jamf Pro SMTP configuration to a user who is a member of the Mail-enabled security group in Exchange.
MailboxNotEnabledForRESTAPI
2024-05-06 19:11:07,793 [ERROR] [Tomcat-42 ] [crosoftGraphApiMailSender] - Problem with sending mail with Graph API com.microsoft.graph.http.GraphServiceException: Error code: MailboxNotEnabledForRESTAPI Error message: The mailbox is either inactive, soft-deleted, or is hosted on-premise.
The "Sender Email Address" configured in Jamf Pro was set to a user who does not have an exchange license (does not have an exchange email account).
Troubleshooting Steps: Set the "Sender Email Address" in the Jamf Pro SMTP configuration to a user who is a member of the Mail-enabled security group in Exchange.
ErrorAccessDenied
2024-05-06 19:12:43,738 [ERROR] [Tomcat-59 ] [crosoftGraphApiMailSender] - Problem with sending mail with Graph API com.microsoft.graph.http.GraphServiceException: Error code: ErrorAccessDenied Error message: Access is denied. Check credentials and try again.
The "Sender Email Address" configured in Jamf Pro was set to a user who has an exchange license but is not a member of the Mail-enabled security group (this would include the owner of the mail-enabled security group if they are also not a member).
Troubleshooting Steps: Set the "Sender Email Address" in the Jamf Pro SMTP configuration to a user who is a member of the Mail-enabled security group in Exchange.
Invalid Client ID
2024-05-06 19:14:19,289 [WARN ] [Thread-2825] [identialClientApplication] - [Correlation ID: B2064FE6-DF32-47D0-950A-B1D47D6AE7C1] Execution of class com.microsoft.aad.msal4j.AcquireTokenByClientCredentialSupplier failed: AADSTS700016: Application with identifier 'D4754EA7-F5D6-44C4-B344-F0021004F49D' was not found in the directory 'Company Entra Tenant Name'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant. Trace ID: EDD72404-CB0E-4C31-9D7A-EAD5A4086293 Correlation ID: 6596E991-E230-4C35-B77B-B132B588044E Timestamp: 2024-05-06 19:14:19Z
The "Client ID" configured in the Jamf Pro SMTP settings was not set to the Client ID of the enterprise application created in Entra ID. This error will be thrown if the Client ID is wrong, or if the Client ID is set to the service principle ID from Entra, rather than the Application ID.
Troubleshooting Steps: In Entra ID go to the Enterprise Application -> Overview -> Copy the Application ID (not the object ID). This is the Client ID of the application.
Invalid Client Secret
2024-05-06 19:16:42,233 [WARN ] [Thread-2839] [identialClientApplication] - [Correlation ID: 1A47A2FC-144C-4B03-9BAF-5B9FDABBADA6] Execution of class com.microsoft.aad.msal4j.AcquireTokenByClientCredentialSupplier failed: AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '3D0E35BB-B8E0-4A20-BE4B-8ED2AAB7DC4A'. Trace ID: 6EFC0421-7A59-4EBB-8706-284CE52F0D5D Correlation ID: 83A20E0E-C165-4581-BE5F-83AF598BC11B Timestamp: 2024-05-06 19:16:42Z
The "Client Secret" configured in Jamf Pro SMTP settings was misconfigured.
Troubleshooting Steps: Create a new client secret from the App Registration in Entra ID under the Certificates and Secrets tab in the app registration. Make sure to copy the *value* of the client secret, not the identifier.