Forum Discussion

GraphBuilder's avatar
GraphBuilder
Copper Contributor
Nov 28, 2024

Exchange SMTP Auth Fails with: 451 4.7.0 Temporary server error. Please try again later. PRX5

Office 365 refuses SMTP authentication with error: 451 4.7.0 Temporary server error. Please try again later. PRX5

This is when accessing External Send SMTP AUTH through OAUTH2 authentication. Initial authentication is successful (and is logged as so in Entra ID) but when trying to send send messages through authenticated SMTP, you get the above error.

Working with multiple support reps, we looked through login logs and could not find any trace of the error in Entra ID. Support reps all blame the third party application.

The issue is connected to a special use case, where a user has both the GLOBAL ADMIN role, as well as certain other admin roles. When you have a certain combination of those roles, for a selected user, OAUTH2 will fail, even though OAUTH2 for (apparently) ALL OTHER SERVICES - work without error!   - ONLY SMTP Auth is affected.

RESOLUTION:

Keeping Global Admin while simply removing excess roles will almost immediately resolve the issue. 

 

This bug has been publicly noted as far back as August 2022, perhaps earlier. This needs to be fixed.

    • RafaelVarela's avatar
      RafaelVarela
      Brass Contributor

      I can confirm that the issue is related to the user belonging to some roles. After removing all the roles my user was able to send messages through SMTP.

       

      I still have to add the roles back one by one to catch the culprit. For now I can only say that it's not related to the Exchange Admin Role.

  • GraphBuilder RoaringLambs 

    Hello, I apologize for any confusion my response may have caused. After reviewing your feedback, I have determined that the Windows patch is unlikely to be directly related to this issue. Once again, I apologize for any confusion my response may have caused.

  • RafaelVarela's avatar
    RafaelVarela
    Brass Contributor

    Thank you very much for your post, I have (almost) the same problem. 

    I say "almost" because in my case it's not a global admin account, but after some trial & error definitely it seems that it is related to what you are describing.

    You said that this bug has been publicly noted. Do you have any additional reference?

  • Some users may be unable to access their Exchange Online mailboxes through most connection methods

    Issue ID: EX920584
    Services affected: Exchange Online
    Status: Extended Recovery
    Issue Type: Advisory
    Start time: October 29, 2024 5:39 PM GMT+9

    user impact
    Users may be unable to access their Exchange Online mailboxes through most connection methods.

    More info
    Impacted connection methods include:

    - Representational State Transfer (REST)
    - Messaging API (MAPI)
    - Exchange ActiveSync (EAS)
    - Outlook on the web

    Users who access the service through Internet Message Access Protocol (IMAP) aren't impacted by this event.

    Scope of impact
    Impact is specific to some users who are served through the affected infrastructure.

    Root cause
    Imbalanced resource utilization on an affected service dependency is causing impact.


    current status
    November 27, 2024 5:03 AM GMT+9
    As we continue with our optimizations and to reduce the frequency of requests through the affected subset of service infrastructure, our testing of the Windows patch has validated that it will address the mailbox access problems and remediate the impact. We’re preparing the release of the Windows patch and we’re expecting that the deployment will have completed and remediated the impact by our next scheduled update.
    Estimated time to resolve:
    Our fix deployment timeline expectations that the Windows patch deployment will have completed by Tuesday, December 3, 2024.
    Next update by:
    Wednesday, December 4, 2024 6:00 AM GMT+9

    • GraphBuilder's avatar
      GraphBuilder
      Copper Contributor

      This does not appear  to have anything to do with the original post. Different issue.

    • RoaringLambs's avatar
      RoaringLambs
      Copper Contributor

      LOL ,  This reply has nothing to do with the problem stated. This is not a windows problem and it's not a windows patch that will solve this.  This is due to a bug in Exchange in reading permissions. Good try though. 

       

      Freaking MVP Accounts that get MVP Status by posting garbage replies... These need to be stopped.

    • PaulWood's avatar
      PaulWood
      Copper Contributor

      How can i check for updates on this?  I have this same issue connecting Zoho > smtp with the above error.  

      Thanks

      • GraphBuilder's avatar
        GraphBuilder
        Copper Contributor

        The issue is related to having Admin.microsoft.com permissions on the user of "Global Admin" Plus anything else. Check the users permissions and remove anything other than global admin, and the problem should go away.

Resources