BAD User is authenticated but not connected Oauth configured mailbox
search cancel

BAD User is authenticated but not connected Oauth configured mailbox


Article ID: 367235


Updated On:


CA Service Management - Service Desk Manager CA Service Desk Manager


maileater is unable to connect. Getting the following error message in the maileater log:

javax.mail.MessagingException: X3 BAD User is authenticated but not connected.


Release 17.3 and higher, OAuth configured maileater with Azure
CA Service Desk Manager


While trying to generate the access token from SDM Maileater, the given OAuth config was prompting the end user that approval is required for the access token.  However, the SDM mailbox itself was not configured for admin consent.


The "Admin Consent Required" checkbox must be checked ON and the Tenant ID field must also be populated within SDM Mailbox config for OAuth, prior to generating the Access Token.  

The Tenant ID value needed in SDM can be obtained on Azure by viewing the App Registration and locate the "Directory (tenant) ID" field.  

Once these values are added, can then run "Generate Access Token" from SDM.  

Additional Information

When "Generate Access Token" is invoked from SDM, a MS login prompt will present.  The Azure admin needs to login first to approve the token directly.  After the Azure admin logs in and approves the request, a second login screen will appear, which the mailbox user then needs to login right after to complete token generation.

Alternatively, the given maileater login may be granted global admin rights in Azure on short term to generate the token without requiring admin consent.

Please coordinate with your Azure administration team to configure an OAuth configuration for maileater, especially if admin consent and approval is involved.

See also Define a Mailbox (search for a section stating "Admin Consent Required") 

See also KB Article 216187 for information on setting up a mailbox.