Basic Auth not working 365 CAG

moses1 · ‎12-15-2020

Hi,

I have successfully setup our CAG for 365, although have an issue with an account not being able to scan to email using basic auth. Hoping someone can can help?

The user is setup as a DUO user to bypass
The protected app is set to allow basic auth for all users
The tests never reach the CAG (nothing in the log)
The user can logon directly to 365 OK.
All types of apps are accepted in 365.

If I test from a basic smtp test app I get the following error…
Error: SMTP protocol error. 504 5.7.4 Unrecognized authentication type

Many thanks

Moses

moses1 · ‎12-16-2020

Not sure why, but deleting and recreating the exchange online connector fixed the issue.

DuoKristina · ‎12-16-2020

Hi @moses,

It looks like 504 5.7.4 Unrecognized authentication type indicates a TLS version mismatch.

How did you set up the mail account on the scanner? Did you follow the instructions in https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365? Which option did you use, 1, 2, or 3?

According to those instructions, the device needs to support TLS 1.2 to use option 1. Double-check your scanner’s setting to ensure TLS 1.2 is enabled/available, and if not then reconfigure to use the option 2 or 3 configurations.

If Exchange Online is rejecting the inbound SMTP connection due to the wrong TLS version, then it makes sense that the auth never reaches the DAG.

Duo, not DUO.