The destination is an Exchange server (Office 365 IMAP problems)

popowich

EQ Forum Admin
Staff member
Re: The destination is an Exchange server

Part of the problem was that I needed to specify port 993

-D outlook.office365.com:993

Which got me this far, debug output included:

Connecting to outlook.office365.com:993
Attempting an SSL connection
Connected to outlook.office365.com on port 993
method
Authenticating to outlook.office365.com:993 as username@example.com
The destination is an Exchange server
Logged in as username@example.com
Resuming
Error creating INBOX: 1 BAD User is authenticated but not connected.
Error creating INBOX: 1 BAD User is authenticated but not connected.
Unexpected response to subscribe INBOX command: 1 BAD User is authenticated but not connected.
Fatal error, lost connection to either the source or destination
LAST INBOX
mbx INBOX
Disconnect from the source and destination servers
Sleeping 15 seconds before reconnecting
 

popowich

EQ Forum Admin
Staff member
Re: The destination is an Exchange server

Also in the debug output was

Unexpected response to NAMESPACE command: 1 BAD User is authenticated but not connected.
 

popowich

EQ Forum Admin
Staff member
Re: The destination is an Exchange server

I also tried IMAP Sync which results in:

Unexpected response to NAMESPACE command: 1 BAD User is authenticated but not connected.
There are 100 mailboxes to sync
Error creating INBOX: 1 BAD User is authenticated but not connected.
No response to EXAMINE command, skipping this mailbox
No response to EXAMINE command, skipping this mailbox
No response to EXAMINE command, skipping this mailbox
No response to EXAMINE command, skipping this mailbox
Broken pipe
 

rfs9999

IMAP Tools
Re: The destination is an Exchange server

> "BAD User is authenticated but not connected"

A Google search suggests that the password is incorrect or that the service provider's IMAP service has had a temporary problem.

-Rick
 

popowich

EQ Forum Admin
Staff member
Re: The destination is an Exchange server

The password is correct and I reset it a couple times to be sure and the last password still does not work this morning.

I'm reading discussions on ActiveSync vs IMAP and user complaints about Office 365's IMAP not really working well.

I wonder if hard coding the NAMESPACE to "INBOX." when the server name is outlook.office365.com:993 and avoiding asking the IMAP server might help?
 

popowich

EQ Forum Admin
Staff member
Re: The destination is an Exchange server

I tried a manual connection with openssl and after a delay it's closing the connection after sending a login:

> openssl s_client -connect outlook.office365.com:993
CONNECTED(00000004)
depth=2 /CN=Microsoft Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Exchange/CN=outlook.com
i:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
1 s:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
i:/CN=Microsoft Internet Authority
2 s:/CN=Microsoft Internet Authority
i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIKQiPCUgABAAAFOjANBgkqhkiG9w0BAQUFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMR8wHQYD
VQQDExZNU0lUIE1hY2hpbmUgQXV0aCBDQSAyMB4XDTEyMDkxODE4NTMwOVoXDTE0
MDkxODE4NTMwOVowfTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
bjERMA8GA1UECxMIRXhjaGFuZ2UxFDASBgNVBAMTC291dGxvb2suY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3nttPxV6vwVd38ExMkIxXFSk7Kl
7Nq3MXHAdEtSv159ODVXxSc8lq/NZ1mm/GywIMtvgexAAs84T0wg0avBm5h3ry/T
lsBNv4YA8NfUf2Qd4pHhJhkIZ+F7f9PUurppYO+kiFT8irCubiU9wieXUyuIBbv5
Mti9teq9jVgu9bWvV0uzBsMotwMjrEP1jXUUSpwc7EXHKUwFRKrn1xchvG7woBXi
kt5eg6nlllthul4S2I34m8FHoIwpWww+pIDCThHL2m9LDbnTXvdsF0ztH2HNmTke
m3Uzf4M/48alyaRWbf5k9LcNy6txNI62Dl3djCMG/p6FczcEV0S84yyfOwIDAQAB
o4ICwjCCAr4wCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBR+8/wevBL/DbKMANX0hsdv
w9l8DzBFBgNVHREEPjA8ggtvdXRsb29rLmNvbYINKi5vdXRsb29rLmNvbYINb2Zm
aWNlMzY1LmNvbYIPKi5vZmZpY2UzNjUuY29tMB8GA1UdIwQYMBaAFOvbEV74CZ7Y
1mKc/WKd44RKKOEnMIHuBgNVHR8EgeYwgeMwgeCggd2ggdqGT2h0dHA6Ly9tc2Ny
bC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01TSVQlMjBNYWNoaW5lJTIw
QXV0aCUyMENBJTIwMigxKS5jcmyGTWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9w
a2kvbXNjb3JwL2NybC9NU0lUJTIwTWFjaGluZSUyMEF1dGglMjBDQSUyMDIoMSku
Y3JshjhodHRwOi8vY29ycHBraS9jcmwvTVNJVCUyME1hY2hpbmUlMjBBdXRoJTIw
Q0ElMjAyKDEpLmNybDCBrQYIKwYBBQUHAQEEgaAwgZ0wVQYIKwYBBQUHMAKGSWh0
dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01TSVQlMjBNYWNoaW5l
JTIwQXV0aCUyMENBJTIwMigxKS5jcnQwRAYIKwYBBQUHMAKGOGh0dHA6Ly9jb3Jw
cGtpL2FpYS9NU0lUJTIwTWFjaGluZSUyMEF1dGglMjBDQSUyMDIoMSkuY3J0MD8G
CSsGAQQBgjcVBwQyMDAGKCsGAQQBgjcVCIPPiU2t8gKFoZ8MgvrKfYHh+3SBT4PC
7YUIjqnShWMCAWQCAQowHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMCcG
CSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwDQYJKoZIhvcN
AQEFBQADggEBAGhRzmFOh5BCXZDte6Xffab1L5rjmTFtBEhH/znsbr4r8mTefrq0
Mzn4Blu7uOnFb2rP5DI24ivIrk9Gyvgb3y5dGtTarxwMjYUxi0ZWA9NkxE7ADoZT
6ElH+IMky8TXUcTqQqFcQvCPIUtgmye5PVYErjR/a3lNYKJpvT1UJBmI4AeOGjoD
it9+96jcLnWAFbG3Oxrd8Al6ZX9CNepyKbLYF97sBGmWjPlwJ1lPgRFErj1D6eJk
gRt5d9yS7IMkka2m4bfrnlHxlg+zkNj7Xvjbwt/iC3prcVukSBdZt9ca8D8eHr4i
r+JekkTApBUvecG/yTjS5+2vnEvRIyQtWrk=
-----END CERTIFICATE-----
subject=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Exchange/CN=outlook.com
issuer=/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
---
No client certificate CA names sent
---
SSL handshake has read 4601 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: A6450000A21DA3A2661A4F4F505A44A94195F7C14F9F9F2F7B8CC6C3BA99C72A
Session-ID-ctx:
Master-Key: A92F66F5BE0DFE49B72D4608A468DFBD3D65A3A4B4155E85E4268AA3D72B74E30C477F9E5EB1082C3A1F0987F7D1D934
Key-Arg : None
Start Time: 1403177893
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
* OK The Microsoft Exchange IMAP4 service is ready. [QgBMAFUAUABSADAAMQBDAEEAMAAwADgALgBwAHIAbwBkAC4AZQB4AGMAaABhAG4AZwBlAGwAYQBiAHMALgBjAG8AbQA=]
1 login {username} {password}
* BYE Connection is closed. 13
read:errno=0
 

rfs9999

IMAP Tools
Re: The destination is an Exchange server

That is the same thing I get when I connect and try to log in with a bogus username and password:

Verify return code: 20 (unable to get local issuer certificate)
---
* OK The Microsoft Exchange IMAP4 service is ready. [QgBOADEAUABSADAAMgBDAEEAMAAwADQAMgAuAG4AYQBtAHAAcgBkADAAMgAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
1 login nobodyXXX@live.com XXXXXXX
* BYE Connection is closed. 13
read:errno=0
 

popowich

EQ Forum Admin
Staff member
Re: The destination is an Exchange server

There is a lot of discussion out there about this.

The account settings for these accounts list the generic name and not a more specific IMAP server name.

I'll try opening a ticket and getting an official response about IMAP and migrating existing emails to their service.

As far as I can tell Microsoft broke IMAP access to Office 365 in 2013.

It's still listed as supported, but their support reps have been trying to push everyone to ActiveSync since that time.
 

rfs9999

IMAP Tools
Re: The destination is an Exchange server

>I wonder if hard coding the NAMESPACE to "INBOX." when the server name is outlook.office365.com:993 and avoiding asking the IMAP server might help?

You can try it. If you add -y ". INBOX." to the command line imapcopy will not send the NAMESPACE command but will instead use the value supplied.
 

rfs9999

IMAP Tools
Re: The destination is an Exchange server

> As far as I can tell Microsoft broke IMAP access to Office 365 in 2013.

That does not surprise me at all. Yet IMAP does still work with Outlook.com so they have not completely abandoned it.

-D imap-mail.outlook.com:993/rfs9999@live.com/XXXXX

>> 1 LOGIN rfs9999@live.com XXXXX
<< * OK Outlook.com IMAP4rev1 server version 17.4.0.0 ready (BLU451-IMAP9)
<< * CAPABILITY IMAP4rev1 CHILDREN ID NAMESPACE UIDPLUS UNSELECT
<< 1 OK rfs9999@live.com authenticated successfully
>> 1 NAMESPACE
<< * NAMESPACE (("" "/")) NIL NIL
<< 1 OK NAMESPACE completed
>> 1 LIST "" "*"
etc

Have you tried an IMAP connection to Office365 using Thunderbird or some other PC mail client?
 

rfs9999

IMAP Tools
Re: The destination is an Exchange server

So we can conclude that Office365 is broken as far as IMAP access is concerned. Neither imapcopy, openssl s_client, or Thunderbird can access Office365 via IMAP.
 

popowich

EQ Forum Admin
Staff member
Re: The destination is an Exchange server

I'm not sure we can conclude that yet.

I tried POP3 access to see if it's only an IMAP issue and that doesn't get past the user command

> openssl s_client -connect outlook.office365.com:995 -quiet
depth=2 /CN=Microsoft Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
+OK The Microsoft Exchange POP3 service is ready. [RABNADIAUABSADEAMQBDAEEAMAAwADIAOAAuAG4AYQBtAHAAcgBkADEAMQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
user {complete email address}
-ERR Connection is closed. 12

These are trial accounts so now I'm wondering if IMAP and POP3 don't work for trial accounts.
 

rfs9999

IMAP Tools
I told imapcopy to skip sending the NAMESPACE command and proceed directly to the LIST command. But the result is the same error as before:

Using user-supplied mailbox hierarchy delimiter . INBOX.
>> 1 LIST "" "*"
<< 1 BAD User is authenticated but not connected.

When Office365 says 'no connected' it might mean not connected to its IMAP server, eg IMAP service is not available to this username.
 

rfs9999

IMAP Tools
Here's what I see when running pop3toimap where the POP server is Office365:

pop3toimap 1.3 starting
Connecting to outlook.office365.com
Connected to outlook.office365.com on port 995
>> USER <user>
<< +OK The Microsoft Exchange POP3 service is ready.
>> PASS <password>
<< +OK
>> LIST
<< -ERR Logon failure: unknown user name or bad password.

Office365 apparently accepts the username & password because it responds with +OK but when pop3toimap issues a POP command ('LIST') the server acts as though the login had failed despite what it said earlier.

It does make you wonder if this account is just not authorized for POP or IMAP access.
 

popowich

EQ Forum Admin
Staff member
Everything about the settings and online docs says that IMAP is enabled by default.

It's possible it's not for these since they are still in a trial account status.

I'll try the IMAP again after they are out of trial status.

In the meantime Office 365 provides the ability to do an IMAP migration from the Exchange Admin Center:

Office 365 Exchange Admin Center.JPG

It was easy to setup the CSV file for the migration. I'll update on the results using this method when it completes.
 

swampmama

New Email
Until yesterday, I have been using IMAP in Thunderbird to connect with my corporate Office 365 account. Now I am getting the same error as above (user authenticated but not connected). This is not due to an incorrect password, invalid or temporary user, etc. I can log into my account through OWA just fine. I also cannot connect through a Thunderbird POP account, but I could previously. I am posting only to confirm that these errors are very real and new as of yesterday.
 

popowich

EQ Forum Admin
Staff member
Is there any chance your corporate email accounts were upgraded from the older Office 365 servers to the newer servers?

From what I can tell IMAP worked if you were on the old platform with specific server names in your settings, but once upgraded to their new servers and using the outlook.office365.com server settings IMAP is no longer supported.

I have a ticket open with Microsoft that includes this question.

If you want IMAP support I encourage you to have your IT support open a ticket too and ask if IMAP is still supported?

http://www.emailquestions.com/isp-f...office-365-customer-service-phone-number.html

Please let us know what you find out.

:thanks: and welcome to Email Questions!
 

swampmama

New Email
Is there any chance your corporate email accounts were upgraded from the older Office 365 servers to the newer servers?
I don't think so. I have been syncing with the outlook.office365.com server for months now, ever since we migrated over to Office 365. It's worked just fine. I was also able to set up a POP account with that server.

If you want IMAP support I encourage you to have your IT support open a ticket too and ask if IMAP is still supported?
Talking with brick walls is usually more gratifying than asking my IT for support. Perhaps I will open a ticket here just for the fun of it.

I'm looking forward to hearing any results you get from your open Microsoft ticket. Thank you for your help and expertise!
 
Top