Skip to main content
Dani Szwarc
Dani Szwarc
Inspiring
July 21, 2022
Answered

CFIMAP tag connecting to Exchange: Logon failure: unknown user name or bad password.

  • July 21, 2022
  • 2 replies
  • 1941 views

Hello community, We use the CFIMAP tag to connect to a Microsoft Exchange server to retrieve emails. It has been working properly for a couple of years until yesterday when at about 8:40 AM EST we started to get this error from our CFTRY/CATCH block: Logon failure: unknown user name or bad password.

 

Nothing has been changed from our side. I can still login to the webmail for the account being used and I see all the emails.

We also tried a different account to discard that the account was the issue without success.

After looking online, I believe the issue could be related to something wrong in the handshake. Quoting Charlie Arehart: "TLS (and SSL) is a two-way handshake between the origin and the destination, where each reports what versions it supports and they negotiate to pick one that works for both ends of the conversation." 
That's where my troubleshooting takes me but I could be wrong.

Anyone has experienced this before?

 

Thank you very much!

    This topic has been closed for replies.
    Correct answer ADK-SF

    I'll bet the issue is on Microsoft's side of things - especially if you are using Exchange Online. See here for some details:

    https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-may-2022/ba-p/3301866

     

    Additionally, we have been having to change all of our IMAP calls to using Microsoft Graph API as all basic auth for POP, IMAP, etc. is being deprecated and completely shut off in October of this year. Figuring out oauth2 for IMAP looked to be more work than just switching over to their recommended Graph API, so that's what we've been doing.

    2 replies

    A
    ADK-SFCorrect answer
    Participant
    July 22, 2022

    I'll bet the issue is on Microsoft's side of things - especially if you are using Exchange Online. See here for some details:

    https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-may-2022/ba-p/3301866

     

    Additionally, we have been having to change all of our IMAP calls to using Microsoft Graph API as all basic auth for POP, IMAP, etc. is being deprecated and completely shut off in October of this year. Figuring out oauth2 for IMAP looked to be more work than just switching over to their recommended Graph API, so that's what we've been doing.

      Charlie Arehart
      Community Expert
      Charlie ArehartCommunity Expert
      Community Expert
      July 23, 2022

      Yep, that's a very real possibility. 

      /Charlie (troubleshooter, carehart. org)
      Charlie Arehart
      Community Expert
      Charlie ArehartCommunity Expert
      Community Expert
      July 22, 2022

      Dani, others may have more to say, and more specific suggestions, but first since "nothing changed", do you mean even that cf did not restart today? If it did, something about cf COULD have changed since the previous restart. The cf server.log tracks each startup, as do others (usually with lots more other info).

       

      Note that while cf may not itself have been changed (code or admin config), perhaps the jvm that Cf uses was changed. Look at your cf admin "settings summary" page. What jvm version does it show cd using? There may be more to suggest depending on that. 

      /Charlie (troubleshooter, carehart. org)
      Dani Szwarc
      Dani SzwarcAuthor
      Inspiring
      July 22, 2022

      Hello Charlie and thanbk you very much for jumping in.
      Since we started with this issue, the server has been restarted a couple of times. However, it hasn't been restarted when this problem started to occur. The email started to act up after 8:40 AM as it was the last email retrieved. No restart happens during the day.

      As for the JVM version, the Settings Summary show 11.0.1+13-LTS

       

      Would it be possible that the exchange server provider could've changed something from their end?

       

      Thank you once again Charlie.

      Charlie Arehart
      Community Expert
      Charlie ArehartCommunity Expert
      Community Expert
      July 22, 2022

      Yes, they could have. And that's why I was asking first for your jvm version. 11.0.1, is about 4 yrs old. The latest (from this week, in fact, is 11.0.16). Even cf's update feature fails to be able to find and download new updates with such an old jvm.

       

      So yes, the exchange server could have changed any of supported tls algorithms, bit length of certs, and more. Rather than try to discern that, just try updating the jvm that Cf uses. I have a blog post with more on each of the above (which both also point to resources on updating the Java that Cf uses, which is a 5-minute job if done right).

       

      https://coldfusion.adobe.com/2019/06/error-calling-cf-via-https-solved-updating-jvm/

       

      https://www.carehart.org/blog/2022/7/19/java_updates_Jul_2022

       

      As both note, I can also help ensure it's done, with 15-min minimum remote consulting session, including leaving things so that the jvm switch can be reverted with only second of work.

       

      Let us know if doing that jvm update solves it or not, or if you feel you can't or won't. 

      /Charlie (troubleshooter, carehart. org)
      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices