SMTP Server component in Dynamics NAV, latest news, latest patches and some configuration challenges with Office 365

SMTP Server component in Dynamics NAV, latest news, latest patches and some configuration challenges with Office 365

  • Comments 2

It has been a while since I last wrote a posting about the SMTP Server component that we first shipped with Dynamics NAV 5.0. Let’s recap the older posting first as it does list a complete list of patches that one should have applied already and let me take the opportunity to also discuss some previous support cases that were filed at our support service regarding specific Italian localization that only applies to Italian partners / customers. Last but not least some support cases were filed at our support service in regards to Office 365. Let’s also discuss these.

The previous posting can be found here: Double impersonation within a three tier environment and the SMTP Server setup in Microsoft Dynamics NAV. A later patch did came out as well: 2811780 where we added some code to code unit 400 to allow a timer to be configured via C/AL. Previous support cases were filed by Italian partners requesting if they could use our SMTP Server component with Posta Elettronica Certificata which is an alternate connection configuration via SMTP/SSL over port 465. More information about PEC can be found here: IETF and Wikipedia

The SmtpClient.EnableSsl property is responsible for this and is discussed on MSDN. Here you can read the following:

An alternate connection method is where an SSL session is established up front before any protocol commands are sent. This connection method is sometimes called SMTP/SSL, SMTP over SSL, or SMTPS and by default uses port 465. This alternate connection method using SSL is not currently supported.

Last but not least Microsoft Support received several requests from partners how they should configure Dynamics NAV SMTP Server component in combination with Office 365. The good news is that this is possible, but there are some challenges, especially when you use the SMTP Server component in combination with Document Approval system that we shipped with Dynamics NAV. Let’s assume the latter. The prerequisites are:

  • You need to apply all patches listed on Double impersonation within a three tier environment and the SMTP Server setup in Microsoft Dynamics NAV
  • You need to have administrative access to Office 365 in combination with administrative access to Exchange Online if you also want to setup Document Approval
  • You need to download the PowerShell commands from here  to configure the SendAs permissions for the accounts because “Any e-mails sent by the application / device must be from the authenticated account above“
  • You then need to follow instructions written here

Let’s show you how this does work. When you start the PowerShell, a box is shown to you with the following line: “PS C:\Windows\system32>”. After that line, you can type the commands one at a time.

 

First command:

PS C:\Windows\system32> Set-Executionpolicy -ExecutionPolicy Unrestricted

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?

[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y

Second command:

PS C:\Windows\system32> $LiveCred = Get-Credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential

Third command:

PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

WARNING: Your connection has been redirected to the following URI:
"https://pod51014psh.outlook.com/powershell-liveid?PSVersion=3.0 "
WARNING: Your connection has been redirected to the following URI:
"https://db3prd0411psh.outlook.com/powershell-liveid?PSVersion=3.0 "

Fourth command:

PS C:\Windows\system32> Import-PSSession $Session

ModuleType Name                                ExportedCommands

---------- ----                                ----------------

Script     tmp_2b2tb1qp.44s                    {Add-AvailabilityAddressSpace, Add-DistributionGroupMember, Add-Mailb...

Fifth command:

PS C:\Windows\system32> Add-RecipientPermission "Kevin Mels" -AccessRights SendAs -Trustee "Marco Mels"

Confirm
Are you sure you want to perform this action?
Adding recipient permission 'SendAs' for user or group 'Marco Mels' on recipient 'Kevin Mels'.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): Y

Identity                Trustee                 AccessControlType       AccessRights            Inherited
--------                -------                 -----------------       ------------            ---------
kevinmels               marcomels               Allow                   {SendAs}                False

Sixth command:

PS C:\Windows\system32> Add-RecipientPermission "Sean Bentley" -AccessRights SendAs -Trustee "Marco Mels"

Confirm
Are you sure you want to perform this action?
Adding recipient permission 'SendAs' for user or group 'Marco Mels' on recipient 'Sean Bentley'.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): Y

Identity                Trustee                 AccessControlType       AccessRights            Inherited
--------                -------                 -----------------       ------------            ---------
seanbentley             marcomels               Allow                   {SendAs}                False

PS C:\Windows\system32>

Document Approval setup looks like this:

clip_image001

clip_image002

PS C:\Windows\system32> Remove-PSSession $Session

clip_image003

 

To summarize, Marco Mels (marcomels@bergmanz.onmicrosoft.com) configured in the SMTP settings is the trustee and you need to add SendAs recipient for all users that are in the Approval User Setup form.

Some other commands to verify the setup if needed:

 

PS C:\Windows\system32> Get-RecipientPermission "Sean Bentley" -AccessRights SendAs

Identity                     Trustee                               AccessControlType       AccessRights            Inherited
--------                        -------                                  -----------------       ------------            ---------
seanbentley             NT AUTHORITY\SELF       Allow                   {SendAs}                False
seanbentley             marcomels                        Allow                   {SendAs}                False

The Windows Powershell must be started via “Run as Administrator”and you need to specify user credentials within Office365 that does have Administrator permissions. Truly hope this does help you to configure SMTP Server component in Dynamics NAV in combination with Office 365.

Regards,

Marco Mels
CSS EMEA

This posting is provided "AS IS" with no warranties, and confers no rights

Leave a Comment
  • Please add 5 and 1 and type the answer here:
  • Post
  • Isn't this opening a security risk? Surely from the point after updating 'Send As' setting, Sean Bentley could send emails as Marco from his Outlook client?

  • Hello Neil,

    That is a good comment. You should of course utilize a catchall E-mail address. The account is only needed for authentication purposes. You can utilize something like catchall@domain.com or noreply@domain.com. The catch all address must of course exist as a mail address.

    Then you are good to go.

    Have a good day.

    Marco Mels

    CSS EMEA

    This posting is provided "AS IS" with no warranties, and confers no rights

Page 1 of 1 (2 items)