0
Not a bug

Broken two-factor authentication presents incomplete error message

gstamper 3 years ago updated by Ben Burner 3 years ago 5

When using two-factor authentication (for example, email:known.valid@emailaddress.com), ScreenConnect in some cases presents the following error upon presenting valid credentials and pressing 'Login':

Your login attempt was not successful: Service not available, closing transmission channel. The server response was: 4.7.0 [x.x.x.x] Our system has detected that this message is


Note that this is a full paste of the generated error and it does end in the middle of a sentence at the word 'is'.
We are running on premise version 6.0.11299.6071. Turning off two-factor authentication on the affected accounts immediately resolves this issue.

Rather than addressing the root cause of this issue, it would seem beneficial if the error message presented upon a failed login of this sort were complete and readable.

ConnectWise Control Version:
Server Affected:
Host Client Affected:
Guest Client Affected:
Waiting for information

Good morning,


The full server response text in your case is potentially "4.7.0: Our system has detected an unusual rate of unsolicited mail originating from your IP address. To protect our users from spam, mail sent from your IP address has been temporarily blocked."


This message is generated by the mail server you're using to relay messages.


How are your ScreenConnect server's SMTP settings configured?


Cheers,

Ben

If you'd like us to open a separate support issue whereby we attempt to troubleshoot the root issue on our end (mail server availability, no doubt) then that'd be fine. This bug entry was opened as ScreenConnect failing to display complete error codes where space is available (and there is plenty of space on the login page) should rightly be considered a bug, in my opinion.


Anyways, we have ScreenConnect set to use the domain mail server as we couldn't get Gmail's SMTP relay working despite both whitelisting our IP in Gmail and trying various permutations on the SMTP/SSL settings (we received an authentication required message in every instance despite providing valid credentials)

if you are not using SSL for calls to the SMTP relay, try watching the request itself from the server with an application like network monitor or wireshark. Does the response contain the entire message?

Looking at the code itself, we're just dumping the message from any exception we catch directly into the field on the login page, I don't see much processing happening.

We have <add key="SmtpEnableSsl" value="true" /> set in web.config (not sure it's actually being honored, though). If you aren't modifying the message then feel free to close this ticket and we'll chalk it up to whatever server ScreenConnect is trying to use to do SMTP.