Solved

Multi Factor Authentication Commvault

  • 29 November 2021
  • 15 replies
  • 2047 views

Userlevel 4

Hello Commvault Community!

 

I would like to ask you about the topic of Multi-factor authentication Commvault.

 

First Question: 

Is it possible in MFA to block the sending of e-mails with one-time codes, apart from sending the first e-mail with the code to the authentication application?

 

I guess the solution to the problem should be to disable MFA for specific users, but then that user won't be protected anymore, right? In the case of MFA, it is not possible to send the authentication code once, and then it would not be needed again to log in correctly, I think right?

https://documentation.commvault.com/11.24/expert/7910_disabling_two_factor_authentication_administrator.html

 

Second Question: 

 

The client has two accounts in Active Directory:
- One - regular user, with a mailbox (adam_johnson@abc.com.pl) - logging in via MFA works fine

- The second - which has administrator permissions (also in Commvault) - this account hasn’t mailbox (however, it has the email address adm.ajohson@abc.com.pl). An alias has been set up in Exchange and e-mails sent to adm.ajohnson@abc.com.pl are forwarded to adam.johnson@abc.com.pl. The test e-mail sent from Commvault to the address adm.ajohnson@abc.com.pl reaches correctly to the e-mail adam_johnson@abc.com.pl. After enabling MFA in CommCell and trying to log in to the account with the alias adm.ajohnson@abc.com.pl, I have an error as in the attachment.

If there is an e-mail address in the usera field (e.g. xxx@abc.pl), everything is fine. However, when the User Mail field contains an address that is an alias to the mailbox (i.e. the address alias.xxx@abc.pl, which is forwarded to xxx@abc.pl), Commvault throws an error message when sending an email with authentication codes. I would like to add that messages delivered to an alias address work without any problems.

I am asking for help and for information whether this is the correct behavior or should give MFA access to the account with the alias without any problems.

 

Thanks&Regards,
Kamil

icon

Best answer by Kamil 31 January 2022, 18:54

View original

15 replies

Userlevel 7
Badge +23

Hi @Kamil !

Regarding the first question, if I understand you correctly, you’d essentially not really have MFA in place (other than the first time).  MFA has to be satisfied each time you login, otherwise it’s really a temporary MFA.

For the second question, you likely are correct, though if this is by design or not, I’ll have to find out.

I’ll be in touch!

Userlevel 4

Hi @Mike Struening 

 

Thank you for your answer for first question. Did you find out anything about MFA and aliases?

I will be grateful for your response.

 

Regards,
Kamil

Userlevel 7
Badge +23

I haven’t yet, my apologies.

Appreciate the reminder.  I’ll chase this down!

Edit: I created a doc MR in your name in advance :-)

Userlevel 7
Badge +23

Just heard back from some of our devs, and they suggested opening a case, and providing the incident with the smtpmanager logs from CS.

I expected a response of ‘this is not supported’, but there’s more potentially going on.

Once created, can you share the case number with me?

Userlevel 4

Hi @Mike Struening 

 

I thought that I would find something in "smtpmanager.log" myself and found something, but it didn't direct me to anything.

 

7304  264   11/25 09:21:53 ### ### cvSMTPMgr::sendEmailBySMTPClient - Exception Message [A recipient must be specified.]

7304  264   11/25 09:21:53 ### ### cvSMTPMgr::sendEmailBySMTPClient - Exception Source [System]

7304  264   11/25 09:21:53 ### ### cvSMTPMgr::sendEmailBySMTPClient - Exception StackTrace [   at System.Net.Mail.SmtpClient.Send(MailMessage message)

   at CvSMTP.CvSMTPMgr.sendEmailBySMTPClient(Int32& errorCode)]

7304  264   11/25 09:21:53 ### ### cvSMTPMgr::SendSMTPMail - Failed to send mail with Error Code[-1], Error Message[By SMTPClient: A recipient must be specified.]

 

I consult it internally with the rest of my colleagues, if I don't think of anything, I escalate the thread to the Commvault support, unless someone in the meantime from the Commvault Community has an idea what the problem may be …

 

Regards,
Kamil

Userlevel 7
Badge +23

That’s definitely a log message that needs improvement!

Can you share the case number so I can follow up?

Userlevel 4

Hi @Mike Struening 

 

The client decided to update the environment version to FR 24. If that does not solve the problem, he will make a request in Commvault support. Give us a moment please :)

 

Regards,
Kamil

Userlevel 7
Badge +23

Take all the time you need!

Userlevel 7
Badge +23

Hey @Kamil , gentle New Year’s follow up :grinning:

any chance you have a case opened for this yet?  The developer who advised to create an incident was asking.

Userlevel 4

Hi @Mike Struening,

 

I managed to ask the Customer 3 times if he test the MFA after update the MR version, but he says that he didn’t have time to test it. As soon as I know more, I will inform you here immediately.

 

Forgive me for delay.

 

Regards,
Kamil

Userlevel 7
Badge +23

Nothing to forgive, my friend!  I’ll keep an eye out.

Userlevel 4

Hi @Mike Struening 

I escalated the case to Commvault support, here is the case number: Incident 220111-329

 

Regards,
Kamil

Userlevel 7
Badge +23

You are the best @Kamil , thank you!!!

Userlevel 4

Hi @Mike Struening 

 

It turned out that the problem was in the configuration on the client's side. They are to sit down with AD Administrators and check where the problem lies.

 

In this situation, there isn’t need to continue for now, but thanks for your help.

 

Regards,
Kamil

Userlevel 7
Badge +23

As always, appreciate you coming back to share!!

Reply