Notification Sender 2222 Error with Server response “5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM”

Uncategorized
9.9
Notification settings
SMTP
https://kb.netwrix.com/5088
Copy Article URL Copied

Symptom

You are using Office356 to send emails in Netwrix Audit Notification settings. You specified following SMTP settings:

  • SMTP server – smtp.office365.com
  • Port number – 587
  • SMTP authentication is enabled
  • SSL/TLS is enabled

Even though you recieve Alert and Search Subscription emails you do not get Report Subscription emails.
In the Netwrix Auditor Health Log are 2222 EventIDs from Notification Sender Event Source with following description :

The following error has occurred:
The following subscriptions could not be sent to the recipient 'Email Address':
Subscription to the 'Report Name' report (1)
Error: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [HE1PR0802CA0024.eurprd08.prod.outlook.com]

Cause

Office 365 requires TLS 1.2 encryption to send emails. .Net framework on the Netwrix Auditor server does not have TLS 1.2 configured, thus the component that sends SSRS Reports subscriptions fails to establish a connection with the cloud SMTP server.
It is also possible that the Netwrix Auditor server itself does not have TLS 1.2 support, depending on the operating system version and updates installed. Make sure the operating system on the computer where Netwrix Auditor resides supports TLS 1.2

Resolution

Create or set the following registry keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
“Enabled”=dword:00000001
“DisabledByDefault”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
“Enabled”=dword:00000001
“DisabledByDefault”=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

Go Up