Splunk SOAR

Microsoft Exchange On-Premise EWS: HTTP Code: 401. Reason: Unauthorized

recv7353
New Member

We are setting up the Phantom App Microsoft Exchange On-Premise EWS version: 3.0.3 to talk to our On Prem Exchange EWS instance and we are getting the below error when we do a test connection:

"HTTP Code: 401. Reason: Unauthorized. Details: . Toggling the impersonation configuration on the asset might help, or login user does not have privileges to the mailbox."

 

I toggled the impersonation settings but the error is the same is there any specific permissions that need to be given to the Exchange account as so far the Exchange admin team confirmed the ID has rights to impersonate?

Labels (1)
0 Karma

Iñigo
Explorer

Hi

Did you get any solution for this issue? We are getting the same error message at the EWS Office365 app for a specific mail account that is apparently configured in the same way that others that allow access without issues.

We are missing something but can't figure out what.

 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...