Hello Community,

I wanted to get an article out as we have seen an increased number of cases with users on 18.3 running into an Unknown Error when emailing or setting up emailing. 

There are two main times this error can occur:

During the setup of the new MFA functionality, after you tab off the App ID field and attempt to authenticate.

The Problem:

The steps for setting up MFA can be found here:
Microsoft Dynamics GP Fall 2020 - Multi-Factor Authentication - Microsoft Dynamics GP Community

With further setup in Azure happening here:
Multi-Factor Authentication - Dynamics GP | Microsoft Docs

When users Authenticate, Azure/Graph is sending back a failure due to the setup within Azure. A network trace usually shows a response from Azure referencing “Multitenant”:


The issue here is from step 4 of the Azure setup above. Basically, users are selecting “Single Tenant”, but their environment is not setup to work with this setting.

The Solution:

Swap to using Account in any organizational directory (Any azure AD account – Multitenant) as your setting for the Supported Account Types within Azure for your GP app.

This is easy to swap, just open Azure as if you are setting up a new App Registration, but instead of making a new one, just click on the one you made before.

Then click on the Authentication tab on the left, and then mark the multitenant setting shown below:

You can then click on the Save button at the top.

It is important to note that although users outside of your tenant can then attempt to connect to this app, only user’s setup in your tenant can log in. For example, if I tried to log into your application in GP using your ID, even if you are setup for Multitenant, I am still going to get an authentication error. This means that this setting should not cause any security issues with GP.

The Problem:

The user setting up MFA within GP is not an admin within Azure or does not have MFA enabled.

The Solution:

As GP is using this user to grant it access to email using the App ID, you need to have an Admin complete this process. This user will need to be prompted for an MFA password, so make sure this specific user is setup to “ENFORCED” for MFA, even if you have MFA enabled through other means (Conditional Access Rules, Security Defaults, Intune, ect.). After setup, you can swap this setting back, or even remove MFA entirely and still get the new Graph Prompt without an error. Just the setup process requires MFA, likely due to many settings in Azure requiring Admins have MFA enabled regardless.

The Problem:

There are third-party MFA products involved.

The Solution:

This one depends on your environment. To be very clear, the GP Support team is not able to assist with any issues caused by a third-party MFA provider. This is simply because we do no have access to them, or the experience to do so. You can attempt to get assistance from your provider, or try doing the setup with an account using the default functionality, then turn on the third-party functionality afterwards (I have seen this work a few times).

This covers most issues that occur during the actual setup process for the MFA process, but we do sometimes see the same error during the actual email process. Here are common causes of those:

The Problem:

The Exchange server is running Exchange 2010.

The Solution:

This is covered in more depth in the following article, and includes a section to find out what version of Exchange you are on:
An Unknown Error Occurred While Emailing from GP 18.3 using Exchange - Microsoft Dynamics GP Community

The general situation is that Exchange 2010 is no longer supported by Microsoft and is not going to work with GP 18.3. Our recommendation is to work on migrating to any newer version of Exchange (or EXO) as soon as possible. If you are working on upgrading to 18.3, and notice this issue in testing, you will want to upgrade Exchange prior to GP, or you will risk being unable to email until Exchange is updated.

The Problem:

The classic causes of the Unknown error that usually show in the Exception reports within GP.  

The Solution:

The various causes can be found in the Email Troubleshooting guide here:

Please note that this document is not completely up to date, but I hope to get it updated now that year-end is subsiding. This will include all the issues discussed here, and this line will be removed when that is completed.

This covers all the causes that we have recently seen with the “Unknown Error”. That said, if you need some help, the GP support team is happy to help! To help speed up the process, it can be helpful to have a Fiddler trace of the login process submitted with your case. These are our recommended steps with Fiddler:

Download Classic Fiddler from the web: http://www.telerik.com/download/fiddler

 1. Open Fiddler, In Tools->Fiddler Options->HTTPS, check “Decrypt HTTPS traffic”.

Click “Yes” on the prompt for trust Fiddler Root Certificate.

Click “Yes” to install the certificate.

Click “Yes” to confirm.

Click “OK” and “OK” to back.

2. Reproduce the issue

3. Stop Fiddler Trace: File->Capture Traffic F12, Save trace: File->Save>All Sessions. Save the trace out as .saz file