Attempting to configure a new email integration with azure.us

Question

Hi. I’m trying to configure a new email integration with our azure tenant in azure gov.

I’ve configured the app reg in Azure per the instructions and I’ve configured the incoming email tab in sysaid email integration with protocol oauth2.0, service provider microsoft 365, the tenant ID, client id, and secret, and a I put the inbox user in the user/domain user field..

When I click Test I get “Test incoming email failed Connection pool shut down”.

I’m not sure what this means and can’t find any documentation for this.

SysAid Copilot · Answer

Hi there,SysAid Copilot is here with our AI Magic! Here is the response we thought might assist you: You’re running into a known generic error: **“Test incoming email failed, Connection pool shut down”**. It doesn’t point to a single cause, but we can narrow it down. Since you’re on **Azure Gov (azure.us / national cloud)**, there are a few specific things to check.I’ll keep this focused and step‑by‑step.---## 1. Confirm basic OAuth2.0 setup for Azure GovIn **SysAid > Settings > Integration > Email > Incoming Email**:- **Protocol**: `OAuth 2.0`- **Service provider**: for a US Gov tenant, SysAid may need to be configured on the backend for **national cloud endpoints** (not the default global `login.microsoftonline.com` / `graph.microsoft.com`).    - From the admin UI you can’t change those endpoints. If everything below checks out but tests still fail, this usually requires SysAid Support to adjust the environment to use **azure.us** endpoints.- **Tenant ID / Client ID / Client Secret**:  - Ensure no leading/trailing spaces.  - Use the **secret Value**, not Secret ID.- **User / Domain user**:  - Use the **actual mailbox UPN / address** that should be read (e.g. `helpdesk@...`).If any of those were obviously wrong, correct and re‑test first.---## 2. Network connectivity checks from the SysAid serverFor on‑prem SysAid, this error is often network‑related.From the SysAid server (or the machine hosting Tomcat):1. Test HTTPS connectivity (ports 443) to the relevant endpoints for your gov region, for example (depending on your enclave):   - Identity:     - `login.microsoftonline.us:443`     - `login.microsoftonline.com:443` (sometimes still contacted depending on configuration)   - Graph:     - `graph.microsoft.us:443` (or the correct gov graph endpoint for your tenant)   - Exchange Online (if used):     - `outlook.office365.us:443` or the gov equivalent2. Make sure your firewall / proxy is not blocking or inspecting and breaking TLS to those endpoints.If telnet/curl to these hosts on 443 fails or hangs, the pool shutdown is often just a symptom of the connection never establishing.---## 3. Check SysAid version and resourcesHistorically, we’ve seen this error with:- **Older builds** that didn’t fully support newer OAuth / Graph behaviors.- **Under‑resourced servers / exhausted connection pools**.Please check:- **SysAid version**: if you’re on an older build (e.g. pre‑23.x), upgrading is recommended.- **Server resources**:  - Confirm the SysAid service has sufficient **Java max memory** configured (commonly `2048M` or higher in `wrapper.conf`) and ample RAM on the OS.- If the error appears **immediately** after pressing Test (no delay), it can also indicate an internal pool/config issue, not a remote timeout.---## 4. Inspect logs for the real Azure errorTo see the actual Azure/AAD error behind the pool message:1. In SysAid, go to **About > Download logs for tech support**.2. Immediately after a failed Test, download logs and inspect (or have your team inspect) for:   - `oauth`, `access token`, `graph.microsoft`, or `AADSTS` messages.   - Any HTTP status like `401`, `403`, or `5xx`.Often you’ll find an AAD error such as:- Mis‑scoped permissions- Invalid/expired secret- Wrong endpoint for a gov tenantIf you find a specific `AADSTS` code, paste it here and I can interpret it.---## 5. Azure Gov specifics to verify in App RegistrationIn your **App registration (Azure Gov portal)**:- Confirm you created it in the **correct gov tenant** (not a global portal by mistake).- Under **API permissions**, ensure you’ve added the correct **Graph / Exchange** permissions recommended in the SysAid OAuth 2.0 guide and granted **admin consent**.- Confirm the **Redirect URI** (if used) and authentication type match what SysAid expects (Application permissions / client credentials flow).---## 6. When you may need SysAid Support (backend change)Because you’re on **Azure Gov**, if:- Network connectivity from the SysAid server to the gov endpoints is fine, and- App registration (tenant, client, secret, permissions) is correct, but- Tests in SysAid still fail with only “Connection pool shut down” and logs show gov/national‑cloud errors (e.g. AADSTS90038-type redirect or endpoint mismatch),then the SysAid **cloud/backend environment** may still be pointing to **global endpoints** instead of the appropriate **azure.us** endpoints. That cannot be changed from the admin UI.In that case, you should open a **Service Record** to SysAid Support from outside this chat (new chat / standard support channel) and include:- That you’re integrating with **Azure Gov / azure.us**.- Tenant ID and App (client) ID.- The exact **error text** from the SysAid logs (including any AADSTS codes).- Confirmation that telnet/curl to the appropriate gov login/graph endpoints on 443 works from the SysAid server.---If you can share (1) your SysAid build number and (2) the first relevant OAuth/AAD error line from the logs, I can give you a much more precise next step. Love the experience? You can enjoy the full power of SysAid Copilot and reduce your team workload starting today - check it by yourself

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded