I suggest you start by finding out what exactly is returning a 401 error. SonarQube itself, or something sitting in front of the SonarQube Server (like a load balancer).
Concretely this means looking at your access.log to see if a 401 error is being reported upon hitting the /api/v2/system/email-configurations endpoint. Can you check that?
Based on nginx logs, I am getting error from the backend service: IP ADDRESS - - [17/Mar/2025:13:48:49 +0000] "POST /api/v2/system/email-configurations HTTP/2.0" 401 0 "https://sonarqube.my.host/admin/settings?category=email_notification" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" 359 0.008 [sonarqube-sonarqube-9000] [] 10.42.0.68:9000 0 0.004 401 408dacdb2a241a76449f645a66250991
It is maybe worth mentioning that the GET method to the same endpoint succeeds /api/v2/system/email-configurations
But is the request actually making it to the SonarQube server? That’s what you’ll find out in the access.log file (which I assume is not what you’re showing me, since you mentioned nginx)
Have you tried configuring anything else on your server? I’d like to understand if it’s a problem with just SMTP settings, or if you also face the issue say, updating an exclusion or creating a new user (the former uses Web API v1, the latter Web API v2)
I’ve seen issues in the past where for some reason (bad cookies, bad loadblancer configuration) only POST requests are rejected, but they’re rejected across the board.
2025.03.17 13:58:21 TRACE web[7f543d4b-2d54-408a-96df-f5aac2e6be54][o.s.s.p.w.UserSessionFilter] Thread[http-nio-0.0.0.0-9000-exec-35,5,main] serves /api/v2/system/email-configurations
2025.03.17 13:58:21 TRACE web[7f543d4b-2d54-408a-96df-f5aac2e6be54][sql] time=0ms | sql=select st.uuid as uuid, st.user_uuid as "userUuid", st.expiration_date as "expirationDate", st.created_at as "createdAt", st.updated_at as "updatedAt" from session_tokens st where st.uuid=? | params=51a559ed-7eee-4234-b3a4-42de3503dd2d
2025.03.17 13:58:21 TRACE web[7f543d4b-2d54-408a-96df-f5aac2e6be54][sql] time=1ms | sql=SELECT sa.scm_account as "scm_account", u.uuid as uuid, u.login as login, u.name as name, u.email as email, u.active as "active", u.salt as "salt", u.crypted_password as "cryptedPassword", u.hash_method as "hashMethod", u.external_id as "externalId", u.external_login as "externalLogin", u.external_identity_provider as "externalIdentityProvider", u.user_local as "local", u.reset_password as "resetPassword", u.homepage_type as "homepageType", u.homepage_parameter as "homepageParameter", u.last_connection_date as "lastConnectionDate", u.last_sonarlint_connection as "lastSonarlintConnectionDate", u.created_at as "createdAt", u.updated_at as "updatedAt" FROM users u left outer join scm_accounts sa on sa.user_uuid = u.uuid WHERE u.uuid=? | params=9ae10a61-cef1-40bf-806f-b67c8ae03dde
2025.03.17 13:58:21 TRACE web[7f543d4b-2d54-408a-96df-f5aac2e6be54][sql] time=0ms | sql=select gr.role from group_roles gr inner join groups_users gu on gr.group_uuid=gu.group_uuid where gr.entity_uuid is null and gu.user_uuid=? union select gr.role from group_roles gr where gr.group_uuid is null and gr.entity_uuid is null union select ur.role from user_roles ur where ur.user_uuid=? and ur.entity_uuid is null | params=9ae10a61-cef1-40bf-806f-b67c8ae03dde, 9ae10a61-cef1-40bf-806f-b67c8ae03dde
2025.03.17 13:58:21 TRACE web[7f543d4b-2d54-408a-96df-f5aac2e6be54][sql] time=1ms | sql=select kee as "key", is_empty as empty, text_value as value, created_at as createdAt from internal_properties where kee in ( ? ) | params=email.smtp_host.secured
I have two suggestions that might help us narrow down what’s going on:
To remove any possibility that it’s a client-side issue (your browser), try hitting one of the api/v2 endpoints from the command line. Using curl, this would look like:
Replacing TOKEN and SONARQUBE_URL with appropriate values.
If that still doesn’t work, I reccomend using the deprecated POST api/users/create to create a second account and granting that user admin powers. See if this other account also faces the same issues.
curl -X POST -u TOKEN: 'SONARQUBE_URL/api/users/create?login=test&name=test&password=TestTest123123!'
And if that fails, please share your Kubernetes helm chart values.
Hm. It’s sounding more like a client-side issue or something else in the middle (load balancer, reverse proxy). I expect that you could even use POST/api/v2/system/email-configurations to configure your SMTP settings.
This is going to sound very basic – but does the issue persist in different browsers, and/or after a cache/cookie clear?
So clearing browser cache helped. Now I can execute POST actions and create email configuration.
Unfortunately, I do not manage to set it up correctly. I am using AWS SES configuration that I am using for other services we host and they are working correctly but SonarQube is saying that something is wrong with my configuration.
And I’ve also tried to use Gmail’s smtp with App Password and still no luck.
In the web.log file at DEBUG level you should be able to get a clear(ish) error message.
2025.04.09 18:18:35 DEBUG web[40d64c12-518b-40b3-92e3-90ce64755ec1][o.s.s.n.e.EmailNotificationChannel] Fail to send test email to test@test.com: {}
org.apache.commons.mail2.core.EmailException: Sending the email to the following server failed : smtp.com:587
at org.apache.commons.mail2.jakarta.Email.sendMimeMessage(Email.java:1085)
at org.apache.commons.mail2.jakarta.Email.send(Email.java:1069)
at org.sonar.server.notification.email.EmailNotificationChannel.send(EmailNotificationChannel.java:238)
at org.sonar.server.notification.email.EmailNotificationChannel.sendTestEmail(EmailNotificationChannel.java:358)
at org.sonar.server.email.ws.SendAction.handle(SendAction.java:71)
at org.sonar.server.ws.WebServiceEngine.execute(WebServiceEngine.java:114)
at org.sonar.server.platform.web.WebServiceFilter.doFilter(WebServiceFilter.java:84)
at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165)
at org.sonar.server.platform.web.MasterServletFilter$HttpFilterChainAdapter.doFilter(MasterServletFilter.java:208)
at org.sonar.server.platform.web.SonarQubeIdeConnectionFilter.doFilter(SonarQubeIdeConnectionFilter.java:62)
at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165)
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:126)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:83)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:70)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.CspFilter.doFilter(CspFilter.java:67)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:60)
at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:47)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:56)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.EndpointPathFilter.doFilter(EndpointPathFilter.java:47)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:65)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:115)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:483)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:268)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:397)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:905)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: jakarta.mail.AuthenticationFailedException: 535 5.7.8 Sorry.
at com.sun.mail.smtp.SMTPTransport$Authenticator.authenticate(SMTPTransport.java:947)
at com.sun.mail.smtp.SMTPTransport.authenticate(SMTPTransport.java:858)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:762)
at jakarta.mail.Service.connect(Service.java:364)
at jakarta.mail.Service.connect(Service.java:222)
at jakarta.mail.Service.connect(Service.java:171)
at jakarta.mail.Transport.send0(Transport.java:230)
at jakarta.mail.Transport.send(Transport.java:100)
at org.apache.commons.mail2.jakarta.Email.sendMimeMessage(Email.java:1082)
... 61 common frames omitted
