We have always had complaints from techs about how long it takes to get a 2FA code.

Recently we had a customer complain it took the tech 10 extra minutes "waiting on some code" which they feel they should not have to pay for.

Surely it doesn't take 10 minutes to get a code right!?

So i tried it today. And it took longer than 5 minutes to get the 2FA email, so i hit cancel. I tried again, took longer than 8 minutes so i hit cancel.

10 minutes have passed with no code. It didn't go to spam (I checked). So i could not do anything if i didn't have RDC access.

10 minutes is much too long. 4 minutes is much too long.

What determines the speed at which the 2FA emails are sent, and how to we decrease the time techs spend waiting on the code?

The delays you described are way too long.

The email with 2FA is added to the outgoing emails queue and it will be sent like any other email sent.

The slowness may depend on the amount of emails in the queue that include email notifications and emails from/to customers/employees.

It is also possible that an email was stuck in the queue and took more time for the outgoing mail server to send emails.

In general, canceling the window with 2FA code means that even if the email will be sent/received, the code will not be valid and the new code should be sent.

Each user can access and manage their backup one-time codes that can be used if email with 2FA cannot be accessed.
This can be done under the Employee tab of their Employee Account.
Sysadmin user can manager backup codes for all users.

Hope this helps.

I created a test ticket and received the new ticket created email instantly.

I tried to login to CommitCRM web and never received my 2FA token.

While waiting on the 2FA code, I created another test ticket and got that confirmation BEFORE i got the 2FA code.

If the emails go out in order, how is this possible?

That's interesting. RangerMSP's outgoing email queue is handled on a First-In-First-Out basis.

We suspect that the delays might be a part of the mail server that might decide to inspect the message for spam/AV and this might take longer and other emails are sent sooner. This may be true for both the SMTP sending mail server, as well as the receiving POP3 server (in case they are different). I recommend that you try to review the mail server logs and try to learn more from this. Please keep us posted.

Hope this helps.

The mail server never shows receiving the 2FA message, ever. If it was held up in spam, it would still hit the mail server when it is sent.

The sending and receiving mail server is the same, so it should be instant, like new ticket emails are.

Once the 2FA email is placed in the queue, you may see the file created under the \RangerMSP\Server\QSysEDOutbox\ folder.
Though once the email is sent, the file is removed from the folder.

Beyond that, except for mail server sending delays, we cannot think of anything else that might cause this for such specific 2FA messages, unlike other types of messages. In any case, we will be happy to review your log files and see whether anything special is logged there for these nevertheless.

Hope this helps.

Are the 2FA emails also sent to the audit email like all tickets?

The outbox has a lot of .bak_cmt999 files, but i never see the 2FA file get created when i try to login.

My staff gets their 2FA email immediately.

Certainly looks like a spam issue, but i never see my 2FA email hit the mail server.

Other staff members get their 2FA codes, sometimes instantly.

I never see any of the 2FA messages appear in the QSysEDOutbox\ folder.

Looking at the mailserver, I see 2FA codes for everyone but me.

What would cause this?

.bak_cmt999 under the \RangerMSP\Server\QSysEDOutbox folder are probably old email files from the period that Email Connector was working in the detailed logging mode.
Usually the \QSysEDOutbox folder is empty as each new email enters the queue/folder is immediatley processed.
You can also can move the .bak_cmt999 files out of this folder.
You can enable the detailed logging mode again, restart the 'RangerMSP Server' service and you should see 2FA email saved under the QSysEDOutbox*folder (just remember to disable detailed logging one you're done reviewing).

Also - verify that your personal email address is listed under your Employee record in RangerMSP, this is where the 2FA codes are emailed to.

Hope this helps.

The outbox folder empties pretty quickly. My employee email is the same one the tickets come to correct?

Mmm, it shouldn't be.

In RangerMSP each Employee account should have their own personal email address listed. This is where all notifications and emails are sent to. It should not be the same one as used for the Email Connector, usually a support@ address.

Hope this helps.

I meant all my tickets. There is only under email under my employee account.

For the email connector public email address it should be set to Support@... (or any similar mailbox).

Foe each employee account the email under their record should be Employee@...
And, each employee must be set with a unique email address, unlike several employees sharing the same address.

Hope this helps.

After enabling the logging, i still dont see my 2FA code being generated.

For 2FA emails there is an additional setting to review - Please review them under the Tools > Options > Web Interface -1 tab see which email address is selected for your Employee.

In case any changes are required there, please restart the 'RangerMSP Server' Windows service on your server to apply the changes.

Yup, mine was set to email 2 (not defined) for whatever reason...

Interestingly, a tech said they were not getting the 2FA codes today. He was previously getting them.

Having 2FA codes to be sent to the 'Email2' field, that is not defined or stores an email address, perfectly explains why you have not received the emails with 2FA codes - there was no address to email them to.

Emails with 2FA codes to other tech - in case your Email Connector is configured to work in the detailed logging mode, you should see the sent email messages (*.bak_cmt999) under the folder \Server\QSysEDOutbox . It is possible that they were sent and were wrongly marked as spam.

It only takes 2-3 minutes for me to get my 2FA codes now. I think the other tech "missed" the 2FA email, i saw it hit the mail server.

All is well, thanks!

Great! Thank you for the update.