SEG KCD setup prompts users for email passwords. But once authenticates, email does flow to the device.
Verbosed SEG Web Listener Log shows HTTP 500 as below.
Even though there may be other causes to this issue, lacking “Active Directory Client Certificate Authentication” Server Role is the most common pitfall.
Step 1. Add “Active Directory Client Certificate Authentication” Server Role in the Server Manager. Please see the attached screenshot.
Step 2: Setting up Active Directory to Authenticate
1. On the SEG Server, launch Internet Information Services (IIS) by clicking Start ► Run.
2. Type “inetmgr” and click OK. The IIS Manager window appears.
3. In the left-hand Connections pane select the SEG server
4. In the main pane, under the IIS section, double-click the Authentication icon.
5. Select Active Directory Client Certificate Authentication.
6. In the right-hand pane, click Enable.