This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Gmail won't allow Thunderbird access.

  • 15 replies
  • 0 have this problem
  • 11 views
  • Last reply by Matt

more options

System is win 11, latest TB, personal gmail account of long standing. I want to use TB as my email program for gmail. After installing TB, it asks for my gmail login and password, and recognizes the account, defaulting to IMAP, Oauth2, etc. When I press "done", I get a google screen saying that TB want authorization to access gmail files. But when I press "allow", the TB page shows an error message under the password field reading "Unable to log in at server. Probably wrong configuration, username, or password." I understand it is looking for my gmail username and password, and these are correct. I have tried this many times, including with variations: removing and reinstalling TB, creating a pw just for TB in gmail (subsequently deleted). I have read all of the gmail installation help notes at Mozilla. Most relate to a 2022 change in gmail re Oauth2. Nothing helps. Any advice?

System is win 11, latest TB, personal gmail account of long standing. I want to use TB as my email program for gmail. After installing TB, it asks for my gmail login and password, and recognizes the account, defaulting to IMAP, Oauth2, etc. When I press "done", I get a google screen saying that TB want authorization to access gmail files. But when I press "allow", the TB page shows an error message under the password field reading "Unable to log in at server. Probably wrong configuration, username, or password." I understand it is looking for my gmail username and password, and these are correct. I have tried this many times, including with variations: removing and reinstalling TB, creating a pw just for TB in gmail (subsequently deleted). I have read all of the gmail installation help notes at Mozilla. Most relate to a 2022 change in gmail re Oauth2. Nothing helps. Any advice?

All Replies (15)

more options

Not knowing your specifics in detail, I have found some consistency in NOT showing password during the setup, waiting for the Google prompt to enter it. That is, I have found that the password field needs to be empty at setup. Try that.

more options

I have tried this. the result is the same error message.

more options

If it's looking for your user name (email address) in the OAuth window, it might be because cookies aren't accepted in TB Settings/Privacy & Security. The address is entered automatically when cookies are accepted.

more options

Not a solution. The cookies are accepted is checked. (I had to create a TB account by using the "advanced settings" option. When clicking on my account name (gmail address) it goes through a google 2SV, and returns a message that the server did not accept the login. Could this have something to do with Windows 11 and the built-in security chip?

more options

The W11 TPM chip isn't a factor on my setup. There must be some external app blocking the authentication, possibly antivirus or VPN. What's the antivirus? Run Windows in safe mode to test for startup app interference, such as AV. The account (not app) password is all that's needed for OAuth.

more options

Running in safe mode (with network access) was not succesful.

more options

Did you read this page? https://support.google.com/mail/answer/78892?hl=en It's pretty basic stuff, so I suppose you already have done those steps.

more options

craig, did you resolve this?

more options

If you have set up a two factor authentication in gmail then you cannot use Authentication Method: Oauth2. You get an error because gmail is expecting an app specific password and not the normal password. But the Oauth2 setting cannot use an app specific password.

If using 2FA then You have to use 'Authentication Method : Normal Password and when it asks for password you have to enter the 'speciifc app generated password' and not the normal password.

To use Authentication Method: Oauth2 You must first switch off the 2FA via gmail account and do not use the 'app generated password'. Then you use the normal password with email address.

Additional checks: Computer Firewall needs Thunderbird to be set up as an allowed app. If you have any program using the 'localhost' like 'Apache' then switch off Apache whilst setting up the gmail account. If you have a VPN running then switch it off. In Settings > Privacy & Security Web Content - Select 'Accept cookies from sites' Or you can click on 'Exception' and set up to allow : https://accounts.google.com

more options

Toad-Hall: I turned off 2FA; didn't fix the problem. Bit Defender (my av app) has thunderbird listed for full access. I don't use a VPN and am not aware of using Apache. When you talk about changing settings to accept cookies, do you mean Windows Settings? Selecting Privacy and Security, I can't find any tab relating to Web Content. Can you advise me where that is in Win 11?

more options

Thunderbird settings

more options

craig.k7cej said

do you mean Windows Settings? Selecting Privacy and Security, I can't find any tab relating to Web Content. Can you advise me where that is in Win 11?

You might want top check in Thunderbird. In settings as Toad hall suggested. We often find simple things like antivirus programs and other supposed security product disable cookies. They don't tell anyone, or present it a some huge privacy gain, but in terms of oauth2.0 no cookies mean nothing works.

Now the connection process of oauth uses standard web ports to go through the authentication process and once it is done, Thunderbird then attempts to connect using the newly minted oauth credential and the email ports. The message you initially posted is I assume the rather meaningless one that comes up in the new account wizard when the connection fails.

So some checks;

  • Go to the passwords stored in Thunderbird and check that there is one for the google account if the oauth process completed successfully there will be a token stored with your email address as the user name and starting with oauth:\\ (I think you will find this part worked.)
  • If you are trying to set up a POP account then you need to enable that in your google settings. The connection for mail will fail as you describe if the chosen protocol is not enabled. Only IMAP is enabled by google by default. (This link will allow you to check your settings at Google https://mail.google.com/mail/u/0/#settings/fwdandpop)
  • BitDefender total security does have a VPN. Are you sure it is not enabled when you say you don't use one?

Other issues Have you ever successfully use any mail client to connect to a mail server using this hardware? Sad as it may seem, we are living with a group of so called professionals that assume we only do web pages on the internet. It is entirely possible you have some sort of internet modem/router that actually blocks mail ports. (it would not be the first time. Years ago Comcast issued new routers to their customers that blocked access to their own mail servers.

Mail servers almost universally only work well with IPV4 addresses. Networks with IP6 addressing can mess all this up and it can be messed up in the DNS part of the process. Disabling IPV6 is an option to try to see if you are caught in this mess. Use the config editor to change the setting network.dns.disableIPv6 to True and restart Thunderbird.

BitDefender uses self signed certificates for it's man in the middle hacking to scan your mail. Thunderbird does not recognize these self signed certificates. At one point they actually changed the way Thunderbird stored certificate so it used the windows store rather than it's own because the windows store can be manipulated from code, Thunderbird's can not. Try disabling it's ScanSSL (that was what they called it in 2016) as well as mail scanning while you try and set up the account.

Finally

You can always log the process. First you need to change some hidden preferences in Thunderbird to get a complete log. So go to the config editor and make the following preference changes. mail.wizard.logging.dump to all mail.wizard.logging.console to all Now access the error console (ctrl+Shift+J) or via the developer tools on the tool menu and clear it by clicking the trash bin icon Run the setup and check the log. It has a handy right click menu that allows the information to be copied to a t4ext document (or a post here) if it is to big for here, there is always the Mozilla pastebin where you can paste the info and share the link Go to https://pastebin.mozilla.org/

more options

Thanks for the detailed response. I appreciate the help but nothing works so far. In order of your suggestions: 1. TB settings are set to allow cookies, no exceptions. No cookies are listed. TB does not list any stored passwords (I have tried to set up the gmail account with my account name and password probably 50 times now.) 2. Bit Defender has a VPN but it is not enabled. Early on in this process I disable Bit Defender but it didn't make any difference. 3. Other clients: Win 10 mail worked fine, but I have had some trouble trying to set up Outlook (of which there are several versions). 4. I am using IPV4 addresses. I haven't tried the logging process yet.

more options

I need to amend my last post. TB does indeed list a number of cookies for account.google.com and google.com

more options

Back here you said that running in safe mode with networking did not work. But I google localhost and bitdefender and find reports of localhost being blocked by Bitdefender over the last 10 years. As the last step in the oAUth flow is to pass the token to Thunderbird from the browser via localhost and it would appear that this is the point of failure, I am still looking at Bitdefender as the cause given there really ar only a few things that can mess up localhost this way.

So back to safe mode, it did not work exactly how? Were you even connected to the internet?

Many folk these days have no wired connection and therefore can't use safe mode with networking for diagnostics as their operating system can not connect to the internet without a wire in safe mode. (Windows loads no wifi drivers.)

So please take us through the step of safe mode with networking. Could you get your browser to connect to Google.com. Did the authorization flow work in the browser mode?