We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Funkcionalnosć toś togo sedła se pśez wótwardowańske źěła wobgranicujo, kótarež maju wašo dožywjenje pólěpšyś. Jolic nastawk waš problem njerozwězujo a cośo pšašanje stajiś, wobrośćo se na našo zgromoźeństwo pomocy, kótarež na to caka, wam na @FirefoxSupport na Twitter a /r/firefox na Reddit pomagaś.

Pomoc pśepytaś

Glědajśo se wobšudy pomocy. Njenapominajomy was nigda, telefonowy numer zawołaś, SMS pósłaś abo wósobinske informacije pśeraźiś. Pšosym dajśo suspektnu aktiwitu z pomocu nastajenja „Znjewužywanje k wěsći daś“ k wěsći.

Dalšne informacije

Microsoft 365: Authentication randomly fails using OAuth2

  • 5 wótegrona
  • 2 matej toś ten problem
  • 9 naglědow
  • Slědne wótegrono wót Shaun Bolling

more options

Hello,

as Microsoft 365 will soon disable basic auth, we have switched to OAuth2 but unfortunately, Thunderbird randomly displays an Authentication error and at this point we won't receive any new messages.

Every time I start Thunderbird, emails are fetched correctly, but then after some time the error appears and at this point, Thunderbird doesn't even try it again. I can't even find an option to try again and have to restart Thunderbird at which point everything works again.

This is really problematic for us as it can take a while until we notice the issue and until then we may miss an important email.

We are using shared inboxes which means that we are accessing a mailbox like sharedinbox@business.de using tenant@business.de and the tenants MFA.

Why does OAuth2 work this unreliable?

How can we get Thunderbird to just try again automatically?

Thunderbird 102.1.2 (64 bit)

Best Regards

Hello, as Microsoft 365 will soon disable basic auth, we have switched to OAuth2 but unfortunately, Thunderbird randomly displays an Authentication error and at this point we won't receive any new messages. Every time I start Thunderbird, emails are fetched correctly, but then after some time the error appears and at this point, Thunderbird doesn't even try it again. I can't even find an option to try again and have to restart Thunderbird at which point everything works again. This is really problematic for us as it can take a while until we notice the issue and until then we may miss an important email. We are using shared inboxes which means that we are accessing a mailbox like sharedinbox@business.de using tenant@business.de and the tenants MFA. Why does OAuth2 work this unreliable? How can we get Thunderbird to just try again automatically? Thunderbird 102.1.2 (64 bit) Best Regards
Pśipowjesone fota wobrazowki

Wšykne wótegrona (5)

more options

I can but guess. One do you have an anti virus that might be monitoring and perhaps interfering with authentication given it uses encrypted HTTPS?

Two do you perhaps exceed some Microsoft number of connections limit. Not being a Microsoft subscriber I don't use the stuff. But my guess is they have some limit on concurrent connections.

more options

We are using Microsoft Defender and the Windows Firewall with only basic realtime protection and none of the advanced features so I don't think they cause any issues.

The weird thing is, that I often don't even see an login error in the Azure Active Directory.

The issue wouldn't be so bad if Thunderbird wouldn't completely give up after encountering a single error. We don't even receive an error message from Thunderbird, instead we have to check the activities by hand to notice the authentication error.

And if we, for example, try to move an email after the authentication error occurred, Thunderbird simply doesn't do anything and it won't even notify us that there is an issue.

We have to restart Thunderbird for it to do anything again.

Right now I have run into the same issue again. The weird thing is, that I fetch 2 different shared inboxes using 1 tenant (meaning they are accessed with the same user) and one of the shared mailboxes just stopped working due to the error while the other shared mailbox is still working fine.

This has to be a bug, right?

I'm baffled that Thunderbird doesn't even inform us about the error and it just silently doesn't fetch mails any more.

Is anyone else using Thunderbird IMAP with shared inboxes using Microsoft 365?

more options

The issue now also occurred directly for a user accessing only their private mailbox.

It seems like the authentication gets refreshed every 1-2 hours. According to Azure the last login by Thunderbird at 15:48 was successful but Thunderbird itself claims that there was an authentication error exactly at that time.

It seems like Thunderbird incorrectly assumes that there was an error when there wasn't.

See my screenshots: Azure claims the login was successful, but Thunderbird displays an error.

How can we fix this? Are there any additional logs from Thunderbird I can provide?

Why doesn't Thunderbird just retry it?

more options

I have opened bug 1785027 about this issue.

I hope, we can resolve this quickly as Microsoft 365 will disable basic auth in October and then OAuth2 will be the only way to connect Thunderbird.

https://bugzilla.mozilla.org/show_bug.cgi?id=1785027

more options

Hello, I wanted to update this post. We are experiencing this issue as well. Or at least it's extremely similar.

We just moved from Rackspace to Microsoft Exchange about 2 months ago. We started experiencing this issue about a month ago. We have over 100 people using Thunderbird and each one of them is getting this same message. The issue is very intermittent. Some see the issue once or twice per day. While others receive the message multiple times per hour.

I'm happy to provide any help to Mozilla support to resolve this issue. I've been looking at Wireshark data flows. To me it appears Thunderbird is having a TLS issue. Please keep in mind, I'm no expert. I'll include a Wireshark screencap to show where I think the error is produced.

I force the error by using the arrow keys to move from email to email fairly quickly.

We have disabled "Throttling" on Exchange and we've disabled AV. No luck with either.

My next step is to look at the RFC for IMAP and TLS then walk through my packet capture.

Thanks!