I can't allow Thunderbird access to GMail, even when my GMail settings should allow it.
I am running Ubuntu 12.04LTS. I am trying to sync my personal gmail account to Thunderbird. I have enabled IMAP, allowed g-mail to allow less secure apps, and disabled 2-step verification, but I am still unable to add my gmail account to Thunderbird. When I attempt it, after signing in to gmail, I am prompted to allow Thunderbird to access my gmail account, but the buttons to allow or deny are greyed out. I have added a screenshot of the offending screen.
This is a work computer, but I would still like to have my personal calendar and e-mail available.
If anyone has any suggestions I would be very grateful, thanks.
All Replies (16)
You're confident that Gmail isn't blocked by a company firewall?
What does "signing in to gmail" mean in the context of using Thunderbird? (that's probably a question that would be answered by your screenshot...)
I recall an issue where Gmail assumes you're using a browser and you don't get to see a prompt screen when in Thunderbird. It might go better if you enable two-factor security.
Diubah
There is most certainly a firewall. I don't know much about networking, but I'll try to explain.
Our computers are not connected to the institution's LDAP, we have our own little LDAP with 4 or 5 computers, and because we're not directly in the institution's LDAP we have trouble with security certificates. In chromium I can access google and g-mail, but with firefox (because of HSTS) I cannot connect to many websites, including Google.
Next week I will try enabling the 2-step security, thanks. :)
2-Step security did not solve the problem. I was still confronted with the same problem. (Screenshot actually attached this time, whoops)
Note that both the Allow and Deny buttons are greyed out. Also clicking any of the other links on that page do nothing.
'Logging into my gmail' account constitutes just that. When I attempt to create a Thunderbird email account for gmail, I am prompted with the sign in screen for my gmail account. When I log in, I get the screen you see in the screen shot.
Diubah
Do you allow cookies for accounts.google.com in Thunderbird? Tools (Alt-T) - Options - Privacy - Web Content Try to create an exception to allow cookies for the above domain.
Thunderbird is set to allow cookies from all sites. However, I created an exception anyway, but it did not fix my problem. Strange that the buttons would be greyed out.
Try to clear cache and cookies.
OK, I cleared history, cache and cookies for all time and tried again. No dice. I also looked for some way for force Google to make an exception for Thunderbird on my account, but I couldn't find any way to do it 'manually', on my Google account.
Edit: I should note here that I can't access Google using Firefox on my machine. I have to use Chromium. Firefox does not allow me to access Google (and many other sites) due to HSTS.
Diubah
OK, I cleared history, cache and cookies for all time and tried again.
Just in case, did you do that in Thunderbird?
Firefox does not allow me to access Google (and many other sites) due to HSTS.
Not directly related to Thunderbird, but I don't understand that statement. I have a feeling there's something in your set up you haven't mentioned yet.
Yes, I cleared the cache and cookies.
In the Thunderbird menu I went to Tools -> Clear Recent History. In that dialogue I made sure Cookies, cache and history were all selected, then cleared everything.
I double checked, it was also set to allow third party cookies always, and keep until they expire.
Not directly related to Thunderbird, but I don't understand that statement. I have a feeling there's something in your set up you haven't mentioned yet.
I am working from behind a hospital's firewall. When I try to connect to Google using Chromium, many of the security certificates are not valid, but I am able to proceed even though it is 'unsafe'.
Firefox on the other hand, I believe, assumes Google is using HSTS, which makes it unable to add an exception when it finds that it can't find the valid certificate. It is simply restricted from connecting to the site at all, no exceptions.
I have a hunch that this is the underlying issue, that perhaps Thunderbird is really just using Firefox to pull up that authentication screen, and the lack of certificate is causing the issue. But I don't know enough about Thunderbird or general network security to know.
When I try to connect to Google using Chromium, many of the security certificates are not valid
Can you explain 'not valid' in more detail? My best guess is that the 'firewall' is a SSL proxy intercepting your secure connection to the server. If that's the case you'd get a cert for e.g. Google issued by the 'firewall'. Chrome is able to detect that, but I don't know what it does then in such a case.
Firefox on the other hand, I believe, assumes Google is using HSTS, which makes it unable to add an exception when it finds that it can't find the valid certificate.
It is quite possible Google enforces HSTS, but then Firefox must respect that. There is no guessing. You're correct that if the cert isn't accepted by Firefox, you cannot create an exception in that case.
I have a hunch that this is the underlying issue, that perhaps Thunderbird is really just using Firefox to pull up that authentication screen
Thunderbird would probably behave the same way as Firefox, but Thunderbird is not using Firefox for pulling up the authentication screen. I think you're correct with your suspicion that this is a certificate problem. You may look in the Thunderbird error console if there is anything related. Tools (Alt-T) - Error Console
'Not valid' is just the expression I am getting from Firefox. When I try to connect to Google, it says
www.google.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.
(Error code: sec_error_unknown_issuer)
I'm afraid I don't have the technical knowledge to elaborate further on what that really means.
The Thunderbird error console shows similar errors, but specifies port 443 for www.google.com and ssl.gstatic.com
Inspect the cert and look up who the issuer is. You may also post a screenshot of the Certificate Viewer window with the issuer information visible.
bluecoat2-wccp1.tmh.tmhs appears to be the issuer of the certificate.
Screenshot attached.
As suspected. Your hospital IT are intercepting your secure traffic to Google and set up the connection to the Google server on your behalf. Your computer is only talking to the hospital SSL proxy, not to the Google server directly. Note, that also means they can read your Google password. You can either accept the situation and install the proxy root cert in Firefox and Thunderbird. Or you give up on the idea to securely connect to Google from your work place.
You can either accept the situation and install the proxy root cert in Firefox and Thunderbird.
Suppose I wanted to install the proxy root cert? Is this something I have to contact my IT administrators about?
Thanks a ton for your help!
Diubah
Check whether you can connect to Google ok using IE. Most likely the proxy root cert has already been installed in the Windows certificate store. You can check by entering certmgr.msc into the Windows start menu search or run box. If the cert has already been installed on your computer you can probably export it and then import it into Firefox and Thunderbird. Otherwise ask your IT folks.