Microsoft 365: Authentication randomly fails using OAuth2
Hello,
as Microsoft 365 will soon disable basic auth, we have switched to OAuth2 but unfortunately, Thunderbird randomly displays an Authentication error and at this point we won't receive any new messages.
Every time I start Thunderbird, emails are fetched correctly, but then after some time the error appears and at this point, Thunderbird doesn't even try it again. I can't even find an option to try again and have to restart Thunderbird at which point everything works again.
This is really problematic for us as it can take a while until we notice the issue and until then we may miss an important email.
We are using shared inboxes which means that we are accessing a mailbox like sharedinbox@business.de using tenant@business.de and the tenants MFA.
Why does OAuth2 work this unreliable?
How can we get Thunderbird to just try again automatically?
Thunderbird 102.1.2 (64 bit)
Best Regards
All Replies (5)
I can but guess. One do you have an anti virus that might be monitoring and perhaps interfering with authentication given it uses encrypted HTTPS?
Two do you perhaps exceed some Microsoft number of connections limit. Not being a Microsoft subscriber I don't use the stuff. But my guess is they have some limit on concurrent connections.
We are using Microsoft Defender and the Windows Firewall with only basic realtime protection and none of the advanced features so I don't think they cause any issues.
The weird thing is, that I often don't even see an login error in the Azure Active Directory.
The issue wouldn't be so bad if Thunderbird wouldn't completely give up after encountering a single error. We don't even receive an error message from Thunderbird, instead we have to check the activities by hand to notice the authentication error.
And if we, for example, try to move an email after the authentication error occurred, Thunderbird simply doesn't do anything and it won't even notify us that there is an issue.
We have to restart Thunderbird for it to do anything again.
Right now I have run into the same issue again. The weird thing is, that I fetch 2 different shared inboxes using 1 tenant (meaning they are accessed with the same user) and one of the shared mailboxes just stopped working due to the error while the other shared mailbox is still working fine.
This has to be a bug, right?
I'm baffled that Thunderbird doesn't even inform us about the error and it just silently doesn't fetch mails any more.
Is anyone else using Thunderbird IMAP with shared inboxes using Microsoft 365?
The issue now also occurred directly for a user accessing only their private mailbox.
It seems like the authentication gets refreshed every 1-2 hours. According to Azure the last login by Thunderbird at 15:48 was successful but Thunderbird itself claims that there was an authentication error exactly at that time.
It seems like Thunderbird incorrectly assumes that there was an error when there wasn't.
See my screenshots: Azure claims the login was successful, but Thunderbird displays an error.
How can we fix this? Are there any additional logs from Thunderbird I can provide?
Why doesn't Thunderbird just retry it?
I have opened bug 1785027 about this issue.
I hope, we can resolve this quickly as Microsoft 365 will disable basic auth in October and then OAuth2 will be the only way to connect Thunderbird.
Hello, I wanted to update this post. We are experiencing this issue as well. Or at least it's extremely similar.
We just moved from Rackspace to Microsoft Exchange about 2 months ago. We started experiencing this issue about a month ago. We have over 100 people using Thunderbird and each one of them is getting this same message. The issue is very intermittent. Some see the issue once or twice per day. While others receive the message multiple times per hour.
I'm happy to provide any help to Mozilla support to resolve this issue. I've been looking at Wireshark data flows. To me it appears Thunderbird is having a TLS issue. Please keep in mind, I'm no expert. I'll include a Wireshark screencap to show where I think the error is produced.
I force the error by using the arrow keys to move from email to email fairly quickly.
We have disabled "Throttling" on Exchange and we've disabled AV. No luck with either.
My next step is to look at the RFC for IMAP and TLS then walk through my packet capture.
Thanks!