i keep getting this error message when i try to add my gmail accounts "unable to login a server. probably wrong configuration username or password"
i have enabled "IMAP" setting via gmail website so thats not the problem.
Additional System Details
- User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
If you click Manual config., does the next window have OAuth2 for the authentication or normal password? It should be OAuth2 to avoid issues with two-step verification and app passwords etc.
Modified by sfhowes
gotcha, yes it does have OAuth2 in there for both incoming and outgoing. it does seem like it definiltey could be a 2-step verification problem though. after i try to enter my email it asks me to "allow" firefox to see the information etc. i keep hitting allow but still get the same message . see screenshot
I have this same issue reproduced across multiple versions of Thunderbird and on multiple OSes. With both personal Gmail accounts and G Suite accounts. Existing accounts continue to work, but no new accounts can be added. Each time, it will fail after the permissions page biminisummer posted in the screencap above.
I've deleted and re-installed Thunderbird, tried older and beta versions, deleted profiles and restarted, and more. Same result every time.
wow, thats a major buzz kill. was excited about trying out this new mail client. thanks for the info. hopefully someone has figured it out, but sounds unlikely?
There seem to be a few users reporting problems with setting up or connecting to gmail accounts today. The dead 'Allow' button may be due to a bug re 'Enabling history' in the gmail account:
I just tried to add my gmail account in a new profile (an account that already works fine in another profile), and although the Allow button works and completes the authentication, the account cannot be added to TB, despite TB being an allowed app on the google account. Turning on or off access by less-secure apps or any other history setting on the account has no effect.
This time, I enabled access by 'less-secure apps' on my google account, and added the account, but this time used 'normal password' authentication instead of OAuth2. It was added to TB without errors.
So, I guess the OAuth2 process has changed somehow to make it not work with TB. I don't know if this is due to Google or TB, or if it happens with other OAuth-supported email programs.
It seems to be specifically the way that Google works with TB. I signed into a Yahoo account with Oauth2 just fine. I've also signed into Google accounts with other mail clients using Oauth2 just fine.
This is hella annoying whoever's fault it is.
well, sfhowes that last suggestion did work, however it seems kind of sketchy to keep the "allow less secure apps" ON...what do you think about that?
You can read about 'less-secure apps' and Google here:
From that, I think 'less secure' is a bit misleading, and I am not too concerned about allowing TB to use normal password authentication, at least until the current issue is resolved. See this bug report:
Basically, Google wants to limit the number of people using mail clients and not using their web UI/mail clients directly. Their motivations for this are publicly in the name of security because they have a say in the implementation of authentication through OAuth2.0, but many people believe that's just in order to serve their other interests like gathering as much data as possible about users and their activity.
Using Thunderbird with 'less secure apps' means using a special password that you generate specifically for use with that app if you want to use 2-factor authentication (spoiler: you really do). This 'app password' is generated by you from your logged in account in a browser. So whether you must authenticate with password+2FA at the time you generate, or when you authenticate in the mail client, you're still using 2FA.
However, this app password can be used elsewhere to access your mail. So if it gets lost, an attacker could use it to access your mail and Google would have no way to distinguish you. They aren't generally the strongest passwords either (12 random alpha characters). I'm not sure what protections Google has in place to restrict brute force attacks.
All of this to say, OAuth2.0 is really only marginally more secure than using an app password, and the reason Google pushes this is probably not just due to security concerns.
However, not all mail clients are created equal. So as an admin, I don't want my users to be able to provide access to any old mail client they deem fit. So I'm stuck waiting for them to fix this issue.
There's a report that changing the user agent in TB restores the OAuth function:
Confirmed: with the change, adding gmail account with OAuth2 authentication works as before.
Modified by sfhowes
I needed to format my computer due to a windows error, My Gmail account was working fine with Thunderbird before I wipe out the computer. Now there is no way to link both.
There are the same account with same settings, the latest Thunderbird version, double and triple check the port numbers. Nothing works. Its really annoying.After all steps have been approved you get the problem at the end.
I tried the same account with POP3 and works fine but IMAP nothing. Can you please investigate if it is Google blocking or Google issue in this case or it's you (Mozilla) that has the connection to Google with problem?.
Please fix this and if helps you I set up my partners new computer with Thunderbird and Gmail and was no problem at all with his accounts.
omg yes, this seems like the fix! hopefully now it will also allow my google calendar to sync without having to jump through 10000000 hoops! thanks so much sfhowes!
The new release fixes the gmail account OAuth authentication, but calendar and contact syncing may not yet work as before until the Provider and gcontactsync add-ons are updated.