Not knowing your specifics in detail, I have found some consistency in NOT showing password during the setup, waiting for the Google prompt to enter it. That is, I have found that the password field needs to be empty at setup. Try that.

I have tried this. the result is the same error message.

If it's looking for your user name (email address) in the OAuth window, it might be because cookies aren't accepted in TB Settings/Privacy & Security. The address is entered automatically when cookies are accepted.

Not a solution. The cookies are accepted is checked. (I had to create a TB account by using the "advanced settings" option. When clicking on my account name (gmail address) it goes through a google 2SV, and returns a message that the server did not accept the login. Could this have something to do with Windows 11 and the built-in security chip?

The W11 TPM chip isn't a factor on my setup. There must be some external app blocking the authentication, possibly antivirus or VPN. What's the antivirus? Run Windows in safe mode to test for startup app interference, such as AV. The account (not app) password is all that's needed for OAuth.

Running in safe mode (with network access) was not succesful.

Did you read this page? https://support.google.com/mail/answer/78892?hl=en It's pretty basic stuff, so I suppose you already have done those steps.

craig, did you resolve this?

If you have set up a two factor authentication in gmail then you cannot use Authentication Method: Oauth2. You get an error because gmail is expecting an app specific password and not the normal password. But the Oauth2 setting cannot use an app specific password.

If using 2FA then You have to use 'Authentication Method : Normal Password and when it asks for password you have to enter the 'speciifc app generated password' and not the normal password.

To use Authentication Method: Oauth2 You must first switch off the 2FA via gmail account and do not use the 'app generated password'. Then you use the normal password with email address.

Additional checks: Computer Firewall needs Thunderbird to be set up as an allowed app. If you have any program using the 'localhost' like 'Apache' then switch off Apache whilst setting up the gmail account. If you have a VPN running then switch it off. In Settings > Privacy & Security Web Content - Select 'Accept cookies from sites' Or you can click on 'Exception' and set up to allow : https://accounts.google.com

Toad-Hall: I turned off 2FA; didn't fix the problem. Bit Defender (my av app) has thunderbird listed for full access. I don't use a VPN and am not aware of using Apache. When you talk about changing settings to accept cookies, do you mean Windows Settings? Selecting Privacy and Security, I can't find any tab relating to Web Content. Can you advise me where that is in Win 11?

Thunderbird settings

do you mean Windows Settings? Selecting Privacy and Security, I can't find any tab relating to Web Content. Can you advise me where that is in Win 11?

You might want top check in Thunderbird. In settings as Toad hall suggested. We often find simple things like antivirus programs and other supposed security product disable cookies. They don't tell anyone, or present it a some huge privacy gain, but in terms of oauth2.0 no cookies mean nothing works.

Now the connection process of oauth uses standard web ports to go through the authentication process and once it is done, Thunderbird then attempts to connect using the newly minted oauth credential and the email ports. The message you initially posted is I assume the rather meaningless one that comes up in the new account wizard when the connection fails.

So some checks;

• Go to the passwords stored in Thunderbird and check that there is one for the google account if the oauth process completed successfully there will be a token stored with your email address as the user name and starting with oauth:\\ (I think you will find this part worked.)

• If you are trying to set up a POP account then you need to enable that in your google settings. The connection for mail will fail as you describe if the chosen protocol is not enabled. Only IMAP is enabled by google by default. (This link will allow you to check your settings at Google https://mail.google.com/mail/u/0/#settings/fwdandpop)
• BitDefender total security does have a VPN. Are you sure it is not enabled when you say you don't use one?

Other issues Have you ever successfully use any mail client to connect to a mail server using this hardware? Sad as it may seem, we are living with a group of so called professionals that assume we only do web pages on the internet. It is entirely possible you have some sort of internet modem/router that actually blocks mail ports. (it would not be the first time. Years ago Comcast issued new routers to their customers that blocked access to their own mail servers.

Mail servers almost universally only work well with IPV4 addresses. Networks with IP6 addressing can mess all this up and it can be messed up in the DNS part of the process. Disabling IPV6 is an option to try to see if you are caught in this mess. Use the config editor to change the setting network.dns.disableIPv6 to True and restart Thunderbird.

BitDefender uses self signed certificates for it's man in the middle hacking to scan your mail. Thunderbird does not recognize these self signed certificates. At one point they actually changed the way Thunderbird stored certificate so it used the windows store rather than it's own because the windows store can be manipulated from code, Thunderbird's can not. Try disabling it's ScanSSL (that was what they called it in 2016) as well as mail scanning while you try and set up the account.

Finally

You can always log the process. First you need to change some hidden preferences in Thunderbird to get a complete log. So go to the config editor and make the following preference changes. mail.wizard.logging.dump to all mail.wizard.logging.console to all Now access the error console (ctrl+Shift+J) or via the developer tools on the tool menu and clear it by clicking the trash bin icon Run the setup and check the log. It has a handy right click menu that allows the information to be copied to a t4ext document (or a post here) if it is to big for here, there is always the Mozilla pastebin where you can paste the info and share the link Go to https://pastebin.mozilla.org/

Thanks for the detailed response. I appreciate the help but nothing works so far. In order of your suggestions: 1. TB settings are set to allow cookies, no exceptions. No cookies are listed. TB does not list any stored passwords (I have tried to set up the gmail account with my account name and password probably 50 times now.) 2. Bit Defender has a VPN but it is not enabled. Early on in this process I disable Bit Defender but it didn't make any difference. 3. Other clients: Win 10 mail worked fine, but I have had some trouble trying to set up Outlook (of which there are several versions). 4. I am using IPV4 addresses. I haven't tried the logging process yet.

I need to amend my last post. TB does indeed list a number of cookies for account.google.com and google.com

Back here you said that running in safe mode with networking did not work. But I google localhost and bitdefender and find reports of localhost being blocked by Bitdefender over the last 10 years. As the last step in the oAUth flow is to pass the token to Thunderbird from the browser via localhost and it would appear that this is the point of failure, I am still looking at Bitdefender as the cause given there really ar only a few things that can mess up localhost this way.

So back to safe mode, it did not work exactly how? Were you even connected to the internet?

Many folk these days have no wired connection and therefore can't use safe mode with networking for diagnostics as their operating system can not connect to the internet without a wire in safe mode. (Windows loads no wifi drivers.)

So please take us through the step of safe mode with networking. Could you get your browser to connect to Google.com. Did the authorization flow work in the browser mode?