Closed Bug 1177694 Opened 10 years ago Closed 8 years ago

As of v38.0.1 Stopped retrieving new e-mail from server. And can't create new profile with that server. Exchange related?

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
38 Branch
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: u542460, Unassigned)

Details

(Keywords: regression)

Attachments

(4 files)

Thunderbird log of pop3 session
17.99 KB, text/plain
Details
Another log with only our server.
3.76 KB, text/plain
Details
Thunderbird IMAP log
1.58 KB, text/x-log
Details
3 screenshots of my IMAP virtual server configuration.
149.08 KB, application/zip
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Build ID: 20150525141253 Steps to reproduce: Version 37.x retrieved e-mail (pop3 or imap4) from our on-site exchange 2003 server, as normal. After auto-upgrade to 38.0.1 it won't get any. Happens on Win XP, Win 7 (x32 or x64). Tried switching encryption on and off client-side (I'm also an admin of that exchange server). Tried restarting program, system. Created new, blank profile - can't even setup account. Surprisingly, I CAN send e-mail as normal, on my old profile. Actual results: It is either stuck on "checking password..." on account configuration screen, while status bar shows "Checking mail server capabilities...". Later "configuration cannot be verified - is the username or password wrong?". On old profile, it sometimes shows (and is stuck at) "Checking mail server capabilities..." or "Connected to [our server]..." on the status bar after i press "Get Messages". Expected results: I should have been retrieving messages from our server.
You probably have to create an imap log to find out more: https://wiki.mozilla.org/MailNews:Logging Possibly due to anti-virus/software firewall though? Tried disabling those?
Keywords: regression
Summary: As of v38.0.1 Stopped retrieving e-mail from server, can't create new profile with that server. → As of v38.0.1 Stopped retrieving new e-mail from server. And can't create new profile with that server.
(In reply to Magnus Melin from comment #1) > You probably have to create an imap log to find out more: > https://wiki.mozilla.org/MailNews:Logging > > Possibly due to anti-virus/software firewall though? Tried disabling those? We have Eset Endpoint Antivirus and Windows Firewall. I just disabled those, but result is the same. Earlier I was on an Win XP box and ran "Get Messages" on v37, let it auto-upgrade to v38 and problem manifested there too. Nothing else changed. I've just created a log, attaching it now.
At 12:26:37 I pressed "Get Messages" button. At 12:29:37 was TB-initiated session.
I've similar problem too. The version of the Exchange server is the same. I'll attach the IMAP log. One thing I've noticed from the log is that while Thunderbird v31.7.0 try to resolve " imap://myusername%40mydomain%2Eit@mail.mycompany.it:993/select%3E/INBOX:", v38.0.1 try to resolve "imap://mydomain%5Cmyusername@mail.mycompany.it:993/select%3E%5EINBOX:". The account setup of both Thunderbird versions is exactly the same.
Attached file Thunderbird IMAP log
IMAP log session of Thunderbird 38.0.1
Severity: normal → major
Summary: As of v38.0.1 Stopped retrieving new e-mail from server. And can't create new profile with that server. → As of v38.0.1 Stopped retrieving new e-mail from server. And can't create new profile with that server. Exchange related?
Both reports are Exchange 2003, which is very old and probably pretty rare at this point. So unless we get other information, I will assume this is an issue with Thunderbird 38 and Exchange 2003. Let's at least confirm this after two similar reports. The number of people we have who might be motivated to look at this right now is unfortunately extremely limited. I am one of them, but there are a number of other important issues for Thunderbird 38 that have higher priority for me. Plus the time I devote to solving these urgent but less important problems is keeping me from focusing on the most important problem, which as I said is "The number of people we have who might be motivated to look at this right now is unfortunately extremely limited". But with those reservations, and without any firm promises from me, let's try to make progress. Since this seems to happen without any security, try to get both POP3 Thunderbird logs, and Wireshark logs, of the following scenario: Using Thunderbird 31, setup a new POP3 account a a fresh profile with PLAIN TEXT authentication and insecure connection. Repeat the identical operation using Thunderbird 38. I need to see the exact point in the protocol operation where the two deviate. Post those logs here, with any needed modifications of obscure fields that have login information. Ultimately the odds of fixing this will go up greatly if you can setup a test account that a Thunderbird developer could use to duplicate this on their own system. If that is possible, please get that setup, and post here that the account is available. Then you can send credentials privately to a developer who has time to look at this.
Status: UNCONFIRMED → NEW
Ever confirmed: true
I have the same issue with Exchange 2007. Since the update to 38.0.1 I cant use IMAP with the exchange server. Since i use several imap-folders with the same user the account gets locked instantly. Any updates on this issue? What can i do to help resolve this issue?
Does anything relevant show up in the Error Console?
(In reply to red from comment #8) > I have the same issue with Exchange 2007. Since the update to 38.0.1 I cant > use IMAP with the exchange server. Since i use several imap-folders with the > same user the account gets locked instantly. > > Any updates on this issue? > > What can i do to help resolve this issue? Sorry for the false POST!!!! The Problem was not related to thunderbird 38.0.1. The problem is the EWS Exchange Provider Plugin which is not working properly with thunderbird 38.0.1.
(In reply to red from comment #10) > (In reply to red from comment #8) > > I have the same issue with Exchange 2007. Since the update to 38.0.1 I cant > > use IMAP with the exchange server. Since i use several imap-folders with the > > same user the account gets locked instantly. > > > > Any updates on this issue? > > > > What can i do to help resolve this issue? > > Sorry for the false POST!!!! > > The Problem was not related to thunderbird 38.0.1. The problem is the EWS > Exchange Provider Plugin which is not working properly with thunderbird > 38.0.1. What version of the EWS plugin do you have installed?
(In reply to Ian Neal from comment #11) > (In reply to red from comment #10) > > (In reply to red from comment #8) > > > I have the same issue with Exchange 2007. Since the update to 38.0.1 I cant > > > use IMAP with the exchange server. Since i use several imap-folders with the > > > same user the account gets locked instantly. > > > > > > Any updates on this issue? > > > > > > What can i do to help resolve this issue? > > > > Sorry for the false POST!!!! > > > > The Problem was not related to thunderbird 38.0.1. The problem is the EWS > > Exchange Provider Plugin which is not working properly with thunderbird > > 38.0.1. > > What version of the EWS plugin do you have installed? I tried with 3.3.2 (stable) and with 3.4.0 beta3 and beta4 I'm still testing to find out what realy goes wrong...
(In reply to Kent James (:rkent) from comment #7) > Both reports are Exchange 2003, which is very old and probably pretty rare > at this point. So unless we get other information, I will assume this is an > issue with Thunderbird 38 and Exchange 2003. Let's at least confirm this > after two similar reports. > > The number of people we have who might be motivated to look at this right > now is unfortunately extremely limited. I am one of them, but there are a > number of other important issues for Thunderbird 38 that have higher > priority for me. Plus the time I devote to solving these urgent but less > important problems is keeping me from focusing on the most important > problem, which as I said is "The number of people we have who might be > motivated to look at this right now is unfortunately extremely limited". > > But with those reservations, and without any firm promises from me, let's > try to make progress. > > Since this seems to happen without any security, try to get both POP3 > Thunderbird logs, and Wireshark logs, of the following scenario: Using > Thunderbird 31, setup a new POP3 account a a fresh profile with PLAIN TEXT > authentication and insecure connection. Repeat the identical operation using > Thunderbird 38. I need to see the exact point in the protocol operation > where the two deviate. Post those logs here, with any needed modifications > of obscure fields that have login information. > > Ultimately the odds of fixing this will go up greatly if you can setup a > test account that a Thunderbird developer could use to duplicate this on > their own system. If that is possible, please get that setup, and post here > that the account is available. Then you can send credentials privately to a > developer who has time to look at this. I can't use plain text authentication and insecure connection with my company, they are disabled. However, after some tests, I think this behavior is reproducible even without credentials: if you create a new account with IMAP SSL, after setting it up, when you click "Get Messages", Thunderbird v31.7.0 asks you for the account password, instead Thunderbird v38.0.1 does not (so I don't even have the ability to enter the wrong one). Maybe the problem is before authentication (or authentication itself). A step forward could be to make possible to type a password after the click on "Get Messages" (or to ask again for credentials if the password is not correct). To recap, with Thunderbird v38.0.1 the behavior is the same, no matter if you enter the right username or the wrong one, it doesn't ask you for the password, it remains stuck in "Checking mail server capabilities...". If you need the address of an Exchange 2003 mail server to do some tries I can give you one, but only in a private way.
I'll try to get yesterday's copy of my SBS 2003 VM and prepare it for access outside of my company within 12 hours. Note, however, that I tried both TLS + normal password and no-encryption + plain-text auth before I made this bug report. Behavior was identical in both cases. Our personnel reverts back to 31.7 as I write this, which works flawlessly.
Sorry for the delay. As I said I would do, I copied my server VM to a new location. Of course some settings had to be changed, like our workplace accounts removed and so on, various configuration settings of Exchange itself. Here's what I found out: - New account made on my copied VM with Mozilla 38.0.1 works, POP3 and IMAP alike (SMTP also). - Old account, at my workplace, on a fresh profile, doesn't work with POP3 (both SSL/TLS and plain-text auth with no enctyption). - TB v31.7.0 works with pop3 and IMAP on my workplace server. I have no-ssl exchange - open to the world and available to devs - at home, but since there are no symptoms there, I doubt it would be of any use... I will try, maybe today, to compare step-by-step all features I had to change after VM-copy. I'll try turning them on and off and see where the issue will (hopefully) manifest.
Here are results of experiments on my part: Yesterday I was testing plain text autentication only. Today I got TLS certificate from StartSSL for my new localization, then configured both IMAP and POP3 to accept connections both plain-text with no encryption and with SSL/TLS. It looks like this is the reason TB v38.0.1 stops retrieving e-mail. We have both v38 and 31.7 configured here, and the latter still gets new e-mail with both IMAP and POP3, with no encryption and SSL. v38 doesn't get it anymore since certificates were added to the server, regardless of settings (SSL or not, IMAP or POP3). I'll post 3 screenshots of my IMAP virtual server config.
Secon screenshot - nothing changes in TB behavior whether "Requires SSL/TLS Encryption" is ticked or not.
(In reply to Krzysztof Barski from comment #16) > Here are results of experiments on my part: > Yesterday I was testing plain text autentication only. Today I got TLS > certificate from StartSSL for my new localization, then configured both IMAP > and POP3 to accept connections both plain-text with no encryption and with > SSL/TLS. It looks like this is the reason TB v38.0.1 stops retrieving > e-mail. We have both v38 and 31.7 configured here, and the latter still gets > new e-mail with both IMAP and POP3, with no encryption and SSL. v38 doesn't > get it anymore since certificates were added to the server, regardless of > settings (SSL or not, IMAP or POP3). I'll post 3 screenshots of my IMAP > virtual server config. Could you look at bug 1178497. Are you getting similar messages in your error console?
Flags: needinfo?(k.barski)
(In reply to Ian Neal from comment #18) > (In reply to Krzysztof Barski from comment #16) > > Here are results of experiments on my part: > > Yesterday I was testing plain text autentication only. Today I got TLS > > certificate from StartSSL for my new localization, then configured both IMAP > > and POP3 to accept connections both plain-text with no encryption and with > > SSL/TLS. It looks like this is the reason TB v38.0.1 stops retrieving > > e-mail. We have both v38 and 31.7 configured here, and the latter still gets > > new e-mail with both IMAP and POP3, with no encryption and SSL. v38 doesn't > > get it anymore since certificates were added to the server, regardless of > > settings (SSL or not, IMAP or POP3). I'll post 3 screenshots of my IMAP > > virtual server config. > > Could you look at bug 1178497. Are you getting similar messages in your > error console? I had a look - this is totally different. My ceertificate is properly signed by StartSSL certification authority, whose CA shipped with Mozilla.
Flags: needinfo?(k.barski)
Forgetting the type of certificate, do you get any messages about certificates in the error console?
Flags: needinfo?(k.barski)
(In reply to Ian Neal from comment #20) > Forgetting the type of certificate, do you get any messages about > certificates in the error console? No, I don't. After TB starts, console has some errors about styles (chrome or whatever) and some font error. I wait about 2 minutes, during which "connecting to (...)" can be seen in status bar, then there's just nothing. Nothing that would tell you something went wrong. If I would be normal user, I would be convinced I have no new mail. This is true for POP3 and IMAP both with encryption and without (I'm talking about switching back and forth the settings in Account Manager -> Server Config -> Security)
Flags: needinfo?(k.barski)
If you go into Preferences > Advanced > Certificates > View Certificates, can you see your certificate listed?
Flags: needinfo?(k.barski)
(In reply to Ian Neal from comment #22) > If you go into Preferences > Advanced > Certificates > View Certificates, > can you see your certificate listed? In TB I can see CA cert that issued my mail server's SSL cert and below one intermediate CA that is in certificate path. I can't see my mail server's certificate. I think it is how it should be.
Flags: needinfo?(k.barski)
(In reply to Krzysztof Barski from comment #23) > (In reply to Ian Neal from comment #22) > > If you go into Preferences > Advanced > Certificates > View Certificates, > > can you see your certificate listed? > > In TB I can see CA cert that issued my mail server's SSL cert and below one > intermediate CA that is in certificate path. I can't see my mail server's > certificate. I think it is how it should be. Could you compare that against what you see in 31.7?
Flags: needinfo?(k.barski)
(In reply to Ian Neal from comment #24) > Could you compare that against what you see in 31.7? Certainly. - Both TB versions have two "StartCom Certification Authority" serial numbers 01 and 2D (root CA). These have overlapping periods of validity (identical, in fact). - Both have "StartCom Class 1 Primary Intermediate Server CA" serial number 19 valid from 2007-10-24 through 2017-10-24. - My old version 38.0.1 at home has one expired "Class 1 Primary Intermediate Server CA"s which isn't present in new installs of v31 or v38. There's something I noticed - both my workplace and home certs, when viewed in Windows by double clicking on them, show an Intermediate CA of the same name (double checked) in certificate path, whose S/N is 17:15:3D:9E:AB:3F:BF, which is not present in any version of TB. When viewing Outlook Web Access through Mozilla Firefox, "StartCom Class 1 Primary Intermediate Server CA" shows S/N of 18 (not 19). In Internet Explorer it shows 17:15:3D:9E:AB:3F:BF. Does this help somehow? And I have one server available and ready for anything, should you need access.
Flags: needinfo?(k.barski)
I have the same problem with an Exchange Server 2003 and IMAP. Until Thunderbird 34.0b1 it works flawlessly. From version 36.0b1 on (to 38.3.0 and 42.0b2) Thunderbird receives no e-mails and it's not possible to create a new account. Settings that work until 34.0b1: 1) IMAP - Port: 143 - SSL: None - Authentication: Normal Password 2) IMAP - Port: 993 - SSL: SSL / TLS - Authentication: Normal Password Noteworthy is possibly that until version 34.0b1 "Mail Account Setup" detects "NTLM" as "Authentication" - what is configured as a valid optionon at the server side. However, it only works "Normal password". From version 36.0b1 on "Mail Account Setup" found "Normal password" as "Authentication", but it gets stuck at "Checking password ..." and after a few minutes (!) the error message "Configuration Could not be verified - is the username or password wrong?" is displayed.
(In reply to Krzysztof Barski from comment #25) > (In reply to Ian Neal from comment #24) > > Could you compare that against what you see in 31.7? > > Certainly. > - Both TB versions have two "StartCom Certification Authority" serial > numbers 01 and 2D (root CA). These have overlapping periods of validity > (identical, in fact). > - Both have "StartCom Class 1 Primary Intermediate Server CA" serial number > 19 valid from 2007-10-24 through 2017-10-24. > - My old version 38.0.1 at home has one expired "Class 1 Primary > Intermediate Server CA"s which isn't present in new installs of v31 or v38. > > There's something I noticed - both my workplace and home certs, when viewed > in Windows by double clicking on them, show an Intermediate CA of the same > name (double checked) in certificate path, whose S/N is > 17:15:3D:9E:AB:3F:BF, which is not present in any version of TB. When > viewing Outlook Web Access through Mozilla Firefox, "StartCom Class 1 > Primary Intermediate Server CA" shows S/N of 18 (not 19). In Internet > Explorer it shows 17:15:3D:9E:AB:3F:BF. Does this help somehow? And I have > one server available and ready for anything, should you need access. Krzyszto, Fraxlin, do you still see this problem/
Component: Account Manager → Security
Flags: needinfo?(k.barski)
Flags: needinfo?(fraxlin)
Yes, the problem is still there, nothing changed.
Hello. I just got newest PA version off the internet (45.6.0, I've been using 31.7 ever since this bug manifested). Newest version still does not work.
Flags: needinfo?(k.barski)
Krzysztof, Are you still exchange 2003. If yes, then your issue may be bug 1183017
Flags: needinfo?(k.barski)
I don't work there anymore, where the Exchange 2003 was installed, and have NO WAY of confirming any further questions or alleviation of the bug. This bug is no longer related to me.
Flags: needinfo?(k.barski)
Thanks for the update. Exchange 2003 was EOL in 2014 and exchange 2007 EOL in 2017, so if the problem is limited to either of those there's not much pont in fixing it, even if there is a problem
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(fraxlin)
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: