Open Bug 1798633 Opened 2 years ago Updated 2 years ago

After each TB upgrade, with TB profile on NAS server, POP3 accounts can no more connect to server (gmail. NS_ERROR_FAILURE: Couldn't decrypt string 6 crypto-SDR.js:200, NS_ERROR_NOT_IMPLEMENTED: . . . OAuth2.jsm:171 etc.)

Categories

(MailNews Core :: Networking: POP, defect)

Thunderbird 102
defect

Tracking

(Not tracked)

REOPENED

People

(Reporter: c.capel, Unassigned)

Details

(Whiteboard: [NAS])

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0

Steps to reproduce:

I started Thunderbird after version update (from 91 to 102) and ask for email loading (POP3).

Actual results:

For each account, my server password is asked altough they are saved in database.
Thunderbird signals that server host is contacted and that it is sending connexion information. Then... nothing happen

I have joined the console exportation for a mail loading transaction.

Expected results:

The emails should have been loaded...

I've tried to remove one account and to recreate it but it is no more possible.
Web mail access is working on all accounts.
Everything was working fine before the update...

I've also tested email sending (SMTP) : that doesn't work either... Password is asked (while it has been stored in password manager) but nothing happens.

I guess corrupted cert9.db or key4.db, or logins.json - for whatever reason.
You probably have to delete them and let them be recreated.

Thank you for your answer.
I have stopped Thunderbird, deleted the 3 files and restarted the program. After more than 1 hour, it is still "starting" : Thunderbird is listed in "background processes" of the task with a high CPU usage. How much time is needed to recreate the files ?

I've stopped the thunderbird process and restarted the program. The problems above are still there...

Re-creating those should be instant.

That's what I think... Could you help me ?
In the meantime, I've reinstalled an older version (91) and used a backup of my profile (because older version was denying the profile modified by release 102...). All was working again without any connexion problem. After that, I accepted the proposed update (102)... and the problems reappeared !
I've also created a new profile in which I've installed one of my POP3 accounts. And it works (but without any email and address books) !
It is clearly linked to the update process. What should I do ?

Unfortunately couldn't do much without testing and comparing those two profiles.

I can send you traces. Otherwise, which files of the profiles could I send you ?

Hello reporter (C. Capel), looking at your error log, seems like you're trying to connect to a gmail account via POP3 on Win10. Can you confirm that?

This is generally working well for me, no problems to get gmail via POP. Your error log also shows some problems with OAuth2. There's much which might go wrong, e.g. if JavaScript or cookies are not enabled as required at least for the initial OAuth2 authentication. You're supposed to get a dedicated one-time Thunderbird browser window with content from gmail for the OAuth authentication.

Please check out this documentation which may help to troubleshoot OAuth for connecting to your gmail account with TB:
https://support.mozilla.org/en-US/kb/thunderbird-and-gmail
https://support.mozilla.org/en-US/kb/automatic-conversion-google-mail-accounts-oauth20

You can check and remove your saved passwords etc.:
≡ > Settings > Privacy & Security > Passwords > Saved Passwords (button)

Altogether, I think your best bet is to ask for help in Thunderbird support.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Component: Untriaged → Networking: POP
Flags: needinfo?(c.capel)
Product: Thunderbird → MailNews Core
Resolution: --- → WORKSFORME
Summary: POP3 accounts can no more connect to related server → POP3 accounts can no more connect to related server (gmail. NS_ERROR_FAILURE: Couldn't decrypt string 6 crypto-SDR.js:200, NS_ERROR_NOT_IMPLEMENTED: ... OAuth2.jsm:171 etc.)

Hello Thomas,
Thank you for examining this case :

  • Yes the provided trace is related to a gmail account on POP3.
  • But the bug also affects ALL other accounts (which are not gmail). This is not related to a wrong security configuration or wrong password.
  • I've created a new profile on which accounts register correctly. I've then transfered emails and abooks and Thunderbird was working correctly with the new release (102).
  • BUT, each time (3 times from my initial request) a new release comes (102.4.2 actually) and I accept the upgrade, the problem reappears. In this case I have again to create a new profile and transfer emails and abooks from old profile to the new one. The profile corruption occurs during upgrade process and I think that the bug is located in this upgrade process.
  • Notice that the problem occurs on two PCs on two different locations. The common point to both these installations is that the profile is located on a NAS rather than on the default directory...

Thank you again
C. Capel

Flags: needinfo?(c.capel)

(In reply to C. Capel from comment #10)

Hello Thomas,
Thank you for examining this case :

  • Yes the provided trace is related to a gmail account on POP3.
  • But the bug also affects ALL other accounts (which are not gmail). This is not related to a wrong security configuration or wrong password.
  • I've created a new profile on which accounts register correctly. I've then transfered emails and abooks and Thunderbird was working correctly with the new release (102).
  • BUT, each time (3 times from my initial request) a new release comes (102.4.2 actually) and I accept the upgrade, the problem reappears. In this case I have again to create a new profile and transfer emails and abooks from old profile to the new one. The profile corruption occurs during upgrade process and I think that the bug is located in this upgrade process.
  • Notice that the problem occurs on two PCs on two different locations. The common point to both these installations is that the profile is located on a NAS rather than on the default directory...

Thank you again
C. Capel

So I know Google made some changes to their authentication requirements this year as I am dealing with them on our instance of TeamDynamix (IMAP & OAuth2 related). But I am curious if you could check a couple of things on your Gmail account via web browser?

  1. Log into your Gmail account via web browser and navigate to Settings > See All Settings > click the "Forwarding and POP/IMAP" tab. Is "POP Download" set to "Enable POP for all mail"? It should be since you seem to have been using it without issue until recently. If not, ensure it's enabled.

I was going to have you check your "allow less secure apps" setting but I just discovered that Google has deprecated it. This must be recent as I remember seeing the availability of the ON/OFF toggle for it within the past couple months. You can double check by logging into myaccount.google.com > Security > Less Secure App Access.

If it is the case that Google covertly killed this option in favor of wanting to move users to IMAP / OAuth2 as opposed to POP3, you may have to consider your options.

Hello Arthur,
For your info, "Enable POP for all mai" is indeed set in gmail account.
But if you read my previous post, you cannot go into this direction... We use POP3 and OAuth2 authentication and there is no problem with the actual version if we reinstall the accounts. The problem occurs only after a software update is performed.

Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: WORKSFORME → ---

(In reply to C. Capel from comment #12)

Hello Arthur,
For your info, "Enable POP for all mai" is indeed set in gmail account.
But if you read my previous post, you cannot go into this direction... We use POP3 and OAuth2 authentication and there is no problem with the actual version if we reinstall the accounts. The problem occurs only after a software update is performed.

Have you considered the security software as the cause. Repeated updates to the same version as you mention in comment 10 as a known issue with defective security software blocking the update. See my notes here https://thunderbirdtweaks.blogspot.com/2022/10/thunderbird-102-keeps-wanting-to-update.html Not my research, I just documented the state of things.

Given the software known to block the update process is also well known for substituting their own self-signed (and much less reliable, obviously) encryption certificates to communications. They fail to register their changes in the Thunderbird certificate store, generally relying on the windows certificate store to support their man-in-the-middle hacking. Thunderbird does not address this store by default. This leads to encrypted communications staying that way as the appropriate certificates are not available to Thunderbird to decrypt the communication.

It is considered standard diagnostics when having connectivity issues to run the operating system in safe mode with networking. This removes antivirus and other intrusive and often failing software from the startup process and allows you to see if it is the software exhibiting the problem, or some other startup program that is the cause of the issue.

So could you identify if you may be suffering the same issues caused for many by antivirus product by undertaking the two checks I mentioned.

At this time I do not see a bug, although having the profile on a NAS does leave you to the vagaries of network congestion while using a product that has no concept of waiting to file reads or writes. Generally, NAS stored profiles are more of a problem than those on a local disk because of network issues and general speed to transfer over the network connection. Those issues generally express themselves however as multiple copies of files like prefs.js and folders, settings that will not save, or profiles that "just disappear" as they take too long to access so th8underbird decides it is missing or broken.

To test Matt's information, start Windows in safe mode.

Flags: needinfo?(c.capel)

Hello Matt,
Thank you for your analysis.

For your remark concerning "Repeated updates to the same version", this is not applicable here since, in my previous tests, I have updated only to new versions. I have also made a new test with the new release (102.5.0) with antivirus (BitDenfender) fully removed : no change, identical problem.
As usual, in order to make it work again, I've created a new profile (empty) and restored every files from backup (overwriting the empty profile files).
Here are my other testings (each time with a restore as descibed above) :

  • Downgrade to 102.4.2 (with official package) => Profile broken
  • Upgrade to 102.5.0 from the official package rather than from Thunderbird => Profile broken
  • Downgrade in "safe mode" (Network enabled) => Seems ok after upgrade but fails at the first return to "normal startup mode".
  • Upgrade in "safe mode" (Network enabled) => Seems ok after upgrade but fails at the first return to "normal startup mode".
  • Dowgrade with the profile located on a local drive => Ok
  • Upgrade with the profile located on a local drive => Ok

With 2 identical profiles (one on local disk and the other on the NAS), after upgrade/downgrade, the NAS profile is broken, while the local one is Ok... If I overwrite the NAS profile with the local one, the working is restored.

I've a lot of software development systems installed in this manner (NAS) and I've never had such an issue. Thunderbird itself, never suffered from this problem before version 102. All upgrade were correctly processed with NAS.

Flags: needinfo?(c.capel)

I would think that Matt's explanation in comment 13 is key to understanding this bug, which might very well be caused by the fact that your TB profile is on a NAS, which unfortunately won't work well with TB yet.

Summary: POP3 accounts can no more connect to related server (gmail. NS_ERROR_FAILURE: Couldn't decrypt string 6 crypto-SDR.js:200, NS_ERROR_NOT_IMPLEMENTED: ... OAuth2.jsm:171 etc.) → After each TB upgrade, with TB profile on NAS server, POP3 accounts can no more connect to server (gmail. NS_ERROR_FAILURE: Couldn't decrypt string 6 crypto-SDR.js:200, NS_ERROR_NOT_IMPLEMENTED: ... OAuth2.jsm:171 etc.)
Whiteboard: [NAS]

(In reply to Thomas D. (:thomas8) from comment #16)

I would think that Matt's explanation in comment 13 is key to understanding this bug, which might very well be caused by the fact that your TB profile is on a NAS, which unfortunately won't work well with TB yet.

I second this. NAS is not treated the same by the OS as a fixed disk is and having your profile there is, IMHO, outside the scope of what an app is designed / expected to use for profile storage even if you somehow made it work. If you insist on doing something like this, I would strongly recommend you use TB Portable instead and have TB+Profile installed and all running off the NAS and launch TB as a shortcut from your desktop. I remember a discussion a while ago about a user who was somehow mounting his Google drive and storing his TB profile there and then wondering why TB wasn't acting right. Just sayin'.

Summary: After each TB upgrade, with TB profile on NAS server, POP3 accounts can no more connect to server (gmail. NS_ERROR_FAILURE: Couldn't decrypt string 6 crypto-SDR.js:200, NS_ERROR_NOT_IMPLEMENTED: ... OAuth2.jsm:171 etc.) → After each TB upgrade, with TB profile on NAS server, POP3 accounts can no more connect to server (gmail. NS_ERROR_FAILURE: Couldn't decrypt string 6 crypto-SDR.js:200, NS_ERROR_NOT_IMPLEMENTED: . . . OAuth2.jsm:171 etc.)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: