Institutional Office365 not working

Sync Issues
, , ,
#62

Thank you so much for pointing this out. SMTP was unchecked by default for my account. I checked it and it worked!

Now the only things left for MS to implement are Calendar(do they have any implementation of Calendar in the pipeline?) and more Dark Themes. :stuck_out_tongue:

#63

I’m not sure this update is helpful but thought I would share. The problem seems to have gotten worse and is now requiring me to re-authenticate multiple times a day. I’ve also noticed that even when I am authenticated, it doesn’t seem to be syncing properly (e.g. I archive mail but it doesn’t get sync’d so when I open it up again, those emails are still in my inbox). That could be because it times out so quickly… :woman_shrugging:

Thanks to everyone who is able to contribute to the investigation and solution. :pray:

#64

Hi! I’m probably in minority here, but I don’t mind re-authorizing every time refresh token expires. refresh tokens’ validity period will always be server side managed and IMHO there is not much a client app can do about that. Don’t get me wrong, any effort from client app to try to make better user experience is greatly appreciated!

Thus said, I still have a problem: re-authorization doesn’t always work in Mailspring 1.9.1

I have two Office365 institutional accounts for two different institutions. Both have 2FA enabled (although, 2FA is non issue here, I’d say). At the beginning of day both accounts fail to connect. I get to Settings->Accounts->Reconnect. Both accounts open Office365 signup page as shown in other screenshots above. First one reconnects successfully.

Second one shows OAuth success screeen in new browser tab, but fails to reconnect in Mailspring.

C/P second account URL:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize

query params parsed for readability:

{
  "client_id": ["xxxxxxxx-yyyy-zzzz-aaaa-bbbbbbbbbbbb"],
  "redirect_uri": ["http://localhost:12141"],
  "response_type": ["code"],
  "scope": [
    "user.read offline_access Contacts.ReadWrite Contacts.ReadWrite.Shared Calendars.ReadWrite Calendars.ReadWrite.Shared https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send"
  ],
  "response_mode": ["query"],
  "code_challenge": ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"],
  "code_challenge_method": ["S256"]
}

Error details:

Mailspring Version: 1.9.2-6e14dad1
Platform: linux
Account State: invalid
Account Provider: office365
IMAP Server: outlook.office365.com
SMTP Server: smtp.office365.com
--------------------------------------------
***

444079 [2021-09-16 10:21:50.765] [background] [critical] *** Stack trace (line numbers are approximate):
*** ??:?        ValidateRequestResp(CURLcode, void*, string)
*** ??:?        PerformRequest(void*)
*** ??:?        PerformJSONRequest(void*)
*** ??:?        MakeOAuthRefreshRequest(string, string, string)
*** ??:?        XOAuth2TokenManager::partsForAccount(shared_ptr)
*** ??:?        MailUtils::configureSessionForAccount(mailcore::IMAPSession&, shared_ptr)
*** ??:?        SyncWorker::configure()
*** ??:?        runBackgroundSyncWorker()
*** main.cpp:?  main::{lambda()#3}::operator()() const
*** main.cpp:?  _Bind_simple::operator()()
*** main.cpp:?  thread::_Impl::_M_run()
*** thread.o:?  execute_native_thread_routine()
***

444091 [2021-09-16 10:21:50.902] [main] [info] Identity created at 1631688190 - using ID Schema 1
444091 [2021-09-16 10:21:50.902] [main] [info] ------------- Starting Sync (xxxxxxxx@yyyyyyyyyy.com) ---------------
444091 [2021-09-16 10:21:50.906] [background] [info] Fetching XOAuth2 access token (office365) for f9a16a1c
444091 [2021-09-16 10:21:50.906] [metadata] [info] Metadata delta stream starting...
444091 [2021-09-16 10:21:51.339] [background] [critical] 
***
*** Mailspring Sync 
*** An exception occurred during program execution: 
*** {"debuginfo":"https://login.microsoftonline.com/common/oauth2/v2.0/token RETURNED {\"error\":\"invalid_grant\",\"error_description\":\"AADSTS700084: The refresh token was issued to a single page app (SPA), and therefore has a fixed, limited lifetime of 1.00:00:00, which cannot be extended. It is now expired and a new sign in request must be sent by the SPA to the sign in page. The token was issued on 2021-09-15T07:53:08.6207667+00:00.\\r\\nTrace ID: 2675aa75-1fd9-42ad-b0c7-ad3ca49d0a00\\r\\nCorrelation ID: b0b5f84d-bda0-43c6-ade9-22e9fa7fad5b\\r\\nTimestamp: 2021-09-16 08:21:51Z\",\"error_codes\":[700084],\"timestamp\":\"2021-09-16 08:21:51Z\",\"trace_id\":\"2675aa75-1fd9-42ad-b0c7-ad3ca49d0a00\",\"correlation_id\":\"b0b5f84d-bda0-43c6-ade9-22e9fa7fad5b\",\"error_uri\":\"https://login.microsoftonline.com/error?code=700084\"}","key":"Invalid Response Code: 400","retryable":false,"what":"std::exception"}
***

444091 [2021-09-16 10:21:51.339] [background] [critical] *** Stack trace (line numbers are approximate):
*** ??:?        ValidateRequestResp(CURLcode, void*, string)
*** ??:?        PerformRequest(void*)
*** ??:?        PerformJSONRequest(void*)
*** ??:?        MakeOAuthRefreshRequest(string, string, string)
*** ??:?        XOAuth2TokenManager::partsForAccount(shared_ptr)
*** ??:?        MailUtils::configureSessionForAccount(mailcore::IMAPSession&, shared_ptr)
*** ??:?        SyncWorker::configure()
*** ??:?        runBackgroundSyncWorker()
*** main.cpp:?  main::{lambda()#3}::operator()() const
*** main.cpp:?  _Bind_simple::operator()()
*** main.cpp:?  thread::_Impl::_M_run()
*** thread.o:?  execute_native_thread_routine()
***
#65

Ok, scratch the post above. The issue was following.

First account requested re-authorization. This required me to login to outlook.com using password and 2FA. Also, checkbox “Stay signed in” was selected. First account re-auth in Mailspring passes fine.

Then second account re-auth is requested. No outlook.com login page is shown but instead what happens is (because of “Stay signed in” checkbox) second re-auth request from Mailspring gets processed using first account that is still logged in browser. This results by token approved by acccount1 being given to Mailspring to try to use it for account2.

In the end, Mailspring fails to use received token for account2 - because it is wrong token (it was issued using account1 credentials).

2 Likes
#66

This worked for me. Thanks.

#67

Current Error i’m having with my Institution Office365. It seems that the refresh token is not being extended so it fails and forces me to re-authenticate.
"stack": "Error: null13751 [2021-10-01 09:44:01.325] [background] [critical] \n***\n*** Mailspring Sync \n*** An exception occurred during program execution: \n*** {\"debuginfo\":\"https://login.microsoftonline.com/common/oauth2/v2.0/token RETURNED {\\\"error\\\":\\\"invalid_grant\\\",\\\"error_description\\\":\\\"AADSTS700084: The refresh token was issued to a single page app (SPA), and therefore has a fixed, limited lifetime of 1.00:00:00, which cannot be extended. It is now expired and a new sign in request must be sent by the SPA to the sign in page. The token was issued on 2021-09-30T13:53:41.8505874+00:00.\\\\r\\\\nTrace ID: 1e3b46a9-409a-4fc1-9cce-49a201c91e00\\\\r\\\\nCorrelation ID: 1aa53ff4-d31e-4eb0-924c-0e886ef8e64b\\\\r\\\\nTimestamp: 2021-10-01 14:44:01Z\\\",\\\"error_codes\\\":[700084],\\\"timestamp\\\":\\\"2021-10-01 14:44:01Z\\\",\\\"trace_id\\\":\\\"1e3b46a9-409a-4fc1-9cce-49a201c91e00\\\",\\\"correlation_id\\\":\\\"1aa53ff4-d31e-4eb0-924c-0e886ef8e64b\\\",\\\"error_uri\\\":\\\"https://login.microsoftonline.com/error?code=700084\\\"}\",\"key\":\"Invalid Response Code: 400\",\"retryable\":false,\"what\":\"std::exception\"}\n***\n\n13751 [2021-10-01 09:44:01.325] [background] [critical] *** Stack trace (line numbers are approximate):\n*** ??:? ValidateRequestResp(CURLcode, void*, string)\n*** ??:? PerformRequest(void*)\n*** ??:? PerformJSONRequest(void*)\n*** ??:? MakeOAuthRefreshRequest(string, string, string)\n*** ??:? XOAuth2TokenManager::partsForAccount(shared_ptr)\n*** ??:? MailUtils::configureSessionForAccount(mailcore::IMAPSession&, shared_ptr)\n*** ??:? SyncWorker::configure()\n*** ??:? runBackgroundSyncWorker()\n*** main.cpp:? main::{lambda()#3}::operator()() const\n*** main.cpp:? _Bind_simple::operator()()\n*** main.cpp:? thread::_Impl::_M_run()\n*** thread.o:? execute_native_thread_routine()\n***\n\n/usr/share/mailspring/resources/app.asar.unpacked/mailsync: line 5: 13751 Aborted SASL_PATH=\"$SCRIPTPATH\" LD_LIBRARY_PATH=\"$SCRIPTPATH;$LD_LIBRARY_PATH\" \"$SCRIPTPATH/mailsync.bin\" \"$@\"\n\n at ChildProcess.onStreamCloseOrExit (file:///tmp/nylas-build/electron-packager/linux-x64/mailspring-linux-x64/resources/app/src/mailsync-process.ts:301:17)\n at ChildProcess.emit (events.js:210:5)\n at ChildProcess.EventEmitter.emit (domain.js:476:20)\n at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)",

#68

Screenshot from 2021-11-05 11-58-43
Screenshot from 2021-11-05 11-58-431724×594 96.3 KB

Just contributing that I am having same issue with a university exchange account (no IMAP, only “modern authentication”), and getting the error “Connection Error - Unable to connect to the server / port you provided. (IMAP)”

Wondering if there are any updates on this, even if its just “we’re stuck on XYZ”.

#69

I’ve hit this problem too. My employer has just locked down our exchange server, removing insecure authentication.
They have added a method for authentication with IMAP using oauth2, (Authenticate an IMAP, POP or SMTP connection using OAuth | Microsoft Docs) But I can’t see that this is supported yet. Is it likely or too hard?

1 Like
#70

If your Office/Microsoft 365 admins disable IMAP for your tenant, there’s not much you can do. You need to use a mail client that supports EWS/EAS…

#71

I’ve had the same problem with @sterlingralph .
When selecting Office365 as a preset for adding account. After logging into the accopunt in the browser, Mailspring’s windows just return “Connection Error - Unable to connect to the server (IMAP)”.

I have near zero about what happened in the background and about the log, but someone here say something about IMAP and SMTP option in admin’s dashboard has been turned off and other workaround is using Exchange service or somthing.

I’ve realized that I have configured my Office365 email in an Android application called FairMail and I copy the settings from there. Using adding IMAP Email service and copy & fill in the blank. The final window is look like this (I have my 2FA turned on on my account but I’m using just my password not the “app password”). For me, the sync function is still working after a day of continuous usage.

I’m not sure why this setup is working for my case, but I’m sharing my experience. Hoping that it can fix someone’s problems here.

image
image1571×1079 83.1 KB

1 Like
#72
#75

Dateline: October 21, 2022. Institutional Office365 STILL not working.
Action: Voted.
User Feelings: :sob:
Unwanted comments by User: Love Mailspring but can’t keep switching to a different mail program for Office365 mail account that is needed for work. The whole point of mailspring was to aggregate multiple emails into 1 interface/gui.

Screenshots (for what it’s worth)

image
image2290×512 65.4 KB

image
image1822×1320 191 KB

#76

Currently having issues logging in with 2 separate accounts.

----------IMAP----------
connect <mailcore::IMAPSession:0x7ffd24516690>
* OK The Microsoft Exchange IMAP4 service is ready. [QwBIADAAUAAyADIAMwBDAEEAMAAwADEANgAuAE4AQQBNAFAAMgAyADMALgBQAFIATwBEAC4ATwBVAFQATABPAE8ASwAuAEMATwBNAA==]
ssl connect outlook.com 993 2
OpenSSL version: OpenSSL 1.1.0f  25 May 2017
1 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
connect ok
login
2 LOGIN "..." *********
2 NO LOGIN failed.
#77

Thanks for the pointer @jorgefsoriano.
Indeed, my uni also turned on 2FA, and somehow also disabled IMAP/SMTP access recently. Until then I was using an app password which worked fine, but now that SMTP is discontinued I was left without a solution.
I am now able to connect to my institutional office365 with mailspring through davmail. The later supports 2FA since version 5.0 (now at 6.0). The relevant article quoted above is not really relevant to the 2FA problem, but there is doc on the davmail website that explain how to do it. It’s quite simple really. Just connect to local ports from mailspring (as in the quote article) and use “O365Interactive” in the davmail settings. davmail should authenticate with 2FA and let mailspring work through it fine ! Thanks to the davmail devs.

https://davmail.sourceforge.net/faq.html

#79

Related: by mid-September logging into Outlook with a “modern authentication method” (whatever that means) will be required for all email clients. Someone already made a post about it: Microsoft’s modern authentication methods

1 Like
#80

Having same issue

----------IMAP----------
connect <mailcore::IMAPSession:00D5F4E0>
* OK The Microsoft Exchange IMAP4 service is ready. [UwBHADIAUA****************ATwBNAA==]
ssl connect imap-mail.outlook.com 993 2
OpenSSL version: OpenSSL 1.1.0f  25 May 2017
1 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
connect ok
login
2 LOGIN "om****d@msn.com" *********
2 NO LOGIN failed.
#81

I hate to keep banging this drum, unless your Office 365/M365 tenant enables IMAP and SMTP this mail app wont work for you. Its barely on life support as it is. I seriously doubt support for ActiveSync, EWS, or even Exchange is going to be added to Mailspring anytime soon…