IMAP setup fails with AUTHENTICATE Failed error in logs in Jira server

Still need help?

The Atlassian Community is here for you.

Ask the community

Problem

When trying to set up an IMAP service for JIRA applications notifications, you get an error AUTHENTICATE Failed. After enabling mail debugging, the following appears in the logs:

[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  * OK The Microsoft Exchange IMAP4 service is ready. [QWxhZGRpbjpvcGVuIHNlc2FtZQ==]
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  IUR0 CAPABILITY
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  IUR0 OK CAPABILITY completed.
IMAPS: AUTH: PLAIN
IMAPS: AUTH: XOAUTH2
IMAPS: protocolConnect login, host=outlook.office365.com, user=user_name@atl.onmicrosoft.com, password=<non-null>
IMAPS: AUTHENTICATE PLAIN command trace suppressed
IMAPS: AUTHENTICATE PLAIN command result: IUR1 NO AUTHENTICATE failed.
IMAPS: trying to connect to host "outlook.office365.com", port 993, isSSL true
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  * OK The Microsoft Exchange IMAP4 service is ready. [QWxhZGRpbjpvcGVuIHNlc2FtZQ==]
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  IUS0 CAPABILITY
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  IUS0 OK CAPABILITY completed.
IMAPS: AUTH: PLAIN
IMAPS: AUTH: XOAUTH2
IMAPS: protocolConnect login, host=outlook.office365.com, user=user_name@atl.onmicrosoft.com, password=<non-null>
IMAPS: AUTHENTICATE PLAIN command trace suppressed
IMAPS: AUTHENTICATE PLAIN command result: IUS1 NO AUTHENTICATE failed. 

The following warning will also be in the atlassian-jira-incoming-mail.log:

 WARN [Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  Incident ITSM [10900]: javax.mail.AuthenticationFailedException: AUTHENTICATE failed. while connecting to host "outlook.office365.com" as user "user_name@atl.onmicrosoft.com" via protocol "SECURE_IMAP": javax.mail.AuthenticationFailedException: AUTHENTICATE failed.
javax.mail.AuthenticationFailedException: AUTHENTICATE failed.
	at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:708) [jakarta.mail-1.6.5.jar:1.6.5]
	at javax.mail.Service.connect(Service.java:364) [jakarta.mail-1.6.5.jar:1.6.5]
	at javax.mail.Service.connect(Service.java:222) [jakarta.mail-1.6.5.jar:1.6.5]
	at javax.mail.Service.connect(Service.java:243) [jakarta.mail-1.6.5.jar:1.6.5]
	at com.atlassian.mail.server.InternalAuthenticationContext.connectService(InternalAuthenticationContext.java:58) [atlassian-mail-5.0.3.jar:?]
	at com.atlassian.mail.server.AbstractMailServer.smartConnect(AbstractMailServer.java:156) [atlassian-mail-5.0.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailServicesHelper.lambda$connectUsing$2(MailServicesHelper.java:81) [jira-api-8.13.3.jar:?]
	at java.util.Optional.map(Optional.java:215) [?:1.8.0_181]
	at com.atlassian.jira.service.services.mail.MailServicesHelper.handleAuthAwareMailServer(MailServicesHelper.java:52) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailServicesHelper.getConnectedStore(MailServicesHelper.java:46) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailFetcherService.getConnectedStore(MailFetcherService.java:397) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailFetcherService$MessageProviderImpl.getAndProcessMail(MailFetcherService.java:166) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailFetcherService.processMessages(MailFetcherService.java:361) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailFetcherService.runImpl(MailFetcherService.java:353) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.file.AbstractMessageHandlingService.run(AbstractMessageHandlingService.java:229) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.JiraServiceContainerImpl.run(JiraServiceContainerImpl.java:68) [classes/:?]
	at com.atlassian.jira.service.ServiceRunner.runService(ServiceRunner.java:62) [classes/:?]
	at com.atlassian.jira.service.ServiceRunner.runServiceId(ServiceRunner.java:44) [classes/:?]
	at com.atlassian.jira.service.ServiceRunner.runJob(ServiceRunner.java:32) [classes/:?]
	at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:134) [atlassian-scheduler-core-3.0.0.jar:?]
	at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:106) [atlassian-scheduler-core-3.0.0.jar:?]
	at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:90) [atlassian-scheduler-core-3.0.0.jar:?]
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.launchJob(CaesiumSchedulerService.java:435) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJob(CaesiumSchedulerService.java:430) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJobWithRecoveryGuard(CaesiumSchedulerService.java:454) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeQueuedJob(CaesiumSchedulerService.java:382) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeJob(SchedulerQueueWorker.java:66) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeNextJob(SchedulerQueueWorker.java:60) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.run(SchedulerQueueWorker.java:35) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]


Cause

When using basic authentication:

This is caused by a security setting on the Exchange server that doesn't allow plain authentication.

When using OAuth 2.0:

Using the wrong Scopes can cause this error, even when the authentication attempt looks successful in the related Google or Microsoft logs. 

Resolution

When using basic authentication:

If you are connecting via IMAP, set the following JVM System property:

-Dmail.imap.auth.plain.disable=true

If you are connection via IMAPS (Secure IMAP), set the following JVM System property:

-Dmail.imaps.auth.plain.disable=true


Refer to Setting Properties and Options on Startup for more details.

When using OAuth 2.0:

Use the Scopes listed in Integrating with OAuth 2.0.

For Google, we recommend using the https://mail.google.com/ scope for IMAP and POP3.

For Microsoft, we recommend https://outlook.office.com/IMAP.AccessAsUser.All or https://outlook.office.com/POP.AccessAsUser.All, and offline_access.








Last modified on Oct 26, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.