Failed to start SASL connection

If you aren't having any problems with the computer or your Gmail accounts in Mail, just ignore it. If you are having problems, please post them. My Console application is full of error messages.

Hi,

I disagree with Eric. I agree with Toasted that there's something fishy going on. Anything not running at peak efficiency is an affront to my German heritage, so I start to tinker.

I believe the warning we are seeing is the combined effect of Google's 2-step verification and my Macs' Mails using application-specific Google Mail passwords on one hand, and iCloud keychain synchronization across multiple devices on the other hand. I dimly remember that Google 2-step integration with Apple was reported earlier this year, so it's a fairly new feature. I just never bothered to switch away from application-specific passwords lest I ruin it. My configuration has grown over many years. From time to time it's necessary to commence a spring cleaning on grown configuration files.

Here is how I solved it for myself - at least the warnings disappeared from my MBP. I will have to check later on my iMac, whether my recipe introduced problems there. Please keep in mind that your computer will resynchronize your whole Gmail account - which may take quite a bit of time even on a fairly fast internet connection. Also do not use these instructions unless your Gmail account uses IMAP!

1. Make sure to have Mail closed, meaning Quit. Check with the Activity Monitor, if unsure.
2. I went to  > System Preferences > Internet Accounts, selected the Google accounts, and then the [-] at the bottom to remove this account. The a-ha effect happened when the system dialog asked me whether to remove the account only on my local Mac, or from all devices linked via keychains. I went ahead and removed all. (This leads me to believe that there is a mis-match between a single Google account shared on all devices via keychains on one hand, and per-device application-specific Mail passwords on the other hand, as the root cause for the issue of this thread.)
3. I followed most of the instructions in http://www.macworld.com/article/2033842/make-mail-and-gmail-play-nice.html to set up my Google account again. I typically only want to use Mail, Messages, and Notes from the Google account, but not Contact nor Calendars. But that's just my flavor. And I mostly ignored their Mac Mail settings tweaks - mine works fine with most of the account boxes ticked.
   1. To recreate the Google Account, there [+] button is not working on 10.10.3. Just click the Google logo on the right.
   2. It will ask for your Google account username and password.
   3. 2-step authentication will ask for your Google auth code. Make sure that you chose a fresh one at the beginning of the ticking cycle.
   4. Google Authentication will ask you back, via an Apple dialog, to confirm access to various attributes of your account. You'll have to scroll to the bottom to find the "accept" button.
   5. There may be more windows. Including warning pop-ups that there was a problem setting up Mail. And possibly other applications you have selected. Say [ok] and ignore.
   6. After all boxes are done, select the Google account again in the left pane. If you received complaints dialogs like I did, Mail is unchecked in the right pane. Check it. It will show the whirl, and continue to show the whirl. Ignore the whirl - it's not a beach ball.
4. Open Mail. In [Mailboxes] on the left pane, select your Google account. Then go to the title bar Mailboxes > Rebuild.
5. In Mail, select Mail > Preferences > Accounts. For every account in the left pane, check the [Outgoing Mail Server (SMTP)] settings. Mine were all messed up, i.e. suddenly unset. It was as simple as selecting the proper server from the drop-down box, select the next (or first) account in order to trigger the save settings dialog.

This did it for me. About 30 minutes later, my Gmail mail was fully accessible again from Mail, and no more XOAUTH2 warnings in my logs.

One more step: Since Mac Mail now uses 2-step authentication, I was able to revoke my MBP's application-specific password from the Google accounts page. I recommend that you also revoke (only those) application-specific passwords that you no longer use. However, my iOS devices still appear to use their application-specific Gmail passwords, though, so don't remove those (yet).

I solved it by unchecking in

mail/ preferences/ accounts / Gmail /smtp server /advanced/

the "automatically detect and preserve accounts settings" option

HugoMe, thanks a lot . That worked for me! I´ve been mad with this problem for weeks. Mail runs so much smoother now. Thanks a lot.

Thanks, YasonX! Your info helped me get the same problem repaired.

Strangely, with Yosemite, adding Gmail accounts with the "Internet Accounts" page of System Prefs caused errors with addition of Mail. Only when I went into Mail prefs and enabled the accounts did Mail begin to rebuild the Gmail email boxes.

Because I have both a personal address and an address I use for some of my business clients, I also had to edit the Server lists to assure each account had the correct login info for each account. There was a little blip in the process for me, however. When I first added the accounts to Mail, I used the server info from the previous account info. Yosemite did not remove the server info when I deleted the accounts, originally. Shortly after I added the accounts back the same errors appeared. I again removed the accounts and started over from the beginning. The second time, though, I used the "new" server entries and, when editing the server info, deleted the old server names. Gmail then acted as it should.

After getting all the server info corrected, and enabling the accounts Gmail began the process of syncing the boxes with Gmail. Since Gmail allows a huge amount of space for each account the number of emails to download was gigantic and took nearly an hour. Mail was available for use, though, from the very beginning.

Bottom line is that everything is again working. Hopefully Apple and Google play nice for a while!

One more thing, as they say at Apple. I updated the Google account on my iMac, and that went even smoother than described above. However, this morning, after rebooting my MBP, I was getting another stream of endless errors in my logs:

Apr 27 09:07:30 xxxxx icbaccountsd[602]: SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 75 Apr 27 09:07:32 xxxxx accountsd[285]: Enter ShareKitAccountEnabler - didChangeWithType - type=2 for account yyyyyyyy@gmail.com (some-uuid-here). Apr 27 09:07:32 xxxxx accountsd[285]: AIDA Notification plugin running

The number behind the first line was incrementing by 1, and I was moderately disgusted around 217, with the 3 lines repeating, not necessarily in order. Unfortunately, I've been a bad boy, and changed two things to make this new message stream go away, not one and wait and check. Sorry about that. Here's what I did:

1. I quit Mail. In the System Preferences > Internet Account > Google I disabled the account just for this computer. Then I re-enabled the services I wanted, which includes Mail.
2. I started Mail. In Preferences > Accounts > Google > Advanced, I unchecked the "Automatically detected and maintain account settings" box, as was suggested previously in this thread by HugoMe.

The account-related messages in the logs went away, and my Google inbox started to show new messages.

I'll keep you posted, if I detect more issues.

I find myself in a similar situation, but having arrived from a different path.

For me, some time after OS X 10.10.3 and my motherboard failing (which happened within a week of each other, so I can't exactly pin down which might have caused what), Apple Mail hasn't been working well. When I first start it up it will fetch mail properly, but then it seems as if it won't receive new messages under certain accounts until some time has passed, or until I quit and start the program again. I had to resort to my iPhone and iPad to ensure that I didn't have any emails waiting for me.

Looking in my log and searching for "Mail,", I had multiple lines of the following:

5/3/15 9:50:06.925 AM accountsd[2233]: Enter ShareKitAccountEnabler - didChangeWithType - type=2 for account XXXXXXX@gmail.com (XXXXXXX-XXXX-XXXX-XXXXX-XXXXXXXXXXXXXXX).

I have X'd out some of the personal information above. For what it's worth, I have three @gmail accounts and two institutional accounts that run through gmail on the back-end. It seemed as if only one of those gmail accounts was in the log. I went into my settings for that account, deleted the old app-specific password, created a new one, and replaced my password in Mail with it. The console messages stopped for a few minutes, and then I received one for another account, followed by a few of these:

5/3/15 10:56:30.191 AM Mail[5713]: {"status":"400","schemes":"Bearer","scope":"https://mail.google.com/"}

5/3/15 10:56:30.605 AM Mail[5713]: XOAUTH2 requires user

I went through the same procedure of creating a new app-specific password for it and changing it out in Mail, but the console messages about SASL failing and XOAUTH2 are still present. At this point it's too early to tell if Mail is properly receiving mail, which is all I really care about, but this is certainly interesting...

Have you tried using the 2-factor auth for Gmail from Mac Mail instead of application specific passwords? It is possible as of sometime earlier this year. But beware of old data lurking in your keychain, and being iCloud synchronized. For that reason, my recipe contains the step to tell keychain to delete the Google account from all devices at least once.

If you do choose to continue with application specific passwords, remember that Mail will need it two places, once for IMAP and once for SMTP. While it is sufficient to create one app specific password per application and computer (one for Mail on MBP, one for Mail on iMac, one for chat on MBP, ...), you need it to ensure that both, the Account > Google > Password has it, and the SMTP server > Edit > Google > Advanced has it.

There is a step 2.2 after step 2 before step 3 that I found helpful to remove a Gmail SMTP server setting that should've been removed when removing the Google account, but sometimes is not.

After having removed the Google account, but before setting it up again, open Mail right now. Go to Preferences > Accounts. For each account in the left pane, make note which "Outgoing Mail Server (SMTP)" is shown in the "Account Information". Typically, this is pretty straight forward for most users, but can get tricky, if you get mail for multiple roles.

After taking note, select any remaining Account. In the "Outgoing Mail Server (SMTP)" box, select "Edit SMTP Server list". In the dialog the opens, check that there is no server smtp.google.com in the list. If there is one (or more), select the server, and select the minus "-" button to remove.

After all Google SMTP servers have been removed this way, close the "Edit SMTP server list" dialog that shows the remaining server by using Cancel. After all, you don't want to change the SMTP server on the 'any' account you previously selected. Now, in the left pane showing all your accounts, click on each account on the left pane, and verify that the "Outgoing Mail Server (SMTP)" in "Account Information" is still as before. If it is not, select from the drop-down the proper server, (use your notes from above, if in doubt), and then click the next account. That will trigger the dialog asking you to save the changes, which you do. (At the end of the accounts list, select the first account to trigger the dialog.) The "save" dialog will not appear, if you didn't need to make any changes. But do check every account.

Now, quit Mail, and proceed to step 3.

I have both two-factor authentication and app-specific passwords enabled on most of my accounts. It seems like the ones I had issues with were those with two-factor authentication enabled. Resetting the app-specific password fixed mail fetching issues, at least.

Today I don't see any of that XOATH2 stuff in my console, but tons of this:

5/4/15 5:57:01.684 PM accountsd[7842]: AIDA Notification plugin running

5/4/15 5:57:01.684 PM accountsd[7842]: Enter ShareKitAccountEnabler - didChangeWithType - type=2 for account XXXXX@XXXXXX.edu (XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX).

5/4/15 5:57:01.779 PM accountsd[7842]: AIDA Notification plugin running

5/4/15 5:57:01.779 PM accountsd[7842]: Enter ShareKitAccountEnabler - didChangeWithType - type=2 for account XXXXX@XXXXXX.edu (XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX).

5/4/15 5:57:01.897 PM icbaccountsd[7926]: SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 364

5/4/15 5:57:02.082 PM icbaccountsd[7926]: SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 365

5/4/15 5:57:02.490 PM accountsd[7842]: AIDA Notification plugin running

And it just keeps repeating... worse yet, my processor is working overtime on process SystemUIServer, which may or may not be related.

What a pain... the .edu account (with Google as a back-end) doesn't allow for two-factor authentication or app-specific passwords, so there isn't really anything to fiddle with there.

HugoMe's solution appears to have accelerated the checking for Gmail (mailbox scanning) dramatically. Have others seen this as well?

I am still flustered by this problem, and none of my answers are a sufficient solution 😟 Sorry about that.

In order to further debug the problem, and remove interference of 9 years of bread-crumbs in my keychain, I started by removing the Google account on my MBP using the "Internet Accounts" dialog. I then proceeded to open the keychains app, and query for all keys involving gmail.com, and remove all keychain entries, local and iCloud, that linked to gmail.com - but not those that were Safari passwords merely using my gmail address as user key. Be very careful, if you try that yourself! I even checked Mail that there were no more Gmail SMTP servers, which have a tendency to hang on even if you remove your Google account.

After that, I proceeded to set up my Google account again. All my iDevices also suddenly wanted me to set up my Gmail account again, too. The remaining problem is as follows: Once I connect to a new network, and start Mail, it cannot synch with Gmail. I often have a similar problem on my iDevices, too. On the MBP I see the following hints in my log file:

2015-05-29 08:22:39.532 sandboxd[290] ([2339]) Mail(2339) deny mach-lookup com.apple.GSSCred

2015-05-29 08:22:39.567 Mail[2339] Stream 0x600000307980 is sending an event before being opened

2015-05-29 08:22:40.228 Mail[2339] {"status":"400","schemes":"Bearer","scope":"https://mail.google.com/"}

2015-05-29 08:22:40.976 Mail[2339] Stream 0x6000001174f0 is sending an event before being opened

2015-05-29 08:22:41.093 Mail[2339] Stream 0x60800011a820 is sending an event before being opened

2015-05-29 08:22:41.221 Mail[2339] XOAUTH2 requires user

2015-05-29 08:22:41.221 Mail[2339] Failed to start the SASL connection SASL(-1): generic failure: XOAUTH2 requires user

2015-05-29 08:22:44.708 accountsd[277] Enter ShareKitAccountEnabler - didChangeWithType - type=2 for account XXX@XXX.com (A57DA091-ACFB-472B-8ED0-465958D06739).

2015-05-29 08:22:44.709 accountsd[277] AIDA Notification plugin running

2015-05-29 08:22:44.920 icbaccountsd[2344] Connection error while checking Apple Internalness. Error: Error Domain=NSCocoaErrorDomain Code=4099 "Couldn’t communicate with a helper application." (The connection to service named com.apple.CrashReporterSupportHelper was invalidated.) UserInfo=0x7fd0db439ed0 {NSDebugDescription=The connection to service named com.apple.CrashReporterSupportHelper was invalidated.}

2015-05-29 08:22:44.982 sandboxd[290] ([2344]) icbaccountsd(2344) deny mach-lookup com.apple.CrashReporterSupportHelper

2015-05-29 08:22:45.021 Mail[2339] Stream 0x61000011aee0 is sending an event before being opened

2015-05-29 08:22:46.669 Mail[2339] No worthy mechs found

2015-05-29 08:22:46.669 Mail[2339] No worthy mechs found

2015-05-29 08:22:48.233 accountsd[277] Enter ShareKitAccountEnabler - didChangeWithType - type=2 for account YYY@gmail.com (DCBD516E-8254-4C6A-AE82-8405EAE0157A).

2015-05-29 08:22:48.233 accountsd[277] AIDA Notification plugin running

... [repeats] ...

2015-05-29 08:22:53.159 icbaccountsd[2344] SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 7

2015-05-29 08:22:53.372 icbaccountsd[2344] SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 8

... [interspersed, repeats] ...

where the icbaccountsd message repeats with an increasing number after it. Checking in Mail, there is a user name associated with both, the IMAP and the SMTP account. The "user" that the error message refers to might be something like the consumer key or access token of OAUTH. I'd also like to know, why the sandboxd denies the credential lookup to Mail.

My solution my current quandary is to quit Mail right there, and wait until the dot under the icon went away. Then, after reinvoking Mail, it will then connect with Gmail, no problems. Unfortunately, that does not help when my iDevices hang checking Gmail.

I would blame icloud keychain sharing, but it is too convenient a feature (when it work) to turn it off.

I have tried the solution provided by YasonX related with gmail 2-step verification and run into a more serious problem: Mail is using almost 100% cpu.

In my log there are huge numbers of these messages:

14/06/15 11:12:24,481 accountsd[1465]: AIDA Notification plugin running

These AIDA message stops when I disable in Mail's advanced settings related to the gmail account 'Automatically detect and maintain account settings'.

But then in my log the "Failed to start the SASL connection" reappears.

So I back to the original problem.

Perhaps I have overlooked something?

This is what I did concerning the SASL message problem, and since then, messages in Console have stopped cold:

In addition to unchecking Automatically detect and maintain account settings, as some others have advised, I went into General of Mail preferences and set Check for new messages to Manually. This didn’t seem to affect the reception of mail from Gmail because I still automatically got the test messages that I had sent to myself from different email accounts. Then I went ahead and rechecked Automatically detect and maintain account settings to see what would happen, and still no new error messages. There seems to be a lot of bugs with Mail, but at least I’m no longer annoyed by the constant stream of messages. I’m waiting to see what happens.

I'm uncheck 'Automatically detect account settings' in smtp settings, but after this i still saw SASL error messages from Mail in console. After this, also i uncheck 'Automatically detect account settings' in Advanced tab in General Google Account settings (see screenshots), and now my console Mail messages has clear from SASL error messages!