Q: Failed to start SASL connection

If you aren't having any problems with the computer or your Gmail accounts in Mail, just ignore it. If you are having problems, please post them. My Console application is full of error messages.

I have this problem too, using OSX 10.10.3. I would like to resolve it.

I doubt that getting this error message every few seconds in the log is something that should just be ignored. since it seems "SASL provides developers of applications and shared libraries with mechanisms for authentication, data integrity-checking, and encryption" - sounds like it might be useful/important

Anyway, the message I get is like this:

23/04/2015 12:11:35.428 am Mail[504]: Failed to start the SASL connection

SASL(-1): generic failure: XOAUTH2 requires user

and it repeats every few seconds.

If anyone can help out it would be appreciated.

Hi,

I disagree with Eric. I agree with Toasted that there's something fishy going on. Anything not running at peak efficiency is an affront to my German heritage, so I start to tinker. 

I believe the warning we are seeing is the combined effect of Google's 2-step verification and my Macs' Mails using application-specific Google Mail passwords on one hand, and iCloud keychain synchronization across multiple devices on the other hand. I dimly remember that Google 2-step integration with Apple was reported earlier this year, so it's a fairly new feature. I just never bothered to switch away from application-specific passwords lest I ruin it. My configuration has grown over many years. From time to time it's necessary to commence a spring cleaning on grown configuration files.

Here is how I solved it for myself - at least the warnings disappeared from my MBP. I will have to check later on my iMac, whether my recipe introduced problems there. Please keep in mind that your computer will resynchronize your whole Gmail account - which may take quite a bit of time even on a fairly fast internet connection. Also do not use these instructions unless your Gmail account uses IMAP!

1. Make sure to have Mail closed, meaning Quit. Check with the Activity Monitor, if unsure.
   
2. I went to  > System Preferences > Internet Accounts, selected the Google accounts, and then the [-] at the bottom to remove this account. The a-ha effect happened when the system dialog asked me whether to remove the account only on my local Mac, or from all devices linked via keychains. I went ahead and removed all. (This leads me to believe that there is a mis-match between a single Google account shared on all devices via keychains on one hand, and per-device application-specific Mail passwords on the other hand, as the root cause for the issue of this thread.)
3. I followed most of the instructions in http://www.macworld.com/article/2033842/make-mail-and-gmail-play-nice.html to set up my Google account again. I typically only want to use Mail, Messages, and Notes from the Google account, but not Contact nor Calendars. But that's just my flavor. And I mostly ignored their Mac Mail settings tweaks - mine works fine with most of the account boxes ticked.
   1. To recreate the Google Account, there [+] button is not working on 10.10.3. Just click the Google logo on the right.
   2. It will ask for your Google account username and password.
   3. 2-step authentication will ask for your Google auth code. Make sure that you chose a fresh one at the beginning of the ticking cycle.
   4. Google Authentication will ask you back, via an Apple dialog, to confirm access to various attributes of your account. You'll have to scroll to the bottom to find the "accept" button.
   5. There may be more windows. Including warning pop-ups that there was a problem setting up Mail. And possibly other applications you have selected. Say [ok] and ignore.
   6. After all boxes are done, select the Google account again in the left pane. If you received complaints dialogs like I did, Mail is unchecked in the right pane. Check it. It will show the whirl, and continue to show the whirl. Ignore the whirl - it's not a beach ball.
4. Open Mail. In [Mailboxes] on the left pane, select your Google account. Then go to the title bar Mailboxes > Rebuild.
5. In Mail, select Mail > Preferences > Accounts. For every account in the left pane, check the [Outgoing Mail Server (SMTP)] settings. Mine were all messed up, i.e. suddenly unset. It was as simple as selecting the proper server from the drop-down box, select the next (or first) account in order to trigger the save settings dialog.
   

This did it for me. About 30 minutes later, my Gmail mail was fully accessible again from Mail, and no more XOAUTH2 warnings in my logs.

One more step: Since Mac Mail now uses 2-step authentication, I was able to revoke my MBP's application-specific password from the Google accounts page. I recommend that you also revoke (only those) application-specific passwords that you no longer use. However, my iOS devices still appear to use their application-specific Gmail passwords, though, so don't remove those (yet).

YasonX, Well done you ! You solved it for me.

I followed your advice and the messages (in the thousands) appearing log have now stopped.

Whats more gmail now seems to behave much better. Previously when starting the Mail application on the mac the Activity window of the mail application would show various activity for several minutes if not 10s of minutes even though no messages were received or sent. I now have a working Archive folder too.

This has got to be more efficient than wasting processing power and memory on rubbish attempts to get SASL to start.

Thanks again. ANZAC Day here - so if that has meaning to you - have a good one.

I solved it by unchecking in

mail/ preferences/ accounts / Gmail /smtp server /advanced/

the "automatically detect and preserve accounts settings" option

HugoMe, Yes I had seen that solution on another site but it didn't work for me.

Dont know why it seems to work for some and not others...perhaps it has to do with the number of email gmail  accounts being serviced by the Mail application... What and how many non gmail accounts are also being serviced by the app... Could be lots of thing I guess....it Beats me. (I have two @gmail accounts and one @me and one @optusnet)

Anyway, glad that it worked for you.  Even happier that YasonX's solution worked for me!

HugoMe, thanks a lot . That worked for me! I´ve been mad with this problem for weeks. Mail runs so much smoother now. Thanks a lot.

Thanks, YasonX! Your info helped me get the same problem repaired.

Strangely, with Yosemite, adding Gmail accounts with the "Internet Accounts" page of System Prefs caused errors with addition of Mail. Only when I went into Mail prefs and enabled the accounts did Mail begin to rebuild the Gmail email boxes.

Because I have both a personal address and an address I use for some of my business clients, I also had to edit the Server lists to assure each account had the correct login info for each account. There was a little blip in the process for me, however. When I first added the accounts to Mail, I used the server info from the previous account info. Yosemite did not remove the server info when I deleted the accounts, originally. Shortly after I added the accounts back the same errors appeared. I again removed the accounts and started over from the beginning. The second time, though, I used the "new" server entries and, when editing the server info, deleted the old server names. Gmail then acted as it should.

After getting all the server info corrected, and enabling the accounts Gmail began the process of syncing the boxes with Gmail. Since Gmail allows a huge amount of space for each account the number of emails to download was gigantic and took nearly an hour. Mail was available for use, though, from the very beginning.

Bottom line is that everything is again working. Hopefully Apple and Google play nice for a while!

One more thing, as they say at Apple. I updated the Google account on my iMac, and that went even smoother than described above. However, this morning, after rebooting my MBP, I was getting another stream of endless errors in my logs:

Apr 27 09:07:30 xxxxx icbaccountsd[602]:  SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 75
Apr 27 09:07:32 xxxxx accountsd[285]: Enter ShareKitAccountEnabler  - didChangeWithType - type=2 for account yyyyyyyy@gmail.com (some-uuid-here).
Apr 27 09:07:32 xxxxx accountsd[285]: AIDA Notification plugin running

The number behind the first line was incrementing by 1, and I was moderately disgusted around 217, with the 3 lines repeating, not necessarily in order. Unfortunately, I've been a bad boy, and changed two things to make this new message stream go away, not one and wait and check. Sorry about that. Here's what I did:

1. I quit Mail. In the System Preferences > Internet Account > Google I disabled the account just for this computer. Then I re-enabled the services I wanted, which includes Mail.
2. I started Mail. In Preferences > Accounts > Google > Advanced, I unchecked the "Automatically detected and maintain account settings" box, as was suggested previously in this thread by HugoMe. 

The account-related messages in the logs went away, and my Google inbox started to show new messages.

I'll keep you posted, if I detect more issues.

I find myself in a similar situation, but having arrived from a different path.

For me, some time after OS X 10.10.3 and my motherboard failing (which happened within a week of each other, so I can't exactly pin down which might have caused what), Apple Mail hasn't been working well.  When I first start it up it will fetch mail properly, but then it seems as if it won't receive new messages under certain accounts until some time has passed, or until I quit and start the program again.  I had to resort to my iPhone and iPad to ensure that I didn't have any emails waiting for me.

Looking in my log and searching for "Mail,", I had multiple lines of the following:

5/3/15 9:50:06.925 AM accountsd[2233]: Enter ShareKitAccountEnabler  - didChangeWithType - type=2 for account XXXXXXX@gmail.com (XXXXXXX-XXXX-XXXX-XXXXX-XXXXXXXXXXXXXXX).

I have X'd out some of the personal information above.  For what it's worth, I have three @gmail accounts and two institutional accounts that run through gmail on the back-end.  It seemed as if only one of those gmail accounts was in the log.  I went into my settings for that account, deleted the old app-specific password, created a new one, and replaced my password in Mail with it.  The console messages stopped for a few minutes, and then I received one for another account, followed by a few of these:

5/3/15 10:56:30.191 AM Mail[5713]: {"status":"400","schemes":"Bearer","scope":"https://mail.google.com/"}

5/3/15 10:56:30.605 AM Mail[5713]: XOAUTH2 requires user

I went through the same procedure of creating a new app-specific password for it and changing it out in Mail, but the console messages about SASL failing and XOAUTH2 are still present.  At this point it's too early to tell if Mail is properly receiving mail, which is all I really care about, but this is certainly interesting...

Have you tried using the 2-factor auth for Gmail from Mac Mail instead of application specific passwords? It is possible as of sometime earlier this year. But beware of old data lurking in your keychain, and being iCloud synchronized. For that reason, my recipe contains the step to tell keychain to delete the Google account from all devices at least once.

If you do choose to continue with application specific passwords, remember that Mail will need it two places, once for IMAP and once for SMTP. While it is sufficient to create one app specific password per application and computer (one for Mail on MBP, one for Mail on iMac, one for chat on MBP, ...), you need it to ensure that both, the Account > Google > Password has it, and the SMTP server > Edit > Google > Advanced has it.

There is a step 2.2 after step 2 before step 3 that I found helpful to remove a Gmail SMTP server setting that should've been removed when removing the Google account, but sometimes is not.

After having removed the Google account, but before setting it up again, open Mail right now. Go to Preferences > Accounts. For each account in the left pane, make note which "Outgoing Mail Server (SMTP)" is shown in the "Account Information". Typically, this is pretty straight forward for most users, but can get tricky, if you get mail for multiple roles.

After taking note, select any remaining Account. In the "Outgoing Mail Server (SMTP)" box, select "Edit SMTP Server list". In the dialog the opens, check that there is no server smtp.google.com in the list. If there is one (or more), select the server, and select the minus "-" button to remove.

After all Google SMTP servers have been removed this way, close the "Edit SMTP server list" dialog that shows the remaining server by using Cancel. After all, you don't want to change the SMTP server on the 'any' account you previously selected. Now, in the left pane showing all your accounts, click on each account on the left pane, and verify that the "Outgoing Mail Server (SMTP)" in "Account Information" is still as before. If it is not, select from the drop-down the proper server, (use your notes from above, if in doubt), and then click the next account. That will trigger the dialog asking you to save the changes, which you do. (At the end of the accounts list, select the first account to trigger the dialog.) The "save" dialog will not appear, if you didn't need to make any changes. But do check every account.

Now, quit Mail, and proceed to step 3.

I have both two-factor authentication and app-specific passwords enabled on most of my accounts.  It seems like the ones I had issues with were those with two-factor authentication enabled.  Resetting the app-specific password fixed mail fetching issues, at least.

Today I don't see any of that XOATH2 stuff in my console, but tons of this:

5/4/15 5:57:01.684 PM accountsd[7842]: AIDA Notification plugin running

5/4/15 5:57:01.684 PM accountsd[7842]: Enter ShareKitAccountEnabler  - didChangeWithType - type=2 for account XXXXX@XXXXXX.edu (XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX).

5/4/15 5:57:01.779 PM accountsd[7842]: AIDA Notification plugin running

5/4/15 5:57:01.779 PM accountsd[7842]: Enter ShareKitAccountEnabler  - didChangeWithType - type=2 for account XXXXX@XXXXXX.edu (XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX).

5/4/15 5:57:01.897 PM icbaccountsd[7926]:  SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 364

5/4/15 5:57:02.082 PM icbaccountsd[7926]:  SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 365

5/4/15 5:57:02.490 PM accountsd[7842]: AIDA Notification plugin running

And it just keeps repeating... worse yet, my processor is working overtime on process SystemUIServer, which may or may not be related.

What a pain... the .edu account (with Google as a back-end) doesn't allow for two-factor authentication or app-specific passwords, so there isn't really anything to fiddle with there.

HugoMe's solution appears to have accelerated the checking for Gmail (mailbox scanning) dramatically. Have others seen this as well?