We are setting up Exchange 2013 SP1 in our Exchange 2010 test environment to verify our upcoming migration. I have found out that for some reason I can't get the IMAP service in Exchange 2013 to work with Kerberos (GSSAPI) authentication with Thunderbird as a client. It does work fine in Exchange 2010 SP3 though.
Exchange 2010 SP3 response in Thunderbird:
* CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
Exchange 2013 SP1 response in Thunderbird:
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
AUTH=GSSAPI is missing and therefore I can't blame Thunderbird from complaining about this. If I compare the output from Get-ImapSettings I can't find anything that would indicate why I shouldn't work. EnableGSSAPIAndNTLMAuth is $true on both server and LoginType is SecureLogin.
On http://technet.microsoft.com/en-us/library/jj619283(v=exchg.150).aspx I found out that NTLM is not supported on Exchange 2013 for POP3 and IMAP4 but Kerberos (GSSAPI) and Plain Text Authentication with SSL still is.
Has anyone got IMAP to work with Kerberos authentication on Exchange 2013 SP1?