What does `A1 NO AUTHENTICATE failed` error message mean when trying to read e-mails via IMAP?

Question

I have following code which is supposed to open a connection to a Microsoft Exchange server via IMAP:

        Folder inputFolder = null;
        Folder doneFolder = null;
        Store store = null;
        Properties properties = new Properties();
        Session emailSession = null;

        properties.put("mail.imaps.host", imapHost);
        properties.put("mail.imaps.user", mailUsername);
        properties.put("mail.imaps.port", Integer.toString(imapPort));
        properties.put("mail.imaps.starttls.enable", "true");

        MailSSLSocketFactory sf = new MailSSLSocketFactory();
        sf.setTrustedHosts(new String[]{"XXXXXXXXX"});
        properties.put("mail.imaps.socketFactory", sf);
        properties.put("mail.debug", "true");

        logger.info(String.format("Using user name '%s'", mailUsername));

        try {
            emailSession = createEmailSession(properties);
            store = getStore(emailSession);
            store.connect(mailUsername, mailPassword);

XXXXXXXXX is the host name.

createEmailSession and getStore methods look like this:

    Store getStore(final Session emailSession) throws NoSuchProviderException {
        return emailSession.getStore("imaps");
    }

    Session createEmailSession(final Properties properties) {
        return Session.getInstance(properties);
    }

store.connect(mailUsername, mailPassword) leads to following error message:

Caused by: javax.mail.AuthenticationFailedException: AUTHENTICATE failed.
                at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:732)
                at javax.mail.Service.connect(Service.java:366)
                at javax.mail.Service.connect(Service.java:246)
                at javax.mail.Service.connect(Service.java:267)

Debug output looks like this:

DEBUG: JavaMail version 1.6.2
DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
DEBUG: getProvider() returning javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Oracle]
DEBUG IMAPS: mail.imap.fetchsize: 16384
DEBUG IMAPS: mail.imap.ignorebodystructuresize: false
DEBUG IMAPS: mail.imap.statuscachetimeout: 1000
DEBUG IMAPS: mail.imap.appendbuffersize: -1
DEBUG IMAPS: mail.imap.minidletime: 10
DEBUG IMAPS: enable STARTTLS
DEBUG IMAPS: closeFoldersOnStoreFailure
DEBUG IMAPS: trying to connect to host "XXXXXXXXX", port 993, isSSL true
* OK The Microsoft Exchange IMAP4 service is ready.
A0 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
A0 OK CAPABILITY completed.
DEBUG IMAPS: AUTH: PLAIN
DEBUG IMAPS: protocolConnect login, host=XXXXXXXXX, user=YYYYYYYYY, password=<non-null>
DEBUG IMAPS: AUTHENTICATE PLAIN command trace suppressed
DEBUG IMAPS: AUTHENTICATE PLAIN command result: A1 NO AUTHENTICATE failed.
DEBUG IMAPS: IMAPStore cleanup, not connected

The credentials (YYYYYYYYY and corresponding password) used to work. Then I started to get messages like this. I talked with the admin and they told me that the user was locked due to too many attempts to login with the wrong password. They also said that they unlocked the user and it should work now.

But it doesn't.

Based on the debug output above, how can I narrow down the problem?

Update 1: According to this page, Exchange server only supports Kerberos and NTLM authentication, while I am using PLAIN. Maybe this is the reason why it fails.

Update 2: This answer suggests using ews-java-api for accessing Exchange Server. Will try it out.

Update 3: Suppressing plain text authentication using

properties.put("mail.imap.auth.plain.disable", "true");

did not help.