503 Encryption not ready: multikeydecrypt with share key failed

hostingnuggets · September 1, 2017, 8:06am

Nextcloud version (eg, 10.0.2): 10.0.3
Operating system and version (eg, Ubuntu 16.04): Debian 8
Apache or nginx version (eg, Apache 2.4.25): nginx 1.12.1
PHP version (eg, 5.6): 5.6.30
Is this the first time you’ve seen this error?: yes

Can you reliably replicate it? (If so, please outline steps):

create a new user
add him to a few groups which has folders shared
use the desktop sync client to synchronise all files
kaputt!

The issue you are facing:
A newly created user can not synchronise files which has been shared to a group which this user belongs too. User is on Windows using the nextcloud desktop sync client and on the server we have the default encryption module enabled since the beginning of the installation.

The output of your Nextcloud log in Admin > Logging:

{"reqId":"lkYQLh\/\/elYlsCcyWlqR","remoteAddr":"XXX.XXX.XXX.XXX","app":"webdav","message":"Exception: {\"Message\":\"HTTP\\\/1.1 503 Encryption not ready: multikeydecrypt with share key failed:error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\ServiceUnavailable\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/domain\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/CorePlugin.php(83): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\File->get()\\n#1 [internal function]: Sabre\\\\DAV\\\\CorePlugin->httpGet(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/domain\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/demo\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(459): Sabre\\\\Event\\\\EventEmitter->emit('method:GET', Array)\\n#4 \\\/var\\\/www\\\/demo\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#5 \\\/var\\\/www\\\/demo\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(60): Sabre\\\\DAV\\\\Server->exec()\\n#6 \\\/var\\\/www\\\/demo\\\/remote.php(165): require_once('\\\/var\\\/www\\\/domain...')\\n#7 {main}\",\"File\":\"\\\/var\\\/www\\\/domain\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/File.php\",\"Line\":312,\"User\":\"myuser\"}","level":4,"time":"2017-08-31T10:22:03+02:00","method":"GET","url":"\/remote.php\/webdav\/Exchange\/My_great_logo.png","user":"myuser","version":"9.1.3.2"}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '<REMOVED>',
  'passwordsalt' => '<REMOVED>',
  'secret' => '<REMOVED>',
  'trusted_domains' => 
  array (
    0 => '<REMOVED>',
  ),
  'datadirectory' => '/mnt/<REMOVED>/data',
  'overwrite.cli.url' => 'https://<REMOVED>',
  'dbtype' => 'mysql',
  'version' => '9.1.3.2',
  'dbname' => '<REMOVED>',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => '<REMOVED>',
  'dbpassword' => '<REMOVED>',
  'logtimezone' => 'Europe/Berlin',
  'installed' => true,
  'mail_smtpmode' => 'smtp',
  'mail_smtpauth' => 1,
  'mail_smtpname' => '<REMOVED>',
  'mail_smtppassword' => '<REMOVED>',
  'mail_smtpauthtype' => 'PLAIN',
  'mail_smtpsecure' => 'ssl',
  'activity_expire_days' => 180,
  'trashbin_retention_obligation' => 'auto,90',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'loglevel' => 0,
);

The output of your Apache/nginx/system log in /var/log/____:

XXX.XXX.XXX.XXX - myuser [31/Aug/2017:10:22:03 +0200] "GET /remote.php/webdav/Exchange/My_great_logo.png HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 2) (Nextcloud)"

RandieM · September 14, 2017, 3:32pm

Hello there.

I have the same problem on my Nextcloud installation.

The shared folders have been re-shared after the new user was created, but this unfortunately did not fix the problem. Any ideas?

I would be grateful if somebody could help, as this has been preventing my new user from accessing important work-related files for over a month now.

Many thanks in advance!

dhuyvetter · October 4, 2017, 3:56pm

I just moved my Nextcloud installation from one server to another and am getting this error. I filled in old and new password to re-encrypt my files. Not sure where to start looking for a solution for this. Anyone would be able to shed some light on this?

Thumpermat · November 30, 2017, 2:33pm

This issue is still there in Nextcloud 12.0.3.

Any ETA to solve it ?

AndyXheli · December 3, 2017, 7:23pm

@jospoortvliet I’m getting this error also, but its when I try to open a file up when i’m under Impersonate user. My account is an admin account I go under user then impersonate then I click on the file that I want to view and can’t view it then i choked the server logs and I get the below error.

Sabre\DAV\Exception\ServiceUnavailable: Encryption not ready: multikeydecrypt with share key failed:error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error

tflidd · December 3, 2017, 9:23pm

It’s better to file a bug report on https://github.com/nextcloud/server/issues since you got this error independently. Earlier it was required to reshare files to a group when a new user is added, but that might have changed and the error message is not clear (if there would be any action required from your side).

hostingnuggets · December 3, 2017, 9:51pm

@tflidd unfortunately not you still need to re-share files/folders when a new user is added. This is really annoying especially when you have a large fluctuation of users.

jospoortvliet · January 10, 2018, 6:39pm

If you use this in a company, I suggest to talk to sales/support about this - they might have solutions or can make sure something gets developed.

Alexe · January 3, 2023, 5:08pm

I had the same issue but for me simply activation of LDAP user and group backend in Apps helped