Apache2 401 error using iOS-Devices to sync calendar or contacts

Hello everybody,

I have a question in which I’ve been biting my teeth for some time.
I always get notified via the Fail2Ban protocol that there are authorization problems.

Excerpt from the Fail2Ban log for a whole day for error 401
(I replaced the usernames with User1 / User2):

401 Unauthorized
/remote.php/dav/principals/users/User1/: 53 Time(s)
/remote.php/dav/calendars/User1/: 45 Time(s)
/remote.php/dav/principals/users/User2/: 27 Time(s)
/remote.php/dav/addressbooks/users/User1/contacts/: 22 Time(s)
/remote.php/dav/calendars/User2/: 13 Time(s)

 /remote.php/dav/principals/users/: 4 Time(s)
 /remote.php/dav/addressbooks/users/User1/: 1 Time(s)
 /remote.php/dav/calendars/User2/inbox/: 1 Time(s)
 /remote.php/dav/calendars/User1/inbox/: 1 Time(s)
 /remote.php/dav/calendars/User1/personal/ ... 11545F6302C.ics: 1 Time(s)

I suspect that it is the DAV protocol, with which I sync the calendars and contacts on various iOS devices.
I’ve turned on two-factoring and assigned an App-PW for each app.
The Sync also works satisfactorily, I just can not explain the error messages.
In the relevant forums I have already searched, but I have come to no success.

It seems that if an iOS device wants to sync, it will be rejected first and will be accepted by the server on the second try ?!
I read this live in the log /var/log/apache2/nextcloud-access.log.

Some lines of /var/log/apache2/nextcloud-access.log:

XX.XXX.XXX.XXX - - [21/Aug/2019:08:26:10 +0200] “PROPFIND /remote.php/dav/principals/users/USER1/ HTTP/1.1” 401 5847 “-” “iOS/12.4 (16G77) dataaccessd/1.0”

XX.XXX.XXX.XXX - - [21/Aug/2019:08:26:11 +0200] “REPORT /remote.php/dav/principals/users/ HTTP/1.1” 401 1290 “-” “iOS/12.4 (16G77) dataaccessd/1.0”

XX.XXX.XXX.XXX - - [21/Aug/2019:08:26:11 +0200] “PROPFIND /remote.php/dav/calendars/User1/ HTTP/1.1” 401 1290 “-” “iOS/12.4 (16G77) dataaccessd/1.0”

My setup:
Nextcloud version 16.0.4.1
Operating system and version Ubuntu 18.04 LTS)
Apache/2.4.41 (Ubuntu)
PHP version 7.3.8

I have already suspected http2 and have disabled it - unfortunately without success.
Any ideas? I hope you can help me.

RoadrunnerBSE

One additional bit of troubleshooting I’d do in this case would be to try whitelisting the current IP of the device (you can do this by installing the Brute Force Settings app), and see if Fail2Ban still logs more failures. This would tell you if there’s a different (presumably iOS) device trying to connect, or if there might be something wrong with Fail2Ban.