Contact/Calendar not working with iOS/MacOS

alexp · October 23, 2016, 3:59pm

Hello all,

I’ve install Nextcloud recently, everything is working fine except that I can’t sync my computer/phone with the Nextcloud Calendar/Contact. When I add a new CalDav Account, I have the following error message: “Unable to verify account name or password”. I know there have been some problems in the past, I read this: https://github.com/owncloudarchive/contacts/issues/1058
and try to apply the following fix: https://docs.nextcloud.com/server/9/admin_manual/issues/general_troubleshooting.html#troubleshooting-contacts-calendar

But nothing is working.

Here is the output of the following command: curl -k -i https://SERVERNAME.com/.well-known/carddav

HTTP/1.1 301 Moved Permanently
Date: Sun, 23 Oct 2016 15:52:33 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Location: https://SERVERNAME.com/nextcloud/remote.php/dav
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://SERVERNAME.com/nextcloud/remote.php/dav">here</a>.</p>
</body></html>

In browser, I get this: “This is the WebDAV interface. It can only be accessed by WebDAV clients such as the ownCloud desktop sync client.”

macOS Sierra 10.12
Nextcloud 10

Thanks for your help

anon58843897 · October 23, 2016, 5:22pm

Can you try using the IOS/OS X address as defined under the calendar settings?

accolon · October 23, 2016, 6:13pm

Can you access this URL with your browser? On my server, it asks for my credentials and then shows an XML file.

alexp · October 24, 2016, 9:37pm

Thank you both for your reply.

@grouchysysadmin: With and without the .htaccess file in the root folder, I still get the same error message (https://SERVERNAME.com/nextcloud/remote.php/dav/principals/users/alex/ in Server Address)

@accolon: With and without the .htaccess file in the root folder, it displays:

This is the WebDAV interface. It can only be accessed by WebDAV clients such as the ownCloud desktop sync client.

stratacast · October 25, 2016, 5:01am

I have the contacts/calendar syncing fine with iOS but not with macOS. For macOS my only option was to use cyberduck for WebDAV, otherwise the sync client works like a charm.

As for CalDAV/CardDAV, for CalDAV are you using the provided iOS address and not the primary one? That link worked for me with Nextcloud 10 and iOS 10. And with CardDAV, I had to download the .vcf file of all my contacts from my icloud account and upload that .vcf file to my Nextcloud server directly for it to start doing CardDAV properly with my iPhone and other computers

I don’t think I ever got CalDAV/CardDAV properly working with macOS. That was one contributing factor in me ditching macOS for full time Linux (among other reasons for needing Linux on the go)

alexp · October 25, 2016, 9:03pm

@stratacast : Thank you for your message. Yes I’ve tried using the iOS address provided but still does not work neither on iOS or MacOS…

Do you have Nextcloud installed on a subfolder ? Like /servername.com/nextcloud ? Or it’s in the root ?

alexp · October 27, 2016, 8:41pm

Guys, anyone who can help ?

tflidd · October 28, 2016, 7:42am

It seems you have found the right parts of the documentation so it should work. There are perhaps other issues with your *dav-interface. Can you connect to caldav with a different software (not on apple devices)?

Can you also check your access and error-log of your webserver and check which URLs are actually requested by your apple device?

alexp · October 29, 2016, 5:11pm

@tflidd: Thank you very much for your reply. I looked at the log and here is what’s happening when I try to set up an account using my Mac.

For these tests, I have strictly apply the doc, that is: creating the .htaccess in /var/www/html with the following content

Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav
and using https://servername.com as “Server Address” (in Mac dialog box)

Here is what is happening in the different logs (when I try to set up a CalDAV account on my Mac):

/var/log/apache2/access.log :

CLIENT_IP - - [29/Oct/2016:18:54:09 +0200] "PROPFIND /.well-known/caldav HTTP/1.1" 301 3665 "-" "Mac+OS+X/10.12 (16A323) accountsd/113"
CLIENT_IP - - [29/Oct/2016:18:54:09 +0200] "PROPFIND /.well-known/caldav HTTP/1.1" 301 3665 "-" "Mac+OS+X/10.12 (16A323) accountsd/113"
CLIENT_IP - - [29/Oct/2016:18:54:09 +0200] "PROPFIND /nextcloud/remote.php/dav HTTP/1.1" 401 1717 "-" "Mac+OS+X/10.12 (16A323) accountsd/113"
CLIENT_IP - - [29/Oct/2016:18:54:19 +0200] "PROPFIND / HTTP/1.1" 405 734 "-" "Mac+OS+X/10.12 (16A323) accountsd/113"
CLIENT_IP - - [29/Oct/2016:18:54:19 +0200] "PROPFIND /caldav/v2 HTTP/1.1" 405 605 "-" "Mac+OS+X/10.12 (16A323) accountsd/113"
CLIENT_IP - - [29/Oct/2016:18:54:19 +0200] "PROPFIND /principals/users/USERNAME/ HTTP/1.1" 405 618 "-" "Mac+OS+X/10.12 (16A323) accountsd/113"
CLIENT_IP - - [29/Oct/2016:18:54:19 +0200] "PROPFIND /principals/ HTTP/1.1" 405 607 "-" "Mac+OS+X/10.12 (16A323) accountsd/113"
CLIENT_IP - - [29/Oct/2016:18:54:19 +0200] "PROPFIND /dav/principals/ HTTP/1.1" 405 611 "-" "Mac+OS+X/10.12 (16A323) accountsd/113"
CLIENT_IP - USERNAME [29/Oct/2016:18:54:09 +0200] "PROPFIND /nextcloud/remote.php/dav HTTP/1.1" 207 2287 "-" "Mac+OS+X/10.12 (16A323) accountsd/113"

/nextcloud_data/nextcloud.log :

{"reqId":"WBTUMX8AAQEAADQ4S@MAAAAA","remoteAddr":"CLIENT_IP","app":"webdav","message":"Exception: {\"Message\":\"HTTP\\\/1.1 401 No 'Authorization: Basic' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is mis-configured\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotAuthenticated\",\"Code\":0,\"Trace\":\"#0 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#1 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#2 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(446): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#3 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#4 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/dav\\\/lib\\\/Server.php(184): Sabre\\\\DAV\\\\Server->exec()\\n#5 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(30): OCA\\\\DAV\\\\Server->exec()\\n#6 \\\/var\\\/www\\\/nextcloud\\\/remote.php(165): require_once('\\\/var\\\/www\\\/nextcl...')\\n#7 {main}\",\"File\":\"\\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php\",\"Line\":188,\"User\":false}","level":0,"time":"2016-10-29T16:54:09+00:00","method":"PROPFIND","url":"\/nextcloud\/remote.php\/dav","user":"--"}
{"reqId":"WBTUMX8AAQEAADQ4S@QAAAAA","remoteAddr":"CLIENT_IP","app":"admin_audit","message":"Login attempt: \"USERNAME\"","level":1,"time":"2016-10-29T16:54:35+00:00","method":"PROPFIND","url":"\/nextcloud\/remote.php\/dav","user":"--"}
{"reqId":"WBTUMX8AAQEAADQ4S@QAAAAA","remoteAddr":"CLIENT_IP","app":"admin_audit","message":"Login successful: \"USERNAME\"","level":1,"time":"2016-10-29T16:54:35+00:00","method":"PROPFIND","url":"\/nextcloud\/remote.php\/dav","user":"USERNAME"}

/var/log/apache2/modsec_audit.log :

--46da5e14-A--
[29/Oct/2016:18:54:19 +0200] WBTUO38AAQEAACvnl@IAAAAM CLIENT_IP 50469 SERVER_IP 443
--46da5e14-B--
PROPFIND /dav/principals/ HTTP/1.1
Host: SERVER_NAME.com
Content-Type: text/xml
Depth: 0
Brief: t
Accept: */*
Connection: keep-alive
Prefer: return=minimal
User-Agent: Mac+OS+X/10.12 (16A323) accountsd/113
Content-Length: 181
Accept-Language: en-gb
Accept-Encoding: gzip, deflate

--46da5e14-F--
HTTP/1.1 405 Method Not Allowed
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
Allow: GET,HEAD,POST,OPTIONS
Content-Length: 241
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

--46da5e14-E--
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method PROPFIND is not allowed for the URL /dav/principals/.</p>
</body></html>

--46da5e14-H--
Stopwatch: 1477760059807114 2758 (- - -)
Stopwatch2: 1477760059807114 2758; combined=64, p1=42, p2=15, p3=1, p4=0, p5=6, sr=0, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/).
Server: Apache
Engine-Mode: "ENABLED"

--46da5e14-Z--

/var/log/apache2/error.log :

[Sat Oct 29 19:03:39.658666 2016] [autoindex:error] [pid 10358] [client CLIENT_IP:50837] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
[Sat Oct 29 19:03:42.678102 2016] [autoindex:error] [pid 10191] [client CLIENT_IP 0:50838] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive

It seems that the problem is coming from modsec but I’m not really sure how to solve it…

tflidd · October 29, 2016, 5:44pm

This looks like being the issue. Can you just disable mod_security completely if you manage to sync the mac devices? If it works, you’ll have to adopt your mod_security ruleset to nextcloud, e.g. you probably want to allow PROPFIND for the nextcloud-urls. Not sure if there is a working example of recommended mod_security rules.

alexp · October 30, 2016, 10:51am

Thank you very much @tflidd . It was effectively the problem. Instead of completely disable mod_security, I’ve added the following to /etc/apache2/sites-available/000-default.conf:

<Directory "/dav/principals/">
        <IfModule security2_module>
            SecRuleEngine Off
        </IfModule>
   </Directory>

It all works fine now.

Thank again

tflidd · October 30, 2016, 11:55am

If you encounter problems with the nextcloud client or direct webdav-access, keep in mind you are using mod_security that could cause problems.

alaeschaik · October 29, 2017, 10:47pm

For me it worked to use the advanced option:
Untitled

In my case, I have installed nextcloud in a subdirectory, therefore I have /nextcloud; If you installed it in the root directory leave the /nextcloud.

rudi48 · June 28, 2019, 5:57pm

In case you are running NextCloud with a local network address,
iOS does no longer allow a DAV synch.

Note: The in house server does have a Let’s Encrypte certificate.

Unfortunately you do not see an error message.

Solution:
Select in iOS: Properties->Passwords&Accounts->Account (e.g. CalDAV)->Extended properties.
Acuate the SSL-switch OFF and ON, then go back.
The account connection is checked and an error message is shown,
telling the SSL certificate is not valid, and if you regardless want to trust it.

Click on “trust”, and your DAV synch will work again.