Desktop client randomly disconnects and renders its app password unusable

Hallo,

I am using a nextcloud instance (grafis.sch.gr) provided by the Greek ministry of education to students, teachers and schools. I am afraid I have no access to the server (logs, options, install method etc). Nextcloud version is 30.0.7.2.

As a school we are using desktop clients on 5-6 machines - some running windows and some linux. We are also accesing the instance through the android app and use it for carddav syncing (via caldavsynchroniser and vdirsyncer).

All clients use app passwords. The desktop clients in both windows and linux stop connecting at random intervals (anything from a week to a few hours) and have to be re-authorized with a new app password. The old app password still shows up in the web interface and appears fine but it is unusable. This only happens with app passwords used by the desktop clients (all latest versions 3.17).

In the latest logout the client logs showed:

“Server replied “404 Not Found” to "POST https://url-redacted/index.php/login/v2/poll”

just before disconnecting.

I also have a personal account on the same provider where I only use one desktop client (on one machine the same client connects to both accounts). This has no problem whatsoever.

Hello @shortmanikos,

welcome to the Nextcloud community!

I can’t recall such issue in my own installations and also not in the forum.

please share more of your logs.

IMO this is related to a login, so likely the logs happened after the disconnect.

Please explain this in more details - does it mean users who hit the problem setup accounts in a different way?

Hello,

I’ve actually been self hosting Nextcloud since late 2016 … and I’ve never had any issue with my own installations. In the forums I ’ve seen similar issues posted:

(unresolved)

(I hope my issue is also a caching issue - but I do not run the server, so I cannot verify)

I just obtained a more useful log:

25-10-14 17:11:01:028 \[ info gui.scheduler.syncscheduler \]:     Sync finished for “/…./Network/owncloud-grafis-epal/” with status OCC::SyncResult::Success
25-10-14 17:11:09:814 \[ info sync.networkjob \]: Created OCC::JsonApiJob(OCC::Account(“user@grafis.sch.gr”), “https://grafis.sch.gr/ocs/v2.php/apps/notifications/api/v1/notifications?format=json”, “GET”, Original-Request-ID: “cac887a9-6f33-42ad-b586-297ed20b9885”, X-Request-ID: “cac887a9-6f33-42ad-b586-297ed20b9885”) for OCC::ServerNotificationHandler(0x5a6f8f0)
25-10-14 17:11:09:815 \[ info sync.networkjob \]: Created OCC::RequestEtagJob(OCC::Account(“user@grafis.sch.gr”), “https://grafis.sch.gr/remote.php/dav/files/user/”, “PROPFIND”, Original-Request-ID: “81c696ef-a182-4148-8fbf-42b68a67dc1d”, X-Request-ID: “81c696ef-a182-4148-8fbf-
42b68a67dc1d”) for OCC::Folder(0x51dc310)
25-10-14 17:11:10:490 \[ info sync.networkjob.propfind \]:        LSCOL of QUrl(“https://grafis.sch.gr/remote.php/dav/files/user/”) FINISHED
WITH STATUS “OK”
25-10-14 17:11:59:793 \[ info gui.account.state \]:       checkConnectivity blocking: false “user@grafis.sch.gr”
25-10-14 17:11:59:794 \[ info sync.connectionvalidator \]:        No system proxy set by OS
25-10-14 17:12:00:593 \[ info sync.checkserverjob \]:     status.php returns:  QJsonDocument({“edition”:“”,“extendedSupport”:false,“installed”:true
,“maintenance”:false,“needsDbUpgrade”:false,“productname”:“Nextcloud”,“version”:“30.0.7.2”,“versionstring”:“30.0.7”})   QNetworkReply::NoError  Reply:  QNetworkReplyHttpImpl(0x5a63860)
25-10-14 17:12:00:593 \[ info sync.connectionvalidator \]:        \*\* Application: ownCloud found:  QUrl(“https://grafis.sch.gr/”)  with version  “3.0.0.7”
25-10-14 17:12:00:593 \[ info sync.networkjob \]: Created OCC::PropfindJob(OCC::Account(“user@grafis.sch.gr”), “https://grafis.sch.gr/remote.php/webdav/”, “PROPFIND”, Original-Request-ID: “a8c7c252-a1e0-406a-b540-45a615848250”, X-Request-ID: “a8c7c252-a1e0-406a-b540-45a615848250”) for
OCC::ConnectionValidator(0x50f8d40)
25-10-14 17:12:01:537 \[ warning sync.credentials.http \]:        Stop request: Authentication failed for  “https://grafis.sch.gr/remote.php/webdav/” “a8c7c252-a1e0-406a-b540-45a615848250”
25-10-14 17:12:01:543 \[ info sync.networkjob.propfind \]:        LSCOL of QUrl(“https://grafis.sch.gr/remote.php/webdav/”) FINISHED WITH STATUS “AuthenticationRequiredError, Host requires authentication”
25-10-14 17:12:01:543 \[ warning sync.connectionvalidator \]:     \*\*\*\*\*\*\*\* Password is wrong! QNetworkReply::AuthenticationRequiredError OCC::PropfindJob(OCC::Account(“user@grafis.sch.gr”), “https://grafis.sch.gr/remote.php/webdav/”, “PROPFIND”, Original-Request-ID: “a8c7c252-a1e0-406a-b540-45a615848250”, X-Request-ID: “a8c7c252-a1e0-406a-b540-45a615848250”, NetworkError: “Host requires authentication”)
25-10-14 17:12:01:543 \[ info gui.account.state \]:       AccountState connection status change:  OCC::ConnectionValidator::Connected → OCC::ConnectionValidator::CredentialsWrong
25-10-14 17:12:01:543 \[ info gui.account.state \]:       Invalid credentials for “https://grafis.sch.gr/”
25-10-14 17:12:01:543 \[ warning sync.credentials.http \]:        Invalidating the credentials
25-10-14 17:12:01:543 \[ info sync.account \]:    Clearing cookies

So at 17:11:01:028 a sync finishes successfully and after one minute that the client tries to reconnect but gets a Password is wrong!

As for the last part:

Please explain this in more details - does it mean users who hit the problem setup accounts in a different way?

the service provides accounts to all students, teachers and schools of Greece. There is no difference in the setup of these accounts. The Nextcloud instance doesn’t know if a user is a teacher or a school unit. I have a teacher account that works fine. The account of my school has the problem. The only difference I can think of is that I am not really using my personal account (I use a self-hosted nextcloud server) whereas the school account is much more active.

great, please post as plain text and mark as code (using 3 backticks before/after the block) for readability.

I’m not sure this is expected but I see the URL suddenly changes in the diddle from /remote.php/dav/ to /remote.php/webdav/ I don’0t have a reference now - maybe this is expected..

so you have 2 accounts on the same client and same server and only one has a problem?

Yes, as I’ve mentioned the only difference I can think of is usage - my personal account is only accessed by me. The server answers on the same url but I cannot guarantee that the server is the same machine for both accounts. The administrators of the service are watching this thread and maybe they can verify this.

The caching issue was rulled out. The server is configured as the docs suggest.

Auth is done via SSO. I have found a similar issue but the issue is marked as fixed.

In newer nextcloud versions once you log in via the web interface app passwords should work again. In my case this is not happening, once the app password invalidates, it remains unusable even after I log in.

I will setup a test instance with sso to try and reproduce on a personal server, so that I can see what is going on server side.

so this means the other account is shared with multiple persons/machines? please describe the setup with as many details as possible (like roaming profiles etc..) did you create a separate app password for each machine?

what kind of SSO?

I would really help if they not only watch but also help to resolve the problem.

On bug report:

a comment mentions:

I just faced both problems – forced reauthentication with both ownCloud and Nextcloud client and stuck on redirect with Nextcloud client. What solved this was simply unticking “Use SAML auth for the Nextcloud desktop clients (requires user re-authentication)” in the options for this plugin.

I will try and see if this option solves the issue (I cannot change that - it is up to the system admins)