Support intro
Sorry to hear you’re facing problems. 
The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.
If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.
Getting help
In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.
Before clicking submit: Please check if your query is already addressed via the following resources:
- Official documentation (searchable and regularly updated)
- How to topics and FAQs
- Forum search
(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).
The Basics
- Nextcloud Server version (e.g., 29.x.x):
33.0.0
- Operating system and version (e.g., Ubuntu 24.04):
Ubuntu24.04.4 LTS
- Web server and version (e.g, Apache 2.4.25):
I dont know, it was in the docker image I guess
- Reverse proxy and version _(e.g. nginx 1.27.2)
nginx rpm (installed on an extra server)
- PHP version (e.g, 8.3):
- 8.4.18
- Is this the first time you’ve seen this error? (Yes / No):
Yes, its a fresh installation
- When did this problem seem to first start?
As soon I tried to connect the MacBook via CalDav
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
No
Summary of the issue you are facing:
When I try to connect to my Nextcloud via CalDAV from my MacBook, I get the following error message on the MacBook:
“Unable to verify account name or password.”
In the file /config/data/nextcloud.log, I see the following entries:
- “HMAC does not match.”
- “Could not decrypt or decode encrypted session data.”
On my iPhone, however, I can connect without any problems.
Steps to replicate it:
-
Add CalDav Account in MacBook
-
Change to Manuell Mode
-
Insert Username, Password and nc..de/remote.php/dav/principals/users/<Name/. As said before, on my iPhone its working fine like that.
Log entries
Nextcloud
nextcloud.log
{
"reqId": "0I2ncYuv8Rcxdkd9KvBD",
"level": 3,
"time": "2026-03-01T13:17:51+00:00",
"remoteAddr": "<IP>",
"user": "--",
"app": "core",
"method": "PROPFIND",
"url": "/remote.php/dav/principals/users/<Name>//",
"scriptName": "/remote.php",
"message": "Could not decrypt or decode encrypted session data",
"userAgent": "macOS/14.0 (23A344) accountsd/1.0",
"version": "33.0.0.16",
"exception": {
"Exception": "Exception",
"Message": "HMAC does not match.",
"Code": 0,
"Trace": [
{
"file": "/var/www/html/lib/private/Security/Crypto.php",
"line": 98,
"function": "decryptWithoutSecret",
"class": "OC\\Security\\Crypto",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/html/lib/private/Session/CryptoSessionData.php",
"line": 70,
"function": "decrypt",
"class": "OC\\Security\\Crypto",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/html/lib/private/Session/CryptoSessionData.php",
"line": 47,
"function": "initializeSession",
"class": "OC\\Session\\CryptoSessionData",
"type": "->",
"args": []
},
{
"file": "/var/www/html/lib/private/Session/CryptoWrapper.php",
"line": 75,
"function": "__construct",
"class": "OC\\Session\\CryptoSessionData",
"type": "->",
"args": [
{
"__class__": "OC\\Session\\Internal"
},
{
"__class__": "OC\\Security\\Crypto"
},
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/html/lib/base.php",
"line": 450,
"function": "wrapSession",
"class": "OC\\Session\\CryptoWrapper",
"type": "->",
"args": [
{
"__class__": "OC\\Session\\Internal"
}
]
},
{
"file": "/var/www/html/lib/base.php",
"line": 763,
"function": "initSession",
"class": "OC",
"type": "::",
"args": []
},
{
"file": "/var/www/html/lib/base.php",
"line": 1286,
"function": "init",
"class": "OC",
"type": "::",
"args": []
},
{
"file": "/var/www/html/remote.php",
"line": 97,
"args": [
"/var/www/html/lib/base.php"
],
"function": "require_once"
}
],
"File": "/var/www/html/lib/private/Security/Crypto.php",
"Line": 162,
"message": "Could not decrypt or decode encrypted session data",
"exception": "{\"class\":\"Exception\",\"message\":\"HMAC does not match.\",\"code\":0,\"file\":\"/var/www/html/lib/private/Security/Crypto.php:162\",\"trace\":\"#0 /var/www/html/lib/private/Security/Crypto.php(98): OC\\\\Security\\\\Crypto->decryptWithoutSecret('d87db512aabe15f...', 'u3L0+qe4cVuKJ9J...')\\n#1 /var/www/html/lib/private/Session/CryptoSessionData.php(70): OC\\\\Security\\\\Crypto->decrypt('d87db512aabe15f...', 'u3L0+qe4cVuKJ9J...')\\n#2 /var/www/html/lib/private/Session/CryptoSessionData.php(47): OC\\\\Session\\\\CryptoSessionData->initializeSession()\\n#3 /var/www/html/lib/private/Session/CryptoWrapper.php(75): OC\\\\Session\\\\CryptoSessionData->__construct(Object(OC\\\\Session\\\\Internal), Object(OC\\\\Security\\\\Crypto), 'u3L0+qe4cVuKJ9J...')\\n#4 /var/www/html/lib/base.php(450): OC\\\\Session\\\\CryptoWrapper->wrapSession(Object(OC\\\\Session\\\\Internal))\\n#5 /var/www/html/lib/base.php(763): OC::initSession()\\n#6 /var/www/html/lib/base.php(1286): OC::init()\\n#7 /var/www/html/remote.php(97): require_once('/var/www/html/l...')\\n#8 {main}\"}"
},
"CustomMessage": "Could not decrypt or decode encrypted session data"
}
Docker Compose
My docker-compose.yml:
version: '3.8'
services:
mariadb:
image: docker.io/mariadb:latest
container_name: nextcloud_mariadb
environment:
MYSQL_ROOT_PASSWORD: <Password>
MYSQL_DATABASE: <Name>
MYSQL_USER: <Name>
MYSQL_PASSWORD: <Password>
volumes:
- ./nextcloud/db:/var/lib/mysql
restart: unless-stopped
nextcloud:
image: docker.io/nextcloud:latest
container_name: nextcloud
environment:
MYSQL_DATABASE: <Name>
MYSQL_USER: <Name>
MYSQL_PASSWORD: <Password>
MYSQL_HOST: mariadb
NEXTCLOUD_TRUSTED_DOMAINS: <mydomain>.de
NEXTCLOUD_TRUSTED_PROXIES: <IP>
depends_on:
- mariadb
volumes:
- ./nextcloud/config:/var/www/html
ports:
- "80:80"
restart: unless-stopped
Configuration
Nextcloud
config.php
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'upgrade.disable-web' => true,
'instanceid' => 'ocv7tfqacg7o',
'passwordsalt' => '<Secret>',
'secret' => '<Secret>',
'trusted_domains' =>
array (
0 => 'nc.<mydomain>.de',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '33.0.0.16',
'trusted_proxies' =>
array (
0 => '192.168.42.12',
),
'overwritehost' => 'nc.<mydomain>.de',
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://nc.<mydomain>.de',
'dbname' => 'nextcloud',
'dbhost' => '<Host>',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => '<Password>',
'installed' => true,
'config_preset' => 2,
'mail_domain' => '<mydomain>.de',
'mail_smtpmode' => 'smtp',
'mail_smtphost' => '<Domain>',
'mail_smtpport' => '587',
'mail_sendmailmode' => 'smtp',
'mail_smtpstreamoptions' =>
array (
'ssl' =>
array (
'allow_self_signed' => false,
'verify_peer' => true,
'verify_peer_name' => true,
),
),
'mail_smtppassword' => '<Password>',
'mail_smtpname' => '<Name>',
'mail_smtpauth' => true,
'mail_from_address' => 'noreply',
'forbidden_filename_basenames' =>
array (
0 => 'con',
1 => 'prn',
2 => 'aux',
3 => 'nul',
4 => 'com0',
5 => 'com1',
6 => 'com2',
7 => 'com3',
8 => 'com4',
9 => 'com5',
10 => 'com6',
11 => 'com7',
12 => 'com8',
13 => 'com9',
14 => 'com¹',
15 => 'com²',
16 => 'com³',
17 => 'lpt0',
18 => 'lpt1',
19 => 'lpt2',
20 => 'lpt3',
21 => 'lpt4',
22 => 'lpt5',
23 => 'lpt6',
24 => 'lpt7',
25 => 'lpt8',
26 => 'lpt9',
27 => 'lpt¹',
28 => 'lpt²',
29 => 'lpt³',
),
'forbidden_filename_characters' =>
array (
0 => '<',
1 => '>',
2 => ':',
3 => '"',
4 => '|',
5 => '?',
6 => '*',
7 => '\\',
8 => '/',
),
'forbidden_filename_extensions' =>
array (
0 => ' ',
1 => '.',
2 => '.filepart',
3 => '.part',
),
'twofactor_enforced' => 'true',
'twofactor_enforced_groups' =>
array (
),
'twofactor_enforced_excluded_groups' =>
array (
),
);
Nginx RPM
The config of the proxy_host, used by nextcloud.
map $scheme $hsts_header {
https "max-age=63072000; preload";
}
server {
set $forward_scheme http;
set $server "123.456.789.123";
set $port 80;
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
server_name nc.<mydomain>.de;
http2 on;
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-cache.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/<mydomain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<mydomain>/privkey.pem;
# Block Exploits
include conf.d/include/block-exploits.conf;
# Force SSL
include conf.d/include/force-ssl.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
access_log /data/logs/proxy-host-5_access.log proxy;
error_log /data/logs/proxy-host-5_error.log warn;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_connect_timeout 360;
proxy_send_timeout 360;
proxy_read_timeout 360;
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
# Proxy!
include conf.d/include/proxy.conf;
}
# Custom
include /data/nginx/custom/server_proxy[.]conf;
}