Windows 10 and WebDAV access

ℹ️ Support
1

Hi everybody!

Nextcloud version (eg, 10.0.2): 11.0.1
Operating system and version (eg, Ubuntu 16.04): Debian GNU/Linux 8 (jessie)
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.10-10+deb8u7
PHP version (eg, 5.6): 5.6.30+dfsg-0+deb8u1
Is this the first time you’ve seen this error and can you replicate it?: Error occurs across different installed instances.

The issue you are facing:
I try to access accounts via WebDAV [edit] via “map network drive” in Windows 10[/edit] but the file list is empty (connection, that is login, works fine [edit]- not with Windows but with Dolphin on KDE[edit]). This happens only with users with special characters in their names which are created locally in the Nextcloud instance and with users which are stored in LDAP and connected to via “LDAP user and group backend” (I use usernames like “name@domain.tld” there).
When I use a local user without special characters (especially: no blank in the name) or use the UUID of an LDAP-user for WebDAV connection I can connect and show my files.
Login via web works fine with the “special character names”.

The output of your Nextcloud log in Admin > Logging:
Nothing remarkable.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php $CONFIG = array ( 'instanceid' => 'SOME_ID', 'passwordsalt' => 'SALT', 'secret' => 'SECRET', 'trusted_domains' => array ( 0 => 'cloud.DOMAIN.TLD', ), 'datadirectory' => '/var/www/clients/clientX/webY/private/owncloud-data', 'overwrite.cli.url' => 'https://cloud.DOMAIN.TLD', 'dbtype' => 'mysql', 'version' => '11.0.1.2', 'dbname' => 'cX_cloud', 'dbhost' => 'localhost', 'dbtableprefix' => 'oc_', 'dbuser' => 'cX_cloud', 'dbpassword' => 'PASSWORD', 'installed' => true, 'forcessl' => true, 'forceSSLforSubdomains' => true, 'ldapIgnoreNamingRules' => false, 'loglevel' => 2, 'maintenance' => false, 'trashbin_retention_obligation' => 'auto', 'theme' => '', 'htaccess.RewriteBase' => '/', 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory', ); The output of your Apache/nginx/system log in `/var/log/____`: Nothin special there either... Thanks in advance! Andreas
2

Hi again.

I drilled into the problem some more and I have to specify some things (therefore I edited my original post, too). Probably the problems exist since my upgrade from NC 9 to NC 11 a few days ago - unfortunately I’m not 100% sure about the exact time the problems started.

As I said in my initial post I use the LDAP-connector to login/authenticate my users. When using LDAP, your users have (1) the login name (FIRST.LAST@DOMAIN.TLD with my setup), (2) their name shown (FIRST LAST in this setup) and (3) a UUID shown in the admin user manager as “name”.

I did some testing logging in and viewing files using the different names given a single user - the results look like this:

Weblogin
(1) FIRST.LAST@DOMAIN.TLD works ok
(2) FIRST LAST works ok
(3) UUID does not work

WebDAV access via Dolphin file browser on GNU/Linux/KDE and application “Cyberduck” on Windows 10 - log in name
(1) FIRST.LAST@DOMAIN.TLD works ok
(2) FIRST LAST works ok
(3) UUID does not work

WebDAV access via Dolphin file browser on GNU/Linux/KDE and application “Cyberduck” on Windows 10 - usage in https://cloud.DOMAIN.TLD/remote.php/dav/files/USERNAME/ as USERNAME
(1) FIRST.LAST@DOMAIN.TLD does not work
(2) FIRST LAST does not work
(3) UUID works ok

What did work in the past and repeatable not any more
Using https://cloud.DOMAIN.TLD/remote.php/dav/files/FIRST.LAST@DOMAIN.TLD/ as target for mapping a drive letter in Windows Explorer on Windows 10 and using FIRST.LAST@DOMAIN.TLD as login name for this. Windows Explorer keeps asking me for username and password repeatedly.

But for the users this was the by far easiest method to access their files…

It would be great if somebody had an idea about this. Thanks!

3

And again, I found some more information:

After finding that I have to manuably enable the service “WebClient” in Windows the Explorer starts to ask for credentials. But unfortunately I can give them several times but it keeps asking.

During this procedure I see the following log:

cloud.DOMAIN.TLD:80 85.212.XX.YY - - [21/Feb/2017:19:05:56 +0100] "OPTIONS / HTTP/1.1" 302 599 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:443 85.212.XX.YY - - [21/Feb/2017:19:05:56 +0100] "OPTIONS / HTTP/1.1" 302 5226 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:443 85.212.XX.YY - - [21/Feb/2017:19:05:56 +0100] "OPTIONS /login HTTP/1.1" 405 951 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:80 85.212.XX.YY - - [21/Feb/2017:19:05:56 +0100] "PROPFIND /remote.php/dav/files/test HTTP/1.1" 302 648 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:443 85.212.XX.YY - - [21/Feb/2017:19:05:56 +0100] "PROPFIND /remote.php/dav/files/test HTTP/1.1" 401 1309 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:80 85.212.XX.YY - - [21/Feb/2017:19:06:04 +0100] "OPTIONS /remote.php/dav/files/test HTTP/1.1" 302 649 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:443 85.212.XX.YY - - [21/Feb/2017:19:06:04 +0100] "OPTIONS /remote.php/dav/files/test HTTP/1.1" 401 5536 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:443 85.212.XX.YY - - [21/Feb/2017:19:06:04 +0100] "OPTIONS /remote.php/dav/files/test HTTP/1.1" 401 1309 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:443 85.212.XX.YY - - [21/Feb/2017:19:06:04 +0100] "OPTIONS /remote.php/dav/files/test HTTP/1.1" 401 1309 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:443 85.212.XX.YY - - [21/Feb/2017:19:06:04 +0100] "OPTIONS /remote.php/dav/files/test HTTP/1.1" 401 1309 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:80 85.212.XX.YY - - [21/Feb/2017:19:06:18 +0100] "OPTIONS /remote.php/dav/files/test HTTP/1.1" 302 649 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:443 85.212.XX.YY - - [21/Feb/2017:19:06:18 +0100] "OPTIONS /remote.php/dav/files/test HTTP/1.1" 401 5536 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:443 85.212.XX.YY - - [21/Feb/2017:19:06:18 +0100] "OPTIONS /remote.php/dav/files/test HTTP/1.1" 401 1309 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:443 85.212.XX.YY - - [21/Feb/2017:19:06:18 +0100] "OPTIONS /remote.php/dav/files/test HTTP/1.1" 401 1309 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"
cloud.DOMAIN.TLD:443 85.212.XX.YY - - [21/Feb/2017:19:06:18 +0100] "OPTIONS /remote.php/dav/files/test HTTP/1.1" 401 1309 "-" "Microsoft-WebDAV-MiniRedir/10.0.14393"

So something fails while logging in?! Or what does the HTTP 405 accessing /login mean? Username and password are validated to work with Dolphin and with weblogin.

4

Sorry, nobody with any idea?

5

What about debug log of Nextcloud instance? :slight_smile:

6

Thanks for asking!

In the log accessible via the admin menu I see multiple ocurences of the following messages. But all of these do not occur at the moment of trying to access the instance via webdav.

...
Warning	core	Trusted domain error. "208.93.XX.YY" tried to access using "148.251.AA.BB" as host.
...
Error	PHP	Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. at Unknown#0
...
Error	PHP	Unsupported operand types at /var/www/clients/clientX/webY/web/3rdparty/sabre/uri/lib/functions.php#205
...

So I doubt that they are relevant for my problem?!

Do I find another log elsewhere?

7

Well, after a fair number of more hours of digging around I found the “solution”:

After some update of Windows 10 it does not send any authentication header with the requests any more (I tried the different documented registry hacks altogehther). I did a tcpdump on the packets and with this it’s obvious that Windows does not try to authenticate which in the end leads to the server not allowing access - as it should.

What’s strange is that this did not occur from the start with an older Windows 10 and an older instance of ownCloud but “only” with the latest release of Windows 10 and Nextcloud.

The solution is to use a non native WebDAV-client on Windows as the “Microsoft-WebDAV-MiniRedir/10.0.14393” is defunct for basic-authentication now.

For me this issue is “solved” with this finding although it’s ridiculous that Microsoft does not manage to deliver a working client…

8

Perhaps you should report this problem to them. You paid money for this product…

9

Hi nextcloud Team

we have the same problem access to webdav is not working since update to NC V11.

Any bug tracking information here arround?

best regards

ennio

10

Probably I should. But as far as I have experienced it their community is by far not as helpful or technically profound as this one or quite some other free software/open source ones… :wink:

Thanks everybody for the good work!

11

I’ve written a blog on my Facebook page recently (yes I know privacy - but I need it for advertising). This seems a well known “feature” of Windows 7 and later on. Microsoft (Here: WebClient Component) simply does not comply with RFCs from my point of view.

https://www.facebook.com/notes/jakobssystems/windows-fit-fürs-internet/1431970356867839

12

I got a solution for me.

I choose “Add network map” and added the URL in there. Select the Option for other credentials. Type username and app-password and hit “Ok”. Now i have a netdrive with direct access to the files.

The only preconfiguration on the client i did was to import my self-signed certificat into the client system. (I did this before, i dont know if it works without - didnt test it.)

Client OS: Windows 10 uptodate
Server OS: Debian 8.8
Nextcloud Version: 12.0
Apache: 2.4.10

Hope this will help somebody.