Windows Desktop Client does no longer connect

📱 Desktop & mobile clients
, , , , , ,
1

Hello all,

I’m running Nextcloud 32.0.9.2 on an raspberrypi 4b with files on an attached USB drive. I use it primarely for sharing files between different windows 11 computers and with my android phone. Lately, I discovered that my main computer was raising errors when sharing files. Underlying reason was that a home automation server on the same raspberry went havoc and filled the complete filesystem.

However, after cleaning up the file system (I now have 76GB free on the 128GB main file system), the desktop client still refused to properly sync the files. So I stopped it and updated it to the version 33.0.3, which did not help. As one of the help/forum articles proposed to delete the synchronization and re-establish it, which I did.

After entering the URL to my nextcloud server, the client complained about my self-signed certificate, but offered to accept it anyhow - similarely to what I once got in the browser. But then I got stuck in several different ways (side note: I can login via the browser, so in the browser everything works):

  1. Either, the client says “Secure connection to xxx failed” with 3 options: different URL, try HTTP, configure clientside certificate.
  • different URL does not work: as my server is also available from the internet via selfhost.eu, I tried https://.selfhost.eu, which does also not work (it does in the browser), I tried https://.fritz.box in the LAN, which does not work (it does in the browser), I tried https:///, which does not work (it does in the browser). All 3 ways are configured as trusted_domains in config/config.php
  • HTTP does not work, as I enforced HTTPS already since 2016 - at least that’s where I could find my first certificate.
  • clientside certificate is interesting: I created a .p12 file with openssl, which for example is accepted by Android and by Windows (I imported it both as private certificate and as trusted certificate), but the dektop client dows just re-displays the “3 options dialog” after entering the password without any error message.
  • I checked several logfiles, neither the nextcloud.log file (whether checked directly or via the browser UI), nor the apache2 log files nor the system logfiles log any message when I try to connect via the windows client.
  1. Sometimes (very, very rare), I got the message to connect the client to the user account, with two buttons: copy link and open browser. However, none of them works :frowning:

So basically, I’m stuck. The Android App 33.1.0 just works flawlessly, the browser works, but my main work horse, the PC does not work.

Below are some systeminfo. I hope, someone has a good idea here, as I already spent 3 days on googling and trying.

Operating system: Linux 5.10.103-v8+ #1529 SMP PREEMPT Tue Mar 8 12:26:46 GMT 2022 aarch64

Webserver: Apache/2.4.65 (Raspbian) (apache2handler)

Database: mysql 11.8.3

PHP version: 8.2.30

Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, random, Reflection, SPL, session, standard, sodium, apache2handler, mysqlnd, PDO, xml, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, igbinary, imagick, intl, ldap, exif, mysqli, pdo_mysql, Phar, posix, readline, shmop, SimpleXML, smbclient, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, redis, libsmbclient, Zend OPcache

Nextcloud version: 32.0.9 - 32.0.9.2

Updated from an older Nextcloud/ownCloud or fresh install:

Where did you install Nextcloud from: unknown

<details>
<summary>Signing status</summary>
\[\]

</details>
<details>
<summary>List of activated apps</summary>
```
Enabled:
 - activity: 5.0.0
 - admin_audit: 1.22.0
 - bruteforcesettings: 5.0.0
 - calendar: 6.2.3
 - circles: 32.0.0
 - comments: 1.22.0
 - contacts: 8.3.9
 - contactsinteraction: 1.13.1
 - dashboard: 7.12.0
 - federation: 1.22.0
 - files_antivirus: 6.2.0
 - files_downloadlimit: 5.0.0
 - files_pdfviewer: 5.0.0
 - files_reminders: 1.5.0
 - files_sharing: 1.24.1
 - files_trashbin: 1.22.0
 - files_versions: 1.25.0
 - firstrunwizard: 5.0.0
 - forms: 5.2.7
 - geoblocker: 0.5.20
 - limit_login_to_ip: 4.3.0
 - logreader: 5.0.0
 - nextcloud_announcements: 4.0.0
 - notes: 5.0.0
 - notifications: 5.0.0
 - password_policy: 4.0.0
 - photos: 5.0.0
 - privacy: 4.0.0
 - recommendations: 5.0.0
 - related_resources: 3.0.0
 - serverinfo: 4.0.0
 - sharebymail: 1.22.0
 - support: 4.0.0
 - survey_client: 4.0.0
 - systemtags: 1.22.0
 - text: 6.0.2
 - twofactor_totp: 14.0.0
 - updatenotification: 1.22.0
 - user_status: 1.12.0
 - weather_status: 1.12.0
 - webhook_listeners: 1.3.0
Disabled:
 - announcementcenter: 7.3.0
 - app_api: 32.0.0
 - appointments: 2.6.2
 - auto_mail_accounts: 0.1.7
 - backup: 1.4.0
 - browser_warning: 1.0.0
 - camerarawpreviews: 0.8.8
 - carnet: 0.25.12
 - defaultlinkopen: 1.2.0
 - encryption
 - files_external
 - maps: 1.6.0
 - spreed: 22.0.8
 - suspicious_login
 - tasks: 0.17.1
 - twofactor_nextcloud_notification
 - user_ldap
 - whiteboard: 1.5.4
 - workflow_pdf_converter: 3.0.0
```

</details>
<details>
<summary>Configuration (config/config.php)</summary>
```
{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "***removed***.selfhost.eu",
        "***removed***.fritz.box",
        "***removed***",
        "localhost"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "overwrite.cli.url": "https:\/\/***removed***.selfhost.eu",
    "dbtype": "mysql",
    "version": "32.0.9.2",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "mysql.utf8mb4": true,
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "maintenance": false,
    "memcache.local": "\\OC\\Memcache\\APCu",
    "log_type": "file",
    "logtimezone": "Europe\/Berlin",
    "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
    "loglevel": 2,
    "log_authfailip": true,
    "theme": "",
    "twofactor_enforced": "false",
    "twofactor_enforced_groups": [
        "admin"
    ],
    "twofactor_enforced_excluded_groups": [],
    "has_rebuilt_cache": true,
    "updater.release.channel": "stable",
    "default_phone_region": "DE",
    "maintenance_window_start": 1,
    "app_install_overwrite": [
        "backup"
    ],
    "mail_smtpmode": "smtp",
    "mail_smtpsecure": "ssl",
    "mail_sendmailmode": "smtp",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpauth": true,
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "465",
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***"
}
```

</details>
Cron Configuration:

Mode: cron
Last: 2026-05-04T12:55:02+00:00 (55 seconds ago)

External storages: files_external is disabled

Encryption: no

User-backends:

* OC\\User\\Database

Subscription:

* No valid subscription key set

Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:150.0) Gecko/20100101 Firefox/150.0

[some information skipped]
## Phpinfo

<details>
<summary>apache2handler</summary>
```
{
    "Apache Version": "Apache/2.4.65 (Raspbian)",
    "Apache API Version": "20120211",
    "Server Administrator": "[no address given]",
    "Hostname:Port": "***removed***.selfhost.eu:0",
    "User/Group": "www-data(33)/33",
    "Max Requests": "Per Child: 0 - Keep Alive: on - Max Per Connection: 100",
    "Timeouts": "Connection: 300 - Keep-Alive: 5",
    "Virtual Server": "Yes",
    "Server Root": "/etc/apache2",
    "Loaded Modules": "core mod_so mod_watchdog http_core mod_log_config mod_logio mod_version mod_unixd mod_access_compat mod_alias mod_auth_basic mod_authn_core mod_authn_file mod_authz_core mod_authz_host mod_authz_user mod_autoindex mod_deflate mod_dir mod_env mod_filter mod_headers mod_mime prefork mod_negotiation mod_php mod_reqtimeout mod_rewrite mod_setenvif mod_socache_shmcb mod_ssl mod_status",
    "engine": {
        "local": "On",
        "master": "On"
    },
    "last_modified": {
        "local": "Off",
        "master": "Off"
    },
    "xbithack": {
        "local": "Off",
        "master": "Off"
    }
}
```

</details>
<details>
<summary>Apache Environment</summary>
```
{
    "HTTP_AUTHORIZATION": "no value",
    "HOME": "/var/www/nextcloud",
    "HTTP_HOME": "/var/www/nextcloud",
    "modHeadersAvailable": "true",
    "htaccessWorking": "true",
    "ap_trust_cgilike_cl": "no value",
    "HTTPS": "on",
    "SSL_TLS_SNI": "***removed***",
    "HTTP_HOST": "***removed***",
    "HTTP_USER_AGENT": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:150.0) Gecko/20100101 Firefox/150.0",
    "HTTP_ACCEPT": "*/*",
    "HTTP_ACCEPT_LANGUAGE": "de,en-US;q=0.9,en;q=0.8",
    "HTTP_ACCEPT_ENCODING": "gzip, deflate, br, zstd",
    "HTTP_X_REQUESTED_WITH": "XMLHttpRequest, XMLHttpRequest",
    "HTTP_REQUESTTOKEN": "lET+YuF5UnzrS72kB6RSNPtGTlk0x9NgIO5r8VVvRvg=:5jOqVoI0YT+qJtbBbvInbI0OeSFdqIQ6E9Y5x2AGPtM=",
    "HTTP_OCS_APIREQUEST": "true",
    "HTTP_ORIGIN": "https://***removed***",
    "HTTP_SEC_GPC": "1",
    "HTTP_CONNECTION": "keep-alive",
    "HTTP_COOKIE": "ocsj6spdamdn=v889k6crolmieks75jpe771s8k; oc_sessionPassphrase=qns%2BOfq77I%2FAMbAr8uCuHqODOHewiyM6C34gv1%2Fk1pgCCPDoOIBQwcf71y4PSdMU%2FQOMVXr9aE134lr7icBlQUCtJqfNlQZbyooGJxq7xm%2FKE4fQx82Psw%2Fs0ddbEljv; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; nc_username=admin; nc_token=IU%2B67Viv5E9E9JhA9sfuLBZA%2FSVaynoY; nc_session_id=v889k6crolmieks75jpe771s8k",
    "HTTP_SEC_FETCH_DEST": "empty",
    "HTTP_SEC_FETCH_MODE": "cors",
    "HTTP_SEC_FETCH_SITE": "same-origin",
    "HTTP_PRIORITY": "u=0",
    "CONTENT_LENGTH": "0",
    "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin",
    "SERVER_SIGNATURE": "<address>Apache/2.4.65 (Raspbian) Server at ***removed*** Port 443</address>",
    "SERVER_SOFTWARE": "Apache/2.4.65 (Raspbian)",
    "SERVER_NAME": "***removed***",
    "SERVER_ADDR": "2003:ed:e73c:e000:95e6:972a:6ab0:93db",
    "SERVER_PORT": "443",
    "REMOTE_ADDR": "2003:ed:e73c:e000:81ae:cb75:a198:a44c",
    "DOCUMENT_ROOT": "/var/www/nextcloud",
    "REQUEST_SCHEME": "https",
    "CONTEXT_PREFIX": "no value",
    "CONTEXT_DOCUMENT_ROOT": "/var/www/nextcloud",
    "SERVER_ADMIN": "[no address given]",
    "SCRIPT_FILENAME": "/var/www/nextcloud/index.php",
    "REMOTE_PORT": "64568",
    "GATEWAY_INTERFACE": "CGI/1.1",
    "SERVER_PROTOCOL": "HTTP/1.1",
    "REQUEST_METHOD": "POST",
    "QUERY_STRING": "forceLanguage=en",
    "REQUEST_URI": "/index.php/apps/support/generateSystemReport?forceLanguage=en",
    "SCRIPT_NAME": "/index.php",
    "PATH_INFO": "/apps/support/generateSystemReport",
    "PATH_TRANSLATED": "/var/www/nextcloud/apps/support/generateSystemReport"
}
```

</details>
<details>
<summary>HTTP Headers Information</summary>
```
{
    "HTTP Request": "POST /index.php/apps/support/generateSystemReport?forceLanguage=en HTTP/1.1",
    "Host": "***removed***",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:150.0) Gecko/20100101 Firefox/150.0",
    "Accept": "*/*",
    "Accept-Language": "de,en-US;q=0.9,en;q=0.8",
    "Accept-Encoding": "gzip, deflate, br, zstd",
    "X-Requested-With": "XMLHttpRequest, XMLHttpRequest",
    "requesttoken": "lET+YuF5UnzrS72kB6RSNPtGTlk0x9NgIO5r8VVvRvg=:5jOqVoI0YT+qJtbBbvInbI0OeSFdqIQ6E9Y5x2AGPtM=",
    "OCS-APIREQUEST": "true",
    "Origin": "https://***removed***",
    "Sec-GPC": "1",
    "Connection": "keep-alive",
    "Cookie": "ocsj6spdamdn=v889k6crolmieks75jpe771s8k; oc_sessionPassphrase=qns%2BOfq77I%2FAMbAr8uCuHqODOHewiyM6C34gv1%2Fk1pgCCPDoOIBQwcf71y4PSdMU%2FQOMVXr9aE134lr7icBlQUCtJqfNlQZbyooGJxq7xm%2FKE4fQx82Psw%2Fs0ddbEljv; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; nc_username=admin; nc_token=IU%2B67Viv5E9E9JhA9sfuLBZA%2FSVaynoY; nc_session_id=v889k6crolmieks75jpe771s8k",
    "Sec-Fetch-Dest": "empty",
    "Sec-Fetch-Mode": "cors",
    "Sec-Fetch-Site": "same-origin",
    "Priority": "u=0",
    "Content-Length": "0",
    "Content-Security-Policy": "default-src 'self'; script-src 'self' 'nonce-T02Um/2pkX/DoSfG4YuWs3SeDXO7RSNzhiU60qdOXZQ='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';"
}
```

</details>
2

Hello @uwe2,

welcome to the Nextcloud community! :handshake:

all 3 URLs https://.selfhost.eu, https://.fritz.box, https:/// are formally invalid. If they work in the browser this is because of some weird workaround.. or maybe you where too successfully obfuscating your domain names.

  • in the browser you can review certificate details (unfortunately pretty hidden in modern browsers) usually there is a button close to the URL and review the details - DNS name (Subject Alternative Name) must match the URL - you can see the problem either outdated, not trusted, bad hostname etc..
  • if you are in an enterprise environment and access your server through a proxy chances exist it performs so called TLS inspection and for this reason certificate is broken

You can try accessing your server from PowerShell and run

Invoke-WebRequest https://myserver.selfhost.eu/status.php

likely there will be an error as well but it might be more readable and more technical so you can better understand the problem.

In my test it seems an access to non-existing .selfhost.eu domain like myserver.selfhost.eu or xyz.selfhost.eu performs a fallback to an expired wildcard cert

sni='xyz.selfhost.eu',
Verification error: issuer='/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G4', 
subject='/CN=*.selfhost.de',
notbefore='Jun 19 14:50:23 2023 GMT', 
notafter='Jul 20 14:50:22 2024 GMT', 
serial='01FDA7E48B9FEA294FBAE400', 
altnames='DNS:*.selfhost.de, 
DNS:selfhost.de', 
sslerrdesc='certificate has expired',

which makes me think your DNS name might have expired.. and for this reason your system doesn’t connect with your local system but rather to the root selfhost system.

3

Hello @wwe,

thanks for your answer. Sorry, but somehow my posting was screwed up, as I put myserver in between angled brackets, which was then stripped out of the text. The 3 URLs are

https://myserver.selfhost.eu

https://myserver.fritz.box

https://myserver/

Up to now, I used https://myserver.selfhost.eu on all my PCs for the desktop client, which worked perfectly. Same on Android. Of course, myserver is replaced with the real domain name.

And the server is available via internet, I just rechecked with Nextcloud on my phone with WiFi off, using only mobile data, and I could download a file from the server to the phone. So, the routing via the FritzBox works fine. Also, myserver.selfhost.eu is reachable via ping from the PC.

Thanks for the tip with the PowerShell. I tried it and received an error message, see below:

PS C:\WINDOWS\system32> Invoke-WebRequest https://***myserver***.selfhost.eu/status.php
Invoke-WebRequest : Die zugrunde liegende Verbindung wurde geschlossen: FĂĽr den geschĂĽtzten SSL/TLS-Kanal konnte keine
Vertrauensstellung hergestellt werden..
In Zeile:1 Zeichen:1
+ Invoke-WebRequest https://***myserver***.selfhost.eu/status.php
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

So, something is wrong with the certificate…

4

Hello @wwe ,

Thanks again for the hint with Powershell. As I did use certificates since about 2016, I still had a manual installation of letsencrypt. Nowadays, there is certbot available as a very user friendly layer above everything.

So after installing certbot and certbot for apache, temporarely enabling rounting for port 80, I got a clean certificate with

certbot —apache

Now, I only had to kill the Nectcloud client (looks like it did not like having different information), then I could connect the client to my account via the website,. And now, the synchronization works again perfectly (at least on the first glance…)

Thanks again, topic can be closed.

5

glad to see you solved the problem. If you remember the steps to identify the faulty certificate I would really appreciate you share the path to isolate the problem just in case somebody will hit this issue in the future.