18

We have an existing WebDAV installation with an Apache mod_dav was WebDAV drive hosted at an SSL protected URL with CA issued certificate and basic authentication. MacOSX and Windows < 10 have been able to connect for a number of years.

With the exception of one machine, new Windows 10 machines fail to connect to this WebDAV server. An attempt to map the network drive results in the basic authentication credentials being asked twice, and then the following error appears:

The mapped network drive could not be created because the following error
has occurred:

Mutual Authentication failed: The server's password is out of date at
the domain controller.

More specifically, when the "Finish" button is pressed in the Map Network Drive dialog, a username and password is requested - this dialog is shown before attempting to make any kind of connection to the WebDAV server. A valid username and password is entered, and at this point an approximately 6 second delay is experienced while a dialog is shown saying "Attempting to connect to". After this delay a single request arrives at the WebDAV server looking like this:

PROPFIND /shared HTTP/1.1
Host: 127.0.0.1:8022
User-Agent: Microsoft-WebDAV-MiniRedir/10.0.10586
translate: f
X-Forwarded-For: xx.xx.xx.xx
X-Forwarded-Host: x.x.x
X-Forwarded-Server: x.x.x
Connection: Keep-Alive

The above request contains no authentication headers, and so the WebDAV server responds as expected with the following:

HTTP/1.1 401 Unauthorized
Date: Wed, 13 Jan 2016 14:18:10 GMT
Server: Apache/2.4.12 (Unix)
WWW-Authenticate: Basic realm="Xxx Xx"
Content-Length: 381
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

[content]

Immediately after receiving this response the Map Network Drive dialog asks for a username and password again. Entering the same username and password triggers a second approximately 6 second delay, after which the "Mutual authentication error" appears without any attempt being made to contact the WebDAV server.

Some notes:

  • There is no domain controller, this is a simple secure WebDAV server protected by Basic Auth and SSL.

  • One Windows 10 machine works fine, we do not know what is special about this machine, and all new Windows 10 machines fail.

  • We tried changing the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\ BasicAuthLevel to 2 and it made no difference (as expected, the original value was 1, and we are using a CA issued SSL certificate).

Has anyone encountered this problem before?

9
  • 2
    Try to: (1) disable all firewalls, (2) Run Windows Explorer as administrator, (3) Verify there is no clock drift, (4) Verify the Certificate Authority that issued the SSL certificate is recognized, (5) Compare the good and bad client computers in gpedit.msc branch Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, the values of all entries that start with Network security:.
    – harrymc
    Commented Apr 6, 2017 at 17:36
  • 1
    (6) Is the SSL certificate self signed?
    – harrymc
    Commented Apr 6, 2017 at 19:40
  • I can access gpedit.msc but I only have one computer (Windows 10) to check the properties. I don't know which property I must check....
    – Felipe
    Commented Apr 10, 2017 at 8:07
  • also when I check the certificate status it is OK. I can access the webdev from Mac and Linux. Only the Win10 map network is not working. But I access through the Firefox of the Win10.
    – Felipe
    Commented Apr 10, 2017 at 8:10
  • Windows might have cached bad credentials - you may clear the disk cache by the command certutil -urlcache * delete. In gpedit the properties that might have effect have names that start with "Network security:".
    – harrymc
    Commented Apr 10, 2017 at 8:43

1 Answer 1

0

please ensure your machine Time is Same , you can use ntp or update machines based on setting How can I check a system's current NTP configuration?

please run command in command line for clear cache

certutil -urlcache * delete

properties have an effect on names that begin with "Network Security" In gpedit

click on certificates and go to the personal tab and remove whatever is in there (Please backup first)

restart service :

net stop webclient
net start webclient

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .