Client fails to connect since 10.0.2

[freswa]

Steps to reproduce

1. Start the client
2. see error message "Could not connect to Operation Canceled

Expected behaviour

Client syncs

Actual behaviour

Client fails to connect

Server configuration

Operating system:
Arch 4.8.12-3

Web server:
nginx 1.10.2-2

Database:
postgresql 9.6.1

PHP version:
7.0.14

Nextcloud version: (see Nextcloud admin page)
1.10.2

Updated from an older Nextcloud/ownCloud or fresh install:
updated

Where did you install Nextcloud from:
nextcloud.com

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled:
  - activity: 2.3.2
  - admin_audit: 1.0.0
  - calendar: 1.4.1
  - comments: 1.0.0
  - contacts: 1.5.2
  - dav: 1.0.1
  - external: 1.2
  - federatedfilesharing: 1.0.1
  - federation: 1.0.1
  - files: 1.5.2
  - files_external: 1.0.2
  - files_pdfviewer: 0.8.1
  - files_sharing: 1.0.0
  - files_texteditor: 2.1
  - files_trashbin: 1.0.0
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - gallery: 15.0.1
  - notifications: 0.3.0
  - password_policy: 1.0.0
  - provisioning_api: 1.0.0
  - serverinfo: 1.1.1
  - survey_client: 0.1.5
  - systemtags: 1.0.2
  - templateeditor: 0.1
  - theming: 1.0.1
  - updatenotification: 1.0.1
  - workflowengine: 1.0.1
Disabled:
  - encryption
  - files_accesscontrol
  - files_automatedtagging
  - files_retention
  - user_external
  - user_ldap
  - user_saml

The content of config/config.php:

Config report

<?php
$CONFIG = array (
  'passwordsalt' => 'secret',
  'datadirectory' => '/mnt/data/cloud/data',
  'dbtype' => 'pgsql',
  'version' => '9.1.2.2',
  'dbname' => 'ownclouddb',
  'dbuser' => 'http',
  'dbpassword' => 'secret',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'installed' => true,
  'maxZipInputSize' => 37580963840,
  'allowZipDownload' => true,
  'forcessl' => true,
  'instanceid' => 'secret',
  'loglevel' => 4,
  'updatechecker' => true,
  'appcodechecker' => '',
  'allow_user_to_change_display_name' => true,
  'appstoreurl' => 'http://api.apps.owncloud.com/v1',
  'appstoreenabled' => true,
  'defaultapp' => 'files',
  'theme' => '',
  'mail_domain' => 'secret',
  'maintenance' => false,
  'trusted_domains' => 
  array (
    0 => 'secret',
  ),
  'mail_from_address' => 'noreply',
  'mail_smtpmode' => 'smtp',
  'secret' => 'secret',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'mail_smtphost' => 'secret',
  'mail_smtpport' => '25',
  'trashbin_retention_obligation' => 'auto',
  'appstore.experimental.enabled' => true,
  'htaccess.RewriteBase' => '/',
  'updater.release.channel' => 'stable',
);

Are you using encryption: no

Logs

Nextcloud log (data/nextcloud.log)

Nextcloud log

``` Exception: {"Message":"HTTP\/1.1 400 The {DAV:}property-search element must contain one {DAV:}match and one {DAV:}prop element","Exception":"Sabre\\DAV\\Exception\\BadRequest","Code":0,"Trace":"#0 [internal function]: Sabre\\DAVACL\\Xml\\Request\\PrincipalPropertySearchReport::xmlDeserialize(Object(Sabre\\Xml\\Reader))\n#1 \/srv\/http\/cloud\/3rdparty\/sabre\/xml\/lib\/Reader.php(229): call_user_func(Array, Object(Sabre\\Xml\\Reader))\n#2 \/srv\/http\/cloud\/3rdparty\/sabre\/xml\/lib\/Reader.php(69): Sabre\\Xml\\Reader->parseCurrentElement()\n#3 \/srv\/http\/cloud\/3rdparty\/sabre\/xml\/lib\/Service.php(118): Sabre\\Xml\\Reader->parse()\n#4 \/srv\/http\/cloud\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php(712): Sabre\\Xml\\Service->parse('httpReport(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#6 \/srv\/http\/cloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\n#7 \/srv\/http\/cloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(459): Sabre\\Event\\EventEmitter->emit('method:REPORT', Array)\n#8 \/srv\/http\/cloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(248): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#9 \/srv\/http\/cloud\/apps\/dav\/lib\/Server.php(184): Sabre\\DAV\\Server->exec()\n#10 \/srv\/http\/cloud\/apps\/dav\/appinfo\/v2\/remote.php(30): OCA\\DAV\\Server->exec()\n#11 \/srv\/http\/cloud\/remote.php(165): require_once('\/srv\/http\/cloud...')\n#12 {main}","File":"\/srv\/http\/cloud\/3rdparty\/sabre\/dav\/lib\/DAVACL\/Xml\/Request\/PrincipalPropertySearchReport.php","Line":106,"User":"Username"} ```

Client log (--logfile)

Client log

``` 12-09 18:36:03:331 20896 OCC::AbstractNetworkJob::slotTimeout: virtual void OCC::AbstractNetworkJob::slotTimeout() OCC::PropfindJob(0x108e300) Timeout QUrl("https://domain.tld/remote.php/webdav/") 12-09 18:36:03:332 20896 OCC::AbstractNetworkJob::slotFinished: void OCC::AbstractNetworkJob::slotFinished() QNetworkReply::NetworkError(OperationCanceledError) "Operation canceled" QVariant(Invalid) 12-09 18:36:03:332 20896 OCC::PropfindJob::finished: PROPFIND request *not* successful, http result code is 0 "" 12-09 18:36:03:332 20896 unknown: QIODevice::read (QNetworkReplyHttpImpl): device not open 12-09 18:36:03:332 20896 OCC::AccountState::slotConnectionValidatorResult: AccountState connection status change: "Credentials Wrong" -> "Timeout" ```

[LukasReschke]

The {DAV:}property-search element must contain one {DAV:}match and one {DAV:}prop element

cc @rullzer Any idea?

[LukasReschke]

Which desktop client version do you use?

[freswa]

2.2.4 (tried both OwnCloud and nextcloud though both use the same client git submodule)

[LukasReschke]

For the record: Can't reproduce on OS X.

cc @MorrisJobke @schiessle @nickvergessen Can you reproduce?

[rullzer]

It apaprently is in the report method. But I have no clue where that is triggered.
Also I can't reproduce here...

[neurer]

Can confirm the issue. Updated from 10.0.1 to 10.0.2. All went well. Then changed the account password -> added new App password (see issue #2581) -> things got funky.

Result: OC desktop client 2.2.3 fails to connect/auth (error: No connection to (...) Operation canceled) , Android client 1.4.0 RC2 fails to connect/auth (error: Server took too long to respond). DAVdroid 1.3.4.1 sync and web login going slow -- doesn't fail though. Nothing in the logs -- neither webserver nor Nextcloud.

[reinerj]

I opened a issue days ago #2540. desktop client cannot login anymore. Sine 11.0 there s also no report in the logs anymore ...

[neurer]

Looks like things sorted themselves out for me. Not sure what's triggered when the password is changed, but I do use encryption with quite a lot of data on the server. Maybe things took some time to change stuff around. And while doing so, connection/auth failed temporarily.

[tulamidan]

Same issue here... but no update from 10.1. to 10.2 the server stayed the same ony my router firmware changed.
I have about 80GB of data on a raspi3 with encfs encrypted. Dunno exactly when things got funky but it may be after the router firmware was updated.

[guoyunhe]

I have similar problem. After upgrade to 11.0.2, both linux and android clients cannot access server with an "operation canceled" error. On the server log I get login failed error. But I can access the web interface.

[guoyunhe]

I also found my problem is router related.

My home server is behind a router via NAT. If my phone and laptop connect to this router, they cannot access the server anymore. But if they connect to 4G, they can access the server.

Now I am not sure if it is a bug in Nextcloud, or something in my server configuration. Because is used to work well.

[tobakk]

same issue on OS X and Linux with nextcloud and owncloud client

[gjanssens]

Seeing this as well on Fedora 25 with nextcloud client 2.2.4.

[sedrubal]

I've the same issue on nextcloud 11.0.3 and after debugging a long time I think this looks like the requests are throttled down by bruteforce prevention. Is this reasonable?

[gjanssens]

That may well be the case indeed. I have recently disabled bruteforce protection because another issue suggested it slows down login times in the web interface. Since then I no longer see the connection failures in the desktop client either.

Disabling bruteforce protection altogether makes me slightly uneasy though. Is there a way to tweak it use a higher connection threshold ? Most of my connections come from the same local network most of the time.

[sedrubal]

Same here. Disabled it yesterday and today everything is working :/

Since my server is behind a NAT router I fear I can't use bruteforce protection. But I don't find any docs about bruteforce prevention (other than completely disabling it)...

[MorrisJobke]

Same here. Disabled it yesterday and today everything is working :/

Since my server is behind a NAT router I fear I can't use bruteforce protection. But I don't find any docs about bruteforce prevention (other than completely disabling it)...

Weird - could you check the access log with brute force protection enabled. Looks like one client tries to authenticate with invalid credentials.

[sedrubal]

Yes there had been entries in log that bruteforce protection detected some invalid logins and throttled down the NAT gateway. But I don't know which client it was.

[MorrisJobke]

Yes there had been entries in log that bruteforce protection detected some invalid logins and throttled down the NAT gateway. But I don't know which client it was.

Finding and eliminating this client would help to resolve this issue and allow you to enabled brute force detection again. The brute force protection stuff has only a TTL of 24h. So 24h after eliminating the malicious client should allow you to use it again properly.

We can't do much here as of now I think.

[MorrisJobke]

Yes there had been entries in log that bruteforce protection detected some invalid logins and throttled down the NAT gateway. But I don't know which client it was.

Check the logs and look at the user agent maybe helps ;)

[sedrubal]

Thanks. But it's still very hard to find the client 😉
FYI the user agent seems to be visible in logs since nextcloud v12 but not in v11.

I also think you can't do much about this problem 😉

[MorrisJobke]

I also think you can't do much about this problem 😉

Closing.