locked
WebDAV on Windows Server 2012: Cannot map drive: A device attached to the system is not functioning RRS feed

  • Question

  • User1351888031 posted

    Hi, I am an IT Consultant, but this is my first time setting up WebDAV for a client. I cannot figure out what I've done wrong and the client is getting impatient. Help will be much appreciated!

    I am trying to set up Secure WebDAV access to a file share on their file server (Windows Server 2012 (not R2)).

    First off, why is there no straightforward documentation from Microsoft on how to share one folder via WebDAV?!  Why is this so complicated?   I understand some need granular control of settings, but geez, why can't a newb just "flip a switch" and share a folder via WebDAV?  Okay, rant over, please help me figure this out.

    I followed these articles to install WebDAV, create Certificate Signing Request (CSR), create Root and SSL Certificates using OpenSSL, install the SSL Certificate into IIS on the server and bind to port 443, set Port Forwarding on their Verizon router for port 443 to the server's LAN IP, and import the Root Certificate into the Trusted Root Certificate Store of the client PC.
    http://advancedhomeserver.com/webdav-and-windows-server-2012/
    http://advancedhomeserver.com/if-you-plan-to-use-ssl-read-this-first/
    http://advancedhomeserver.com/making-a-pc-a-secure-webdav-server/
    http://advancedhomeserver.com/iis-and-the-certificate-signing-request/
    http://advancedhomeserver.com/openssl-and-your-root-certificate/
    http://advancedhomeserver.com/domain-certificates-and-windows-server-2012/
    http://advancedhomeserver.com/exporting-and-importing-root-certificates/
    http://advancedhomeserver.com/webdav-and-windows-server-2012/

    Verizon Static IP:  xxx.xxx.xxx.38
    Server name: SERVER12
    Domain:  COMPANYDOMAIN
    Physical folder: E:\TestWebDAV
    Virtual directory: TestWebDAV

    When I attempt to Map Network Drive using this path:  https://xxx.xxx.xxx.38/TestWebDAV

    I get challenged, enter my domain username and password 2 or 3 times, and receive the following error. Same error if I use the administrator username/password.

       The mapped network drive could not be created because the following error has occurred:

       A device attached to the system is not functioning.

    Note: I cannot use their domain name address (https:\\www.companydomain.com\TestWebDAV) since their website is hosted by an external provider.  I got them a Static IP address from Verizon and have Port Forwarding configured on the Verizon router for TCP 443.

    ============================================================
    After I enabled Directory Browsing for the Default Web Site in IIS, I can now browse to https://localhost/TestWebDAV and its subfolders from within IIS, Internet Explorer, and Google Chrome on the server.

    The problem occurs when I attempt to connect across the Internet.  I have tried to Map Network Drive from the client's laptop (from my office) which is a member of the domain, and from my desktop PC.  Both are Windows 7.

    ============================================================

    I followed these instructions for converting the Virtual Directory to an Application and associating a different application pool to the Application instead of using the DefaultAppPool:
    http://blogs.msdn.com/b/benjaminperkins/archive/2013/08/01/setting-up-webdav-on-iis-using-windows-authentication-and-a-unc-mapped-drive-or-file-share.aspx

    I ran thru the instructions a week ago, then reverted the changes when it did not get WebDAV working. I then discovered the SSL Certificate I had installed on the server had disappeared somehow. I reinstalled and re-did the binding, so I am now following the instructions again, but:

    I am stuck on the SETSPN commands, I cannot figure out what "accountname to use". I have tried:

    SETSPN -L administrator
    SETSPN -L COMPANYDOMAIN\administrator
    SETSPN -L SERVER12\administrator

    None are working now, although when I tried this previously, I got the SETSPN commands to work.

    ============================================================

    As a sanity check, I had a friend create a WebDAv share on his website, which is hosted at hostgator.com

    I can successfully Map Network Drive to:

    https://gatorNNNN.hostgator.com:2078

    using the username and password he set up for me.

    So the problem getting WebAV working for my client is not my computer/router/firewall, etc.

    I do wonder if I am formulating the URL correctly using the Static IP (https://xxx.xxx.xxx.38/TestWebDAV)?

    ============================================================
    Server = Windows Server 2012 (not R2)

    Roles - File Server / IIS / Desktop Experience feature added

    Here are the things I have done already:

    1. Created a test file share (TestWebDAV) with subfolders, some Full Control for the Sales group, others explicitly denied Full Control for the Sales group.  Exploring those same file shares from a LAN computer works fine: folders are either Read/Write or "invisible" per their permissions.

    2. Added webDAV/IIS role and created virtual directory, pointing to that file share.

    3. Created WebDAV Authoring Rule and allowed all users to access all content.

    4. At this point with basic configuration it failed, so then I tried other things.
     
    5. Enabled Windows authentication, but have tried Basic and Digest.   Currently I'm allowing Windows Authentication only.
        
    6. After I enabled Directory Browsing for the Default Web Site in IIS, I can now browse to https://localhost/TestWebDAV and its subfolders from within IIS, Internet Explorer, and Google Chrome ON SERVER12.  But when I attempt to Map Network Drive across the Internet, I get the error  "A device attached to the system is not functioning".


    7. Since I have the SSL cert on SERVER12 and the clients, i have enforced Use SSL only. The bindings are 80 and 443.  

    8. I increased the Registry values:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\
       FileAttributesLimitInBytes = 200000000
       FileSizeLimitInBytes = 4200000000

    ============================================================

    Here is the bottom section of the applicationHost.config file in C:\Windows\System32\inetsrv\config:

        </system.webServer>
        <location path="Default Web Site">
            <system.webServer>
                <security>
                    <requestFiltering>
                        <fileExtensions applyToWebDAV="false" />
                        <verbs applyToWebDAV="false" />
                        <hiddenSegments applyToWebDAV="false" />
                    </requestFiltering>
                    <authentication>
                        <windowsAuthentication enabled="true" />
                        <anonymousAuthentication enabled="false" />
                        <basicAuthentication enabled="false" />
                        <digestAuthentication enabled="false" />
                    </authentication>
                    <access sslFlags="Ssl" />
                </security>
                <webdav>
                    <authoring enabled="true" requireSsl="true" />
                    <authoringRules>
                        <add users="*" path="*" access="Read, Write, Source" />
                    </authoringRules>
                </webdav>
            </system.webServer>
        </location>
        <location path="Default Web Site/TestWebDAV">
            <system.webServer>
                <security>
                    <authentication>
                        <digestAuthentication enabled="false" />
                        <basicAuthentication enabled="false" />
                        <windowsAuthentication enabled="true" useAppPoolCredentials="true" />
                    </authentication>
                    <access sslFlags="Ssl" />
                </security>
            </system.webServer>
        </location>

    </configuration>

    ============================================================

    Thank you very much for any assistance.  Let me know if you need more info.

    Friday, April 24, 2015 10:20 AM

All replies

  • User1183424175 posted

    Hi,

    Please refer to the document:

    #Installing and Configuring WebDAV on IIS 7 and Later

    http://www.iis.net/learn/install/installing-publishing-technologies/installing-and-configuring-webdav-on-iis

    #Setting up WebDAV on IIS using Windows Authentication and a UNC, mapped drive or file share

    http://blogs.msdn.com/b/benjaminperkins/archive/2013/08/01/setting-up-webdav-on-iis-using-windows-authentication-and-a-unc-mapped-drive-or-file-share.aspx

    Monday, April 27, 2015 8:13 AM
  • User1351888031 posted

    Thank you very much for your reply!  I have already followed the instructions you referenced. Please, I need specific help with the (unhelpful) error message I am encountering:  A device attached to the system is not functioning.

    I did not mention this in my initial post, but I found and followed your first link (Installing and Configuring WebDAV on IIS 7 and Later) when I first started this WebDAV setup.

    Your second link (Benjamin Perkins), I listed in my initial post. In fact, I asked for specific help:

    I am stuck on the SETSPN commands, I cannot figure out what "accountname to use". I have tried:

    SETSPN -L administrator
    SETSPN -L COMPANYDOMAIN\administrator
    SETSPN -L SERVER12\administrator

    Given that I have already followed the instructional articles you suggested, I would greatly appreciate you taking the time to fully read my initial post and give advice specific to my problem.  I am happy to provide any additional information you may need.

    Once again, thank you SO MUCH for your time and patience dealing with someone not very knowledgeable in Windows Server 2012 administration in general, and completely new to WebDAV publishing!

    Tuesday, April 28, 2015 10:20 AM
  • User1351888031 posted

    Bump. Help really appreciated.

    Wednesday, April 29, 2015 4:39 PM
  • User1351888031 posted

    Anyone? Anyone? BUELLER?!

    Sunday, May 3, 2015 5:55 PM
  • User-1122936508 posted

    a) What is being logged in the IIS log files?

    b) What is being logged in the DCs security event log for the logon failure (or success)?

    c) Are you able to map this drive letter when on the internal LAN network of the office?

    Do not mess around with the SPN settings unless you really understand how Kerberos works, otherwise you are liable to break Kerberos authentication.

    Monday, May 4, 2015 10:52 PM
  • User1351888031 posted

    Thank so much for replying!

    a) When I attempt to Map Network Drive across the Internet to https://xxx.xxx.xxx.38/TestWebDAV, I receive the "A device attached to the system is not functioning" error and NOTHING is logged in C:\inetpub\logs\LogFiles\W3SVC1\u_ex150506.log.

    From Google Chrome on the server (via remote control), if I browse to https://localhost/TestWebDAV/, I get a warning the connection is not private, then when I proceed, I successfully access the TestWebDAV folder and its subfolders.  The following appears in the IIS log:

    #Software: Microsoft Internet Information Services 8.0
    #Version: 1.0
    #Date: 2015-05-06 13:40:49
    #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
    2015-05-06 13:40:49 ::1 GET /TestWebDAV/ - 443 - ::1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/42.0.2311.135+Safari/537.36 - 500 0 64 4
    2015-05-06 13:40:49 ::1 GET /TestWebDAV/ - 443 - ::1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/42.0.2311.135+Safari/537.36 - 401 2 5 8
    2015-05-06 13:40:49 ::1 GET /TestWebDAV/ - 443 COMPANYDOMAIN\Administrator ::1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/42.0.2311.135+Safari/537.36 - 200 0 0 2
    2015-05-06 13:40:49 ::1 GET /favicon.ico - 443 COMPANYDOMAIN\Administrator ::1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/42.0.2311.135+Safari/537.36 https://localhost/TestWebDAV/ 404 0 2 14
    2015-05-06 13:41:47 ::1 GET /TestWebDAV/SalesAccess/ - 443 COMPANYDOMAIN\Administrator ::1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/42.0.2311.135+Safari/537.36 https://localhost/TestWebDAV/ 200 0 0 0
    2015-05-06 13:41:49 ::1 GET /TestWebDAV/SalesAccess/Sales1/ - 443 COMPANYDOMAIN\Administrator ::1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/42.0.2311.135+Safari/537.36 https://localhost/TestWebDAV/SalesAccess/ 200 0 0 6
    2015-05-06 13:41:52 ::1 GET /TestWebDAV/SalesAccess/Sales1/S1.txt - 443 COMPANYDOMAIN\Administrator ::1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/42.0.2311.135+Safari/537.36 https://localhost/TestWebDAV/SalesAccess/Sales1/ 200 0 0 26
    2015-05-06 13:41:54 ::1 GET /TestWebDAV/SalesAccess/Sales1/ - 443 COMPANYDOMAIN\Administrator ::1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/42.0.2311.135+Safari/537.36 https://localhost/TestWebDAV/SalesAccess/ 200 0 0 0
    2015-05-06 13:41:56 ::1 GET /TestWebDAV/SalesAccess/ - 443 COMPANYDOMAIN\Administrator ::1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/42.0.2311.135+Safari/537.36 https://localhost/TestWebDAV/ 200 0 0 4
    2015-05-06 13:41:56 ::1 GET /TestWebDAV/ - 443 COMPANYDOMAIN\Administrator ::1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/42.0.2311.135+Safari/537.36 - 200 0 0 0


    b) I am not certain to which event log you refer.

    In Server Manager > Local Server (there is only one server on the LAN) > EVENTS, there are no events.  

    In Event Viewer (Local) > Windows Logs > Security, there are over 200K events dating back just 9 days: 2 or 3 times every minute, a sequence of 4769/Kerberos Service Ticket Operations, 4672/Special Logon, 4624/Logon, 4634/Logoff is repeated, all with Security ID: SYSTEM and Account Name: SERVER12$ (the name of the Server).


    c) Yes, I can map the share as a drive letter when on the internal LAN network of the office.

    The server share \\SERVER12\TestWebDAV is visible and available across the LAN, and the user group permissions I set on the subfolders are in force. For example, from a PC logged into a Sales group domain account, I can access and map \\SERVER12\TestWebDAV\SalesAccess, but \\SERVER12\TestWebDAV\FullAccess is invisible per Access-based Enumeration.

    ===========================================================

    I am happy to locate any further information you need to help me!

    When I attempt to Map Network Drive across the Internet, is https://xxx.xxx.xxx.38/TestWebDAV a properly-formed address?  Should I give user credentials in the form COMPANYDOMAIN\Administrator, or just Administrator?  Or should I be using my own user account? Eventually, WebDAV access will need to work for each employee based on their domain group (Full Access, Sales Access, etc.).


    Thanks again for your help, please stick with me!

    Wednesday, May 6, 2015 10:40 AM
  • User1351888031 posted

    UPDATE:

    Without changing anything on the server, I have successfully connected to my TestWebDAV folders across the Internet using a program called CyberDuck.

    CyberDuck formulates the URL as: https://administrator@xxx.xxx.xxx.38:443/TestWebDAV

    When I try this arrangement in Windows Explorer, it still does not connect.

    Thus it appears the server-side setup has been correct all along and the problem is on the client side, right?  

    I have researched that some, but have been more focused on server-side settings since the error message “A device attached to the system is not functioning” occurs after I enter username and password, so it appeared to be a problem with authentication by the server. I mean, one would think that Windows Explorer would play nicely with Windows Server!

    I know Windows Explorer CAN work across the Internet because my colleague’s test server works perfectly in Windows Explorer, although it is on a Linux server hosted at hostgator.com.

    I have tried all this from Windows 7, 8.1, and XP with the same results.

    The one issue I am seeing with CyberDuck is the authentication takes over a minute. Once authenticated, file and folder access is very quick. Is there something which would speed up authentication?

    Thanks for your help!

    Friday, May 8, 2015 4:10 PM
  • User1351888031 posted

    Cyberduck formulates the URL as: https://administrator@xxx.xxx.xxx.38:443/TestWebDAV

    When I try this arrangement in Windows Explorer, it still does not connect.

    In Windows Explorer Map Network Drive, the error message “A device attached to the system is not functioning” occurs after I enter username and password.

    I'd still like to get Windows Explorer working.

    The one issue I am seeing with Cyberduck is the authentication takes ~80 seconds. Once authenticated, file and folder access is very quick. Is there something which would speed up authentication?

    Below are some log entries from Cyberduck. Are there any clues in what works for Cyberduck which might get Windows Explorer working?  THANKS!


    PROPFIND /TestWebDAV/SalesAccess/ HTTP/1.1
    Depth: 1
    Content-Type: text/xml; charset=utf-8
    Content-Length: 99
    Host: XX.XXX.XXX.38
    Connection: Keep-Alive
    User-Agent: Cyberduck/4.7 (17432).17432 (Windows 8/6.2) (x86)
    Accept-Encoding: gzip,deflate

    HTTP/1.1 401 Unauthorized
    Content-Type: text/html
    Server: Microsoft-IIS/8.0
    WWW-Authenticate: Digest qop="auth",algorithm=MD5-sess,nonce="+Upgraded+v16160137605fb21f170f6f45356aa0253a387954ad489d0019b5ffb2155380698b673caebfb42nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn",charset=utf-8,realm="Digest"
    WWW-Authenticate: Negotiate
    WWW-Authenticate: NTLM
    Date: Fri, 08 May 2015 21:16:47 GMT
    Content-Length: 1293

    PROPFIND /TestWebDAV/SalesAccess/ HTTP/1.1
    Depth: 1
    Content-Type: text/xml; charset=utf-8
    Content-Length: 99
    Host: XX.XXX.XXX.38
    Connection: Keep-Alive
    User-Agent: Cyberduck/4.7 (17432).17432 (Windows 8/6.2) (x86)
    Accept-Encoding: gzip,deflate
    Authorization: NTLM TlRMTVNTUAABAAAAAYIIogAAAAAoNNNNNNNNNNNNNNNNNNNNNNNNNN==

    HTTP/1.1 401 Unauthorized
    Content-Type: text/html; charset=us-ascii
    Server: Microsoft-HTTPAPI/2.0
    WWW-Authenticate: NTLM TlRMTVNTUAACAAAAFAAUADgAAAAFgomiwlMaj30EsOkAAAAAAAAAAMIAwgBMAAAABgLwIwAAAA9OAEUAQgBTAEQATwBNAEEASQBOAAIAFABOAEUAQgBTAEQATwBNAEEASQBOAAEAFABTAEUAUgBWAEUAUgAyADAAMQAyAAQAIABuAGUAYgBzAGQAbwBtAGEAaQBuAC4AbABvAGMAYQBsAAMANgBTAEUAUgBWAEUAUgAyADAAMQAyAC4AbgBlAGIAcwBkAG8AbQBhAGkAbgAuAGwAbwBjAGEAbAAFACAAbgBNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
    Date: Fri, 08 May 2015 21:18:09 GMT
    Content-Length: 341

    PROPFIND /TestWebDAV/SalesAccess/ HTTP/1.1
    Depth: 1
    Content-Type: text/xml; charset=utf-8
    Content-Length: 99
    Host: XX.XXX.XXX.38
    Connection: Keep-Alive
    User-Agent: Cyberduck/4.7 (17432).17432 (Windows 8/6.2) (x86)
    Accept-Encoding: gzip,deflate
    Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAADyAPIAYAAAAAAAAABSAQAAGgAaAFIBAAAAAAAAbAEAAAAAAABsAQAABYKIogUBKAoAAAAPl42BPEfdGJbkTQqUIjJ3Q8278yOWP6DXtpn+1NNsU8tA6C4s2A0xXwEBAAAAAAAAMA8Jc9SJ0AENNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN==

    HTTP/1.1 207 Multi Status
    Content-Type: text/xml
    Content-Encoding: gzip
    Vary: Accept-Encoding
    Server: Microsoft-IIS/8.0
    Persistent-Auth: true
    Date: Fri, 08 May 2015 21:18:09 GMT
    Content-Length: 755

    Friday, May 8, 2015 7:04 PM
  • User-921617279 posted

    did you solve your problem already?

    Monday, May 11, 2015 8:56 AM
  • User1351888031 posted

    No, I still do not have Windows Explorer capable of connecting/mapping a drive letter to the WebDAV site.

    Cyberduck is connecting as I described above, but my client would prefer the familiarity of a Mapped Network Drive in Windows Explorer.

    I saw a reference to a beta build of Cyberduck which might map a lettered drive in Windows, so I am looking into that. Also checking out other 3rd-party WebDAV clients.

    IT IS MY STRONG PREFERENCE to get Windows Explorer working directly to the WebDAV site described above, where I get the error, “A device attached to the system is not functioning" after entering username/password. In my prior posts, I have provided as much info as I can think of.  If you need more info to help me, please let me know.

    Thanks for any help you can provide!

    Monday, May 11, 2015 11:34 AM
  • User-724862046 posted

    I was also struggling with this and I just figured out what I was doing wrong.  I had an issue with SSL that I am still working on but the main problem when mapping the drive in explorer is the format of the web address.  I had to enter it in this way: http://ipaddress@444/test and bingo I was able to map to the drive with windows explorer.  I am accustom to entering like this: http//ipaddress:444/test.

    Also file size that is being transferred seems to play a factor in this mess.

    P.S. I see this is an old post but perhaps this will help someone else.

    Friday, December 2, 2016 10:30 PM