none
SNI Support For WebDav Connections to SP2013

    Question

  • I am attempting to set up a SharePoint 2013 SP1 environment and enabling SSL. I would like to use SNI to allow multiple SSL based Web Applications to be hosted from the same IP/Port combination. Everything seems to be working OK except for functions relating to Windows Explorer, such as the library function "Open in Explorer" which returns the error  "We're having a problem opening this location in File Explorer. Add this web site to your Trusted Sites list and try again." Adding the site to trusted sites, setting security to low, etc., does not remediate the issue. Similarly, attempting to map a drive to the library with net use while SNI is enabled returns "System Error 64 has occurred." while when SNI is disabled or when using HTTP, the drive will successfully map.

    This has been tested on Windows7 with IE10 and Windows8 with IE11 with the same results. Hotfix KB 2629108 was confirmed installed on the Win7 computer running IE10. Based on my research, I think the question comes down to if the WebDAV client on Windows 7/8 supports SNI, however I am unable to find any authoritative information on the topic.

    Is running SharePoint 2013 with SNI enabled a supported configuration? If not, is the recommended method for multiple SSL Web Applications in SP2013 a UC cert, 1 IP binding per Web Application, or something else I've not considered? If it is supported, what steps can I take to further troubleshoot the issue with my clients connecting?

    Thursday, March 27, 2014 4:34 PM

Answers

  • It is likely that the WebDAV redirector does not support SNI. I haven't seen any indication that it does support SNI.

    Trevor Seward

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by AaronD_ Thursday, March 27, 2014 9:25 PM
    Thursday, March 27, 2014 6:10 PM
    Moderator

All replies

  • It is likely that the WebDAV redirector does not support SNI. I haven't seen any indication that it does support SNI.

    Trevor Seward

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by AaronD_ Thursday, March 27, 2014 9:25 PM
    Thursday, March 27, 2014 6:10 PM
    Moderator
  • I'm pretty sure you're correct on this. Looking at the behavior pattern with a self signed cert, connecting to a WebDAV path without SNI causes the system to prompt for accepting a cert, while the system doesn't even present a cert under SNI. This indicates to me that the SSL handshake isn't even taking place due to the lack of SNI data being passed. Thank you for backing up my suspicions.
    Thursday, March 27, 2014 9:25 PM
  • We have 3 SP2013 Web Applications running on a single IP on SSL/Port 443.

    I checked "require SNI" only for 2 of the 3 Web Apps.

    Now WebDav inclusive Office Integration seems to work ok on all 3 WebApps.

    regards

    Markus

    Monday, April 7, 2014 3:50 PM
  • Good day

    Have you managed to get WebDav working with SharePoint Apps as well, as our issue is we have assigned the wildcard certificate to the Web Application that does not have a host header and assigned the Web App that hosts the Intranet with a SSL certificate and enabled SNI. The reason why we are using SNI is that Microsoft Azure does not yet support multiple NICs to a VM therefore SNI is the only option.

    So now that we have secured the Intranet and Apps, the user can browse perfectly and there are no issues however if the users selects when in a library "Open in Explorer" they receive a generic error stating that "Device attached is not functioning".

    Since then I have not managed to resolve this issue with the use of SP Apps as well.

    Wednesday, August 13, 2014 8:34 AM