We have an existing WebDAV installation with an Apache mod_dav was WebDAV drive hosted at an SSL protected URL with CA issued certificate and basic authentication. MacOSX and Windows < 10 have been able to connect for a number of years.
With the exception of one machine, new Windows 10 machines fail to connect to this WebDAV server. An attempt to map the network drive results in the basic authentication credentials being asked twice, and then the following error appears:
The mapped network drive could not be created because the following error
has occurred:
Mutual Authentication failed: The server's password is out of date at
the domain controller.
More specifically, when the "Finish" button is pressed in the Map Network Drive dialog, a username and password is requested - this dialog is shown before attempting to make any kind of connection to the WebDAV server. A valid username and password is entered, and at this point an approximately 6 second delay is experienced while a dialog is shown saying "Attempting to connect to". After this delay a single request arrives at the WebDAV server looking like this:
PROPFIND /shared HTTP/1.1
Host: 127.0.0.1:8022
User-Agent: Microsoft-WebDAV-MiniRedir/10.0.10586
translate: f
X-Forwarded-For: xx.xx.xx.xx
X-Forwarded-Host: x.x.x
X-Forwarded-Server: x.x.x
Connection: Keep-Alive
The above request contains no authentication headers, and so the WebDAV server responds as expected with the following:
HTTP/1.1 401 Unauthorized
Date: Wed, 13 Jan 2016 14:18:10 GMT
Server: Apache/2.4.12 (Unix)
WWW-Authenticate: Basic realm="Xxx Xx"
Content-Length: 381
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
[content]
Immediately after receiving this response the Map Network Drive dialog asks for a username and password again. Entering the same username and password triggers a second approximately 6 second delay, after which the "Mutual authentication error" appears without any attempt being made to contact the WebDAV server.
Some notes:
There is no domain controller, this is a simple secure WebDAV server protected by Basic Auth and SSL.
One Windows 10 machine works fine, we do not know what is special about this machine, and all new Windows 10 machines fail.
We tried changing the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\ BasicAuthLevel to 2 and it made no difference (as expected, the original value was 1, and we are using a CA issued SSL certificate).
Has anyone encountered this problem before?
gpedit.mscbranch Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, the values of all entries that start withNetwork security:.certutil -urlcache * delete. In gpedit the properties that might have effect have names that start with "Network security:".