Calender connection with Thunderbird fails - 401 unauthorized

Steps to reproduce

  1. In the Thunderbird calendar app click “new calendar”
  2. enter all info - incl. location , show reminders, offline support
  3. click OK to connect to the owncloud calendar

Expected behaviour

Calendar connection should be successful and show all entries in the calendar

Actual behaviour

Calendar is added to the list of calendars but is imediately greyed out and checkbox unchecked. Calendar entries are missing.
The Error console shows this:
PROPFIND https://domain/owncloud/remote.php/dav/
[HTTP/1.1 401 Unauthorized 233ms]

Connection to a different Calendar app (Baikal) on the same (shared host) server works fine with Thunderbird.
The connection to the Owncloud calendar with Davdroid works fine.
That leads me to the assumption that neither it’s a problem with Thunderbird, nor with the webserver config .
Rewrite module is enabled and Thunderbird network.cookie.same-site.enabled;false was changed from true . Both didn’t help.

I’ve also tried a fresh Thunderbird installation on Windows 10 (different OS) but with the same result.

Server configuration

Operating system:
CentOS

Web server:
Apache 2.2

Database:
dbtype": “mysql”,
“version”: “10.0.10.4”,

PHP version:
PHP/5.6.39

ownCloud version: 10.0.10.4

Updated from an older ownCloud or fresh install:
Updated from OC 8.2 (or so)

Where did you install ownCloud from:

Signing status (ownCloud 9.0 and above):

The content of config/config.php:

https://gist.github.com/hermann-san/609bf64cd406a1cfc7efd09aaf454d14

        "ownCloud version": "10.0.10.4",
        "ownCloud version string": "10.0.10",
        "ownCloud edition": "Community",
        "server OS": "Linux",
        "server OS version": "Linux hostname 2.6.32-696.18.7.el6.x86_64 #1 SMP Thu Jan 4 17:31:22 UTC 2018 x86_64",
        "server SAPI": "cgi-fcgi",
        "webserver version": "Apache\/2.2.15 (CentOS)",

dbtype": "mysql",
        "version": "10.0.10.4",

or 


**List of activated apps:**


**Are you using external storage, if yes which one:** local/smb/sftp/...
No

**Are you using encryption:** yes/no
https

**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
No

### Client configuration
**Browser:**
Firefox

**Operating system:**
LInux Mint 17  (Utunut 14.04)

### Logs
#### Web server error log

#### ownCloud log (data/owncloud.log)

{“reqId”:“eECjZID0sC20fSGfIoqh”,“level”:0,“time”:“2018-12-08T02:31:52+00:00”,“remoteAddr”:"..*.162",“user”:"–",“app”:“OC\Authentication\Token\DefaultTokenProvider::getToken”,“method”:“HEAD”,“url”:"/owncloud/remote.php/webdav/Notes/Unsynchronized%20Note%20from%20previous%20version.txt",“message”:"token 44b4ad128097a811e8fdad56bc1102dcac5654f520785800a932965cf3323f6070d6b02bc6cccca8ffb4832a91d042e22fca1e6cd94f1546d327342d25175ffa does not exist"}


#### Thunderbird log


Hey,

this looks quite strange:

From what i know you need to enter the full URL of the calendar like:

https://domain/owncloud/remote.php/dav/calendars/myusername/mycalendar

from what i have read this could be the source of your problem. When answering to a different thread i was stumbling over the following documentation:

https://doc.owncloud.org/server/administration_manual/installation/system_requirements.html#server

where “mod_php” is listed as a requirement. Maybe this different server module is causing your authorization problem?

1 Like

Hi Tom,
I’ve tried that as well and it didn’t work.

Davdroid works just fine. If mod_php would be a problem, then Davdroid should also have a problem, isn’t it?

Hey,

i think it could depend on how the clients (e.g. Davdroid works, Thunderbird not) sends the authorization information. Maybe Thunderbird handles this different and has some issues with connecting to the ownCloud server?

I just encountered this situation. It affected my calendars and my address book. Once the initial panic subsided, I made similar determinations as those shared in the OP. DavX5 (FKA Davdroid) was working. Only Thunderbird was failing.

I had just added Duo and OAuth to my ownCloud the night before, so I spent a little more time than necessary focused on app passwords. Once I found the 401 response in the Thunderbird error console, I performed further diagnosis using private browsing of the DAV URLs in Firefox.

I was able to implement a workaround from the following findings. The URLs as shown in ownCloud are listed below under the label of ‘not working’ since they failed to trigger an authorization request and just failed immediately, The ones labeled ‘working’ provided the necessary HTTP authorization prompt.

CalDAV
Not working:
https://owncloud.example.com/remote.php/dav/calendars/[username]/defaultcalendar/
Working:
https://owncloud.example.com/remote.php/caldav/calendars/[username]/defaultcalendar/

CardDAV
Not working:
https://owncloud.example.com/remote.php/dav/addressbooks/users/[username]/contacts/
Working:
https://owncloud.example.com/remote.php/carddav/addressbooks/[username]/contacts/

1 Like

awesome :heart_eyes:
Thank you very much for sharing your solution!
It also worked for me.

I guess that Owncloud devs should provide a fix so that dav is also accepted , in addition to caldav and carddav

I’m only using the dav-version of the links from within TB, and everything works like a charm.

TB 60.6.1 (64-bit)
Lightning 6.2.5
CardBook 34.7
ownCloud 10.1.0.4

1 Like

Mine was fine with the dav links right up until I added Duo and OAuth apps.

I added both during the same evening prior to noticing that I was hitting 401s in Thunderbird, so I can’t really narrow it down further than those two apps for now.

I’m glad to have a functioning workaround in place until I can do further testing.

I don’t have a Duo app installed but OAuth2 - 0.3.0 . Maybe that’s the culprit then.

1 Like

I’d like to see OAuth support for CardDAV/CalDAV in Thunderbird (technically SoGo Connector & Lightning in my case) just like it does with Google accounts, but that’s input that I need to provide over on those projects rather than here.

Some time ago I’ve also opened a defect in bugzilla (for Lightning) for my problem.

1 Like

Hey,

maybe you could tell the ownCloud devs your issue when using the OAuth app and they could fix possible issues originating from it?

From what i know the bugtracker of OAuth app is available here:

Hey, when reading OAuth2 again i just have remembered the following post of @karakayasemi:

Could it be possible that you need to use such app passwords for Thunderbird as well?

I don’t think that I’ve configured 2 factor authentication with Owncloud, unless this is the default configuration, which I have some doubt that it is the case. There is another Owncloud app for 2 factor authentication https://marketplace.owncloud.com/apps/twofactor_totp which I don’t have installed. So I don’t think that is the problem.

I have even deactivated the OAuth2 app, but the issue persists. So it’s probably not OAuth that is the problem.

While the workaround from LinkP works well for 1 single calendar, it doesn’t if I add a second calendar with different username and password. Then a similar thing happens as before. There is no password prompt for the second calendar. Hence the second calendar is not working. I get a triangle on the calendar name with this error message when I hover with the mouse arrow on that traingle:

Thunderbird calendar 'momentarily not available

I’ve reproduced this problem on a different PC with Windows TB instead of Linux TB. Once I remove my primary calendar, restart TB and add the secondary calendar, then this calendar works fine. So it’s not an issue with the secondary calendar itself, but simply 2 calendars at the same time with a different user name and password.

So my problem is only partly solved. For the time being I’ll use a second TB in a virtual machine for my other calendar, but that is of course also only a workaround that is not ideal.

Hey,

then i think it would indeed make sense to report this to the ownCloud developers. If the OAuth2 app isn’t the problem then maybe the following bugtracker could fit: https://github.com/owncloud/core/issues

maybe this could help here:

https://stijn.tintel.eu/blog/2015/09/03/thunderbird-lightning-and-multiple-caldav-accounts-on-the-same-server

It seems a “calendar.network.multirealm” setting in Thunderbird is required if you want to use multiple accounts on the same server.

1 Like

I just found this by luck but unfortunately i can’t find any information on this https://doc.owncloud.org.

If this is working / required maybe we can notify the documentation writers as explained in https://owncloud.org/news/owncloud-documentation-contribute/

great, same server account was the problem. :slight_smile:
at least on Windows, but on Linux I do now get a log-in prompt and the credentials are accepted, but the calendar is not loading. The triangle is still there. There is also some info available here, but I think I will just wait until I’ve upgrade my Mint installation soon and hope it will work right away.

I don’t quite get why multirealm is not enabled by default in TB. A regular user would have no chance of solving this issue. Even I , with my years of experience in IT was not even able to find the solution on the internet myself.

Since this is a TB issue, the documentation should be in really in Lightning documentation. But, yes in the Owncloud doc’s it would be also good.

Anyways, thanks for your help.

Update: I’ve unsubcribed from the second calendar, close TB and reopened it. Then added the calendar again and for some reason it worked. I have to say that I did this a few times before. I’ve not idea why it now works.
Either way , this issue is now also solved …until the next installation :roll_eyes:

Update 2: it looks like Cardbook has the same multirealm issue with CardDav. I’m not able to add 2 addressbooks from the same server. But since this is not critical to me, I will just leave it.

1 Like

Hey,

i’m not sure if the linked mozilla bugreport is related. From what i know/have read in the ownCloud is using Basic authentication but the bugreport is about Digest authentication.

But it seems a few other open bugreports are available there about calendar.network.multirealm:

maybe these are related?

I think as well. Maybe some one could open a ticket (unfortunately i don’t have a github account and currently have no plans to create one) in the issue tracker as described in https://owncloud.org/news/owncloud-documentation-contribute/

1 Like

It works fine for me with an app password and the adjusted URL I shared earlier.

Hey,

so if i understand this correctly one URL works with an app password where another one doesn’t? If this is the case then i think it is really required to open a bug report to the ownCloud devs.