Owncloud 9.1.1-1.2 / MacOS Sierra: CardDAV not working [solved]

I am using the latest ubuntu 16.04 build of owncloud (9.1.1-1.2). I cannot get CardDAV working with Mac OS Sierra.

When trying to add a CardDAV account and specifying the server address, path and port, I always receive "unable to verify account name or password". I have found out that there has been an issue with the "well-known" path https://doc.owncloud.org/server/9.0/admin_manual/issues/general_troubleshooting.html, but the .htaccess file already contains the correct rewrite rule and the error persists if I leave out the path on the server.

Interestingly, I do not see any error / warning in owncloud's log files...

Are others experiencing the same problem?

Which URL are you using to access your contacts?

I have tried

...everything resulting in the same problem

You can get the correct URLs of each adressbook in the contacts app. Make sure you're using exactly these.

If that won't work ask for support on a MacOS X community how to debug such issues on Mac OS X side. Especially as there is still a know bug from Apple side:

https://github.com/owncloudarchive/contacts/issues/1058

Sorry, completely forgot to mention. There are a few things what could be wrong from server side which you can check:

  1. Your webserver setup is messing around with the WebDAV/CalDAV/CardDAV interface of ownCloud
    -> See this FAQ: https://central.owncloud.org/t/how-to-fix-caldav-carddav-webdav-problems/852

  2. The .well-known URLs are not redirecting correctly (as you see in your posted link)
    -> Open http://example.com/.well-known/caldav and http://example.com/.well-known/caldav in your browser
    --> These needs to redirect to http://example.com/remote.php/dav

  3. You're using a strong password with special chars not supported by WebDAV

Those are the points which could be wrong from server side. Anything else needs to be debugged from Mac OS X site as advised above.

Thanks for the hints.

I guess my server is running correctly, since CalDAV works (even with Mac) and CardDAV works with my iPhone (so no password issue). The ".well-known" redirect is working as well. Two things:

  • So the docs mentioning /remote.php/dav/principals/USER can be used for CardDAV is actually wrong/outdated? (You mentioned that it has to be the exact URL of the adressbook - which by the way did not work as well, same problem)

  • Any hint how to log the URL requests on the server side? I somehow would like to check if URL requests are valid. I have not done extensive debugging before and am a little puzzled about the correct layer to turn on debugging (apache? php? owncloud)? I guess apache, but am not sure what flag to set in the sites-enabled/owncloud.conf...

(One more note: The bug you have described referenced to me seems to be related to the .well-known redirect, correct?)

Hi,

there are no docs for contacts / calendars in oC9+ so you're mostly referring to an outdated / non-existent documentation here.

I would say the Apache access and error logs. However if there is a bug in the client you mostly won't get that much logs on server-side.

There are various issues discussed in that bug. Some users managed to workaround the bug in Mac OS X by using the .well-known redirects but other failed.

It seems that someone already commented this in Apple Community https://discussions.apple.com/thread/7707693. Indeed, I have found the similar error messages in my Console.

1 Like

I had the same problem with Calendar. No matter what I did in ownCloud9, I got "Unable to verify..."
Unfortunately I do not have copies of the logs, but I saw when macSierra Calendar was attempting to contact ownCloud, it was doing so on :8443 (TCP port 8443).

I found in "TCP and UDP ports used by Apple software products" at https://support.apple.com/en-us/HT202944 that
8443 TCP iCal service (SSL) - pcsync-https Mac OS X Server v10.5 and later. Was JBOSS HTTPS in Mac OS X Server 10.4 and earlier.

So in the macSierra Calendar app, when I "Add a CalDAV account" I use "Account Type: Advanced" so I could specify "Port: 80". (Intranet so I am not concerned with SSL or m-i-m attacks.)

I do not use CardDAV, but I think there may be a similar problem. Note in the above referenced document,
it says port 80 is used for Calendar & WebDAV, which is the port ownCloud expects Calendar connections will be received. (Also port 443) Notice that it also says ports 8800 & 8843 are used for "Address Book Service".

I know enough about Ubuntu Linux to use the ownCloud "Preferred Installation Method". Is there a way to configure Apache2 to Listen to other ports besides 80 & 443? That would resolve the problem on the server side. Otherwise each client seems to have to configure Calendar on macSierra to explicitly use port 80 (or 443). I do not know how or if this can be done for CardDAV.

It seems that macSierra is now using the same ports as Mac Server for Calendar. So maybe this applies to Address Book/Contacts?

1 Like

Unfortunately, this is not the case. My owncloud server is running at a special port above 8000 (with SSL), and have configured the account in "advanced" accordingly without success. I have also tried both, (i) switching of SSL and (ii) "downgrading" the port to a privileged one like 80, also without success.

The same problem "Unable to verify user name or password" persists also after upgrading to the newest Sierra update 10.12.1 today. I am still puzzled how to continue debugging on the Mac side... does anyone have any experience with setting up Wireshark on a Mac such that outgoing http requests can be inspected easily?

In the linked Mac Community, I have posted a work-around how to at least create the CardDAV account on Mac OS Sierra (owncloud needs to run on port 8843 with SSL turned on, regardless of the account settings). Now the apache logs show a few "PROPFIND" and "OPTIONS" entries for the URL of the addressbook, but also for /remote.php/dav/principals/users/USERNAME and /remote.php/dav/addressbooks/users/USERNAME (i.e. without the following specific addressbook name) - and unfortunately the contacts do not show up in the "contacts" app.

Okay, finally I have managed to get things working here. As mentioned in my previous post, due to a bug in Mac OS Sierra (which I have filed using apples bug reporter), port 8843 on the owncloud server must point to owncloud, which is possible on my Ubuntu host with

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 8843 -j REDIRECT --to-port ORIGINALOWNCLOUDPORT

(I have installed the ubuntu package iptables-persistent afterwards for setting the rule during boot), but copying the URL for the server path from the web owncloud contacts app (as suggested above) does not seen to work - the contacts list in the addressbook stays empty. The trick (and this seems to be a current problem in owncloud?) is to use the following URL

/remote.php/carddav/principals/USERNAME

Two notes:

  • /remote.php/dav/principals/USERNAME (which is suggested for CalDAV) does not work
  • The apache log files contain a line "REPORT" for the URL /remote.php/carddav/addressbooks/USERNAME/NAMEOFADDRESSBOOK, while the web contacts app lists /remote.php/dav/addressbooks/users/USERNAME/NAMEOFADDRESSBOOK`
3 Likes

Could you please post the link to the Bug report you filed with Apple?
As of Mac OS Sierra 10.12.3 I am running into the same initial issue and would love to
see Apple fixing this compability issue.

You need to log on to https://bugreport.apple.com with your apple ID and the search for problem ID 28978267 - title is "CardDAV account setting always uses port 8843 with SSL (Mac OS Sierra)". Unfortunately, the status has not changed up to now after I have reported it last October, so it might make sense to post a few "me too"...

Hey guys,

I solved this problem without any coding oder logfiles. I had the same problem but it works with macOS Sierra!
Here is the workaround:
Accounttype: Advanced
user and password should be there
serveradress: https://www.example.com
serverpath: /owncloud/remote.php/dav/principals/users/USER
Port: 443
Use SSL
Use Kerberos v5 ...
thats all
Try it.

1 Like

None of the above solutions worked for me in Mac OS Sierra. I was trying several options in the Advanced option (because I run owncloud in a special port and needed to insert it somewhere).
Finally I could get access to my owncloud server (CardDAV module) in the following way:
- In the Add Account window I choose the "Manual" option;
- I entered with username and password;
- In the server address I entered with a complete address in one line, i. e.,
https://EXAMPLE.COM:MY_SERVER_PORT/owncloud/remote.php/dav/principals/users/USERNAME
I was sure about the values of USERNAME, PASSWORD and MY_SERVER_PORT because I can have access to the server with these very same values from iOS and Android.
It seems that there is a bug in MacOS contacts client software, as it cannot compose the correct server link from the separated parameters we give to it. When we write manually the complete server link, as shown above, there is no need to compose the link and the login process succeeds.
I hope this solution could be useful to someone.

This worked like a charm..... Thanks man .. you made my day :smiley:

None of suggested options above worked for me with nCloud and macOS Sierra (I have got a very strong password with wildcards...)
Here is what worked for me :

login : your login
password : your password
server : https://[server_address]:443
chemin : /remote.php/dav/principals/users/[username]
port : 443
use SSL

Just wanted to mention that for me El Capitan did not work but Sierra did. (I tried several different URL formats etc)
So.. it's complicated :frowning:

Hi everyone. I came across this same issue. Everything with my ownCloud installation was working perfectly expect this one thing, and it was driving me a bit nuts. Playing around with different link combinations (principals, users, dav/carddav, etc) I eventually figured that if entering a certain server path (ie. /owncloud/remote.php/dav/principals/users/USER) resulted in the macOS settings accepting the entry, the server was obviously telling my mac that this address was fine, and that there was in fact an addressbook accessible there. When looking in the Contacts settings, under the General tab, you'll see a Default Account dropdown box. If your ownCloud server is listed here, that means the system has registered it properly.

So the settings were fine (apparently) but my Contact list remained empty. I then tested it by creating a new contact.. and voila! All my contacts showed up. It seems the first sync is not automatic, and so you have to actually push something new to the server.

So if macOS accepts the settings/username/password you give it, the server is giving it the OK. Try forcing the first sync with some new info and see if that helps. For reference, my complete settings in macOS Sierra are:

New Account: Carddav
-> Advanced
[username]
[password]
Server Address: https://owncloud.example.com
Server Path: /owncloud/remote.php/dav/principals/users/[username]
Port 443
SSL: Checked

Good luck! This can be frustrating, I know.