Tons of PROPFIND erros (503 Service Unavailable)

bozand · July 24, 2025, 7:52am

Hi there,
I host an ownCloud server instance (10.15.2) on Ubuntu 22.04.5 LTS with MariaDB 10.6.22 and php 7.4.33. My ownCloud instance is reverse proxed by an nginx (on a different machine), that does the SSL Offload and communicate with the ownCloud web server via http:

ownCloud Client → nginx (443) → owncloud Server (80)

The installation seems to be fine; the users can sync their files and access both via web and client.

Unfortunately I see on the web server log tons of 503 errors, so I checked the owncloud.log and see tons of these errors:

{“reqId”:“8f6fbaa6-3eae-456f-a8db-a14a264535d2”,“level”:4,“time”:“2025-07-18T12:40:47+00:00”,“remoteAddr”:“xx.xx.xx.xx”,“user”:“the-name-of-the-user”,“app”:“webdav”,“method”:“PROPFIND”,“url”:“/remote.php/webdav/”,“message”:“Exception: HTTP/1.1 503 Sabre\DAV\Exception\ServiceUnavailable: The user must reset their password.: {"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable","Message":"Sabre\\DAV\\Exception\\ServiceUnavailable: The user must reset their password.","Code":0,"Trace":"#0 \/var\/www\/owncloud\/lib\/composer\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php(180): OCA\\DAV\\Connector\\Sabre\\Auth->check()\n#1 \/var\/www\/owncloud\/lib\/composer\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php(135): Sabre\\DAV\\Auth\\Plugin->check()\n#2 \/var\/www\/owncloud\/lib\/composer\/sabre\/event\/lib\/WildcardEmitterTrait.php(89): Sabre\\DAV\\Auth\\Plugin->beforeMethod()\n#3 \/var\/www\/owncloud\/lib\/composer\/sabre\/dav\/lib\/DAV\/Server.php(456): Sabre\\DAV\\Server->emit()\n#4 \/var\/www\/owncloud\/lib\/composer\/sabre\/dav\/lib\/DAV\/Server.php(253): Sabre\\DAV\\Server->invokeMethod()\n#5 \/var\/www\/owncloud\/lib\/composer\/sabre\/dav\/lib\/DAV\/Server.php(321): Sabre\\DAV\\Server->start()\n#6 \/var\/www\/owncloud\/apps\/dav\/appinfo\/v1\/webdav.php(67): Sabre\\DAV\\Server->exec()\n#7 \/var\/www\/owncloud\/remote.php(165): require_once(‘\/var\/www\/ownclo…’)\n#8 {main}","File":"\/var\/www\/owncloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","Line":172}”}

{“reqId”:“75f6fe06-b660-4907-be85-a4641408ae7f”,“level”:0,“time”:“2025-07-18T12:40:48+00:00”,“remoteAddr”:“xx.xx.xx.xx”,“user”:“the-name-of-the-user”,“app”:“OC\Authentication\AccountModule\Manager::check”,“method”:“PROPFIND”,“url”:“/remote.php/webdav/”,“message”:“IAccountModule check failed: The user must reset their password., 1907”}

I changed the password of the ownCloud users, it seems to solve for short time but after some time the tons of errors appears again.

Could someone please help me in directing the investigations? I tried to search on the community, but I didn’t find a similar problem.

Thanks very much!
AB

LinkP · July 25, 2025, 12:28am

Do you have any DAV clients that might be using app passwords? If so, you might try giving them new app passwords.

bozand · July 25, 2025, 5:26am

Dear LinkP,
thanks for your reply!!

All users use ownCloud only via browser or the official client. Furthermore, based on the official documentation, my ownCloud server configuration includes this:

Dav off

which should disable access from DAV clients… or am I wrong?

I also tried commenting out these three configuration lines, but the problem still occurs.

Any other ideas and/or suggestions?

Thanks in advance.
AB

LinkP · July 25, 2025, 5:56am

I was thinking of CalDAV and CardDAV access of calendars and contacts.

bozand · July 25, 2025, 6:59am

Unfortunately, no. Users have told me they haven’t set caldav/cardav. If in doubt, is there a way to check this on the server side / admin side?

LinkP · July 25, 2025, 1:36pm

I don’t know, but the creation of app passwords is handled in each user’s own settings. Are you able to identify the user from the logs? Is it always the same user?

Ethanjohn · July 26, 2025, 11:44pm

Thanks for the detailed breakdown. I’ve run into similar 503 PROPFIND issues before, and in my case, it was related to the user account being flagged for a forced password reset. Maybe check if some policy or external auth integration is re-triggering that requirement periodically? Would be curious to hear if you find a stable fix.

bozand · July 28, 2025, 7:10am

Hi @Ethanjohn and @LinkP
Thanks for your suggestions, thanks to which I believe (and hope) I’m on the right track.

I have a password policy that requires passwords to expire every 90 days, and I believe the issues I’m experiencing occur when the password expires, isn’t changed, and the client continues to try to authenticate with the expired password.

In the next few days I’ll do some tests on this, such as setting an application password (which doesn’t expire) and I’ll give you a feedback.

Best regards.

bozand · August 6, 2025, 7:41am

Hi,
for users who were having authentication issues, I had them create an application password to use in the ownCloud client.

However, I noticed that when I change the user password (not the application password), the next time I log in to the ownCloud client, an authentication error appears and the user is asked to re-enter the password. Is it normal that when a user password is changed, the application password also stops working and he’s forced to generate a new application password?

Perhaps I’m mistaken, but I thought application passwords didn’t expire, even when changing user passwords.

Thanks very much!!
AB