Webdav on IIS 6.0 Troubleshooting
Web Distributed Authoring and Versioning (WebDAV) extends the HTTP/1.1 protocol to allow clients to publish, lock, and manage resources on the Web.
Integrated into IIS, WebDAV allows clients to do the following:
• Manipulate resources in a WebDAV publishing directory on your server. For example, users who have been assigned the correct rights can copy and move files around in a WebDAV directory.
• Modify properties associated with certain resources. For example, a user can write to and retrieve a file's property information.
• Lock and unlock resources so that multiple users can read a file concurrently. However, only one person can modify the file at a time.
• Search the content and properties of files in a WebDAV directory.
The steps for setting up a simple Webdav publishing directory can be found at the following knowledge base location : http://support.microsoft.com/kb/323470
Webdav is a pretty straight forward protocol , however there are a number of things one needs to keep in mind while configuring it and using .
In addition to the above mentioned benefits of Webdav , it comes in handy specially in scenarios where one wants to setup a secure FTP site , as this is the only alternative available on IIS 6.0 . By default FTP is not a secure protocol and the username and password are sent across as clear text, to be more specific it is a hashed value , and can be easily decoded , making it quite vulnerable . Off-course the entire question depends on whether security is a major factor or not.....which I think is quite a rhetorical question to ask.
Note : On IIS 7 We can have FTP over a secure channel (FTPS) giving it more security options... but then again that’s a completely different topic.
By-default webdav doesn’t have a security measure which we can enable with a simple click or tick , however we can couple it with Basic Authentication in IIS and SSL to make it quite secure. But I’ll discuss more on this a little later .
There can be numerous frontiers to explore on Webdav , however in this article I’ll be covering some of the most common issues with webdav configuration and share my personal experience while working on one of my recent cases.
Webdav can be accessed through one of the following webdav clients ( using Microsoft technologies) :
• Windows clients (Windows 2000 and Windows XP): Connect to a WebDAV directory by adding the directory to the list of Network Places and display the contents as if it were part of the same file system on your local computer. Once connected, you can drag and drop files, retrieve and modify file properties, and complete many other file-system tasks.
Note: As far as Windows Vista is concerned , It behaves a little differently and I’ll discuss that later in this article .
You can also connect using the command-line client (known as WebDAV Redirector). This client allows you to use existing applications across the Web and share files through firewalls and proxy servers.
• Internet Explorer (versions 5.0 and 6.0): Connect to a WebDAV directory by opening the target directory as a Web folder and complete the same file-system tasks as Windows clients.
• Microsoft Office products (Office 2000 and Office XP): Create, publish, edit, and save documents directly into a WebDAV directory through any application in Office 2000 or Office XP.
Note : After the Webdav Configurations on Windows Server 2003 testing the Webdav from the server itself is not a very good idea. It is always best practice to test its working from a client machine. After all that’s the whole intention of setting up webdav right, using from client machines .
In general the one should keep in mind the following steps while configuring Webdav on IIS 5.0 or IIS 6.0 :
· Create the webdav user account(s)
· Give the user “log on locally permissions”
· Enable Webdav from Web service Extensions (only on IIS 6.0)
· Create the content folder
· Create the website (or virtual directory) with directory browsing and write
Permissions
· Adjust “Security tab” (NTFS) permissions on the content folder
· Adjust “Web Sharing tab” settings on the content folder
· Test with browser using File > Open > open as webfolder > http://www.fqdn.com/virtdir
Note : Preliminary: If the webserver is a Windows 2000/IIS5 box, I highly recommend that
you ensure that the machine is on latest service pack and latest cumulative fixes.
This can save from many headaches as there were many functionality and security
inclusions particularly in the various service packs for Windows 2000.
Common Issues with Webdav Configuration :
1. As Mentioned earlier In IIS6, unlike IIS5, webdav must be enabled in the ISM’s “Web Service Extensions” before Webdav will ever work.
It should be (and probably will be ) mapped to c:\windows\system32\inetsrv\httpext.dll
However on a 64 bit Server make sure that the physical path for webdav from web service extensions is c:\Windows\syswow64\inetsrv\httpext.dll When the Enable32bitApponWin64 has not been set to TRUE. This can be easily checked by starting the windows task manager. If you see inetinfo.exe *32 or w3wp.exe *32 then the above mentioned switch has been set to TRUE in the IIS metabase.
Note : In IIS5 webdav will almost certainly be enabled by default. If there are problems with it working in IIS5, consider KB 241520 to see if someone disabled it in the registry (HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters > Value name: DisableWebDAV / Data type: DWORD / Value data: 1) and re-enable it by removing that key (or by setting its value to 0?). Otherwise check to see if there is a urlscan.ini which is denying webdav verbs. (A third alternative may be with appmappings and a fourth could pertain to ACLs on the httpext.dll? But that’s really getting ahead of ourselves here!) The exception for IIS6 may be that if IIS5 was upgraded to IIS6, webdav will probably be enabled by default.
2. Webdav Configured properly in the server However on tying to open as Webfolder from a
client machine we get the following error message :
Internet Explorer could not open http://www.fqdn.com /testvir as a web Folder. Would you like to see its default view instead?
Try to isolate the issue further .
· If the webdav folder is on local machine. Make sure proper NTFS permissions have been set.
· Make sure all the above mentioned steps to set up Webdav have been followed
· Try to access Webdav folder from different Client machines XP/2003 Client/Vista etc. It is observed that at times webdav related issues can be client specific.
· In case of Windows XP and Vista make sure that the Web Client Service is set to automatic and is currently started. You can configure this from Start>Run>services.msc>Web Client Service>Properties .
· Try to test Webdav from the network places and not from Internet Explorer. Make sure you delete the webdav folder that is created by default when one uses IE to test it , and then test webdav once again from network places.
3. Webdav Not working from Windows Vista Client machine :
Note : The Web Extender Client (codename Rosebud) is not shipped with Windows Vista, and WebDAV functionality in Vista is limited to the capabilities of the Web Client
service (the WebDAV redirector.) Applications written to leverage Rosebud and
previously working without issue on Windows XP machines may fail in Windows Vista.
Resolution :
=========
The additional WebDAV functionality of the Web Extender Client had been exposed
previously in Windows 2000 and Windows XP as the Web Folders component, MSDAIPP,
and was accessed in Windows 2000 via Windows Explorer and in Windows XP via the Add
Network Place Wizard. Web Folders have been not been included in Windows Vista, but
the Web Folders component is still available as part of a Microsoft Office
installation. Installing Office 2007 on a Windows Vista client experiencing Web
Extender Client-dependent connectivity failure resolves the issue.
Note on 64 bit System Compatibility :
Rosebud is a 32-bit component, so although it will install on a 64-bit operating
system, Explorer (shell, common dialogs, My Network Places, etc.) and other 64-bit
applications will not be able to use it. 64-bit applications will be limited to
leveraging the native Web Client service redirector for WebDAV. There are currently
no plans for porting this deprecated Windows component to future 64-bit versions of
the operating system.
In order to get Webdav Working Install the following update for windows vista available at http://support.microsoft.com KB 907306
Here is the Public Download Site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=17c36612-632e-4c04-9382-987
622ed1d64&DisplayLang=en
4. Webdav Configured to work with Basic authentication not working from Windows Vista Client machines :
By default basic authentication is turned off in windows vista and windows 2008 box's as a security measure . Because a user's credentials can be sent in clear text and can be possibly compromised, Windows Vista and Windows XP SP2 include functionality that permits you to enable or to disable the use of Basic authentication by the DAV redirector
When Basic authentication is disabled, either the client computer uses a different authentication method (if the server supports a different authentication method), or the request fails.
Resolution:
=========
Go to the following registry location: Start> run> Regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
By default the DWORD value UseBasicAuth is set to 1 in vista
Set this to a value of 2.
Restart the machine and if all other configurations are as expected webdav should be up and running using Basic Authentication.
Find the relevant information in the following KB 841215
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841215
As mentioned earlier since we don’t have a secure FTP in IIS 6.0 we can set up a secure webdav using Basic Authentication. However since Basic auth passes password as a hashed value which can easily be compromised , It can be coupled with a server certificate to enhance security .
Setting Up Webdav From Network Places in Windows Vista :
Please Visit the Following Website For step by step set up instructions along With useful screenshots
http://kb.wisc.edu/luwmad/page.php?id=6280
I have tried to cover some most common configuration issues while configuring Webdav. However there can be many more areas to explore for ex. Webdav Publishing folder from a remote location etc. I’ll try to cover these topics in my next post :)