Logo Questions Linux Laravel Mysql Ubuntu Git Menu

'net use' over SSL fails unless port 443 is specified

We are attempting to connect to a WebDAV server using net use over SSL. On some servers we're seeing an issue in which this connection only succeeds if we specify port 443 in the URL.

Does Map

net use * "https://example.com:443/folder"
net use * "\\example.com@SSL@443\folder"

and, bizarrely, so does this: net use * "\\example.com@SSLasdf\folder"

Does Not Map

net use * "https://example.com/folder"
net use * "\\example.com@SSL\folder"

In the non-working cases we consistently receive the following error:

System error 67 has occured.
The network name cannot be found.

We have noticed some things that might be useful information:

  • We have a test server that's configured the same way as the prod server and it works as expected.
  • In the non-working cases, no incoming requests are ever seen at the prod server from the failing host.
  • All clients are based on the same image.
  • The problem does not manifest uniformly on all clients -- some work, some don't.
  • There is an existing, valid entry for example.com in the client DNS cache.
  • Flushing the client DNS cache of the affected servers does not resolve the problem.
  • Once the problem appears, it seems to stick. That is, if I execute one of the working mappings, delete it, and then immediately execute one of the non-working mappings, the problem persists.

We are utterly stumped. Any theories?

like image 348
John Hoerr Avatar asked Jan 24 '13 21:01

John Hoerr

People also ask

Does SSL have to be on port 443?

Today, we'll answer one of the most common questions we get: “What port does SSL use?” Or, to put it other way that people ask: what are some of the most common SSL certificate port numbers that are used?” And the answer is none. SSL/TLS does not itself use any port — HTTPS uses port 443.

Can I use another port other than 443 for SSL communication?

Short answer: yes, you can! Long answer comes here: Can I use another port other than 443 for SSL communication? SSL is in no way tied to a single port value; in fact, as a protocol, it can be used over any transport medium, as long as that medium provides a bidirectional stream for arbitrary bytes.

What port should I use for HTTPS?

Because data can be sent with or without the use of SSL, one way to indicate a secure connection is by the port number. By default, HTTPS connections use TCP port 443. HTTP, the unsecure protocol, uses port 80.

Can we change HTTPS port number?

You can change the default port numbers for HTTP and HTTPS protocols.

2 Answers

You are seeing different behaviors because you are connecting using different names. Once a name has been attempted and failed, the WebClient (this is the service that enables WebDAV) will cache the response for a period. To clear the cache, locate the WebClient service in the Services console and restart it. Or from an administrative command prompt execute the following command:

net.exe stop webclient && net.exe start webclient
like image 170
Geoffrey McGrath Avatar answered Sep 24 '22 15:09

Geoffrey McGrath

We ultimately determined that we were mis-interpreting the System Error 67 that net use was returning. We discovered two interesting things:

  1. In the event that the WebDAV returns a 404 or a 50x on the initial, root folder PROPFIND, net use will (rightly) interpret this as the root folder being unavailable. The fact that it says the network name could not be found let us to believe that the problem was with the name resolution, but it was really just saying, 'hey, I couldn't find anything at this path.'

  2. If 'net use' fails due to a 404/50x, it appears that for a brief period of time it will automatically fail any additional mappings for that same host without issuing a request. For example, if net use http://me.com/foo returns a 404, then net use http://me.com/bar will instantly fail if made in rapid succession to that first call, and no request record will be seen in the WebDAV server logs.

My best guess is that appending the @443 port didn't make any real difference. What it perhaps did do was to trick net use into thinking it was talking to a different host, at least for the purposes of its 'auto-fail' feature. But that's just a guess.

like image 38
John Hoerr Avatar answered Sep 23 '22 15:09

John Hoerr