ARGH: Large WebDAV PROPPATCH requests fail with 401/401.5
I had a case recently where one of our products, Duet, was doing a large PROPPATCH against Exchange 2003 and it was failing with a HTTP 401 error. The customer noticed that small PROPPATCH requests succeeded, but large ones (bigger than say 25 KB) would fail. Well, we knew that it couldn't be a permission problem, because small ones succeeded, right?
After more digging around and more test scripts, we discovered that large PUT requests worked just fine and that the large PROPPATCH would work for Exchange Admins. The clues are starting to come together. I was immediately reminded of a known issue with CDOSys where large attachments are first cached to the TEMP directory before being sent via transport . If the user executing the code does not have permissions to the temp directory, they get an 80004005 Access Denied when they try to Send the message. Could we be doing something similar with WebDAV, writing the request to the disk first for large requests?
Sure enough, a FileMon indicated that we would receive an ACCESS DENIED when trying to create a file in the C:\WinNT\Temp directory called something like $ETn.tmp, where n is an integer that increments.
In my test environment, where I had previously been unable to reproduce the customer's problem, granted Authenticated Users the ability to Create Files, Write, and Read from this directory. By adding an explicit Deny ACE to this folder for my test user, I was finally able to reproduce his behavior exactly.
If your Exchange or IT Admins have locked down your server by modifying or removing this ACE, try giving your test user Modify permissions on the C:\WinNT\Temp directory and see if you don't get a better result.
Comments
Anonymous
September 24, 2007
Hi Patrick, Do you know if this would also fail for really large BPROPFIND requests? Say I got a href list of approximately 17000 items (an XML text file on disk is ~2MB), and I want to do a BPROPFIND on all those items for various properties. Would a 401 return as well? Thanks!Anonymous
October 04, 2007
The comment has been removed