Marc Lognoul's IT Infrastructure Blog

Cloudy with a Chance of On-Prem

SharePoint: SNI vs. Windows WebDAV Client

2 Comments

Introduction

SNI stands for Server Name Indication, an improvement to the SSL/TLS protocol recently added to Windows (from Windows Server 2012/IIS 8). Its purpose is to allow using multiple SSL certificates on the same web server’s IP address and port. In a certain sense, you could say it is to HTTPS what host header is to HTTP. Similarly to host header, this feature must be implemented in both client and server sides because it relies in additional information’s passed as part of the SSL handshake process initiated by the client. As consequence, older browsers (as well as older client applications in general) are not compatible.

The Problem

Now SharePoint comes into the picture. One key client functionality is the Explorer View exposed by Windows WebDAV Client. Although Microsoft continuously updates its browser, the WebDAV client did not recently receive any update to support SNI. Therefore, if you configure SharePoint together with IIS to use HTTPS using SNI, Windows Explorer browsing SharePoint will simply stop functioning displaying an error such as “A device attached to the system is not functioning”. The problem will sadly occur with Windows 8 as well but is fixed from Windows 8.1.

Workarounds

There is currently no real solution and very few workarounds:

  • On IIS: Use unique combination of web application, certificate and IP address and/or port. Every time a new web application is created on SharePoint, you will have to reconfigure it on each server in the IIS configuration in order to use another IP address or another port.
  • On Windows/HTTP.sys driver: Use a fallback certificate. This blog post details the procedure to do so: How to support non-SNI capable Clients with Web Application Proxy and AD FS 2012 R2
  • On a hardware load balancer: identically to what can be done on IIS, a unique virtual IP address for each web application together with its own certificate can be used. On the SharePoint side, you can whether use no certificate at all or a used self-signed one.

More Information

Advertisements

Author: Marc Lognoul

Relentless cloud professional. Restless rider. Happy husband. Proud father. Opinions are my own.

2 thoughts on “SharePoint: SNI vs. Windows WebDAV Client

  1. Sp2013 on server 2012. We use sni and explorer view works on every windows OS with the exception of 8.1. Why do we only have the issue with 8.1?

    Like

  2. Hi there. Honestly no I have no idea why it would specifically fail with Windows 8.1. Have you tried tracing traffic with Message Analyzer or equivalent tool? What’s the error message you get?

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s