[SOLVED] WebDAVModule: Cannot query authoring rules

WebDAVModule: Cannot query authoring rules

I am upgrading an IIS application server from Windows 2012 to Windows 2022. Naturally, IIS is being upgraded from v8.5 to v10 during the course of the OS upgrade.

The application hosted on this server is a file upload gateway. It accepts files via https:// using either POST or PUT. For the latter, we use WebDAV to process the PUT. (Our application, engineered as an HttpModule performs some "extension processing", we rewrite the name of the file placed onto our server and we log certain data to our application database. I mention this just for the sake of completeness. These features are working well when files are POSTed to the application server.)

In order to pre-test this migration, I set up a clone of our production server into a separate VNet so it won't conflict with the original production server. The original production server is in a domain, but user accounts for all file uploads are local accounts and the domain is not integral to the server's function. Therefore, I've exited the test server - in its separate VNet - from a domain which is simply inaccessible to it and I'd joined it to a workgroup - WORKGROUP.

I have two test cases set up in Postman, to test both POST and PUT. I've tested both of these against my production server. In each case the file is created on the server. Each Postman test case is valid! Now I change the host name to my test server. Oddly enough, the POST succeeds but the PUT fails. I turned on Failed request tracing and here is what I find:

Cannot query authoring rules

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
 <System>
  <Provider Name="WWW Server" Guid="{3A2A4E84-4C21-4981-AE10-3FDA0D9B0F83}"/>
  <EventID>0</EventID>
  <Version>1</Version>
  <Level>3</Level>
  <Opcode>5</Opcode>
  <Keywords>0x200</Keywords>
  <TimeCreated SystemTime="2023-05-31T18:31:35.121Z"/>
  <Correlation ActivityID="{40000004-0006-FD00-B63F-84710C7967BB}"/>
  <Execution ProcessID="7412" ThreadID="5536"/>
  <Computer>R8EUSXREX</Computer>
 </System>
 <EventData>
  <Data Name="ContextId">{40000004-0006-FD00-B63F-84710C7967BB}</Data>
  <Data Name="ModuleName">WebDAVModule</Data>
  <Data Name="Data1">Cannot query authoring rules</Data>
  <Data Name="Data2">/_REXDTSTesting/ab6b04fd/MyFile[r8#e13c1f92ba614aee80f2b5694a6094ff].txt</Data>
  <Data Name="ErrorCode">2147943732</Data>
 </EventData>
 <RenderingInfo Culture="en-US">
  <Opcode>MODULE_WARNING</Opcode>
  <Keywords>
   <Keyword>Module</Keyword>
  </Keywords>
  <freb:Description Data="ErrorCode">No mapping between account names and security IDs was done.
 (0x80070534)</freb:Description>
 </RenderingInfo>
 <ExtendedTracingInfo xmlns="http://schemas.microsoft.com/win/2004/08/events/trace">
  <EventGuid>{D79A948E-95F1-417B-A731-B7A79DEC7AE5}</EventGuid>
 </ExtendedTracingInfo>
</Event>

Several things to keep in mind.

This happens AFTER Basic authentication has succeeded. The credentials are valid. Here is the abstract from the trace (the abstract below precedes the one presented above in the actual trace output) to prove it:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
 <System>
  <Provider Name="WWW Server" Guid="{3A2A4E84-4C21-4981-AE10-3FDA0D9B0F83}"/>
  <EventID>0</EventID>
  <Version>1</Version>
  <Level>4</Level>
  <Opcode>11</Opcode>
  <Keywords>0x2</Keywords>
  <TimeCreated SystemTime="2023-05-31T18:41:42.723Z"/>
  <Correlation ActivityID="{40000002-0000-FC00-B63F-84710C7967BB}"/>
  <Execution ProcessID="7412" ThreadID="5836"/>
  <Computer>R8EUSXREX</Computer>
 </System>
 <EventData>
  <Data Name="ContextId">{40000002-0000-FC00-B63F-84710C7967BB}</Data>
  <Data Name="AuthType">4</Data>
  <Data Name="NTLMUsed">false</Data>
  <Data Name="RemoteUserName">_REXDTSTesting</Data>
  <Data Name="AuthUserName">_REXDTSTesting</Data>
  <Data Name="TokenImpersonationLevel">2</Data>
 </EventData>
 <RenderingInfo Culture="en-US">
  <Opcode>AUTH_SUCCEEDED</Opcode>
  <Keywords>
   <Keyword>Authentication</Keyword>
  </Keywords>
  <freb:Description Data="AuthType">NT</freb:Description>
  <freb:Description Data="TokenImpersonationLevel">ImpersonationImpersonate</freb:Description>
 </RenderingInfo>
 <ExtendedTracingInfo xmlns="http://schemas.microsoft.com/win/2004/08/events/trace">
  <EventGuid>{C33BBE8F-985B-4080-81E6-005F1A06B9E2}</EventGuid>
 </ExtendedTracingInfo>
</Event>

So authentication to the server has succeeded. The WebDAV authoring rule does exist. In fact, I deleted it an recreated it to rule out any confusion which might have been caused by the transition from Domain to Workgroup. (These are local accounts, and I can't envision any direct correlation but no harm to drop and recreate the rule, just to rule that out.)

The web application runs under the identity of LocalSystem.

In a nutshell, the final question this all leads up to is, why can't WebDAVModule query the authoring rules?

Thanks for your assistance!

Solution

The problem was due to those smudged out users, the first line of authoring rules in the screenshot below. Those user accounts are domain accounts. But I had pulled this server out of the domain so WebDAV's attempt to resolve those users failed. This aborted WebDAV's attempt to process any more authoring rules. (One could argue that WebDAV should be more fault-tolerant in this regard since the deletion of a single account for a terminated user - for example - can bring down all of your authoring rules. But, it is what it is.)

So to make this relevant for the broader context; if you are seeing this WebDAV error - Cannot query authoring rules - check to ensure that the accounts identified in your authoring rules are all valid!

As soon as I removed those offending user accounts, my PUTs started succeeding!