.NETGURU
  Search:  
NamespacesDiscussions.NET v1.1Dot Net Guru's BlogIT Certification
WebException while calling Web Service over HTTPS...
Messages   Related Types
This message was discovered on microsoft.public.dotnet.framework.aspnet.webservices.
Responses highlighted in red are from those people who are likely to be able to contribute good, authoratitive information to this discussion. They include Microsoft employees, MVP's and others who IMHO contribute well to these kinds of discussions.
Post a new message to this list...

Mark
I'm having an issue calling a Web Service (This is an 3rd party Web Service
and I have no control/access to it) via HTTPS. We have talked to the
developers and they said their Web Services are working from their end. When
I call their Web Service, though, I keep getting this error:

Web Exception occurred!
Status:SecureChannelFailure
Entire Error Information:System.Net.WebException: The underlying connection
was closed: Could not establish secure channel for SSL/TLS. --->
System.IO.IOException: Unable to write data to the transport connection. --->
System.IO.IOException: Unable to write data to the transport connection. --->
System.Net.Sockets.SocketException: A connection attempt failed because the
connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to respond
at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32
size, SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset,
Int32 size)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset,
Int32 size)
at System.Net.TlsStream.InnerWrite(Boolean async, Byte[] buffer, Int32
offset, Int32 size, AsyncCallback asyncCallback, Object asyncState)
--- End of inner exception stack trace ---
at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
at System.Net.Connection.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(HttpWebRequest httpWebRequest)
--- End of inner exception stack trace ---
at
System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest
request)
at
System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest
request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)

The code used to work. About 2-3 weeks ago, I used the same code and it
worked. I had to change the application to add some functionality, but
didn't change the function that called the Web Service. For the past few
days, no matter what I tried, I can't get it to work.

I've read many news articles...
1. I've overloaded GetWebRequest to set the KeepAlive to False.
2. I've created a Certificate Policy to bypass any Certificate issues.

Does anyone have any ideas?

--
Mark Remkiewicz
Systems Architect
Reply to this message...
 
    
[MSFT] (VIP)
Hi Mark,

Did the problem occur with all your clients? If so, you may check if they
made any changes on server side. By default, .Net Framework 1.1 supports
only SSL 3.0 protocol. If the webserver is using SSL 2.0 or TLS 1.0,
HttpWebRequest/WebRequest clase will fails. Additionally, you may check if
there is any proxy/firewall between the client and server and if they
changed recently.

Luke
Reply to this message...
 
    
Mark
Thanks for responding back...
I verified that the Web Service is using SSL version 3 Certificates.
Unfortunately, I can't get any details on their server envirnoment due to
security reasons. Is there any way to extract more information on why I'm
getting this error on the client side? The web service call returns the
following status message:

Status: SecureChannelFailure

Also, I enabled detailed logging of the SChannel. The event log entries
suggest that the SSL Session between the client and the server was
successful...

Event Type:    Information
Event Source:    Schannel
Event Category:    None
Event ID:    36880
Date:        8/30/2004
Time:        5:44:25 PM
User:        N/A
Description:
An SSL client handshake completed successfully. The negotiated cryptographic
parameters are as follows.

Protocol: SSL 3.0
Cipher: RC4
Cipher strength: 128
MAC: MD5
Exchange: RSA
Exchange strength: 1024

Any other suggestions?
Mark

"[MSFT]" wrote:

[Original message clipped]
Reply to this message...
 
    
[MSFT] (VIP)
Hello,

Did all your client computer generate such an error? Also, did the problem
occur with all your applications or just one? Is there any other
information recorded in the event log?

Luke
Reply to this message...
 
    
Mark
I only have two client workstations that utilizes this application and both
of them give the same error. Nothing stands out in my event logs. The only
event I have suspicions about is:

Event Type:    Failure Audit
Event Source:    Security
Event Category:    Object Access
Event ID:    560
Date:        9/2/2004
Time:        2:44:09 PM
User:        <My Computer>\<My Account>
Computer:    <My Computer>
Description:
Object Open:
    Object Server:    Security
    Object Type:    Key
    Object Name:    \REGISTRY\MACHINE\SOFTWARE\Microsoft\COM3
    Handle ID:    -
    Operation ID:    {0,1017235}
    Process ID:    2016
    Image File Name:    C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
    Primary User Name:    <My Computer>$
    Primary Domain:    REMOTE
    Primary Logon ID:    (0x0,0x3E7)
    Client User Name:    remkm01
    Client Domain:    <My Computer>
    Client Logon ID:    (0x0,0x18AF5)
    Accesses:        READ_CONTROL
            Unknown specific access (bit 0)
            Unknown specific access (bit 3)
            Unknown specific access (bit 4)
            
    Privileges:        -
    Restricted Sid Count: 0

Other than that...

Mark

"[MSFT]" wrote:

[Original message clipped]
Reply to this message...
 
    
Feroze [msft] (VIP)
Hi!

One thing to do would be to set a certificate policy on the webservice
proxy, and see what exact error code you are getting back from the ssl
handshake. THat errorcode will give you a clue as to what is going wrong in
the ssl handshake.

feroze.
=============
this posting is provided as-is.
=============

"Mark" <Click here to reveal e-mail address> wrote in message
news:Click here to reveal e-mail address...
> I only have two client workstations that utilizes this application and
both
> of them give the same error. Nothing stands out in my event logs. The
only
[Original message clipped]
Reply to this message...
 
    
Mark
Thanks for the response. I've already implemented the Certificate Policy
(accepts all certificates) and the "problem" code is set to 0 (assuming this
is a good thing) when the function is called. Strangely, the application is
working intermittently now (it worked once this morning, then failed most of
the day, and now it works again), so I don't know what the problem is. I was
hoping to see if anyone knows how to get more detail information on what is
happening behind the scenes since I don’t have control of the servers. I
need to get all the information that I can get. I have the Network Analyzer
going, but the packets are encrypted which makes this pretty much worthless.
Is there an SSL packet analyzer?

Thinking out loud…the symptoms point to a timing issue. Does anyone agree?
Does anyone have any ideas on what to check next?

Mark

"Feroze [msft]" wrote:

[Original message clipped]
Reply to this message...
 
    
[MSFT] (VIP)
Hi Mark,

it may be hard to finf a SLL packet sniffer. Since the error is very
randomly, it is mostly like a network issue or server issue. Is it possible
to perform some logs on server side to record every request to the server?
Is the server a IIS?

Luke
Reply to this message...
 
    
Mark
The server is controlled by a third party, so having access or creating a log
for every transaction is almost impossible. We have notified the third party
of our problems, but their response is "There is nothing wrong with our
system, because there are others using the same system without any problems."
Unfortunately, we have to use their systems (the third party that I'm
referring to is a department of the Government). What I have gathered so far
is yes, their server is running IIS and the web service was built with .Net.
Other than that, I don't know. We have asked about their environment, but
due to security reasons, they will not give us any details about their
systems (this is reasonable in my eyes, thinking security, but this is makes
troubleshooting very difficult). I’m trying to make a case that it is not us
that is having a problem, but I have to prove that.

Mark

"[MSFT]" wrote:

[Original message clipped]
Reply to this message...
 
    
Suresh G (VIP)
Mark/Luke,

I have the similar issue. I am calling a web method through HTTPS. 50% of
the times the web method call is successful other times it fails with the
exception - "The underlying connection was closed: Could not establish secure
channel for SSL/TLS".

We have a retry mechanism for this when it fails, during the retry mechanism
it succeeds after 2 to 3 retries. I am not implementing the
ICertificatePolicy interface. But would like to know why the webservice
failure/success is not consistent. Is it something to do with IIS/Internet
Explorer configurations?

BTW, I am using a C# client and C++ Web service (SOAP).

Thanks
Suresh

"Mark" wrote:

[Original message clipped]
Reply to this message...
 
    
Yan-Hong Huang[MSFT] (VIP)
Hello Suresh,

I was reviewing the issue thread. How is everything going? If you feel
there is any we can do, please feel free to post here and we will follow up.

Thanks very much.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
Register to Access MSDN Managed Newsgroups!
-http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
p&SD=msdn

This posting is provided "AS IS" with no warranties, and confers no rights.
Reply to this message...
 
    
[MSFT] (VIP)
Hi Mark,

After check the documents, I found similar issues were resolved by appling
service pack on the server or reinstall the client certificate. From your
previous message, it seems the problem disppearred recently. Did it occur
now? When it occur, you may try to browse a HTML file in the same folder
with HTTPS, if this also failed, I believe it is almost a server issue.

Luke
Reply to this message...
 
    
Mark
Luke,
Sorry for the late reply. I wanted to run more tests. Fortunately,
everything mysteriously started working and I haven't had any problems since
the last post (knock on wood...). Unfortunately, we couldn't ascertain what
the cause was. The third party still claims nothing has changed on their
side (including reboots). Hopefully sometime today, we will promote the code
to production and find out if we will have any problems. I will post the
results when this happens.

Thanks,
Mark Remkiewicz

"[MSFT]" wrote:

[Original message clipped]
Reply to this message...
 
    
Mark
We promoted the code to production and everything went smoothly. I wish I
would of found the cause of our issues, but I can't complain. Until next
time...

Thanks...
Mark Remkiewicz

"Mark" wrote:

[Original message clipped]
Reply to this message...
 
    
[MSFT] (VIP)
Thank you for the update. Once the problem occur again, please feel free to
let me know. I will continue to work with you on it.

Luke
Reply to this message...
 
    
suresh g (VIP)
Luke,

Can I know what ServicePack you are talking about here. Does this Service
Pack resolve the issue of the Inconsistent success/failure of the web service
call.

Thanks
Suresh

"[MSFT]" wrote:

[Original message clipped]
Reply to this message...
 
    
[MSFT] (VIP)
Hi Suresh,

I used to found some simliar issue was resolved by applying Windows 2000
service pack. But the precondition is the web server is Windows 2000 and I
cannot guarantee it can work for all situation. Many possible issue can
cause such a problem.

Luke
Reply to this message...
 
 
System.AsyncCallback
System.IAsyncResult
System.IO.IOException
System.Net.HttpWebRequest
System.Net.ICertificatePolicy
System.Net.Sockets.NetworkStream
System.Net.Sockets.Socket
System.Net.Sockets.SocketException
System.Net.Sockets.SocketFlags
System.Net.WebException
System.Net.WebRequest
System.Security.Cryptography.MD5
System.Web.Services.Protocols.HttpWebClientProtocol
System.Web.Services.Protocols.SoapHttpClientProtocol
System.Web.Services.Protocols.WebClientProtocol




ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
Ad


Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews
.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT
Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project
FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.
Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials
 
ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
 Copyright © ExamGuru, Inc. 2001-2006
Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification