I have a vb.net forms application that was written in vb.net 3.5. It sends email via smtp email server: office 365. Office 365 is ending support for TLS 1.0 & 1.1.
The program has started tossing the error: Authentication failed because the remote party has closed the transport stream. The weird thing is what when the error occurs, the email still gets sent.
Research shows that it's due to the security protocol being used to connect to the server and it's getting refused. The weird thing is that the email still gets sent.
I did some research and found that I need to upgrade the version of VB.net the site is written in to at least 4.6 in order to support TLS 1.2. I upgraded the website to VB.net 4.8 and got a new error message: SMTPException not handled.
I figured out how to handle the exception, but not how to fix the exception. I believe it has to do with the fact that I have used EnableSsl() and thus the program in trying to use SSl instead of TLS. I don't know.
Below is the code I use to sen email:
Dim smtp As New SmtpClient(Session("SMTPClient"))
smtp.Port = 587
mail.From = New MailAddress("email#company.com")
mail.To.Add("email#company.com")
mail.ReplyTo = New MailAddress("email#company.com")
smtp.UseDefaultCredentials = False
smtp.Credentials = New System.Net.NetworkCredential("user", "password", "domain")
smtp.EnableSsl() = True
If Session("sent") = 0 Then
Try
smtp.Send(mail)
Catch ex As SmtpException
Response.Write(ex)
End Try
Session("sent") = 1
End If
The error I get when sending:
System.Net.Mail.SmtpException: Failure sending mail. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)at System.Net.TlsStream.CallProcessAuthentication(Object state)at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)at System.Net.Mail.SmtpConnection.Flush()at System.Net.Mail.ReadLinesCommand.Send(SmtpConnection conn)at System.Net.Mail.EHelloCommand.Send(SmtpConnection conn, String domain)at System.Net.Mail.SmtpConnection.GetConnection(ServicePoint servicePoint)at System.Net.Mail.SmtpTransport.GetConnection(ServicePoint servicePoint)at System.Net.Mail.SmtpClient.GetConnection()at System.Net.Mail.SmtpClient.Send(MailMessage message)--- End of inner exception stack trace ---at System.Net.Mail.SmtpClient.Send(MailMessage message)at ASP.processform_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer) in C:\Users\user\Documents\Visual Studio 2012\Projects\program - Copy\program\processForm.aspx:line 385
You can specify the protocol you want to use with
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12
Related
I have a IdentityServer 3 application which takes care of authentication/authorization and token validation.
We have a .net core 3.0 web api, which handles user and role management features through requests coming from angular js app on front end. It was all working fine in http world. Once we started using self-signed certificate and turned all these application (IdentityServer3, .Net Core app(which talks with IdentityServer for user identity related and token validation related things) and angular js) to HTTPS on IIS. We started seeing an issue, with identityserver3 helping the user authentication but later on when the UI (angular app) tries to send a GET request to .net core app, which usually gets logged-in user details is not working, this .net core app talks with IdentityServer for every web api request to validate the token, it gives 404 error. Below is the error from logs.
04/16/2020 14:15:59.335 -04:00 [Error] IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslStream.ThrowIfExceptional()
at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__65_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync()
04/16/2020 14:15:59.336 -04:00 [Information] "Bearer" was not authenticated. Failure message: "IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'."
04/16/2020 14:15:59.338 -04:00 [Information] "Bearer" was not authenticated. Failure message: "IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'."
I got this error when I acessed the URL: https://[yourserver]/.well-known/openid-configuration to fetch the OpenId configurations.
Check if your https certificates are valids.
Check if your https certificate are trusted by your API server (if it's a self-signed certificate - use a custom CA to generate and trust this CA into your API server)
Check, using CURL, if the traffic between your container/server and Identity server is allowed. In my case I got a situation where CentOS firewall was blocking the traffic between my containers to my public interface. I solved creating appropriate firewall rules to this traffic.
The best way to test is: Try to use the command line tool: "curl" to fetch the HTTPS identity server url from your API Server or container. You can't get any error (certificate, certificate server name).
I am trying to publish my application using clickonce. However when application is published and when going on page, download setup after run it i get simply message as below. What can i doto repair that? It seems it something with certificate. My serwer contains SSL certificate is it something related?
An error occured attempting to install MyPogram
when look at log file i see this:
PLATFORM VERSION INFO
Windows : 10.0.14393.0 (Win32NT)
Common Language Runtime : 4.0.30319.42000
System.Deployment.dll : 4.6.1586.0 built by: NETFXREL2
clr.dll : 4.6.1637.0 built by: NETFXREL3STAGE
dfdll.dll : 4.6.1586.0 built by: NETFXREL2
dfshim.dll : 10.0.14393.0 (rs1_release.160715-1616)
SOURCES
Deployment url : http://serwer1598052.home.pl/probix/Probix.application
Server : IdeaWebServer/v0.80
Deployment Provider url : http://serwer1424786.home.pl/probixmain/Probix.application
ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of http://serwer1598052.home.pl/probix/Probix.application resulted in exception. Following failure messages were detected:
+ Downloading http://serwer1424786.home.pl/probixmain/Probix.application did not succeed.
+ The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
+ The remote certificate is invalid according to the validation procedure.
COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.
WARNINGS
There were no warnings during this operation.
OPERATION PROGRESS STATUS
* [5/8/2017 12:51:08 PM] : Activation of http://serwer1598052.home.pl/probix/Probix.application has started.
ERROR DETAILS
Following errors were detected during this operation.
* [5/8/2017 12:51:08 PM] System.Deployment.Application.DeploymentDownloadException (Unknown subtype)
- Downloading http://serwer1424786.home.pl/probixmain/Probix.application did not succeed.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)
at System.Deployment.Application.SystemNetDownloader.DownloadAllFiles()
at System.Deployment.Application.FileDownloader.Download(SubscriptionState subState, X509Certificate2 clientCertificate)
at System.Deployment.Application.DownloadManager.DownloadManifestAsRawFile(Uri& sourceUri, String targetPath, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestDirect(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.FollowDeploymentProviderUri(SubscriptionStore subStore, AssemblyManifest& deployment, Uri& sourceUri, TempFile& tempFile, IDownloadNotification notification, DownloadOptions options)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestBypass(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, SubscriptionState& subState, IDownloadNotification notification, DownloadOptions options)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
--- Inner Exception ---
System.Net.WebException
- The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
- Source: System
- Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)
--- Inner Exception ---
System.Security.Authentication.AuthenticationException
- The remote certificate is invalid according to the validation procedure.
- Source: System
- Stack trace:
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.
There was an issue with the signing certificate, it's invalid or expired. Check your signing certificate. There's more information about this at the link below:
https://msdn.microsoft.com/en-us/library/ff369721.aspx
I've inherited a site in two separate staging and production Kentico v6.0.39 sp1 installs that i'm tasked to move from Win2008R2 to a new Win2012 server. I've copied the DBs, and sites completely and adjusted the web.configs. Everything is working except Content Staging.
It's the Content Staging that is throwing the errors in the Event log of the Staging instance:
Description: Message: The underlying connection was closed: An unexpected error occurred on a send.
Stack Trace:
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.Web.Services3.WebServicesClientProtocol.GetResponse(WebRequest request, IAsyncResult result)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at CMS.Synchronization.CMS.SynchronizationEngine.SyncServerWse.ProcessSynchronizationTask(String taskTitle, String taskType, String taskObjectType, String taskData, String taskBinaryData, String taskServerList, String systemVersion)
at CMS.Synchronization.SyncClient.RunTask(TaskInfo taskObj)
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
It syncs fine over HTTP so im thinking it's it's an IIS8 config issue as the Kentico installs are the same as what is working on the original Win2008 server.
I can browse the site using SSL without error and can browse to the https://www.mykentico.com/CMSPages/syncserver.asmx handler successfully, it's just when i sync that the problem appears.
I know that it's not Kentico anymore once the problem becomes an IIS issue but can you think of anything config setting that would prevent HTTPS content staging?
Any help would be greatly appreciated
I am getting the following error whenever I try to do a Test Connection in Email Campaign Manager.
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The following is the error which is recorded in the log
ManagedPoolThread #11 11:41:08 INFO Job started: VerifyMTA
ManagedPoolThread #11 11:41:08 WARN EmailCampaign: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Exception: System.Net.WebException
Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Source: System.Web.Services
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Sitecore.Modules.EmailCampaign.AppsService.AppsService.GetServerApplicationsByApplicationId(Credentials credentials, Guid applicationId)
at Sitecore.Modules.EmailCampaign.Core.Services.AppsServiceClient.IsApplicationPurchased(Guid applicationId)
at Sitecore.Modules.EmailCampaign.Core.MessageTransfer.EmailDeliveryClient.IsPurchased()
at Sitecore.Modules.EmailCampaign.Core.MessageTransfer.EmailDeliveryClient.GetSmtpConfiguration()
at Sitecore.Modules.EmailCampaign.SendingManager.GetSmtpSettings()
at Sitecore.Modules.EmailCampaign.Core.MessageTransfer.MtaChecker.GetSmtpSettings(StringBuilder report, String& error)
at Sitecore.Modules.EmailCampaign.Core.MessageTransfer.RemoteMtaChecker.GetSmtpSettings(StringBuilder report, String& error)
Nested Exception
Exception: System.Security.Authentication.AuthenticationException
Message: The remote certificate is invalid according to the validation procedure.
Source: System
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
ManagedPoolThread #11 11:41:08 INFO Job ended: VerifyMTA (units processed: )
I am also getting an error in the Connection test option in the Email Delivery tab of Sitecore App Center.
The port numbers 25 and 443 are open in the server to contact the Sitecore app center and the mail server(Default Sitecore Mail Server). I can do
telnet apps.sitecore.net 443
and it works fine.
I have tried logging out and logging back in; in the Sitecore appcenter as suggested in the some other thread in stackoverflow. But still I am getting this error.
Can anyone suggest a fix to this. Thanks in advance.
We contacted Sitecore and we got the following response to troubleshoot the issue
Relogin (Log off and log back on) to the App Center Sitecore Application ( that makes the system to update authentication information )
Make sure the 'Email Delivery' app in Sitecore App Center has green 'Running' status icon next to it (indicating that the service has been purchased for the current account)
Verify connection between ECM (E-mail Campaign Manager) and MTA (Message Transfer Agent) as per recommendations from chapter 3.1.5 from the 'ECM 1.3.3 Administrator's and Developer's Guide' document on SDN available at http://sdn.sitecore.net/Products/ECM/ECM%201,-d-,3/Documentation.aspx
In case additional troubleshooting is required set the 'Debug' setting from the 'Sitecore.EmailCampaign.config' file (in the '/App_Config/Include' folder) to 'true'. The setting specified whether verbose logging in Sitecore log files for the ECM is enabled.
This can be related to an invalid or expired SSL certificate or because there is a mismatch between the certificate and the site's url (or base URL setting).
Please check if these articles can help you:
Could not establish trust relationship for SSL/TLS secure channel -- SOAP
http://www.outsystems.com/NetworkForums/ViewTopic.aspx?Topic=Web-Services:-Could-not-establish-trust-relationship-for-the-SSL/TLS
Please check that the value of GlobalSettings.RendererUrl setting is equal to your current site hostname. You can use the following code in your layout for this:
protected override void OnLoad(EventArgs e)
{
Response.Write("GlobalSettings.RendererUrl: "+Sitecore.Modules.EmailCampaign.GlobalSettings.RendererUrl);
base.OnLoad(e);
}
In addition, please check that Anonymous Access is allowed for your WebSite or ECM requests are not blocked by firewall.
Temporary Fix
As a temporary fix, you can add a call back delegate that always returns true whenever Sitecore tries to verify the remote server certificate. You can do this by adding a function in Global.asax file provided by Sitecore in website folder as explained here . If this solves the issue then it confirms that it is Server certificate issue. This might cause some security issue so dont use it as a permanent solution.
Try logging out and back in to Sitecore App Center.
See also: ECM Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
Is your application pool running as Network Service? I've seen this error when the IIS worker process can't access the certificates used in the SSL/TSL negotiation.
Our certificate is expiring and we thought changing it, and the services using it, would be as simple as updating the certificate and updating the services with the certificate's new thumbprint, but that was not the case.
Now, this code was inherited, I didn't write it, so I'm trying to figure stuff out. It breaks right here:
var issuedToken = channel.Issue(rst) as GenericXmlSecurityToken;
All the services that this thing is supposedly hitting have been updated with the new certificate as well. Any pointers are greatly appreciated!
The exception being thrown:
System.ServiceModel.CommunicationException was caught
HResult=-2146233087
Message=An error occurred while receiving the HTTP response to https://***ipsts/Service.svc/IWSTrust13. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.
Source=mscorlib
StackTrace:
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
at Mobile_Service.Code.ECNSecurityTokenService.GetClaimsPrincipalWithUserName(String userName, String password) in C:\Development\Mobile Service\Mobile Service\Code\ECNSecurityTokenService.cs:line 59
InnerException: System.Net.WebException
HResult=-2146233079
Message=The underlying connection was closed: An unexpected error occurred on a receive.
Source=System
StackTrace:
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
InnerException: System.IO.IOException
HResult=-2146232800
Message=Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Source=System
StackTrace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
InnerException: System.Net.Sockets.SocketException
HResult=-2147467259
Message=An existing connection was forcibly closed by the remote host
Source=System
ErrorCode=10054
NativeErrorCode=10054
StackTrace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
InnerException:
It seems the exception is thrown on connecting to ADFS. I'd check the ADFS Admin/Debug logs to see if ADFS has any issues with certificate i.e. validating chain trust or Revocation. I think, you're very likely running into the issue where ADFS fails validating chain trust or Revocation.
HTH,
Amit Bhatia