Could not establish secure channel for SSL/TLS web service

Discussion in 'ASP .Net Web Services' started by Brian, Oct 7, 2004.

  1. Brian

    Brian Guest

    Hello All!

    Yes, it is this infamous error once again. Yes I have googled the issue and
    read through reams of good information. Unfortunately nothing has cured the
    problem, so hear goes.

    Console App running on Windows NT 4, Framework 1.1 (not SP1) accessing web
    service running on Windows Server 2003. Was running fine for the past 2
    months and then 3 days go started getting this error. Runs fine on over 40
    other clients, the majority of which are NT 4.

    Implemented ICertificatePolicy to narrow down the problem, the problem
    parameter comes back as 0. When the first web service method is called, the
    error occurs.

    I am stuck and any help would be much appreciated!

    --
    Take care,

    Brian
    Brian, Oct 7, 2004
    #1
    1. Advertising

  2. Brian

    [MSFT] Guest

    Hi Brian,

    Such a issue has many possible causes. I suggest you check following issues
    first:

    1. Has Win NT Service Pack 6 and IE 6 SP1 has been installed on the
    computer?
    2. Can you call the web service via HTTP?
    3. Can you browse the Page on the server via Https in IE?
    4. Is the Console App executed under same Windows account as before
    5. Is there any proxy, firewall or SSL related application changed recently

    Luke
    [MSFT], Oct 7, 2004
    #2
    1. Advertising

  3. Brian

    Brian Guest

    Hi Luke,

    In answer to your questions:

    1. Service Pack 6a.
    2. I may try this however this is a production web service that needs to
    remain secure so the likely hood of changing this is slim. But (see answer to
    next question).
    3. Yes I can browse the page in IE, lending to the frustration level.
    4. Account information is the same for the console app. Also ran it as an
    Administrator and it did not change the error.
    5. I am still investigating this, but since I can get there via IE I do not
    believe there is anything blocking https traffic.

    Also the certificate on the server is valid and has not expired.

    Take Care,

    Brian

    > 1. Has Win NT Service Pack 6 and IE 6 SP1 has been installed on the
    > computer?
    > 2. Can you call the web service via HTTP?
    > 3. Can you browse the Page on the server via Https in IE?
    > 4. Is the Console App executed under same Windows account as before
    > 5. Is there any proxy, firewall or SSL related application changed recently


    "[MSFT]" wrote:

    > Hi Brian,
    >
    > Such a issue has many possible causes. I suggest you check following issues
    > first:
    >
    > 1. Has Win NT Service Pack 6 and IE 6 SP1 has been installed on the
    > computer?
    > 2. Can you call the web service via HTTP?
    > 3. Can you browse the Page on the server via Https in IE?
    > 4. Is the Console App executed under same Windows account as before
    > 5. Is there any proxy, firewall or SSL related application changed recently
    >
    > Luke
    >
    >
    Brian, Oct 7, 2004
    #3
  4. Hello Brian,

    I reviewed the problem description carefully and found the following things:

    1) The problem doesn't happen till 3 days before, right? If that, have you
    installed anything 3 days ago such as security patch or some software?

    2) You mentioned "Runs fine on over 40 other clients, the majority of which
    are NT 4."
    Do you mean that the console application runs fine on other NT 4.0
    machines. The error just happens on some NT 4.0 machine? If that, the
    problem may be machine specific.

    3) Do you know one trace tool named Soap trace utility included in SOAP
    toolkit 2.0?
    I suggest you use that tool for tracing. In this way, we can find out the
    difference between the error machine and a normal machine. It may give us
    more hints in troubleshooting.

    Hope that helps.

    Best regards,
    Yanhong Huang
    Microsoft Community Support

    Get Secure! ¨C www.microsoft.com/security
    Register to Access MSDN Managed Newsgroups!
    -http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
    p&SD=msdn

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Yan-Hong Huang[MSFT], Oct 8, 2004
    #4
  5. Brian

    Brian Guest

    Hi Yanhong,

    Thanks for the reply. Most of the environment changes have already been
    assessed. However, I did come across 2 applications being installed the
    morning before the failures started: Word 97 and Outlook 98. All critical
    updates are installed on the computer with the exception of .NET framework
    SP1.

    The error occurs only on this machine and only recently. The first attempt
    to solve has been trying to determine what has changed on the machine. I only
    added the ICertificatePolicy code to help assess what might have changed.

    I will look into running the trace tool.

    Take Care,

    Brian

    "Yan-Hong Huang[MSFT]" wrote:

    > Hello Brian,
    >
    > I reviewed the problem description carefully and found the following things:
    >
    > 1) The problem doesn't happen till 3 days before, right? If that, have you
    > installed anything 3 days ago such as security patch or some software?
    >
    > 2) You mentioned "Runs fine on over 40 other clients, the majority of which
    > are NT 4."
    > Do you mean that the console application runs fine on other NT 4.0
    > machines. The error just happens on some NT 4.0 machine? If that, the
    > problem may be machine specific.
    >
    > 3) Do you know one trace tool named Soap trace utility included in SOAP
    > toolkit 2.0?
    > I suggest you use that tool for tracing. In this way, we can find out the
    > difference between the error machine and a normal machine. It may give us
    > more hints in troubleshooting.
    >
    > Hope that helps.
    >
    > Best regards,
    > Yanhong Huang
    > Microsoft Community Support
    >
    > Get Secure! ¨C www.microsoft.com/security
    > Register to Access MSDN Managed Newsgroups!
    > -http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
    > p&SD=msdn
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    Brian, Oct 8, 2004
    #5
  6. Hello Brian,

    Thanks very much for the quick update. Since the problem only happens on
    one machine, I think it may not be related to coding, but related to some
    installed software.

    For that trace tool, please also run IE to access that web service and
    compare the difference. I look forward to your testing result.

    By the way, for Word97 and Outlook98, they are no longer supported
    according to product lifecycle.
    (http://support.microsoft.com/default.aspx?id=fh;[ln];lifeprodo)

    Best regards,
    Yanhong Huang
    Microsoft Community Support

    Get Secure! ¨C www.microsoft.com/security
    Register to Access MSDN Managed Newsgroups!
    -http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
    p&SD=msdn

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Yan-Hong Huang[MSFT], Oct 11, 2004
    #6
  7. Brian

    Brian Guest

    Hi Yanhong,

    Thanks for the update on the not supported applications. I figured that
    would be the case. Doh!

    Ok, I ran the trace but I had to run them unformatted because formatted did
    not return any info. So I have these traces, one set with IE and one set with
    the application. Just looking at them they are different, but I don't really
    know how to interpret them or how the differences really matter. What do you
    suggest as the next step?

    Thanks!

    "Yan-Hong Huang[MSFT]" wrote:

    > Hello Brian,
    >
    > Thanks very much for the quick update. Since the problem only happens on
    > one machine, I think it may not be related to coding, but related to some
    > installed software.
    >
    > For that trace tool, please also run IE to access that web service and
    > compare the difference. I look forward to your testing result.
    >
    > By the way, for Word97 and Outlook98, they are no longer supported
    > according to product lifecycle.
    > (http://support.microsoft.com/default.aspx?id=fh;[ln];lifeprodo)
    >
    > Best regards,
    > Yanhong Huang
    > Microsoft Community Support
    >
    > Get Secure! ¨C www.microsoft.com/security
    > Register to Access MSDN Managed Newsgroups!
    > -http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
    > p&SD=msdn
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    Brian, Oct 12, 2004
    #7
  8. Hello Brian,

    Could you please save the trace to a txt file and send to me? Please remove
    online from my email address here to reach me.

    Generally speaking, if the SSL can't be established, there should be some
    error line in the trace file. What we need is to compare them line by line.
    It may be a time consuming task. :( You can use some tool such as WinDiff
    to do that.

    Based on your reply, if you feel that was caused by old version of outlook
    and work, could you please uninstall them first to confirm it? That may be
    a quicker step.

    Thanks very much.

    Best regards,
    Yanhong Huang
    Microsoft Community Support

    Get Secure! ¨C www.microsoft.com/security
    Register to Access MSDN Managed Newsgroups!
    -http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
    p&SD=msdn

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Yan-Hong Huang[MSFT], Oct 12, 2004
    #8
  9. Hello All,

    Here is the update of this issue. I have received the log file from Brian.
    However, since the issue happens only on SSL, the message in the log is
    secured and so we can get little info from it.

    For this problem, if there are detailed steps on how to set up a repro
    environment, our premier support team may help isolate it. If there are no
    repro steps, maybe we need to connect to that machine and do some testing
    there. I have told Brian to contact PSS to have one support engineer to
    work with him specially on it.

    Thanks very much.

    Best regards,
    Yanhong Huang
    Microsoft Community Support

    Get Secure! ¨C www.microsoft.com/security
    Register to Access MSDN Managed Newsgroups!
    -http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
    p&SD=msdn

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Yan-Hong Huang[MSFT], Oct 15, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. C.W.
    Replies:
    1
    Views:
    5,945
  2. Jim Butler
    Replies:
    7
    Views:
    7,397
    Steven Cheng[MSFT]
    Jul 12, 2006
  3. Scott McFadden

    Could not establish secure channel for SSL/TLS

    Scott McFadden, Dec 18, 2003, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    145
    Scott McFadden
    Dec 18, 2003
  4. Ghislain Tanguay
    Replies:
    3
    Views:
    212
    suresh g
    Sep 3, 2004
  5. Luke Venediger

    Erratic SSL Error: Could not establish secure channel for SSL/TLS

    Luke Venediger, Oct 11, 2004, in forum: ASP .Net Web Services
    Replies:
    7
    Views:
    388
    Dan Rogers
    Nov 17, 2004
Loading...

Share This Page