Erratic SSL Error: Could not establish secure channel for SSL/TLS

Discussion in 'ASP .Net Web Services' started by Luke Venediger, Oct 11, 2004.

  1. Hi,

    I wonder if anyone is experiencing a similar problem. I have a
    collection of web services that I access from a client over the
    internet. I use SSL to secure the connection. My client application
    makes thousands of calls to the web services each day, but every now
    and then I get the following error message:

    System.Net.WebException: The underlying connection was closed: Could
    not establish secure channel for SSL/TLS. ---> System.IO.IOException:
    Unable to read data from the transport connection. --->
    System.IO.IOException: Unable to read data from the transport
    connection. ---> System.Net.Sockets.SocketException: An existing
    connection was forcibly closed by the remote host

    It happens erratically, and I've checked my SSL settings and
    certificates - all seems to be fine. Just every now and again I get
    this SSL error. My client is a .Net 1.1 application. My web services
    are running under IIS 6.0 on Windows 2003, .Net 1.1.

    Any insight would be greatly appreciated!

    Many Thanks,
    Luke Venediger.
     
    Luke Venediger, Oct 11, 2004
    #1
    1. Advertising

  2. Luke Venediger

    Trebek Guest

    Luke,

    Are you currently overriding 'GetWebRequest()' in the proxy class on the
    client and setting keep alives to false?

    Alex


    "Luke Venediger" <> wrote in message
    news:...
    > Hi,
    >
    > I wonder if anyone is experiencing a similar problem. I have a
    > collection of web services that I access from a client over the
    > internet. I use SSL to secure the connection. My client application
    > makes thousands of calls to the web services each day, but every now
    > and then I get the following error message:
    >
    > System.Net.WebException: The underlying connection was closed: Could
    > not establish secure channel for SSL/TLS. ---> System.IO.IOException:
    > Unable to read data from the transport connection. --->
    > System.IO.IOException: Unable to read data from the transport
    > connection. ---> System.Net.Sockets.SocketException: An existing
    > connection was forcibly closed by the remote host
    >
    > It happens erratically, and I've checked my SSL settings and
    > certificates - all seems to be fine. Just every now and again I get
    > this SSL error. My client is a .Net 1.1 application. My web services
    > are running under IIS 6.0 on Windows 2003, .Net 1.1.
    >
    > Any insight would be greatly appreciated!
    >
    > Many Thanks,
    > Luke Venediger.
     
    Trebek, Oct 13, 2004
    #2
    1. Advertising

  3. Luke Venediger

    Guest

    Hi Alex,

    We're not overriding GetWebRequest in the proxy. As for the keep-alives
    they are enabled on the web server. Should they be disabled?
    Thanks,
    Luke Venediger.
     
    , Oct 15, 2004
    #3
  4. We're doing the same thing. Client application using web services on
    the 1.1 .NET Framework. Our servers are Windows 2003 Web Edition.

    Every now and then we're receiving the "The underlying connection was
    closed: Could not establish secure channel for SSL/TLS." error.

    Has anyone else responded with reasons for this error?



    Thanks

    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Warren Reinke, Oct 25, 2004
    #4
  5. Luke Venediger

    Guest

    Hello ,

    I have exactly the same problem : using TCPListener and socket on two machine (one client, one server).

    On two XPs, that works.
    On two 2003 Servers, after a while I get the same message : 'Unable to read data from the transport connection ..'

    Isn' t it against some 2003 timeouts ??

    If you find some topics to help me solving the problem , please let me know (I will let you know when I' ll fix)

    Thanks

    Fred



    **********************************************************************
    Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
    Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...
     
    , Oct 26, 2004
    #5
  6. Luke Venediger

    Guest

    Hi All,

    It sounds like everyone here is using load balanced servers. Apparently
    the problem happens when you use a proxy server for
    incoming and outgoing traffic (as might be the case in a load-balanced
    environment.) A solution is to specify the proxy address in the
    machine.config file of your web servers.

    For example:
    <proxy usesystemdefault="false"
    proxyaddress="http://yourproxy"
    bypassonlocal="true" />

    There is a Microsoft knowledge base article on configuring a bypass
    proxy on your machine:
    http://support.microsoft.com/default.aspx?scid=kb;[LN];307220
    Hope that helps,
    Cheers,
     
    , Oct 27, 2004
    #6
  7. Luke Venediger

    Guest

    Hi All,

    It sounds like everyone here is using load balanced servers. Apparently
    the problem happens when you use a proxy server for
    incoming and outgoing traffic (as might be the case in a load-balanced
    environment.) A solution is to specify the proxy address in the
    machine.config file of your web servers.

    For example:
    <proxy usesystemdefault="false"
    proxyaddress="http://yourproxy"
    bypassonlocal="true" />

    There is a Microsoft knowledge base article on configuring a bypass
    proxy on your machine:
    http://support.microsoft.com/default.aspx?scid=kb;[LN];307220
    Hope that helps,
    Cheers,
    Luke.
     
    , Oct 27, 2004
    #7
  8. Luke Venediger

    Dan Rogers Guest

    Hi,

    To get rid of this problem, a work around that is effective is to disable
    keep-alives in the generated .NET proxy client. What is happening is that
    the reused connection gets closed, but the proxy isn't accounting for this
    so it tries to use a dead connection. The work around is to prevent the
    proxy from making a request with keep-alives enabled.

    Regards

    Dan Rogers
    Microsoft Corporation
    --------------------
    >From: (Luke Venediger)
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.webservices
    >Subject: Erratic SSL Error: Could not establish secure channel for SSL/TLS
    >Date: 11 Oct 2004 05:34:49 -0700
    >Organization: http://groups.google.com
    >Lines: 24
    >Message-ID: <>
    >NNTP-Posting-Host: 196.37.229.110
    >Content-Type: text/plain; charset=ISO-8859-1
    >Content-Transfer-Encoding: 8bit
    >X-Trace: posting.google.com 1097498090 8848 127.0.0.1 (11 Oct 2004

    12:34:50 GMT)
    >X-Complaints-To:
    >NNTP-Posting-Date: Mon, 11 Oct 2004 12:34:50 +0000 (UTC)
    >Path:

    cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!news-out.cwix.com!newsfeed.cwix.co
    m!border1.nntp.dca.giganews.com!nntp.giganews.com!news.glorb.com!postnews1.g
    oogle.com!not-for-mail
    >Xref: cpmsftngxa06.phx.gbl

    microsoft.public.dotnet.framework.aspnet.webservices:25816
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservices
    >
    >Hi,
    >
    >I wonder if anyone is experiencing a similar problem. I have a
    >collection of web services that I access from a client over the
    >internet. I use SSL to secure the connection. My client application
    >makes thousands of calls to the web services each day, but every now
    >and then I get the following error message:
    >
    > System.Net.WebException: The underlying connection was closed: Could
    >not establish secure channel for SSL/TLS. ---> System.IO.IOException:
    >Unable to read data from the transport connection. --->
    >System.IO.IOException: Unable to read data from the transport
    >connection. ---> System.Net.Sockets.SocketException: An existing
    >connection was forcibly closed by the remote host
    >
    >It happens erratically, and I've checked my SSL settings and
    >certificates - all seems to be fine. Just every now and again I get
    >this SSL error. My client is a .Net 1.1 application. My web services
    >are running under IIS 6.0 on Windows 2003, .Net 1.1.
    >
    >Any insight would be greatly appreciated!
    >
    >Many Thanks,
    >Luke Venediger.
    >
     
    Dan Rogers, Nov 17, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. C.W.
    Replies:
    1
    Views:
    5,950
  2. Jim Butler
    Replies:
    7
    Views:
    7,404
    Steven Cheng[MSFT]
    Jul 12, 2006
  3. Scott McFadden

    Could not establish secure channel for SSL/TLS

    Scott McFadden, Dec 18, 2003, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    148
    Scott McFadden
    Dec 18, 2003
  4. Ghislain Tanguay
    Replies:
    3
    Views:
    216
    suresh g
    Sep 3, 2004
  5. Brian
    Replies:
    8
    Views:
    245
    Yan-Hong Huang[MSFT]
    Oct 15, 2004
Loading...

Share This Page