Erratic SSL Error: Could not establish secure channel for SSL/TLS

[Luke Venediger]

Hi,

I wonder if anyone is experiencing a similar problem. I have a
collection of web services that I access from a client over the
internet. I use SSL to secure the connection. My client application
makes thousands of calls to the web services each day, but every now
and then I get the following error message:

System.Net.WebException: The underlying connection was closed: Could
not establish secure channel for SSL/TLS. ---> System.IO.IOException:
Unable to read data from the transport connection. --->
System.IO.IOException: Unable to read data from the transport
connection. ---> System.Net.Sockets.SocketException: An existing
connection was forcibly closed by the remote host

It happens erratically, and I've checked my SSL settings and
certificates - all seems to be fine. Just every now and again I get
this SSL error. My client is a .Net 1.1 application. My web services
are running under IIS 6.0 on Windows 2003, .Net 1.1.

Any insight would be greatly appreciated!

Many Thanks,
Luke Venediger.

 

[Trebek]

Luke,

Are you currently overriding 'GetWebRequest()' in the proxy class on the
client and setting keep alives to false?

Alex

 

[lukev123]

Hi Alex,

We're not overriding GetWebRequest in the proxy. As for the keep-alives
they are enabled on the web server. Should they be disabled?
Thanks,
Luke Venediger.

 

[Warren Reinke]

We're doing the same thing. Client application using web services on
the 1.1 .NET Framework. Our servers are Windows 2003 Web Edition.

Every now and then we're receiving the "The underlying connection was
closed: Could not establish secure channel for SSL/TLS." error.

Has anyone else responded with reasons for this error?



Thanks

 

[fredplain]

Hello ,

I have exactly the same problem : using TCPListener and socket on two machine (one client, one server).

On two XPs, that works.
On two 2003 Servers, after a while I get the same message : 'Unable to read data from the transport connection ..'

Isn' t it against some 2003 timeouts ??

If you find some topics to help me solving the problem , please let me know (I will let you know when I' ll fix)

Thanks

Fred

(e-mail address removed)

**********************************************************************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...

 

[lukev123]

Hi All,

It sounds like everyone here is using load balanced servers. Apparently
the problem happens when you use a proxy server for
incoming and outgoing traffic (as might be the case in a load-balanced
environment.) A solution is to specify the proxy address in the
machine.config file of your web servers.

For example:
<proxy usesystemdefault="false"
proxyaddress="http://yourproxy"
bypassonlocal="true" />

There is a Microsoft knowledge base article on configuring a bypass
proxy on your machine:
http://support.microsoft.com/default.aspx?scid=kb;[LN];307220
Hope that helps,
Cheers,

 

[lukev123]

Hi All,

It sounds like everyone here is using load balanced servers. Apparently
the problem happens when you use a proxy server for
incoming and outgoing traffic (as might be the case in a load-balanced
environment.) A solution is to specify the proxy address in the
machine.config file of your web servers.

For example:
<proxy usesystemdefault="false"
proxyaddress="http://yourproxy"
bypassonlocal="true" />

There is a Microsoft knowledge base article on configuring a bypass
proxy on your machine:
http://support.microsoft.com/default.aspx?scid=kb;[LN];307220
Hope that helps,
Cheers,
Luke.

 

[Dan Rogers]

Hi,

To get rid of this problem, a work around that is effective is to disable
keep-alives in the generated .NET proxy client. What is happening is that
the reused connection gets closed, but the proxy isn't accounting for this
so it tries to use a dead connection. The work around is to prevent the
proxy from making a request with keep-alives enabled.

Regards

Dan Rogers
Microsoft Corporation
--------------------