WebException while calling Web Service over HTTPS...

Discussion in 'ASP .Net Web Services' started by Mark, Sep 1, 2004.

  1. Mark

    Mark Guest

    I'm having an issue calling a Web Service (This is an 3rd party Web Service
    and I have no control/access to it) via HTTPS. We have talked to the
    developers and they said their Web Services are working from their end. When
    I call their Web Service, though, I keep getting this error:

    Web Exception occurred!
    Status:SecureChannelFailure
    Entire Error Information:System.Net.WebException: The underlying connection
    was closed: Could not establish secure channel for SSL/TLS. --->
    System.IO.IOException: Unable to write data to the transport connection. --->
    System.IO.IOException: Unable to write data to the transport connection. --->
    System.Net.Sockets.SocketException: A connection attempt failed because the
    connected party did not properly respond after a period of time, or
    established connection failed because connected host has failed to respond
    at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32
    size, SocketFlags socketFlags)
    at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset,
    Int32 size)
    --- End of inner exception stack trace ---
    at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset,
    Int32 size)
    at System.Net.TlsStream.InnerWrite(Boolean async, Byte[] buffer, Int32
    offset, Int32 size, AsyncCallback asyncCallback, Object asyncState)
    --- End of inner exception stack trace ---
    at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
    at System.Net.Connection.Write(Byte[] buffer, Int32 offset, Int32 size)
    at System.Net.ConnectStream.WriteHeaders(HttpWebRequest httpWebRequest)
    --- End of inner exception stack trace ---
    at
    System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest
    request)
    at
    System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest
    request)
    at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
    methodName, Object[] parameters)

    The code used to work. About 2-3 weeks ago, I used the same code and it
    worked. I had to change the application to add some functionality, but
    didn't change the function that called the Web Service. For the past few
    days, no matter what I tried, I can't get it to work.

    I've read many news articles...
    1. I've overloaded GetWebRequest to set the KeepAlive to False.
    2. I've created a Certificate Policy to bypass any Certificate issues.

    Does anyone have any ideas?

    --
    Mark Remkiewicz
    Systems Architect
    Mark, Sep 1, 2004
    #1
    1. Advertising

  2. Mark

    [MSFT] Guest

    Hi Mark,

    Did the problem occur with all your clients? If so, you may check if they
    made any changes on server side. By default, .Net Framework 1.1 supports
    only SSL 3.0 protocol. If the webserver is using SSL 2.0 or TLS 1.0,
    HttpWebRequest/WebRequest clase will fails. Additionally, you may check if
    there is any proxy/firewall between the client and server and if they
    changed recently.

    Luke
    [MSFT], Sep 1, 2004
    #2
    1. Advertising

  3. Mark

    [MSFT] Guest

    Hello,

    Did all your client computer generate such an error? Also, did the problem
    occur with all your applications or just one? Is there any other
    information recorded in the event log?

    Luke
    [MSFT], Sep 2, 2004
    #3
  4. Hi!

    One thing to do would be to set a certificate policy on the webservice
    proxy, and see what exact error code you are getting back from the ssl
    handshake. THat errorcode will give you a clue as to what is going wrong in
    the ssl handshake.

    feroze.
    =============
    this posting is provided as-is.
    =============

    "Mark" <> wrote in message
    news:...
    > I only have two client workstations that utilizes this application and

    both
    > of them give the same error. Nothing stands out in my event logs. The

    only
    > event I have suspicions about is:
    >
    > Event Type: Failure Audit
    > Event Source: Security
    > Event Category: Object Access
    > Event ID: 560
    > Date: 9/2/2004
    > Time: 2:44:09 PM
    > User: <My Computer>\<My Account>
    > Computer: <My Computer>
    > Description:
    > Object Open:
    > Object Server: Security
    > Object Type: Key
    > Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\COM3
    > Handle ID: -
    > Operation ID: {0,1017235}
    > Process ID: 2016
    > Image File Name: C:\Program Files\Common Files\Microsoft
    > Shared\VS7Debug\mdm.exe
    > Primary User Name: <My Computer>$
    > Primary Domain: REMOTE
    > Primary Logon ID: (0x0,0x3E7)
    > Client User Name: remkm01
    > Client Domain: <My Computer>
    > Client Logon ID: (0x0,0x18AF5)
    > Accesses: READ_CONTROL
    > Unknown specific access (bit 0)
    > Unknown specific access (bit 3)
    > Unknown specific access (bit 4)
    >
    > Privileges: -
    > Restricted Sid Count: 0
    >
    > Other than that...
    >
    > Mark
    >
    > "[MSFT]" wrote:
    >
    > > Hello,
    > >
    > > Did all your client computer generate such an error? Also, did the

    problem
    > > occur with all your applications or just one? Is there any other
    > > information recorded in the event log?
    > >
    > > Luke
    > >
    > >
    Feroze [msft], Sep 2, 2004
    #4
  5. Mark

    [MSFT] Guest

    Hi Mark,

    it may be hard to finf a SLL packet sniffer. Since the error is very
    randomly, it is mostly like a network issue or server issue. Is it possible
    to perform some logs on server side to record every request to the server?
    Is the server a IIS?

    Luke
    [MSFT], Sep 3, 2004
    #5
  6. Mark

    Mark Guest

    The server is controlled by a third party, so having access or creating a log
    for every transaction is almost impossible. We have notified the third party
    of our problems, but their response is "There is nothing wrong with our
    system, because there are others using the same system without any problems."
    Unfortunately, we have to use their systems (the third party that I'm
    referring to is a department of the Government). What I have gathered so far
    is yes, their server is running IIS and the web service was built with .Net.
    Other than that, I don't know. We have asked about their environment, but
    due to security reasons, they will not give us any details about their
    systems (this is reasonable in my eyes, thinking security, but this is makes
    troubleshooting very difficult). I’m trying to make a case that it is not us
    that is having a problem, but I have to prove that.

    Mark

    "[MSFT]" wrote:

    > Hi Mark,
    >
    > it may be hard to finf a SLL packet sniffer. Since the error is very
    > randomly, it is mostly like a network issue or server issue. Is it possible
    > to perform some logs on server side to record every request to the server?
    > Is the server a IIS?
    >
    > Luke
    >
    >
    Mark, Sep 3, 2004
    #6
  7. Mark

    Suresh G Guest

    Mark/Luke,

    I have the similar issue. I am calling a web method through HTTPS. 50% of
    the times the web method call is successful other times it fails with the
    exception - "The underlying connection was closed: Could not establish secure
    channel for SSL/TLS".

    We have a retry mechanism for this when it fails, during the retry mechanism
    it succeeds after 2 to 3 retries. I am not implementing the
    ICertificatePolicy interface. But would like to know why the webservice
    failure/success is not consistent. Is it something to do with IIS/Internet
    Explorer configurations?

    BTW, I am using a C# client and C++ Web service (SOAP).

    Thanks
    Suresh


    "Mark" wrote:

    > The server is controlled by a third party, so having access or creating a log
    > for every transaction is almost impossible. We have notified the third party
    > of our problems, but their response is "There is nothing wrong with our
    > system, because there are others using the same system without any problems."
    > Unfortunately, we have to use their systems (the third party that I'm
    > referring to is a department of the Government). What I have gathered so far
    > is yes, their server is running IIS and the web service was built with .Net.
    > Other than that, I don't know. We have asked about their environment, but
    > due to security reasons, they will not give us any details about their
    > systems (this is reasonable in my eyes, thinking security, but this is makes
    > troubleshooting very difficult). I’m trying to make a case that it is not us
    > that is having a problem, but I have to prove that.
    >
    > Mark
    >
    > "[MSFT]" wrote:
    >
    > > Hi Mark,
    > >
    > > it may be hard to finf a SLL packet sniffer. Since the error is very
    > > randomly, it is mostly like a network issue or server issue. Is it possible
    > > to perform some logs on server side to record every request to the server?
    > > Is the server a IIS?
    > >
    > > Luke
    > >
    > >
    Suresh G, Sep 3, 2004
    #7
  8. Mark

    [MSFT] Guest

    Hi Mark,

    After check the documents, I found similar issues were resolved by appling
    service pack on the server or reinstall the client certificate. From your
    previous message, it seems the problem disppearred recently. Did it occur
    now? When it occur, you may try to browse a HTML file in the same folder
    with HTTPS, if this also failed, I believe it is almost a server issue.

    Luke
    [MSFT], Sep 6, 2004
    #8
  9. Hello Suresh,

    I was reviewing the issue thread. How is everything going? If you feel
    there is any we can do, please feel free to post here and we will follow up.

    Thanks very much.

    Best regards,
    Yanhong Huang
    Microsoft Community Support

    Get Secure! ¨C www.microsoft.com/security
    Register to Access MSDN Managed Newsgroups!
    -http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
    p&SD=msdn

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Yan-Hong Huang[MSFT], Sep 9, 2004
    #9
  10. Mark

    Mark Guest

    Luke,
    Sorry for the late reply. I wanted to run more tests. Fortunately,
    everything mysteriously started working and I haven't had any problems since
    the last post (knock on wood...). Unfortunately, we couldn't ascertain what
    the cause was. The third party still claims nothing has changed on their
    side (including reboots). Hopefully sometime today, we will promote the code
    to production and find out if we will have any problems. I will post the
    results when this happens.

    Thanks,
    Mark Remkiewicz

    "[MSFT]" wrote:

    > Hi Mark,
    >
    > After check the documents, I found similar issues were resolved by appling
    > service pack on the server or reinstall the client certificate. From your
    > previous message, it seems the problem disppearred recently. Did it occur
    > now? When it occur, you may try to browse a HTML file in the same folder
    > with HTTPS, if this also failed, I believe it is almost a server issue.
    >
    > Luke
    >
    >
    Mark, Sep 9, 2004
    #10
  11. Mark

    [MSFT] Guest

    Hi Suresh,

    I used to found some simliar issue was resolved by applying Windows 2000
    service pack. But the precondition is the web server is Windows 2000 and I
    cannot guarantee it can work for all situation. Many possible issue can
    cause such a problem.

    Luke
    [MSFT], Sep 10, 2004
    #11
  12. Mark

    [MSFT] Guest

    Thank you for the update. Once the problem occur again, please feel free to
    let me know. I will continue to work with you on it.

    Luke
    [MSFT], Sep 10, 2004
    #12
  13. Mark

    Mark Guest

    We promoted the code to production and everything went smoothly. I wish I
    would of found the cause of our issues, but I can't complain. Until next
    time...

    Thanks...
    Mark Remkiewicz

    "Mark" wrote:

    > Luke,
    > Sorry for the late reply. I wanted to run more tests. Fortunately,
    > everything mysteriously started working and I haven't had any problems since
    > the last post (knock on wood...). Unfortunately, we couldn't ascertain what
    > the cause was. The third party still claims nothing has changed on their
    > side (including reboots). Hopefully sometime today, we will promote the code
    > to production and find out if we will have any problems. I will post the
    > results when this happens.
    >
    > Thanks,
    > Mark Remkiewicz
    >
    > "[MSFT]" wrote:
    >
    > > Hi Mark,
    > >
    > > After check the documents, I found similar issues were resolved by appling
    > > service pack on the server or reinstall the client certificate. From your
    > > previous message, it seems the problem disppearred recently. Did it occur
    > > now? When it occur, you may try to browse a HTML file in the same folder
    > > with HTTPS, if this also failed, I believe it is almost a server issue.
    > >
    > > Luke
    > >
    > >
    Mark, Sep 10, 2004
    #13
  14. Mark

    sue Guest

    Hi Everybody,
    I just developed a asp.net application which accessing java web service
    through https and also requires client certificate. Can be of your help.
    Please repeat the problem for me, if you please ?

    Sue

    "[MSFT]" wrote:

    > Hi Suresh,
    >
    > I used to found some simliar issue was resolved by applying Windows 2000
    > service pack. But the precondition is the web server is Windows 2000 and I
    > cannot guarantee it can work for all situation. Many possible issue can
    > cause such a problem.
    >
    > Luke
    >
    >
    >
    sue, Oct 21, 2004
    #14
  15. Mark

    Mark Guest

    This is an update to the information below...

    I've contacted the 3rd party developers and they said the keep alive must be
    set to true. If the keep alive is set to true, I get the error as described
    below. If I set this to false, I'm able to post but will be disconnected in
    approx. 30 minutes before results are back.

    Mark Remkiewicz
    Systems Architect

    "Mark" wrote:

    > I'm having an issue calling a Web Service (This is an 3rd party Web Service
    > and I have no control/access to it) via HTTPS. We have talked to the
    > developers and they said their Web Services are working from their end. When
    > I call their Web Service, though, I keep getting this error:
    >
    > Web Exception occurred!
    > Status:SecureChannelFailure
    > Entire Error Information:System.Net.WebException: The underlying connection
    > was closed: Could not establish secure channel for SSL/TLS. --->
    > System.IO.IOException: Unable to write data to the transport connection. --->
    > System.IO.IOException: Unable to write data to the transport connection. --->
    > System.Net.Sockets.SocketException: A connection attempt failed because the
    > connected party did not properly respond after a period of time, or
    > established connection failed because connected host has failed to respond
    > at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32
    > size, SocketFlags socketFlags)
    > at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset,
    > Int32 size)
    > --- End of inner exception stack trace ---
    > at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset,
    > Int32 size)
    > at System.Net.TlsStream.InnerWrite(Boolean async, Byte[] buffer, Int32
    > offset, Int32 size, AsyncCallback asyncCallback, Object asyncState)
    > --- End of inner exception stack trace ---
    > at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
    > at System.Net.Connection.Write(Byte[] buffer, Int32 offset, Int32 size)
    > at System.Net.ConnectStream.WriteHeaders(HttpWebRequest httpWebRequest)
    > --- End of inner exception stack trace ---
    > at
    > System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest
    > request)
    > at
    > System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest
    > request)
    > at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
    > methodName, Object[] parameters)
    >
    > The code used to work. About 2-3 weeks ago, I used the same code and it
    > worked. I had to change the application to add some functionality, but
    > didn't change the function that called the Web Service. For the past few
    > days, no matter what I tried, I can't get it to work.
    >
    > I've read many news articles...
    > 1. I've overloaded GetWebRequest to set the KeepAlive to False.
    > 2. I've created a Certificate Policy to bypass any Certificate issues.
    >
    > Does anyone have any ideas?
    >
    > --
    > Mark Remkiewicz
    > Systems Architect
    Mark, Oct 22, 2004
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bhanu
    Replies:
    1
    Views:
    605
    =?ISO-8859-1?Q?Arne_Vajh=F8j?=
    Jul 1, 2007
  2. Ryan Stevens

    Calling web service over HTTPS

    Ryan Stevens, Jul 9, 2003, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    123
  3. Andy Breward

    Calling a web service over HTTPS?

    Andy Breward, Jan 8, 2004, in forum: ASP .Net Web Services
    Replies:
    2
    Views:
    116
  4. atip

    System.Net.WebException when calling a webservice

    atip, Jun 10, 2004, in forum: ASP .Net Web Services
    Replies:
    15
    Views:
    426
    Yan-Hong Huang[MSFT]
    Jun 24, 2004
  5. Chris Langston
    Replies:
    4
    Views:
    115
    Chris Langston
    Sep 7, 2004
Loading...

Share This Page