WebException while calling Web Service over HTTPS...

[Mark]

I'm having an issue calling a Web Service (This is an 3rd party Web Service
and I have no control/access to it) via HTTPS. We have talked to the
developers and they said their Web Services are working from their end. When
I call their Web Service, though, I keep getting this error:

Web Exception occurred!
Status:SecureChannelFailure
Entire Error Information:System.Net.WebException: The underlying connection
was closed: Could not establish secure channel for SSL/TLS. --->
System.IO.IOException: Unable to write data to the transport connection. --->
System.IO.IOException: Unable to write data to the transport connection. --->
System.Net.Sockets.SocketException: A connection attempt failed because the
connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to respond
at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32
size, SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset,
Int32 size)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset,
Int32 size)
at System.Net.TlsStream.InnerWrite(Boolean async, Byte[] buffer, Int32
offset, Int32 size, AsyncCallback asyncCallback, Object asyncState)
--- End of inner exception stack trace ---
at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
at System.Net.Connection.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(HttpWebRequest httpWebRequest)
--- End of inner exception stack trace ---
at
System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest
request)
at
System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest
request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)

The code used to work. About 2-3 weeks ago, I used the same code and it
worked. I had to change the application to add some functionality, but
didn't change the function that called the Web Service. For the past few
days, no matter what I tried, I can't get it to work.

I've read many news articles...
1. I've overloaded GetWebRequest to set the KeepAlive to False.
2. I've created a Certificate Policy to bypass any Certificate issues.

Does anyone have any ideas?

 

[[MSFT]]

Hi Mark,

Did the problem occur with all your clients? If so, you may check if they
made any changes on server side. By default, .Net Framework 1.1 supports
only SSL 3.0 protocol. If the webserver is using SSL 2.0 or TLS 1.0,
HttpWebRequest/WebRequest clase will fails. Additionally, you may check if
there is any proxy/firewall between the client and server and if they
changed recently.

Luke

 

[[MSFT]]

Hello,

Did all your client computer generate such an error? Also, did the problem
occur with all your applications or just one? Is there any other
information recorded in the event log?

Luke

 

[Feroze [msft]]

Hi!

One thing to do would be to set a certificate policy on the webservice
proxy, and see what exact error code you are getting back from the ssl
handshake. THat errorcode will give you a clue as to what is going wrong in
the ssl handshake.

feroze.
=============
this posting is provided as-is.
=============

 

[[MSFT]]

Hi Mark,

it may be hard to finf a SLL packet sniffer. Since the error is very
randomly, it is mostly like a network issue or server issue. Is it possible
to perform some logs on server side to record every request to the server?
Is the server a IIS?

Luke

 

[Mark]

The server is controlled by a third party, so having access or creating a log
for every transaction is almost impossible. We have notified the third party
of our problems, but their response is "There is nothing wrong with our
system, because there are others using the same system without any problems."
Unfortunately, we have to use their systems (the third party that I'm
referring to is a department of the Government). What I have gathered so far
is yes, their server is running IIS and the web service was built with .Net.
Other than that, I don't know. We have asked about their environment, but
due to security reasons, they will not give us any details about their
systems (this is reasonable in my eyes, thinking security, but this is makes
troubleshooting very difficult). I’m trying to make a case that it is not us
that is having a problem, but I have to prove that.

Mark

 

[Suresh G]

Mark/Luke,

I have the similar issue. I am calling a web method through HTTPS. 50% of
the times the web method call is successful other times it fails with the
exception - "The underlying connection was closed: Could not establish secure
channel for SSL/TLS".

We have a retry mechanism for this when it fails, during the retry mechanism
it succeeds after 2 to 3 retries. I am not implementing the
ICertificatePolicy interface. But would like to know why the webservice
failure/success is not consistent. Is it something to do with IIS/Internet
Explorer configurations?

BTW, I am using a C# client and C++ Web service (SOAP).

Thanks
Suresh

 

[[MSFT]]

Hi Mark,

After check the documents, I found similar issues were resolved by appling
service pack on the server or reinstall the client certificate. From your
previous message, it seems the problem disppearred recently. Did it occur
now? When it occur, you may try to browse a HTML file in the same folder
with HTTPS, if this also failed, I believe it is almost a server issue.

Luke

 

[Yan-Hong Huang[MSFT]]

Hello Suresh,

I was reviewing the issue thread. How is everything going? If you feel
there is any we can do, please feel free to post here and we will follow up.

Thanks very much.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
Register to Access MSDN Managed Newsgroups!
-http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
p&SD=msdn

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Mark]

Luke,
Sorry for the late reply. I wanted to run more tests. Fortunately,
everything mysteriously started working and I haven't had any problems since
the last post (knock on wood...). Unfortunately, we couldn't ascertain what
the cause was. The third party still claims nothing has changed on their
side (including reboots). Hopefully sometime today, we will promote the code
to production and find out if we will have any problems. I will post the
results when this happens.

Thanks,
Mark Remkiewicz

 

[[MSFT]]

Hi Suresh,

I used to found some simliar issue was resolved by applying Windows 2000
service pack. But the precondition is the web server is Windows 2000 and I
cannot guarantee it can work for all situation. Many possible issue can
cause such a problem.

Luke

 

[[MSFT]]

Thank you for the update. Once the problem occur again, please feel free to
let me know. I will continue to work with you on it.

Luke

 

[Mark]

We promoted the code to production and everything went smoothly. I wish I
would of found the cause of our issues, but I can't complain. Until next
time...

Thanks...
Mark Remkiewicz

 

[sue]

Hi Everybody,
I just developed a asp.net application which accessing java web service
through https and also requires client certificate. Can be of your help.
Please repeat the problem for me, if you please ?

Sue

 

[Mark]

This is an update to the information below...

I've contacted the 3rd party developers and they said the keep alive must be
set to true. If the keep alive is set to true, I get the error as described
below. If I set this to false, I'm able to post but will be disconnected in
approx. 30 minutes before results are back.

Mark Remkiewicz
Systems Architect

I'm having an issue calling a Web Service (This is an 3rd party Web Service
and I have no control/access to it) via HTTPS. We have talked to the
developers and they said their Web Services are working from their end. When
I call their Web Service, though, I keep getting this error:

Web Exception occurred!
Status:SecureChannelFailure
Entire Error Information:System.Net.WebException: The underlying connection
was closed: Could not establish secure channel for SSL/TLS. --->
System.IO.IOException: Unable to write data to the transport connection. --->
System.IO.IOException: Unable to write data to the transport connection. --->
System.Net.Sockets.SocketException: A connection attempt failed because the
connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to respond
at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32
size, SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset,
Int32 size)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset,
Int32 size)
at System.Net.TlsStream.InnerWrite(Boolean async, Byte[] buffer, Int32
offset, Int32 size, AsyncCallback asyncCallback, Object asyncState)
--- End of inner exception stack trace ---
at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
at System.Net.Connection.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(HttpWebRequest httpWebRequest)
--- End of inner exception stack trace ---
at
System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest
request)
at
System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest
request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)

The code used to work. About 2-3 weeks ago, I used the same code and it
worked. I had to change the application to add some functionality, but
didn't change the function that called the Web Service. For the past few
days, no matter what I tried, I can't get it to work.

I've read many news articles...
1. I've overloaded GetWebRequest to set the KeepAlive to False.
2. I've created a Certificate Policy to bypass any Certificate issues.

Does anyone have any ideas?