I have a really strange issue when Visual Studio resolves the server SSL certificate.
The API I am using requires me to send a certificate along with the request to 'verify who I am'. Initially I referred to this certificate within my UnitTest using X509Certificate2 and then importing it as a byte[]. What I didn't want to do, is have this laying around in my code referring to a specific location on my local disk (I want to run the unit tests automatically on my build server) so opted to install the certificate within the certificate store (which I could later install on the build server). And when I tested this Uri within the browser (IE) it asked for the certificate I wanted to use and rather stupidly I clicked OK without really reading what it was asking me to do.
Problem is, since doing this I am unable to run my unit test (I am making an HttpWebRequest) - as soon as it hits the following line it throws a WebException.
using (var response = request.GetResponse())
{
// Removed content ...
}
The exception response is null , here is the exception
System.Net.WebException: The underlying connection was closed: An
unexpected error occurred on a receive. ---> System.IO.IOException:
Unable to read data from the transport connection: An existing
connection was forcibly closed by the remote host. --->
System.Net.Sockets.SocketException: An existing connection was
forcibly closed by the remote host
The only reason I can see for this error is that Visual Studio is using the wrong SSL certificate for the server connection (as I am using the test API Uri, I can verify this is sort of the case by using the live API Uri which works fine)
I have tried the following:
Removing the certificate from the store
Adding the certificate back to the store
Clearing all browser cache
Restoring IE back to 'factory settings'
Clearing the SSL cache within IE
Tried setting Keepalive to true and then false
This issue was affecting all browsers but I have managed to get it working. I have tried to use Fiddler to identify if the server is doing something crazy (including decrypting SSL connections) and I can see this is actually responding with a 403 error.
Has anyone else got any ideas?
Edit
Just tried to run this on the build server, still get the same error so I will check with the API provider to see if a/ my certificate has expired b/ their service is actually up!
System.Net.WebException: The underlying connection was closed: An
unexpected error occurred on a receive. ---> System.IO.IOException:
Unable to read data from the transport connection: An existing
connection was forcibly closed by the remote host. --->
System.Net.Sockets.SocketException: An existing connection was
forcibly closed by the remote host
Issue was with the API provider.
Related
This error appears only on this link, other links work correctly
Internal exceptions (1/2) - IOException: Unable to read data from the transport connection. An attempt to establish a connection was unsuccessful because the required response was not received from another computer within the required time, or an already established connection was terminated due to an incorrect response from an already connected computer.
Internal exceptions (2/2) - SocketException: An attempt to establish a connection was unsuccessful because the required response was not received from another computer within the required time, or an already established connection was terminated due to an incorrect response from an already connected computer.
I tried to add different headers, cookies, or make a default "clean" request.
Moreover, the postman correctly receives the body, as well as HttpClient.
I will be glad if you help.
For some sites it is not possible to make requests with this framework. Solved the problem by rewriting the code on HttpClient.
We have a issues with our bot
It was working fine during the last 4 months without any errors.
But today we receive the relevant error :
2018-12-17T17:50:25 PID[5736] Error
Error refreshing OpenId configuration: System.InvalidOperationException:
IDX20803: Unable to obtain configuration from: '[PII is hidden]'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'.
---> System.Net.Http.HttpRequestException: An error occurred while sending the request.
---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
The complete log file was shown at this link : https://pastebin.com/ZLx9G9W7
I think it's a exception due too IIS configuration but we have not changed anything on that.
Thanks you in advance.
Okay I have had a phone call with an engineer from Microsoft. They told me BotFramework doesn't support TLS 1.0 anymore and we have to migrate to version 1.2. They have anounced this in a blog post: https://blog.botframework.com/2018/11/06/announcement-azure-bot-service-enforcing-transport-layer-security-tls-1-2/
My bot was fixed by adding this line in the startup code (in my case it was Application_Start in Global.asax.cs):
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
I know this post is quite old, but I just ran into this exact error message yesterday with an Azure App Service (Bot Framework v4.15):
Exception: System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.botframework.com/v1/.well-known/openidconfiguration'.
The issue was that the App Service had lost the ability to resolve DNS. This was confirmed by opening the Kudu Debug Console and running:
nameresolver.exe login.botframework.com (and any other hostname)
Unfortunately, this was a temporary outage of some sort on Microsoft's end (currently being investigated with MS support). I had to deploy a separate plan and App Service in order to restore service. Frustratingly, the broken App Service started magically working again the next morning.
I am new to web stuff in general. Not sure what the issue is here.
I have a machine with IIS running a ASP NET Core REST API on https.
I can confirm the GET is working via Google Chrome on my machine by doing either
https://test-machine/api/Example (works)
https://10.0.0.21/api/Example (invalid certificate, N.B. this is as expected as the certificate is for "test-machine")
I confirmed the POST action is working using Postman (again ignoring invalid certificate).
Everything is fine till I try and write a client application.
I have the following code.
var ip = Dns.GetHostAddresses("test-machine");
// ip contains the correct IP
using (var hc = new HttpClient())
{
hc.GetAsync(#"https://test-machine/api/Example").Wait();
}
This code fails. I get an System.AggregateException: 'One or more errors occurred.' with 4 exceptions stacked up on top of one another.
HttpRequestException: An error occurred while sending the request.
WebException: The underlying connection was closed: An unexpected error occurred on a send.
IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
SocketException: An existing connection was forcibly closed by the remote host
If I change the code to use the IP instead:
using (var hc = new HttpClient())
{
hc.GetAsync(#"https://10.0.0.21/api/Example").Wait();
}
Then the request works as expected I.e. as with Chrome, I get a certificate problem:
AuthenticationException: The remote certificate is invalid according to the validation procedure.
What am I doing wrong? The Dns is clearly able to get the correct IP, I've seen it in the IPAddress[] returned by GetHostAddresses. Why is the HttpClient not resolving the IP - or is it resolving the IP with another problem?
I have tried
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
and
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
but this makes no difference. Using the
ServicePointManager.ServerCertificateValidationCallback
Also doesn't work as it never reaches the point of calling the callback. It's failing before then.
I suspect the problem is that as I am not familiar with any of this stuff I have missed something important somewhere.
I should note also - this is a .net 4.5.2 Console app. I tried moving to 4.6.1 and this still fails.
I was looking completely in the wrong place. The problem lay in the IIS setup.
The site binding was for some reason explicitly set to 10.0.0.21:433. Switching this to "All Unassigned" - seems to have made this work.
I am probably out of my depth, and could be wrong, but I suspect the reason for this is that according to Wireshark, the response to the MDNS request to find the hostname IP, was returning the ipv6 address of the server machine, which of course isn't 10.0.0.21. Again, I could be wrong.
The reason I am so unsure is that chrome seems to have ploughed right through and found the correct thing when I put in https://test-machine/api/Example and I cannot explain why.
I have trubble enable https for a simple webservice project. The service i starting but I canĀ“t browse it at all? Its like it is not really published? If I switch to regular http it works fine.
Finddler respondes with this :
fiddler.network.https> HTTPS handshake to localhost failed.
System.IO.IOException Unable to read data from the transport
connection: An existing connection was forcibly closed by the remote
host. < An existing connection was forcibly closed by the remote host
The WCF log says nothing more then that the service is started.
Here is a test projekt : https://onedrive.live.com/redir?resid=DE992A2C8B8C2EC9!7740&authkey=!APkS4Y9ODK-Y-Lk&ithint=file%2czip
You should be able to switch the certificate against any one you already have.
Edit : The certificate Im using are a selfsigned for testing but that should not matter.
I hade to bind the port to the certificate like in this article : https://msdn.microsoft.com/en-us/library/ms733791(v=vs.110).aspx
I have been provided with a wcf service url, private and public certificate to consume it.
My url is https:/xxxx.com/xxxx/xxxx.svc
my private certificate is xxx.pfx
my public certificate is xxxx.cer
When I try to add service reference from my client application it throws the following error.
There was an error downloading
'https://xxxx.com/xxxx/xxxx.svc'.
The underlying connection was closed:
An unexpected error occurred on a receive.
Unable to read data from the transport connection:
An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host
Metadata contains a reference that cannot be resolved:
'https://xxxx.com/xxxx/xxxx.svc'.
An error occurred while receiving the HTTP response to
https://xxxx.com/xxxx/xxxx.svc.
This could be due to the service endpoint binding not using the HTTP protocol.
This could also be due to an HTTP request context being aborted by the server
(possibly due to the service shutting down).
See server logs for more details.
The underlying connection was closed: An unexpected error occurred on a receive.
Unable to read data from the transport connection:
An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host
If the service is defined in the current solution,
try building the solution and adding the service reference again.
I have the certificates installed under personal, trusted people, trusted publishers folder. I don't have access to the server to check the server configuration. But I have been told that this is working for different client. I am sure I am messing the installation of certificates. It would be great if someone can point me into the right direction.
Thanks,
Esen
You got to enable tracing to see whats going on at the server. The error message you posted is more generic.
http://msdn.microsoft.com/en-us/library/ff648360.aspx
http://msdn.microsoft.com/en-us/library/ms733025.aspx
First just try to remove service reference from the project, remove system.ServiceModel section from web.config and add service reference again. This will force VS to completly rebuild system.ServiceModel section. If this does not help additional wcf client configuration is required.
Here is great sample how to properly configure wcf client to use certificate:
http://www.codeproject.com/Articles/28248/Securing-WCF-Services-with-Certificates
If you are still experiencing problems after this you could be missing some custom endpointBehavior. In this case you should contact wcf service provider.