PULLDP.MSI not trusted
Hi all,
I have one PullDP already configured and pulling content regularly and smoothly.
Now, to pull down new content or new content version I note the following logged message in DISTMGR.LOG saying that PULLDP.MSI is not trusted,
Primary site OS is w2008 r2 enterprise SP1;
PULLDP server is w2003 enterprise sp2
Would you please help me fix this issue as it is recurring for other PULL DP also.
Thank you
Failed to copy D:\Program Files\Microsoft Configuration Manager\bin\i386\pulldp.msi to \\pulldpfqdn\SMS_DP$\sms\bin\pulldp.msi. GLE = 53
SMS_DISTRIBUTION_MANAGER
8/6/2014 2:30:06 PM
13588 (0x3514)
Error in verifying the trust of file '\\pulldpfqdn\SMS_DP$\sms\bin\pulldp.msi'.
SMS_DISTRIBUTION_MANAGER 8/6/2014 3:00:28 PM
3568 (0x0DF0)
File \\pulldpfqdn\SMS_DP$\sms\bin\pulldp.msi is not trusted
SMS_DISTRIBUTION_MANAGER 8/6/2014 3:00:28 PM
3568 (0x0DF0)
Similar Messages
-
I have similar problem, my apple tv which has always worked properly with my Samsung tv will no longer play any audio after the latest 5.1 upgrade. Very frustrating as it was working perfectly before. I am starting to not trust apple upgrades until proven for example ios6 on iPhone with that stupid map app instead of google maps.
I just want to buy and hear my iTunes music and videos on my apple tv, could before cant now. Thank you apple. Time to pack up the apple tv and start torrenting without the ios-bs.
Disheartened apple fan.Welcome to the discussion forums.
Try going to synching in the sources menu on your tv and selecting 'change itunes library', when it gives you the passcode check itunes to see if the tv is showing up as a new device, if so try entering the pass code. It may be that your tv is seeing itunes as a different library because of a recent upgrade. -
As it says, Chrome, Firefox, and Internet Explorer all give the certificate error message for any and every website attempted - including the Firefox add-ons page. The specific error is the "no issuer chain was provided".
1) This problem is not on my computer - it is on my mother's computer in another city. Therefore, I cannot attempt every little possibility without flying over there - I'm looking for things I can tell her to do over the phone. The problem started today. I've already given her the list of anti-malware programs to go install and run from here:
https://support.mozilla.org/en-US/questions/982393
Note that, of course, she will have to accept the security certificate override to get to these things - I hope this isn't bad.
2) The problem started after she tried to use Skype, it hung for a very long time and would never log on. So she tried to reinstall it - and she said she clicked through a number of agreement screens and believes she may have installed malicious 3rd party software. This is ridiculous, is Skype now putting malware on people's computers through these bogus 3rd party add-ons at installation? I suppose it is possible Skype was hanging because of some other problem - but she did manage to reinstall Skype and got it to work (but now her internet certificates won't).
3) She has BitDefender. I am aware that it says here:
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
that she should turn off SSL scanning. She turned it off, it did not solve the problem. She turned it off and restarted, it did not solve the problem. She has had it on for the past 6 months and it has never caused a problem.
4) In addition, BitDefender reported today that it stopped a malicious program called MySearchDial.exe from attempting something it shouldn't. We went through this removal guide:
http://malwaretips.com/blogs/start-mysearchdial-removal/
however, the software MySearchDial was never actually installed into the windows install list, and we did not find any addons/plugins in any of the browser lists (note that Firefox add-ons cannot be accessed with a certificate error, it gives the error message but DOES NOT give you the option to add an exception so you can't access the add-ons). The only thing we found was (a) MySearchDial was default in the IE search engine list, despite there being no add-on, and (b) MySearchDial.exe was in the temp folder (now deleted). I note that I had BitDefender scan the temp folder *before* I deleted MySearchDial.exe, and it claimed no threats were found. What? It was BitDefender that warned me of it in the first place!
5) Time and date are correct.
6) Checked the Win 7 install log, only Skype, Skype Click-to-Call, and (for some reason) Mircosoft Visual Studio 2010 and Visual C++ were installed or altered today. I got paranoid about Click-to-call and asked her to uninstall it, but it didn't solve the problem.
7) The OS is Win7 64bit Home.
Anything beyond endless Malware removal programs (via list linked above) that we should try?The only way to know what is going on is to retrieve the certificate and check who is the issuer.<br />
It is always possible that the server doesn't send the full certificate chain (intermediate certificates), so it might help to post a link to this website
Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Check out why the site is untrusted and click "Technical Details to expand this section.<br>If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
*Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
*Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
*Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
*Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate. -
TMG - 0x80090325 -Certificate Chain was issued by an authority that is not trusted
Hello,
I am having some problems with testing a OWA (SSL) rule. I get that message.
The TMG belongs to the domain and therefore as far as I know it gets the root certificate of my CA (I have deployed a Enterprise CA for my domain).
That is why I don't understand the message: "...that is not trusted."
The exact message:
Testing https://mail.mydomain.eu/owa
Category: Destination server certificate error
Error details: 0x80090325 - The certificate chain was issued by an authority that is not trusted
Thanks in advance!
Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)Thanks Keith for your reply and apologies for the delay in my answer.
I coud not wait and I reinstalled the whole machine (W28k R2 + TMG 2010) . I suppose I am still a bad troubleshooter, I have experience setting up ISA, TMG, PKI, Active directory but to a certain extent.
1. Yes, I saw it when hitting the button "Test Rule" in the Publising rule in the TMG machine.
2. No, it did not work in this implementation but it has worked in others, this is not difficult to set up, until now, hehe.
3. You said: "...If you are seeing it when running "Test Rule" then it simply means that TMG does not trust something about the certificate that is on your Exchange Server...."
But the certificates are auto-enrolled, and when I saw the details of the certificates they all are "valid" , there is a "valid" message.
4. You wrote: "...Easiest way see everything is create an access rule that allows traffic from the LocalHost of TMG to the CAS and open up a web browser. Does the web browser complain?..."
But as I said, I re-installed the whole thing because nobody jumped in here , and I needed to move forward, I hope you understand.
5. S Guna kindly proposed this:
If you are using internal CA,
You need to import the Root CA certificate to TMG servers.
Import Private Key of the certificate to Server personal
Create a Exchange publishing Rule and Point the lisitner to the Correct certificate.
Since you are using internal CA, You need to import the Root CA certificate to all the client browers from where you are accessing OWA
But I think I do not have to perform any of those tasks, although I am not an expert but have worked with Certificate for one year or so.
Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain) -
"The certificate chain was issued by an authority that is not trusted" when migrating to SQL 2012
Environment:
1 Primary Site (USSCCM-Site.domain.com)
1 CAS (USSCCM-CAS.domain.com)
SQL 2008 R2 (USSCCM-CAS.domain.com)
SQL 2012 SP1 CU6 (USSQL12.domain.com)
Issue:
We were successfully able to migrate the CAS to the new SQL 2012 server, almost without incident. When attempting to migrate the Site instance however, we are getting errors. Screenshot below.
Attached is a copy of the log. But below is a highlight of what I think are the errors… It appears that either SQL or SCCM doesn’t like a certificate somewhere, but it is contradicting because the logs say that it has successfully tested connection to SQL.
I am lost.
Logs stating it can connect successfully to SQL
Machine certificate has been created successfully on server USSQL12.domain.com. Configuration Manager Setup 10/21/2013 10:20:10
AM 2100 (0x0834)
Deinstalled service SMS_SERVER_BOOTSTRAP_USSCCM-Site.domain.com_SMS_SQL_SERVER on USSQL12.domain.com. Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
SQL Server instance [sccmsite] is already running under the certificate with thumbprint[f671be844bf39dec7e7fdd725dc30e225991f28a]. Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
INFO: Testing SQL Server [USSQL12.domain.com] connection ... Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
INFO: SQL Connection succeeded. Connection: USSQL12.domain.com SCCMSITE\MASTER, Type: Unsecure Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
INFO: Tested SQL Server [USSQL12.domain.com] connection successfully. Any preceding SQL connection errors may be safely ignored. Configuration Manager Setup 10/21/2013
10:20:10 AM 2100 (0x0834)
INFO: Certificate: 308202FC308201E4A003020102021011BA47041BB0609D4097BC19F5AB96B5300D06092A864886F70D01010B0500301D311B301906035504031312555353514C31322E7063756265642E636F6D3020170D3133313031373139343632345A180F32313133303932343139343632345A301D311B301906035504031312555353514C31322E7063756265642E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100CFAC23CEA8920051C8C24DF4E96D76D9E034931867C4DBF74F8AE863C5BDE6D1EAEAAF363F6B97DEF1D7A1FC292CB870F353D72F04472EBE3D31DCA009BD3F8C58E2AAB69C892C20598306537F5EEAA43FA6DE55D4A784CEB6FD07486AB2CC2DE1A8651648EBC31A5CD918E8ED6E184FC560B3A8B0F76F83E310BBA8C4EB27F46707E3A6377D8DD06C6808146E407EF9DB464F453798B6C1748216665884A7F2CDE03D9DA1CB4E59E67516E4F345755E35450F84F4B039642851EFFA96B22D8E77EC11C01D389989F740923B58799E34FC8F4F19CD55830FA7E786C993A08A1EEDCA87F209268CE9D5E86AC9E2A14668207721D94ACE9FACE3AA55B53507F6BF0203010001A3363034301D0603551D11041630148212555353514C31322E7063756265642E636F6D30130603551D25040C300A06082B06010505070301300D06092A864886F70D01010B05000382010100A0E33BF490B60C2B8A73BF7FA90EBB69D92DA27B439EF0569650F388EBA34B9F382CEF52DAAB543C2924E1B8DC7BEE828FB0C276330B0FF67340CBFA0CC24F47431E5272DC76C7610C290A04411036441E9822FBF8AB52B4BBE43F5FF48074BA420FF690A94D53AFCEF7AC75E2D2723520A9EF64AF06759814AE92D41CEA2F0D6CC8D9E5DEF121234F5DD97A7E886BE55F57DC0B79052A554724E8A0146C08A74AE75672FBD8C8BD6B7FCA82C1CC69906A45128CDDD1BC3985ED9603C16E712FFBAA8AA6878F853367F3E1F69E727DB96864DF6B47EBDA82659036EC82A8B04E77535CEA314D7518D02C401969C77B91C8C210C57AA991A622D679B994AEED3C
Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
INFO: Created SQL Server machine certificate for Server [USSQL12.domain.com] successfully. Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
INFO: Configuration Manager Setup - Application Shutdown Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
INFO: Running SQL Server test query. Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
INFO: SQL Connection succeeded. Connection: USSQL12.domain.com SCCMSITE\MASTER, Type: Secure Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
INFO: SQL Server Test query succeeded. Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
INFO: SQLInstance Name: sccmsite Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
INFO: SQL Server version detected is 11.0, 11.0.3381.0 (SP1). Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
Logs saying certificate is not trusted
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:20:49 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:49
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:49 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:20:49 AM
2100 (0x0834)
INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure Configuration Manager Setup 10/21/2013 10:20:49
AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:20:52 AM
2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:20:52 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:52
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:52 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:20:52 AM
2100 (0x0834)
INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure Configuration Manager Setup 10/21/2013 10:20:52
AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:20:55 AM
2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:20:55 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:55
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:55 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:20:55 AM
2100 (0x0834)
INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure Configuration Manager Setup 10/21/2013 10:20:55
AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:20:58 AM
2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:20:58 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:58
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:58 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:20:58 AM
2100 (0x0834)
INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure Configuration Manager Setup 10/21/2013 10:20:58
AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:21:01 AM
2100 (0x0834)
More logs saying cert is not trusted
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:21:20 AM
2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:21:20 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:21:20
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:21:20 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:21:20 AM
2100 (0x0834)
INFO: Updated the site control information on the SQL Server USSQL12.domain.com. Configuration Manager Setup 10/21/2013 10:21:39 AM
2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:21:39 AM
2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:21:39 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:21:39
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:21:39 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:21:39 AM
2100 (0x0834)
CSiteSettings::WriteActualSCFToDatabase: Failed to get SQL connection Configuration Manager Setup
10/21/2013 10:21:39 AM 2100 (0x0834)
CSiteSettings::WriteActualSCFToDatabaseForNewSite: WriteActualSCFToDatabase(USA) returns 0x87D20002 Configuration Manager Setup 10/21/2013 10:21:39
AM 2100 (0x0834)
ERROR: Failed to insert the recovery site control image to the parent database. Configuration Manager Setup 10/21/2013 10:21:39 AM
2100 (0x0834)
Troubleshooting:
I have read on a few articles of other people having this issue that states to find the certificate on SQL 2012 that’s being used and export it to the SCCM server – which I’ve done.
http://damianflynn.com/2012/08/22/sccm-2012-and-sql-certificates/
http://trevorsullivan.net/2013/05/16/configmgr-2012-sp1-remote-sql-connectivity-problem/
http://scug.be/sccm/2012/09/19/configmgr-2012-rtm-sp1-and-remote-management-points-not-healthy-when-running-configmgr-db-on-a-sql-cluster/
-BradHi,
How about importing certificate in the personal folder under SQL server computer account into SCCM server computer account or SCCM server service account? That certificate is for SQL Server Identification. And you could
set the value of the ForceEncryption option to NO. (SQL Server Configuration Manager->SQL Server Network Configuration->
Protocols for <server instance>->Properties)
Best Regards,
Joyce Li
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Certificate not Trusted Exception
Hi,
I am trying to invoke Axis soap call from webshpere (my requirement is to trust all certificates), but getting certificate not trusted exception. Appreciate any suggestions for fixing this issue.
Code:
public String transport(String strMessage, String strParticipantUrl, String methodName, String keyStorePwd) throws RouterException {
String result = null;
boolean isErrorOccured = false;
String errorMessage = null;
LOGGER.info("Calling Carrier Web Service.......");
LOGGER.info("Web Service URL is :" + strParticipantUrl);
LOGGER.info("Web Service Method Name is :" + methodName);
ServiceFactory serviceFactory = new ServiceFactory();
Service service = null;
try {
service = (Service) serviceFactory.createService(new QName(
FundTransferConstants.QNAME_SERVICE));
} catch (ServiceException e) {
isErrorOccured = true;
Integer connectionTimeOut = FundTransferContext.getInstance()
.getConnectionTimeOut();
org.apache.axis.client.Call call = null;
if (null != service) {
try {
LOGGER.info("setting ssl status to debug");
System.setProperty("javax.ssl.debug", "all");
String proxyHost = FundTransferUtil.getProperty("PROXY.HOST");
String proxyPort = FundTransferUtil.getProperty("PROXY.PORT");
String username = FundTransferUtil.getProperty("PROXY.USER");
String password = FundTransferUtil
.getProperty("PROXY.PASSWORD");
if (proxyHost != null && !"".equals(proxyHost)) {
System.setProperty("proxySet", "true");
System.setProperty("http.proxyHost", proxyHost);
if (proxyPort != null && !"".equals(proxyHost)) {
System.setProperty("http.proxyPort", proxyPort);
if (username != null && !"".equals(username)) {
System.setProperty("http.proxyUser", username);
if (password != null && !"".equals(password)) {
System.setProperty("http.proxyPassword", password);
String keyStoreLocation = FundTransferUtil
.getProperty("KEYSTORE_LOCATION");
String keystore = keyStoreLocation + "/"
+ FundTransferConstants.KEYSTORE_FILE_NAME;
String storetype = FundTransferConstants.KEYSTORE_FILE_TYPE;
String][ props = {
{ FundTransferConstants.TRUST_STORE, keystore, },
{ FundTransferConstants.KEY_STORE, keystore, },
{ FundTransferConstants.KEY_STORE_PWD, keyStorePwd, },
{ FundTransferConstants.KEY_STORE_TYPE, storetype, },
{ FundTransferConstants.TRUST_STORE_PWD, keyStorePwd, }, };
// Commented loading the keystore to test outbound calls
/*for (int index = 0; index < props.length; index++)
System.getProperties().setProperty(propsindex[0],
propsindex[1]);*/
// Commented all trusting trust manager
/*LOGGER.info("Creating TrustManager...");
TrustManager] trustAllCerts = new TrustManager[ { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
LOGGER.info("Acception all issuers");
return null;
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs,
String authType) {
LOGGER.info("checkClientTrusted method");
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs,
String authType) {
LOGGER.info("checkServerTrusted method");
// Install the all-trusting trust manager
try {
LOGGER.info("Creating SSLContext...");
SSLContext sc = SSLContext.getInstance("SSL");
LOGGER.info("Created SSLContext..." + sc);
sc.init(null, trustAllCerts,
new java.security.SecureRandom());
LOGGER.info("Created SSLContext initiated...");
LOGGER.info("sslDefaultSocketFactory......"
+ sc.getSocketFactory());
HttpsURLConnection.setDefaultSSLSocketFactory(sc
.getSocketFactory());
LOGGER.info("sslDefaultSocketFactory......"
+ sc.getSocketFactory());
} catch (Exception e) {
LOGGER.error("Exception is occuring...");
LOGGER.error(e.getMessage());
call = (Call) service.createCall();
} catch (ServiceException ex) {
LOGGER.error(ex.getMessage());
errorMessage = ex.getMessage();
isErrorOccured = true;
if (null != call) {
LOGGER.info("Web Service TimeOut setting :"
+ connectionTimeOut.intValue());
LOGGER.info("Setting axis propeties to use IBMFakeTrustSocketFactory");
// This will allow web service requests using the HTTPS protocol without having a valid SSL certificate installed and configured.
AxisProperties.setProperty("axis.socketSecureFactory","org.apache.axis.components.net.IBMFakeTrustSocketFactory");
call.setTimeout(connectionTimeOut);
call.setTargetEndpointAddress(strParticipantUrl);
call.setProperty(Call.SOAPACTION_USE_PROPERTY,
new Boolean(true));
call.setProperty(Call.SOAPACTION_URI_PROPERTY,
FundTransferConstants.EMPTY_STRING);
QName qnameTypeStr = new QName(FundTransferConstants.NS_XSD,
FundTransferConstants.QNAME_TYPE);
QName header = new QName(FundTransferConstants.NS_XSD,
FundTransferConstants.QNAME_TYPE);
call.setReturnType(qnameTypeStr);
call
.setOperationStyle(FundTransferConstants.WEB_SERVICE_OPERATION_RPC_STYLE);
call
.setOperationName(new QName(
FundTransferConstants.BODY_NAMESPACE_VALUE,
methodName));
call.addParameter("String_1", qnameTypeStr, ParameterMode.IN);
String[] params = { strMessage };
if (FundTransferConstants.CARRIER_RESEND_METHOD
.equalsIgnoreCase(methodName)) {
try {
call.invoke(params);
} catch (Exception ex) {
errorMessage = ex.getMessage();
isErrorOccured = true;
LOGGER.info(ex.getMessage());
} else {
int counter = 0;
while (counter < 3) {
counter++;
try {
// Here making the call which is failing
result = (String) call.invoke(params);
counter = 4;
} catch (AxisFault axisFault) {
axisFault.printStackTrace();
errorMessage = axisFault.getMessage();
isErrorOccured = true;
LOGGER.error(axisFault.getMessage());
} catch (Exception ex) {
ex.printStackTrace();
errorMessage = ex.getMessage();
isErrorOccured = true;
if (isErrorOccured) {
throw new RouterException(errorMessage);
return result;
System Error:
12/7/07 13:43:41:639 EST 000000bb SystemErr R AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 more
12/7/07 13:43:41:640 EST 000000bb SystemErr R AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 more
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at org.apache.axis.AxisFault.makeFault(AxisFault.java:129)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:131)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
... 48 more
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 moreI found the fix from Oracle Support Knowlededge Base
sslTool serverInfo --url https://HOST:9043 --certFile newcert.cer
PStoreTool located in REGISTRY_HOME/bin/PStoreTool add -config
WEBLOGIC_HOME/user_projects/domains/[osr_domain_name]/servers/[osr_server_name]/tmp/_WL_user/registry/[unique id]/public/conf/pstore.xml -certFile newcert.cer
I was updating wrong file with the certificate. It had to be pstore.xml. This solved my issue.
Thanks & Regards,
Parshant -
Digital ID certificate not trusted
I'm trying to add digital ID certificates for governmental employees with whom I communicate by e-mail. I used an e-mail including those certificates (*.cer format) to transmit the certs to the new IPad, and I was able to install them, but they are all listed as "Not Trusted". How do I go about designating that they are to be trusted?
I also added my own digital ID cert (*pfx format), and it has exactly the same situation: installed, but "not trusted."
Thanks.Thanks for reply but the message comes up every time I log into Santander. Interestingly this happens on Safari and Chrome but if I use my old browser Camino it comes up as secure. Will ring Santander again today and my ISP to see if they can shed any light. The same issue has occurred on ebay too but that seems to have resolved itself. Will let you know if I make any progress
-
HTTP Error 403.16 - Forbidden, Your client certificate is either not trusted or is invalid.
Dear Experts,
I have tried mutual authentication with sample website as per below link:
http://itq.nl/testing-with-client-certificate-authentication-in-a-development-environment-on-iis-8-5/#comment-19427
1. Created a Root certificate, client and server certificate based on this root certificate by using Makecert command as per below link:
2. Import these certificates in Trusted Root Certification authority of both the stores (Local and Current user)
3. Created a sample website with HTML page
4.Hosted this website in IIS with HTTPS binding and selected the above server certifcate
5. Enabled "Require SSL" and selected "Require" under SSL settings of website
6. Exported the client certificate in base64 format --> Edited in notepad --> made the key into single line
7. Placed the above key under Configuration editor --> system.webServer/security/authentication/iisClientCertificateMappingAuthentication --> one to one mapping with user credentials.
8. I tried to access the website
But, I ended with below error :(
HTTP Error 403.16 - Forbidden
Your client certificate is either not trusted or is invalid.
Detailed Error Information:
Module IIS Web Core
Notification BeginRequest
Handler ExtensionlessUrlHandler-Integrated-4.0
Error Code 0x800b0109
Requested URL https://localhost:443/
Physical Path E:\SampleRoot
Logon Method Not yet determined
Logon User Not yet determined
Could you please let me know what I missed here.
Note:
I am using windows8, IIS8.0.
Thanks in advance.
Regards,
M. Prasad Reddy.Hi Prasad,
As per this case, I have been shared the corresponding details below
1.First of all,make sure that you import the certificate whether it belongs to Trusted RootCertification or not .
If that is the case ,Goto Microsoft Management Console (MMC), open the Certificates snap-in.
For instance, the certificate store that WCF is configured to retrieve X.509 certificates from, select the Trusted RootCertification Authoritiesfolder. Under the Trusted Root Certification Authorities folder, right-click the Certificatesfolder,
point to All Tasks, and then click Import.
2.you configured the server certificate as well, But check the client certificate whether have root certificate or not by following command?
makecert -pe -n "CN=SSLClientAuthClient"
-eku 1.3.6.1.5.5.7.3.2 -is root -ir localmachine -in WebSSLTestRoot
-ss my -sr currentuser -len 2048
3. Also check the Service Certificate whether its configured on the WCF Service side
4.Make sure that you followed all the steps are done correctly from your given referred link below
http://itq.nl/testing-with-client-certificate-authentication-in-a-development-environment-on-iis-8-5/#comment-19427
5.Besides, please try to set the require SSL as ignore to see if you can access the website.
If the above details cannot able to resolve this issue, please post your config file here. -
Hello
My subca certificate was about to expire so I renewed it with the same key and since then my wireless will not connect. I get the following error from NPS:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID:
AD\4411CB8CD34A2AA$
Account Name:
host/4411CB8CD34A2AA.ad.***.org
Account Domain:
AD
Fully Qualified Account Name:
AD\4411CB8CD34A2AA$
Client Machine:
Security ID:
NULL SID
Account Name:
Fully Qualified Account Name:
OS-Version:
Called Station Identifier:
f4-1f-c2-e6-0e-40:***-private
Calling Station Identifier:
e0-06-e6-c2-96-b7
NAS:
NAS IPv4 Address:
10.0.2.85
NAS IPv6 Address:
NAS Identifier:
DOM-WLC1
NAS Port-Type:
Wireless - IEEE 802.11
NAS Port:
13
RADIUS Client:
Client Friendly Name:
NPS Proxy 1
Client IP Address:
10.0.2.12
Authentication Details:
Connection Request Policy Name:
Wireless Clients
Network Policy Name:
Wireless Clients
Authentication Provider:
Windows
Authentication Server:
DOM-DC1.ad.****.org
Authentication Type:
EAP
EAP Type:
Microsoft: Smart Card or other certificate
Account Session Identifier:
Logging Results:
Accounting information was written to the local log file.
Reason Code:
295
Reason:
A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
How do i make the policy provider trust this new certificate that was created? When i renewed the certificate everything looks good on the subca and root ca. The new certificate is not in the nps servers so i tried manually importing it and that still did
not work. I noticed when i open the wireless network policy properties under constraints and open the Microsoft: Smart Card or other certificate eap type the new certificate is not in there. Any suggestions? Thank you!can you copy client certificate to NPS server and run the following command against this certificate:
certutil -verify -urlfetch path\clientcert.cer
and show us the output.
Vadims Podāns, aka PowerShell CryptoGuy
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell File Checksum Integrity Verifier tool. -
Hi all.
I have stanalone offline RootCA, and enterprise domain SubCA on DC on Windows 2012 server. I have Windows 2003 Terminal Server, users logon to TS via smart cards - and this work fine.
Now I added Windows server 2012 as "Terminal Server".
Now I added Windows server 2012 R2 as "Terminal Server".
I configured both servers identically.
Users can logon via smart card to Windows Server 2012.
Users CAN NOT logon via smart card to Windows Server 2012 R2.
When user trying to logon via smart card, they have information:
"An untrusted cartification authority was detected while processing the domain controller certificate used for authentication. Additional information..."
I run a certutil.exe -scinfo on both Windows 2012/2012R2 servers.
I found differences in the (~) same place in the output log.
On Windows 2012:
Exclude leaf cert:
b4 44 8f fb fb b4 5f 03 39 76 dc cc e8 da 02 e0 d0 cc b6 32
Full chain:
c8 3d 07 12 ea 4d 0e 5a 8c 50 fc 56 2e 51 f1 68 6a 26 90 77
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.5.5.7.3.2 Client Authentication
1.3.6.1.4.1.311.20.2.2 Smart Card Logon
On Windows 2012 R2:
Exclude leaf cert:
78 7e 6c 60 3f 20 c6 f6 e8 74 c8 36 e3 d3 88 ac 12 60 41 32
Full chain:
b8 a9 fa 6c db 07 cd 32 86 17 8c 88 02 ba d0 4b 8c ac 2d 58
Issuer: CN=XXX CA, OU=Certification Services, O=XX, C=XX
NotBefore: 2013-11-22 12:42
NotAfter: 2014-11-22 12:42
Subject: CN=XX Test, OU=XX, OU=UXX, DC=XX, DC=com
Serial: 7a0084f
SubjectAltName: Other Name:Principal Name=XX@XX
Template: Smartcard Logon Behalf 2048
1d 2a bb dc 2a 9c 70 0d b5 35 47 44 ee 61 60 ab 71 97 66 ff
A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478)
I run a certutil -verify xx.cer on both Servers 2012/2012R2 and on both servers have the ~exact same thing.
Windows 2012:
Exclude leaf cert:
f6 0e 96 da c7 08 9a 78 12 97 a6 b6 22 df 57 9d e7 03 41 df
Full chain:
f0 fb 19 66 e8 6c 4f ea b4 d5 ea 6d 5e 38 54 07 b0 9f 52 96
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.4.1.311.20.2.2 Smart Card Logon
1.3.6.1.5.5.7.3.2 Client Authentication
Leaf certificate revocation check passed
Windows 2012 R2:
Exclude leaf cert:
84 18 5b 9d 06 61 60 73 c6 37 80 f4 25 33 c4 d3 5e ef 4a 93
Full chain:
63 8e 9e 37 78 c9 93 bb 4d da f4 e3 4b 7e 2b 14 49 28 0f 5d
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.4.1.311.20.2.2 Smart Card Logon
1.3.6.1.5.5.7.3.2 Client Authentication
Leaf certificate revocation check passed
Whether Windows 2012R2 is not trying to build a certificate path, treating smart card logon certificate as (Sub)CA certificate?
Previous and probably wrong idea:
The only thing that comes to my mind is my SubCA.
I have two CA Certyficates:
Certyficate #0 (expired)
Certyficate #1 <- valid.
I guess that all Windows before Windows 2012 R2 build certyficafion chain from valid (second #1) certyficate. Windows 2012 R2 take first and we have:
"A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
[ value] 800B0112 "
This is a bug or feature?
How I can fix this without removal Certificate #0 from my SubCA?
Best regards
Jacek Marek
MCSA Windows Server 2012Hi,
Glad to hear that the issue is solved!
Thank you very much for your sharing!
Please feel free to let us know if you encounter any issues in the future.
Best Regards,
Amy -
Hi all.
I have stanalone offline RootCA, and enterprise domain SubCA on DC on Windows 2012 server. I have Windows 2003 Terminal Server, users logon to TS via smart cards - and this work fine.
Now I added Windows server 2012 as "Terminal Server".
Now I added Windows server 2012 R2 as "Terminal Server".
I configured both servers identically.
Users can logon via smart card to Windows Server 2012.
Users CAN NOT logon via smart card to Windows Server 2012 R2.
When user trying to logon via smart card, they have information:
"An untrusted cartification authority was detected while processing the domain controller certificate used for authentication. Additional information..."
The only thing that comes to my mind is my SubCA.
I have two CA Certyficates:
Certyficate #0 (expired)
Certyficate #1 <- valid.
I guess that all Windows before Windows 2012 R2 build certyficafion chain from valid (second #1) certyficate. Windows 2012 R2 take first and we have:
"A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
[ value] 800B0112 "
This is a bug or feature?
How I can fix this without removal Certificate #0 from my SubCA?
Best regards
Jacek Marek
MCSA Windows Server 2012Hi,
I run a certutil.exe -scinfo on both Windows 2012/2012R2 servers.
I found differences in the (~) same place in the output log.
On Windows 2012:
Exclude leaf cert:
b4 44 8f fb fb b4 5f 03 39 76 dc cc e8 da 02 e0 d0 cc b6 32
Full chain:
c8 3d 07 12 ea 4d 0e 5a 8c 50 fc 56 2e 51 f1 68 6a 26 90 77
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.5.5.7.3.2 Client Authentication
1.3.6.1.4.1.311.20.2.2 Smart Card Logon
On Windows 2012 R2:
Exclude leaf cert:
78 7e 6c 60 3f 20 c6 f6 e8 74 c8 36 e3 d3 88 ac 12 60 41 32
Full chain:
b8 a9 fa 6c db 07 cd 32 86 17 8c 88 02 ba d0 4b 8c ac 2d 58
Issuer: CN=XXX CA, OU=Certification Services, O=XX, C=XX
NotBefore: 2013-11-22 12:42
NotAfter: 2014-11-22 12:42
Subject: CN=XX Test, OU=XX, OU=UXX, DC=XX, DC=com
Serial: 7a0084f
SubjectAltName: Other Name:Principal Name=XX@XX
Template: Smartcard Logon Behalf 2048
1d 2a bb dc 2a 9c 70 0d b5 35 47 44 ee 61 60 ab 71 97 66 ff
A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478)
I run a certutil -verify xx.cer on both Servers 2012/2012R2 and on both servers have the ~exact same thing.
Windows 2012:
Exclude leaf cert:
f6 0e 96 da c7 08 9a 78 12 97 a6 b6 22 df 57 9d e7 03 41 df
Full chain:
f0 fb 19 66 e8 6c 4f ea b4 d5 ea 6d 5e 38 54 07 b0 9f 52 96
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.4.1.311.20.2.2 Smart Card Logon
1.3.6.1.5.5.7.3.2 Client Authentication
Leaf certificate revocation check passed
Windows 2012 R2:
Exclude leaf cert:
84 18 5b 9d 06 61 60 73 c6 37 80 f4 25 33 c4 d3 5e ef 4a 93
Full chain:
63 8e 9e 37 78 c9 93 bb 4d da f4 e3 4b 7e 2b 14 49 28 0f 5d
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.4.1.311.20.2.2 Smart Card Logon
1.3.6.1.5.5.7.3.2 Client Authentication
Leaf certificate revocation check passed
Any idea, or I must open case with Microsoft support?
Best regards
Jacek Marek
MCSA Windows Server 2012 -
ISE Certificate Chain Not Trusted By WLAN Clients
We are running ISE 1.1.3 using Entrust cert signed by Entrust sub CA L1C, which is signed by Entrust.net 2048, which is in all major OS stores as trusted (Windows, Android, iOS).
We have installed a concatenated PEM file with all of the certificates from the chain, as described in the ISE User Guides. The ISE GUI shows all of the certs in the chain individually after the import (i.e. the chain works and is good). However, we are not sure if the ISE is sending the entire chain to the WLAN clients during EAP authentication or just the ISE cert because of the error message we get on ALL client types which state that the certifiicate is not trusted.
So the question is if the ISE is really sending the whole chain or just its own cert with out the rest of the certs in the chain (which would explain why the WLAN clients complain about the certificate trust.)
Anyone out there know if the ISE code is not up to sending the cert chain in version 1.1.3 yet or if there is some other explanation? Screenshot attached of iPhone prompting for cert verification.Thanks hardiklodhia, your post confirms what we are seeing - the Windows clients have no issue as long as they are set to either NOT validate the EAP server cert or they are set to trust the signing CA cert from the local store by specifically selecting the signing CA (i.e. tick next to "Validate Serverr Certificate" and then another tick next to the signing CA cert in the box below.)
The iOS clients ALWAYS prompt for verification (thanks Apple.)
Note: we are using 1.1.3 and the cert chain import using a concatenated PEM file with ALL of the certs in the chain works fine. We are seeing the whole chain on the clients and the ISE extracts each PEM file into its local store.
The PEM file format is not adequately described in the user guides rather a vague description of cert order is provided.
The file should look like this:
-------------------------Top of page-----------------------------
Root CA PEM FILE
Intermediate CA 1 PEM FILE
Intermediate CA 2 PEM FILE
ETC
ISE CERT PEM FILE
------------------------Bottom of page-------------------------
By "PEM FILE" I mean the actual base64 encoded PEM output from openssl when you convert a .crt or .der file to PEM, including the words "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" for each PEM FILE above,
e.g.
-----BEGIN CERTIFICATE-----
MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEnzCCBAigAwIBAgIERp6RGjANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
VeSB0RGAvtiJuQijMfmhJAkWuXAwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX
8+1i0BowGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCAIEwDQYJKoZIhvcNAQEFBQAD
gYEAj2WiMI4mq4rsNRaY6QPwjRdfvExsAvZ0UuDCxh/O8qYRDKixDk2Ei3E277M1
RfPB+JbFi1WkzGuDFiAy2r77r5u3n+F+hJ+ePFCnP1zCvouGuAiS7vhCKw0T43aF
SApKv9ClOwqwVLht4wj5NI0LjosSzBcaM4eVyJ4K3FBTF3s=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIETA6MOTANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
EN551lZqpHgUSdl87TBeaeptJEZaiDQ9JifPaUGEHATaGTgu24lBOX5lH51aOszh
DEw3oc5gk6i1jMo/uitdTBuBiXrKNjCc/4Tj/jrx93lxybXTMwPKd86wuinSNF1z
/6T98iW4NUV5eh+Xrsm+CmiEmXQ5qE56JvXN3iXiN4VlB6fKxQW3EzgNLfBtGc7e
mWEn7kVuxzn/9sWL4Mt8ih7VegcxKlJcOlAZOKlE+jyoz+95nWrZ5S6hjyko1+yq
wfsm5p9GJKaxB825DOgNghYAHZaS/KYIoA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIETB9GEzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
yhHR/hYfdVM88hBXXypACgrxBv/JFlKzSEDwKydJeT1tcP//nG4jv1WWgLk6O2Mi
0oE0fnGmuf9fTX4+CdapG2gTDFJ29Chv3kavJDNtB85A7CK8oWI8Qav78Rvaz7nA
LiRMLBQ1RkqUrQFL2WHx4mJkCddPXzOeOVJlUTGJ
-----END CERTIFICATE-----
The last PEM output (the one directly above) is the ISE cert in PEM format. The first PEM output (the one at the top) is the Root CA cert in PEM format. The ones in the middle are intermediate signing CAs in order (from root to leaf). -
Hello,
I have configured BizTalk Services Hybrid Connection between Standard Azure Website and SQL Server 2014 on premise.
Azure Management portal shows the status of Hybrid Connection as established.
However, the website throws an error when trying to open a connection
<
addname="DefaultConnection"
connectionString="Data
Source=machine name;initial catalog=AdventureWorks2012;Uid=demouser;Password=[my password];MultipleActiveResultSets=True"
providerName="System.Data.SqlClient"
/>
(The same website, with the same connection string deployed on SQL Server machine works correctly).
I tried various options with the connections sting (IP address instead of machine name, Trusted_Connection=False, Encrypt=False, etc. the result is the same
[Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
[SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.
I tried various machines - on premise and a clean Azure VM with SQL Server and it results in the same error - below full stack
The certificate chain was issued by an authority that is not trusted
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
[SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5341687
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
System.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock) +5348371
System.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate) +91
System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate) +331
System.Data.SqlClient.TdsParser.TdsLogin(SqlLogin rec, FeatureExtension requestedFeatures, SessionData recoverySessionData) +2109
System.Data.SqlClient.SqlInternalConnectionTds.Login(ServerInfo server, TimeoutTimer timeout, String newPassword, SecureString newSecurePassword) +347
System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +238
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +892
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +311
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +646
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +278
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +38
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +732
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +85
System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1057
System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +196
System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +146
System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +16
System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +94
System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +110
System.Data.SqlClient.SqlConnection.Open() +96
System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +44
[EntityException: The underlying provider failed on Open.]
System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +203
System.Data.EntityClient.EntityConnection.Open() +104
System.Data.Objects.ObjectContext.EnsureConnection() +75
System.Data.Objects.ObjectQuery`1.GetResults(Nullable`1 forMergeOption) +41
System.Data.Objects.ObjectQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator() +36
System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +369
System.Linq.Enumerable.ToList(IEnumerable`1 source) +58
CloudShop.Services.ProductsRepository.GetProducts() +216
CloudShop.Controllers.HomeController.Search(String SearchCriteria) +81
CloudShop.Controllers.HomeController.Index() +1130
lambda_method(Closure , ControllerBase , Object[] ) +62
System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +193
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28
System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58
System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225
System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +23
System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9651188
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36213
Regards,
Michal
Michal MorciniecSame issue here, looking for more information !
-
TMG Error code 500 Certificate chain was issued by an authority that is not trusted
Hello colleagues
I have site https://site.domain.ru:9510/pmpsvc
In site work: http://imgur.com/2cQ6vlF
I publish this site through TMG 2010, but I have error:
500 Internal Server Error. The certificate chain was issued by an authority that is not trusted (-2146893019).
On TMG server via MMC I imported certificate to:
http://imgur.com/eYqjrQg and reboot TMG server, but problem is not solved.
Maybe someone solved this problem?
Thanks.This is because your certificate is unable to reach CA to verify the certificate
Ensure your TMG can reach the certificate authority
Import Root CA certificate to Trusted Root certificate authority in CertMGR
If you are using intermediate CA then import the intermediate CA certificate to intermediate CA in certmgr
Thanks, but I use certificate "*.domain.ru" and another https sites without port 9510 works fine. Maybe problem with site on TMG because problem with certificate on web-server (about Certificate error) -
http://imgur.com/2cQ6vlF ?? -
Error code 265: The certificate chain was issued by an authority that is not trusted.
We are in the process of trying to set up a wireless network that uses NPS servers to authenticate domain users with computers that are not on our domain (BYOD).
We are using a valid, wildcard SSL (with intermediate certificates) to authenticate via PEAP. The certificate was issued by Godaddy.
When trying to connect, we are getting the authentication request.
The result of a connection attempt is no connection with an event log error code of - “265: The certificate chain was issued by an authority that is not trusted.”
We have tried ensuring that the certificates are in the correct containers on the respective NPS servers: “Certificates\Personal\Certificates” With the intermediate certificates located: “Certificates/Intermediate Certification Authorities”
All these attempts have proven fruitless. Any assistance or direction would be very much appreciated.Hi,
Do you import the intermediate certificate in the right account? It should be imported in the Computer Account.
Have you imported the intermediate certificate in your client? Client need it to validate the certificate of your NPS server.
Here is a similar thread in which Greg has explained this issue in detail.
http://social.technet.microsoft.com/Forums/en-US/b770fcf6-d1e9-4aac-9005-62cb5ff6d485/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted?forum=winserverNAP
Hope this helps.
Steven Lee
TechNet Community Support
Maybe you are looking for
-
Ical events getting deleted on ipod
Hi when I first got my ipod I tried synching it with ical on 2 different computers. It was a mess (many events were either deleted or duplicated, entire calendars were being duplicated on each machine, etc). So I gave up trying to synch with both, cl
-
Acrobat Pro X crushes just after opening (Mac OS 10.7.5)
Hi! I just bought Adobe Creative Suite 6, everything is fine but Adobe Acrobat Pro X that crushes immediately after opening. It is updated to the last update and I have Mac OS 10.7.5. Does this problem disappear moving to Maverics? I had problems fro
-
BADI/Exit: Changing IDoc Control Record
HI, do you know a way to modify the IDoc Control Record for MASTERDATA IDocs like CREMAS/DEBMAS/ etc ? there are a lot of IDOC Badis and Exit´s but without changing the EDIDC. any ideas ? Regards, Gordon
-
GENERATING THE REPORTS IN ASCII
I created the reports and it generates the PDF files OK. How can I generate ASCII reports with proper line breaks and spacing? I appreciate your help. Thanks -Sri
-
When I woke up this morning, my Lumia 822 offered me the choice to install an update. I clicked the install button and saw gears on the screen. It's been over 2 hours and the gears on the screen are still spinning. I called Verizon but they didn't