WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote
I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
server is configured on http port 80
ERROR
Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
I've checked proxy server connectivity. I'm able browse following site from WSUS server
http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
I did telnet proxy server on the particular port (8080) and that is also fine.
I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
Any tips appreciated !
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM
Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
Your reply ("SSL is enabled/configured, and the certificate being used is invalid
(or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
Any other hints where I can prove them it's a sure shot problem from their side.
Thanks again !!
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM
Similar Messages
-
I tried to redeem a digital download copy of a movie and was presented the following error:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Any guesses on what it is and how to resolve it?
ThanksHi
Abhilash Francis,
Could you tell us your scenario? What's your project? Is it a WCF service?
Looks like this is not a code issue.
Just from the error information,
it seems that you do not configure the service certificate very well so as to Server was unable to process request.
I am not completely sure what the real scenario is, but it might be a problem of that It is a WCF services application, please check these following articles to configure the service certificate.
If not, please feel free to let me know.
How to: Configure an IIS-hosted WCF service with SSL
Could not establish trust
relationship for the SSL/TLS secure channel
Hope this helps.
Best regards,
Kristin
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
The underlying connection was closed: Could not establish trust
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Please checkout the following code. I am just trying to login on to the web service. I have imported the certificate from IE by going to the Ondemand website.
I am using C# VS 2005
public static String Login(String loginUrlString, String userName, String password)
string p = null;
try
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(MyCertValidationCb);
HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(loginUrlString);
HttpWebResponse myResponse;
myRequest.Method = "GET";
myRequest.Headers["UserName"] = userName;
myRequest.Headers["Password"] = password;
myRequest.AllowAutoRedirect = true;
myRequest.CookieContainer = new CookieContainer();
myRequest.ClientCertificates.Add(X509Certificate.CreateFromCertFile(@"c:\a.cer"));
// Return the response.
myResponse = (HttpWebResponse)myRequest.GetResponse();
// retrieve session id
char[] sep = { ';' };
String[] headers = myResponse.Headers["Set-Cookie"].Split(sep);
for (int i = 0; i <= headers.Length - 1; i++)
if (headers.StartsWith("JSESSIONID"))
sep[0] = '=';
SessionID = headers[i].Split(sep)[1];
break;
myResponse.Close();
p = sep.ToString();
catch (Exception e)
MessageBox.Show(e.Message);
return p;
public static bool MyCertValidationCb(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors)
== SslPolicyErrors.RemoteCertificateChainErrors)
return false;
else if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch)
== SslPolicyErrors.RemoteCertificateNameMismatch)
Zone z;
z = Zone.CreateFromUrl(((HttpWebRequest)sender).RequestUri.ToString());
if (z.SecurityZone == System.Security.SecurityZone.Intranet
|| z.SecurityZone == System.Security.SecurityZone.MyComputer)
return true;
return false;
return false;Hi
Abhilash Francis,
Could you tell us your scenario? What's your project? Is it a WCF service?
Looks like this is not a code issue.
Just from the error information,
it seems that you do not configure the service certificate very well so as to Server was unable to process request.
I am not completely sure what the real scenario is, but it might be a problem of that It is a WCF services application, please check these following articles to configure the service certificate.
If not, please feel free to let me know.
How to: Configure an IIS-hosted WCF service with SSL
Could not establish trust
relationship for the SSL/TLS secure channel
Hope this helps.
Best regards,
Kristin
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
While I have my WSUS integrated with SCCM. I think this error has nothing to do with SCCM, so I put it here in the WSUS forum. On one of my networks, the nightly WSUS sync worked until two weeks ago. I've made no progress in fixing it. Ocassionally it'll
say the sync was successful (about 1 in 15 attempts). I keep getting "WebException: The underlying connection was closed. The connection was closed unexpectedly. at System.WebServices.Protocols.WebClientProtocol.GetWebResponse(WebRequest
request) at System.WebServices.Protocols.GetWebResponse(WebRequest request) at MicroSoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webrequest) at System.Web.Services.Protocols.SoapHttpClientProtocol.(Invoke StringMethodName,Object[]
Parameters) at Microsoft.UpdateServices.ServerSync.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetRevisionIdList(Cookie cookie, ServerSyncFilter filter) at Microsoft.Update.Services.ServerSync.CatalogSyncAgentCore.WebserviceGetRevisionIdList(ServerSyncFilter
filter, Boolean isConfigData), at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesfromUSS() at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)"
Our enterprise has it's own WSUS server we have to sync from. The problem may be at that end, not mine. A sync will start and will fail about 4 minutes later. Our network guy watched the traffic leave our compound but saw only a trickle of traffic coming
back. Any ideas?
Ben JohnsonWYHi,
Please try this fix below first:
FIX: Intermittent "Underlying connection was closed" error message when you call a Web service from ASP.NET
http://support.microsoft.com/kb/819450
I guess you are maintaining a downstream server. If it isn’t a replica server, please try to sync with Microsoft update.
Hope this helps. -
Hi I have installed wsus 3 sp2 on a win 2008 R2 Sp1
before the installation , I have updated the windows
I can open easily browse internet , but when I try to configure synchronization .but it fails.
No firewall , no proxy ............. I am behind a nat.
Wsus version is 3.2.7600.256.
I have searched and searched .....
Can any body help me
WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Received an unexpected EOF or 0 bytes from the transport stream.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
at Microsoft.UpdateServices.ServeHi
yes . it is alloweded.
Nat rule permits any ip traffic . No problem with https...
also my windows is fully updated.
here is my netstat -an , maybe usefull.
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8530 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8531 0.0.0.0:0 LISTENING
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
TCP --------------------:139 0.0.0.0:0 LISTENING
TCP --------------------:8530 172.16.2.201:53317 ESTABLISHED
TCP --------------------:49362 23.65.244.185:443 ESTABLISHED
TCP --------------------:49363 23.65.244.185:443 ESTABLISHED
TCP --------------------:49367 23.65.244.185:443 ESTABLISHED
TCP --------------------:49377 23.65.244.185:443 ESTABLISHED
TCP --------------------:49414 131.253.34.141:443 ESTABLISHED
TCP --------------------:49416 216.239.32.20:80 ESTABLISHED
TCP --------------------:49417 216.239.32.20:80 ESTABLISHED
TCP --------------------:49418 173.194.70.113:80 ESTABLISHED
TCP --------------------:49419 173.194.70.113:80 ESTABLISHED
TCP --------------------:49420 65.52.103.78:80 ESTABLISHED
TCP --------------------:49421 65.52.103.78:80 ESTABLISHED
TCP --------------------:49424 88.221.93.31:80 ESTABLISHED
TCP --------------------:49425 88.221.93.30:80 ESTABLISHED
TCP --------------------:49426 88.221.93.30:80 ESTABLISHED
TCP --------------------:49427 88.221.93.31:80 ESTABLISHED
TCP --------------------:49428 88.221.93.31:80 ESTABLISHED
TCP --------------------:49429 88.221.93.31:80 ESTABLISHED
TCP --------------------:49430 88.221.93.30:80 ESTABLISHED
TCP --------------------:49431 88.221.93.30:80 ESTABLISHED
TCP --------------------:49432 88.221.93.31:80 ESTABLISHED
TCP --------------------:49433 88.221.93.31:80 ESTABLISHED
TCP --------------------:49434 88.221.93.30:80 ESTABLISHED
TCP --------------------:49435 88.221.93.31:80 ESTABLISHED
TCP --------------------:49436 88.221.93.30:80 ESTABLISHED
TCP --------------------:49437 88.221.93.30:80 ESTABLISHED
TCP --------------------:49438 88.221.93.30:80 ESTABLISHED
TCP --------------------:49439 88.221.93.30:80 ESTABLISHED
TCP --------------------:49440 88.221.93.31:80 ESTABLISHED
TCP --------------------:49441 88.221.93.30:80 ESTABLISHED
TCP --------------------:49442 88.221.93.30:80 ESTABLISHED
TCP --------------------:49443 88.221.93.54:80 ESTABLISHED
TCP --------------------:49444 88.221.93.54:80 ESTABLISHED
TCP --------------------:49445 88.221.93.63:80 ESTABLISHED
TCP --------------------:49446 88.221.93.63:80 ESTABLISHED
TCP --------------------:49447 88.221.93.63:80 ESTABLISHED
TCP --------------------:49448 88.221.93.63:80 ESTABLISHED
TCP --------------------:49449 88.221.93.63:80 ESTABLISHED
TCP --------------------:49450 88.221.93.31:80 ESTABLISHED
TCP --------------------:49451 88.221.93.31:80 ESTABLISHED
TCP --------------------:49453 88.221.93.30:80 ESTABLISHED
TCP --------------------:49456 65.55.58.184:80 ESTABLISHED
TCP --------------------:49457 65.55.58.184:80 ESTABLISHED
TCP --------------------:49460 131.253.34.142:80 ESTABLISHED
TCP --------------------:49461 131.253.34.142:80 ESTABLISHED
TCP --------------------:49462 65.52.103.78:80 ESTABLISHED
TCP --------------------:49463 65.52.103.78:80 ESTABLISHED
TCP --------------------:49464 63.251.85.33:80 ESTABLISHED
TCP --------------------:49466 131.253.40.50:80 ESTABLISHED
TCP --------------------:49467 131.253.40.50:80 ESTABLISHED -
Hi
Had to un-install and then re-install MS SQL Server 2012 with SSRS.
After we re-installed we are able to get to the Web Services page but not the Report Server page and get the above error message. We need to use SSL and when we bind the cert in RS Configuration Manager it says it does this successfully on the WebServices
tab. We also do a similar exercise on the ReportServer page.
Any help warmly welcomed :D
ThanksHi Rich Whight,
According to your description, after you re-installed SQL Server 2012 with SSRS, you are able to access Web Service URL, but when you tried to access Report Manager URL, the error occurred: The underlying connection was closed. Could not establish trust
relationship for the SSL/TLS Secure channel.
The issue may be caused when the certificate isn't installed correctly in the trusted root for the local computer. To verify and install the certificate, Please refer to the steps blow:
In RsReportServer.config file(default location: C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer), change the “SecureConnectionLevel” element value from 0 to 3.
Add correct value to <UrlRoot> element.
Add the same value to the <ReportServerUrl> element as step2.
Go to Microsoft management Console, add the certificate which you use to access the report server under “Trusted Root Certification Authorities”.
For more information about SSL configuration and Managing Trusted Root Certificates, please refer to the following documents:
http://blogs.msdn.com/b/mariae/archive/2007/12/12/ssl-configuration-and-reporting-services.aspx
http://technet.microsoft.com/en-us/library/cc754841.aspx
If you have any more questions, please feel free to ask.
Best Regards,
Wendy Fu -
Hi, experts
I'm trying to configure a lab environment according tutorial http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/rights-management-server-exchange-2010-part3.html
After completing configuration, I execute cmdlet Set-IRMConfiguration -InternalLicensingEnabled $true, but get error
The remote certificate is invalid according to the validation procedure. ---> The underlying connection was closed: Cou
ld not establish trust relationship for the SSL/TLS secure channel. ---> Failed to get Server Info from https://exhv-65
94/_wmcs/certification/server.asmx.
+ CategoryInfo : InvalidOperation: (:) [Set-IRMConfiguration], Exception
+ FullyQualifiedErrorId : C810E449,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
Then I run cmdlet Test-IRMConfiguration -Sender [email protected] and get error
Results : Checking Exchange Server ...
- PASS: Exchange Server is running in Enterprise.
Loading IRM configuration ...
- PASS: IRM configuration loaded successfully.
Retrieving RMS Certification Uri ...
- PASS: RMS Certification Uri: https://server1/_wmcs/certification.
Verifying RMS version for https://server1/_wmcs/certification ...
- WARNING: Failed to verify RMS version. IRM features require AD RMS on Windows Server 2008 SP2 with the
hotfixes specified in Knowledge Base article 973247 (http://go.microsoft.com/fwlink/?linkid=3052&kbid=973247)
or AD RMS on Windows Server 2008 R2.
Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
//server1/_wmcs/certification/server.asmx. ---> System.Net.WebException: The underlying connection was clos
ed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authenticatio
n.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest async
Request, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequ
est asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Obje
ct state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
uests)
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
--- End of inner exception stack trace ---
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
rviceType serviceType)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
OVERALL RESULT: PASS with warnings on disabled features
From the error message, this issue seem to related with SSL/TLS connection. So I go back to check configuration and find out a difference to tutorial. Current SCP url is https://server1/_wmcs/certification, but in tutorial it is https://server1:433/_wmcs/certification.
On my opinion, I don't think it is the real reason.
So, how can I resolve this error? Could you give me some suggestion? Thanks in advance.
System Info:
Windows Server 2008 R2 + Exchange Server 2010 SP3 RTMHi
Please have a try with the solution on this KB article
“Error message when you try to test access from the Microsoft Dynamics CRM E-mail Router: "Incoming Status: Failure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"”
http://support.microsoft.com/kb/954584/en-us
Cheers
Zi Feng
TechNet Community Support -
Hi All,
I am using SharePoint List Connectors to load the data from Sharepoint list to Sql server.
I have created an ssis package and attached to the SQL agent job in works fine
SharePoint Source dev url : http://company.dev.com (working fine)(http)
DB server:(server\instance)
I thought all i good and can test with the uat sharepoint url.
I have changed the configuration url yo point to uat.(https)
SharePoint Source dev url : https://companyuat.dev.com (working fine)
DB server:(server\instance)
Suddently it fails when with the following error:
In both the cases i am running the agent job from the same db server
DB server:(server\instance)
Error Message:
Could not establish trust relationship for the SSL/TLS secure channel with authority 'companyuat.dev.com'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
Source: Data Flow Task SharePoint List Source [1] Description: System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'companyuat.dev.com'. ---> System.Net.WebException:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
Is there is workaround to reslove this?Any inputs highly appreciated as it is time to move to production :(.
Thanks
Ravi
RaviThis is the important error: The remote certificate is invalid according to the validation procedure.
Your SharePoint server certificate is invalid. You have to either correct your certificate or make your SSIS client machine explicitly trust the server certificate.
SSIS Tasks Components Scripts Services | http://www.cozyroc.com/ -
Hello,
We are facing an issue when triggering a new build using TFS 2013 Update 4, VS2013 Update 4 using TFVCTemplate.12.XAML template. All our other older build definitions just work fine but not the TFVCTemplate.12.XAML. It seems to me that some certificate
might be invalidated. Can anyone please point me in the right direction?
Thanks,
Mitul
TF215097: An error occurred while initializing a build for build definition :
Exception Message: One or more errors occurred. (type AggregateException)
Exception Stack Trace: at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFile(TfsTeamProjectCollection projectCollection, String itemPath, Stream outputStream)
at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFileAsString(TfsTeamProjectCollection projectCollection, String itemPath)
at Microsoft.TeamFoundation.Build.Client.ProcessTemplate.Download(String sourceGetVersion)
at Microsoft.TeamFoundation.Build.Hosting.BuildControllerWorkflowManager.PrepareRequestForBuild(WorkflowManagerActivity activity, IBuildDetail build, WorkflowRequest request, IDictionary`2 dataContext)
at Microsoft.TeamFoundation.Build.Hosting.BuildWorkflowManager.TryStartWorkflow(WorkflowRequest request, WorkflowManagerActivity activity, BuildWorkflowInstance& workflowInstance, Exception& error, Boolean& syncLockTaken)
Inner Exception Details:
Exception Message: An error occurred while sending the request. (type HttpRequestException)
Exception Stack Trace: at Microsoft.VisualStudio.Services.WebApi.VssHttpRetryMessageHandler.<SendAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.HttpClientExtensions.<DownloadFileFromTfsAsync>d__2.MoveNext()
Inner Exception Details:
Exception Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. (type WebException)Exception Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
Inner Exception Details:
Exception Message: The remote certificate is invalid according to the validation procedure. (type AuthenticationException)
Exception Stack Trace: at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)Hi Mitul,
Thanks for your reply.
It’s strange, if your old build definitions can work using the same TFS Build Server, that indicate your TFS Server configuration is correct and can works. But only new build definition with default TfvcTemplate.12.xaml template cannot build successful.
Please share your TFS Server detailed environment information here. And share your
Build Service Properties dialog screenshot here.
Try to clean the Cache for TFS 2013 manually(delete the content of the folder only, not the cache folder itself):
Clean the Cache folder on Server machine. The folder path is:
C:\Program Files\Microsoft Team Foundation Server 12.0\Application Tier\Web Services\_tfs_data.
After cleaned, on Server machine, click Start and select
Run… to open the dialog box, then input iisreset.exe and click OK, wait it run completely.
Additionally, you can run the TFS 2013 Power Tools BPA to scan the installation of your TFS Server.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Hi everyone,
A somewhat similar question has been asked before by others but none of the answers given has helped me.I am attempting a DPM 2012 installation, which is failing at the "deploying reports" stage.My analysis of logs seems to point me in the direction of an SSL
error, which does not make sense since the configuration files say SSL is disabled (or at least, should be).
Here are the symptoms:
1.I am able to browse http://FQDN/Reports_MSDPM2012 folder from internet explorer
2.I am also able to browse http://FQDN/ReportServer_MSDPM2012 from internet explorer
3.The information given in the logs and relevant config files is shown below:
<<RSREPORTSERVER.CONFIG>>
<ConnectionType>Default</ConnectionType>
<LogonUser></LogonUser>
<LogonDomain></LogonDomain>
<LogonCred></LogonCred>
<InstanceId>MSRS10_50.MSDPM2012</InstanceId>
<InstallationID>{d9b1c335-5842-4a81-9148-79184c38bf09}</InstallationID>
<Add Key="SecureConnectionLevel" Value="0"/>
<Add Key="CleanupCycleMinutes" Value="10"/>
<Add Key="MaxActiveReqForOneUser" Value="20"/>
<Add Key="DatabaseQueryTimeout" Value="120"/>
<Add Key="RunningRequestsScavengerCycle" Value="60"/>
<Add Key="RunningRequestsDbCycle" Value="60"/>
<Add Key="RunningRequestsAge" Value="30"/>
<Add Key="MaxScheduleWait" Value="5"/>
<Add Key="DisplayErrorLink" Value="true"/>
<Add Key="WebServiceUseFileShareStorage" Value="false"/>
<!-- <Add Key="ProcessTimeout" Value="150" /> -->
<!-- <Add Key="ProcessTimeoutGcExtension" Value="30" /> -->
<!-- <Add Key="WatsonFlags" Value="0x0430" /> full dump-->
<!-- <Add Key="WatsonFlags" Value="0x0428" /> minidump -->
<!-- <Add Key="WatsonFlags" Value="0x0002" /> no dump-->
<Add Key="WatsonFlags" Value="0x0428"/>
<Add Key="WatsonDumpOnExceptions"
4.The DPM log file still appears to be using SSL even though i used reporting services configuration to remove SSL bindings:
running.Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException: exception ---> Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.ReportDeploymentException:
exception ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.WebException: The underlying connection was closed: Could
not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest,
Exception exception)
5:I do have an SCCM site on the default web site used by SMS clients but on different ports
I am stumped.Somebody please give some advice
Thank youHi
This is an old post but did you come right? -
Could Not Establish trust relationship for the SSL/TLS secure channel Sharepoint Web services
I am trying to updateList items into a sharepoint list from the xml document stored in my shared drive in remote server. To make that work i wrote down a Powershell Script that utilizes Sharepoint Webservices Api Updatelistitems function to perform the acitivity.
I ran the script over in Dev environment it works, Then i went into QA that Works too. At last i am now in PROD and agains ran the script i am now receicing following error:
New-WebServiceProxy : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
All of my servers dev, QA and PROD web apps are encrypted by Https 443 using Cerified root certificate. Powershell script i am running are mirror copy. System accoutn i am using has owner privileages to sharepoint site and its list.
Am i missing something here, what is blocking this traffic i have no clue.
Thank Youare u using self singed certificate?
also check this http://www.poshpete.com/powershell/new-webserviceproxy-and-ssl
http://www.brainlitter.com/2012/03/13/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel/
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
Could not establish trust relationship for the SSL/TLS secure channel with authority
Hello everyone, I need to establish a connection between my HTTPS WCF hosted in Windows Azure Web Role and my Windows Store App Client. The service is actually exposed for testing purposes using a self-signed certificate.
I have installed the certificate in Personal and Trusted Root Certification Authorities in Current User and Local Manchine.
In the Windows Store App, I create the service reference pointing to the cloud https service, then edit the manifest and create a new declaration to Add a New Certificate, I checked Exclusive Trust and Auto select, pointing to Root storage name and
my self-signed certificate.cer.
The result is the following exception in the IntelliTrace stack:
Exception:Caught: "The remote certificate is invalid according to the validation procedure." (System.Security.Authentication.AuthenticationException)
A System.Security.Authentication.AuthenticationException was caught: "The remote certificate is invalid according to the validation procedure."
Time: 19/01/2015 04:42:33 p. m.
Thread:Worker Thread[17080]
Exception:Thrown: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'appchallengewhi.cloudapp.net'." (System.ServiceModel.Security.SecurityNegotiationException)
A System.ServiceModel.Security.SecurityNegotiationException was thrown: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'appchallengewhi.cloudapp.net'."
Time: 19/01/2015 04:42:34 p. m.
Thread:Worker Thread[17080]
Appreciate any help, to solve this with the approach of WCF Service Reference in Windows Store App.
Note:
If I call the HTTPS service using a Console App it works very good using the following the code:
ChannelFactory<IAgentService> factory = new ChannelFactory<IAgentService>("basicHttpBinding_IAgentService");
ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, error) => true;
IAgentService wcfProxy = factory.CreateChannel();
Thanks in advance,
RCMaybe not implemented.
https://social.msdn.microsoft.com/Forums/windowsapps/en-US/2dab2818-8f4c-4474-a7a1-db2cbfb40d40/accepting-client-certificate-for-https-connections?forum=winappswithcsharp -
Hi I am getting this error,
The Secure Store Service application Secure Store Service is not accessible
The full exception text is: Could not establish trust relationship for the SSL/TLS secure channel with authority 'sp:32844'.
Any help will be appreciatedYou may need to add the SSL to the SharePoint Trusted Root Authority.Get the root cert for the site you are securing with HTTPS/SSL and add in SharePoint Trusted Root Authority. As explained here -
https://social.technet.microsoft.com/Forums/office/en-US/2aed19c6-24df-4646-b946-f4365a05e32f/secure-store-service-stops-working-once-or-twice-every-day-could-not-establish-trust-relationship?forum=sharepointadmin
http://brainlitter.com/2012/03/13/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel/
Thanks
Ganesh Jat [My Blog |
LinkedIn | Twitter ]
Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful. -
Some actions taken while the account "MobileMe" was offline could not be completed online.
Any help I keep getting this message when I start mail?
Some actions taken while the account “MobileMe” was offline could not be completed online.
Mail has undone actions on some messages so that you can redo the actions when online. Mail has saved other messages in mailbox “Recovered Messages (MobileMe)” in “On My Mac” so that you can complete the actions when online. -
"Could not establish trust relationship for the SSL/TLS secure channel"
During the configuration of DUET_E , when calling the DUET Application from SharePoint, the following error is shown :
"Could not establish trust relationship for the SSL/TLS secure channel with authority 'MYSAPNW702SERVER:8001'"
I have already seen the Post :
Error in DUET Configuration at SSL
This mentions the error, but does not provide any answers on resolution.
The DUET_E troublshooting guide suggests that the SAP Standard SSL Certificate is added to SharePoint Central Admin > Security > Manage Trusts
This has also been done.
We are using the Standard SAP SSL Self signed certificate - not one signed by an external CA.
Can anyone provide any guidance ?
Thanks in advance.Hi Min,
reading through your first post the problem might be the CN of the certificate. If you used the Wizard or the default way to create a self signed certicate, it is probably created with the CN server.domain (the fully qualified name of the server).
However, when you created the BDC models the URLs pointing to the WSDL is probably only the servername (at least that is what I would assume after seeing your error message).
Because of that SharePoint calls the SAP Duet server with the severname, but the certificate presented by the SAP system is not the servername, but the fully qualified servername. Because of that -- although SharePoint trusts the certificate -- the URL and certificate do not match and you get the error "Could not establish trust relationship for the SSL/TLS secure channel with authority 'MYSAPNW702SERVER:8001"
If that is the case you have two options:
1) you go to STRUST and create a new SSL certificate that has a CN of only the servername. Then you export this certificate and trust it in SharePoint
2) or -- and this is the way I would recommend -- you try to adjust the URL used in the BDC model. Usually you get only the servername (and not the fully qualified DNS name) when you have not specified the profile parameter icm/host_name_full. Which URL is currently used when you start transaction SAML2 or SOAMANAGER? If you have not yet set icm/host_name_full, then give this a try.
Regards,
Holger.
Maybe you are looking for
-
Issues with browser helper in OATS
I'm using OATS and am running into issues with not being able to start the browser helper when I attempt to record a session. I've tried to restart the browser utility, have re-installed the software and still have the problem. I had encountered this
-
As of today, no services except "Computer" and "Settings" show up
Apple TV 2. Listened to music via iTunes Match last night, watched some YouTube videos. All set to watch some Netflix today. However, I have *no* services showing up now on my Apple TV (second gen) except 'Computer' and 'Settings'... I restarted t
-
PayPal to create ecommerce site, also nested widgets.
My client wants a shop. Essentially it will be an online gallery offering print sales. The Gallery is to contain 8 main gallery folders containing 12 images each and the client wants to offer 3 types of print sale for each image (Postcard, poster and
-
Just upgraded apache... Now i got some problems [root@tim tim]# /etc/rc.d/httpd start :: Starting HTTP Daemon [FAIL] [root@tim tim]# httpd httpd: error while loading shared libraries: li
-
Please help me I bought ipad miniIOS7.1 but in the App Store the install tab is not there then how to download the apps ? I would be grateful if someone helps me in this