ADFS Proxy - unable to establish trust

I already have an ADFS server which has a working connection to an external vendor application. I now need to add a second connection to another vendor. However, this one needs an ADFS proxy as it will be used by people outside of our organization.
I have built a server, placed it the dmz and started to run the proxy config wizard. It says it is able to connect to the ADFS server as below
but when I enter credentials to set up the trust I get the error below
Does anyone know what is wrong? I have tested the credentials being used, they work fine for logging in to the ADFS server itself. I have even tried using my domain admin account and out of desperation I also tried using the local admin account from the
proxy server (which is not a domain member as per standard setup instructions), same response.
The SSL certificate imported to IIS on the proxy was exported from the ADFS server and bound to port 443, the firewall allows traffic from the proxy to the ADFS server over port 443 and the firewall is disabled on both servers so there is nothing blocking
the connection

Hi,
When we installed the AD FS Server role we requested and installed a Certificate on that server. We now need to Export the Certificate and install it on the AD FS proxy.
Please refer to this article for more detail information about AD FS Proxy:
http://www.messageops.com/resources/office-365-documentation/ad-fs-proxy-step-by-step-install-guide/
Regards
Vivian Wang

Similar Messages

ADFS Proxy

I have a proxy server in a DMZ i'm unable to connect to a load balanced cluster on the other side using the cluster address. What ports (if any) do I need to open?
Is there any trouble shooting or diagnostics I need to do?
I would also appreciate some tips and pointers when rolling out office 365
Thanks in advance

The ADFS Proxy really only needs HTTPS (443) open to the ADFS farm. It will also need any dependent ports and protocols available such as DNS, etc. If it is a domain-joined machine then it will need normal AD ports and protocols (DNS, LDAP, Kerberos, etc.)
Here's a really nice troubleshooting guide for ADFS 2.0:
http://technet.microsoft.com/en-us/library/adfs2-troubleshooting-guide%28v=ws.10%29.aspx
One general test I always use for the proxy is this: from the proxy server, navigate to this URL (replace the domain name with the domain of your ADFS service)
https://adfs.domain.com/adfs/services/trust/mex
If you get XML data returned then you are generally good to go.

ADFS Proxy server Event ID 393

0
Hello,
I am setting up ADFS proxy server , i am setting proxy server in DMZ and only port which is open to ineternal ADFS service is 443,
I am using a SAN cert with ADFS service name as Subject alternative name (ADFSService.net) ad the subject name of cert is what will be resolved over the internet (ABC.COM).
I have successfully setup ADFS SQL farm , where as iam getting evet ID 393 when i asetting up ADFS proxy server. it i not accepting the creds of the ineternal ADFS servce service account .
the federation server proxy could not establish a trust with the federation service
Any help would be highly appreciated.

Hi Zulfiqar,
Please check the time difference between the proxy server and the ADFS server.

WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote

I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
server is configured on http port 80
ERROR
Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
I've checked proxy server connectivity. I'm able browse following site from WSUS server
http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
I did telnet proxy server on the particular port (8080) and that is also fine.
I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
Any tips appreciated !
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM

Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
Your reply ("SSL is enabled/configured, and the certificate being used is invalid
(or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
Any other hints where I can prove them it's a sure shot problem from their side.
Thanks again !!
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM

Connection Pool - unable to establish connection for one or more OC4J inst.

Hi.
I'm using Oracle JDeveloper 10.1.3.1 to develop some app. Database is Oracle XE 10.2.0. Application server is Oracle Aplication Server 10.1.3.1
After create a needed code, I' v tried establish Connection Pool. When I' v tested connection, next errors was occurred:
Unable to establish connection for one or more OC4J instances<<
Home on admin.FRIEND-6843859F - Failed due to error: "Exception occurred testing connection. Exception: java.sql.SQLException: invalid arguments in call."<<"FRIEND-6843859F " is Computer name where Application server is installed.
--Database is started.
--App.server processes are started.
How can I solve this problem?
Thanx

If you are using ADF "BC" Jdev will not support more than one connection
I've tryied and always gives a errors.

Can't establish trust relationship for VM hosted SSRS Service

We are developing an Azure application that requires SSRS for report generation. Currently we are using the Azure SSRS service, and that is working great. Unfortunately, Microsoft is discontinuing that service this fall. So we have two options -- use a VM
with SSRS or switch to some other reporting product. For testing the latter approach I have set up a vm with SSRS over SSL. I created a self-signed certificate on the vm (xxx.cloudapp.net) and set it up to allow access from any IP
for testing. I installed this cert on my dev box (computer account in both personal and trusted authority). I am able to access https://xxx.cloudapp.net/ReportServer and .../Reports
from my local browser. I can generate reports without problems.
However, after uploading the xxx.cloudapp.net certificate to my cloud service, I find that service is unable to access SSRS. I get the error: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel." I'm guessing that the vm knows it has the certificate, but doesn't trust the source authority. I can't find any way in the Cloud Service UI to change that.
So, summarizing, the SSRS can be accessed remotely via SSL if I install the cert on my local machine. But I can't get the cloud service to work when I do that. What do I need to do? I'm not crazy about setting up a production vm with a
non-cloudapp.net name and going to a certificate authority to get a certificate just to test. And I don't know if that would work any better.
Any advice will be greatly appreciated.
Thanks,
Terry
TerryL

Hi Jambor:
I have already installed the self-signed certificate in personal for the local machine, also in the trusted root certification authority section. I am using the instructions at
http://msdn.microsoft.com/en-us/library/dn449661.aspx in the section labeled "To use the Virtual Machines Self-signed Certificate". If I install the certificate on my local
machine in both the personal and the trusted authority section, I am able to deploy to SSRS via https. I can also browse to
https://xxx.cloudapp.net/Reports and generate reports. Therefore I think the VM and SSRS are OK.
I believe my problem comes when I try to call the SSRS service from a free-standing Azure cloud service unrelated to my vm. I can import the certificate to the cloud service, but there is no way in the UI to tell the cloud service to trust my xxxx.cloudapp.net
certificate authority. I imagine there is a vm sitting underneath, but I can't access it to add the certificate to make xxx.cloudapp.net a trusted CA. Consequently, when my cloud service tries to access the SSRS cloud service on the vm, I get the
error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
The trusted CA idea is just my theory. When I use Azure's soon-to-be-discontinued SSRS service via https it works fine with no certificate.
There has to be a way to make this work, but I can't figure it out.
Thanks,
Terry
TerryL

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

I tried to redeem a digital download copy of a movie and was presented the following error:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Any guesses on what it is and how to resolve it?
Thanks

Hi
Abhilash Francis,
Could you tell us your scenario? What's your project? Is it a WCF service?
Looks like this is not a code issue.
Just from the error information,
it seems that you do not configure the service certificate very well so as to Server was unable to process request.
I am not completely sure what the real scenario is, but it might be a problem of that It is a WCF services application, please check these following articles to configure the service certificate.
If not, please feel free to let me know.
How to: Configure an IIS-hosted WCF service with SSL
Could not establish trust
relationship for the SSL/TLS secure channel
Hope this helps.
Best regards,
Kristin
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

The underlying connection was closed: Could not establish trust

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Please checkout the following code. I am just trying to login on to the web service. I have imported the certificate from IE by going to the Ondemand website.
I am using C# VS 2005
public static String Login(String loginUrlString, String userName, String password)
string p = null;
try
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(MyCertValidationCb);
HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(loginUrlString);
HttpWebResponse myResponse;
myRequest.Method = "GET";
myRequest.Headers["UserName"] = userName;
myRequest.Headers["Password"] = password;
myRequest.AllowAutoRedirect = true;
myRequest.CookieContainer = new CookieContainer();
myRequest.ClientCertificates.Add(X509Certificate.CreateFromCertFile(@"c:\a.cer"));
// Return the response.
myResponse = (HttpWebResponse)myRequest.GetResponse();
// retrieve session id
char[] sep = { ';' };
String[] headers = myResponse.Headers["Set-Cookie"].Split(sep);
for (int i = 0; i <= headers.Length - 1; i++)
if (headers.StartsWith("JSESSIONID"))
sep[0] = '=';
SessionID = headers[i].Split(sep)[1];
break;
myResponse.Close();
p = sep.ToString();
catch (Exception e)
MessageBox.Show(e.Message);
return p;
public static bool MyCertValidationCb(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors)
== SslPolicyErrors.RemoteCertificateChainErrors)
return false;
else if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch)
== SslPolicyErrors.RemoteCertificateNameMismatch)
Zone z;
z = Zone.CreateFromUrl(((HttpWebRequest)sender).RequestUri.ToString());
if (z.SecurityZone == System.Security.SecurityZone.Intranet
|| z.SecurityZone == System.Security.SecurityZone.MyComputer)
return true;
return false;
return false;

Hi
Abhilash Francis,
Could you tell us your scenario? What's your project? Is it a WCF service?
Looks like this is not a code issue.
Just from the error information,
it seems that you do not configure the service certificate very well so as to Server was unable to process request.
I am not completely sure what the real scenario is, but it might be a problem of that It is a WCF services application, please check these following articles to configure the service certificate.
If not, please feel free to let me know.
How to: Configure an IIS-hosted WCF service with SSL
Could not establish trust
relationship for the SSL/TLS secure channel
Hope this helps.
Best regards,
Kristin
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Why am I getting an error "Unable to establish a secure connection with (mail server)"? And what can I do?

I'm trying to set up email on my Firefox OS Flame (OS is Boot2Gecko 2.0.0.0-prerelease) and getting an error:
Unable to establish a secure connection with mail.velociraptor.info
I'm on Dreamhost, the certificate belongs to `*.dreamhost.com` but I'm not even sure this is a certificate error, and if it is, how I'd go about fixing it. I found the Certificate Manger, but I don't know how to download the certificate and add it, and I don't know if this is even the problem.

If this is a self-signed certificate or one where the CA is not trusted on FFOS, you will get this error.
There is currently no proper user interface for adding certificates. You could have a look at the method described at this page: http://www.pending.io/add-cacert-root-certificate-to-firefox-os/
There are also several bugs open regarding this problem, e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=874346. They have additional information that could help you to find out, if this is the problem you are seeing.

"Unable to establish a connection between WebEx and the mail server."

Hi,
I installed Cisco WebEx and integrated with our Microsoft exchange server. It showed server "UP". everything's came up and working fine after that and sudenlly i found this message "Unable to establish a connection with the mail server. Please recheck settings."
I went into the Mail Server setup to edit settings and now, it shows Server Down. Do I need to do something on the MS Exchange 2010 or from webex server ??
Any help is greatly appreciated. Thanks a lot!

Every 180 seconds, CWMS verifies the connection to the SMTP server by establishing a connection on TCP port 25 (SMTP) and then sending the EHLO command followed by the QUIT command. This check is also performed once when logging into the admin web page or when browsing to System -> Servers (where the status of the mail server is displayed).
If this sequence does not complete successfully, the warning “Unable to establish a connection with the mail server. Please recheck settings.” will show in a banner at the top of the CWMS admin pages.
You can verify the connection to the SMTP server manually by using “telnet 25”.
If you have access to the CWMS unix shell be aware that CWMS does not come with the telnet command installed.
As an alternative, you can use this 3-lines script:
exec 3<>/dev/tcp/x.x.x.x/25
echo -e "EHLO\r\nQUIT\r\n " >&3
cat <&3
Replace x.x.x.x by the ip address or hostname of the SMTP server and save the script in a file, f.e.:
/* script saved in a file named ehlo */
[root@dchriste-cwms-adm1 ~]# cat ./ehlo
exec 3<>/dev/tcp/10.48.54.79/25
echo -e "EHLO\r\nQUIT\r\n " >&3
cat <&3
Then, execute it:
[root@dchriste-cwms-adm1 ~]# sh ./ehlo
The output should be similar to this:
220 *******************************************************************************************************************
250-confukdc.confuk.com Hello [10.48.52.110]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-XXXXXXXXXXXXXXXXXXXXXXXA
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK221 2.0.0 confukdc.confuk.com Service closing transmission channel
Also, you can use this tcpdump command to see the conversation (replace x.x.x.x by the SMTP server’s IP address or hostname):
tcpdump -vXs 0 host x.x.x.x and tcp port 25
If you have HA, it is not certain which admin VM talks to the smtp server, so best to check both.
If you don't have access to the CWMS unix shell, best to span the switch ports and run packet capture.

TF215097: An error occurred while initializing a build for build definition : Could not establish trust relationship for the SSL/TLS secure channel

Hello,
We are facing an issue when triggering a new build using TFS 2013 Update 4, VS2013 Update 4 using TFVCTemplate.12.XAML template. All our other older build definitions just work fine but not the TFVCTemplate.12.XAML. It seems to me that some certificate
might be invalidated. Can anyone please point me in the right direction?
Thanks,
Mitul
TF215097: An error occurred while initializing a build for build definition :
Exception Message: One or more errors occurred. (type AggregateException)
Exception Stack Trace: at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFile(TfsTeamProjectCollection projectCollection, String itemPath, Stream outputStream)
at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFileAsString(TfsTeamProjectCollection projectCollection, String itemPath)
at Microsoft.TeamFoundation.Build.Client.ProcessTemplate.Download(String sourceGetVersion)
at Microsoft.TeamFoundation.Build.Hosting.BuildControllerWorkflowManager.PrepareRequestForBuild(WorkflowManagerActivity activity, IBuildDetail build, WorkflowRequest request, IDictionary`2 dataContext)
at Microsoft.TeamFoundation.Build.Hosting.BuildWorkflowManager.TryStartWorkflow(WorkflowRequest request, WorkflowManagerActivity activity, BuildWorkflowInstance& workflowInstance, Exception& error, Boolean& syncLockTaken)
Inner Exception Details:
Exception Message: An error occurred while sending the request. (type HttpRequestException)
Exception Stack Trace: at Microsoft.VisualStudio.Services.WebApi.VssHttpRetryMessageHandler.<SendAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.HttpClientExtensions.<DownloadFileFromTfsAsync>d__2.MoveNext()
Inner Exception Details:
Exception Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. (type WebException)Exception Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
Inner Exception Details:
Exception Message: The remote certificate is invalid according to the validation procedure. (type AuthenticationException)
Exception Stack Trace: at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)

Hi Mitul,
Thanks for your reply.
It’s strange, if your old build definitions can work using the same TFS Build Server, that indicate your TFS Server configuration is correct and can works. But only new build definition with default TfvcTemplate.12.xaml template cannot build successful.
Please share your TFS Server detailed environment information here. And share your
Build Service Properties dialog screenshot here.
Try to clean the Cache for TFS 2013 manually(delete the content of the folder only, not the cache folder itself):
Clean the Cache folder on Server machine. The folder path is:
C:\Program Files\Microsoft Team Foundation Server 12.0\Application Tier\Web Services\_tfs_data.
After cleaned, on Server machine, click Start and select
Run… to open the dialog box, then input iisreset.exe and click OK, wait it run completely.
Additionally, you can run the TFS 2013 Power Tools BPA to scan the installation of your TFS Server.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

I can no longer access facebook from my macair and when i try the following error message appears "unable to establish a secure connection to the server.

I have had no issue accessing Facebook in the past using my MacAir. Last night each time I would try and access the page, an error message would appear, saying that unable to establish a secure connection to the server "www.facebook.com"". The problem continues this morning. I have not updated any software or made any changes. One minute it was working, the next it was not. I do not have any parental controls; I have deleted the cookies; and I have reset safari. I can access all other websites that I have tried. I am using Version 6.0.4.

From your Safari menu bar click Safari > Preferences then select the Privacy tab.
Click: Remove All Website Data
Then delete the cache.
Now open a Finder window. From the Finder menu bar click Go > Go to Folder
Type or copy paste the following
~/Library/Caches/com.apple.Safari/Cache.db
Click Go then move the Cache.db file to the Trash.
Quit and relaunch Safari to test.
If nothing above helped, troubleshoot Safari extensions.
From the Safari menu bar click Safari > Preferences then select the Extensions tab. Turn that OFF, quit and relaunch Safari to test.
If that helped, turn one extension on then quit and relaunch Safari to test until you find the incompatible extension then click uninstall.
If it's not an extensions issue, restart your internet modem and router. Then quit and relaunch Safari and try Facebook.

Office Web Apps 2013 + could not establish trust relationship

We currently have a three tier SharePoint 2013 Farm:
1. Web Front End Server (Server 2008 R2 Enterprise) - Servername: TEST2SP013.domain.dom
2. Central Admin Server (Server 2008 R2 Enterprise) - Servername: TEST2SPCA013.domain.dom
3. SQL Server (Server 2012 Datacenter) - Servername: TESTSQL012.domain.dom
All Machines are in the same IP/Subnet.
We are trying to setup a new server (Server 2012 R2 Datacenter) (Servername: TEST022.domain.dom) to run Office Web Apps 2013 in our TEST environment to test the system before rolling in production and have had issues throughout the entire process.
The technet articles we have used are:
http://technet.microsoft.com/en-us/library/jj219435.aspx
http://technet.microsoft.com/en-us/library/ff431687.aspx
http://technet.microsoft.com/en-us/library/jj219627.aspx
We finally have what I thought was a correct setup but anytime we try to edit or view a word, excel, powerpoint document within SharePoint 2013, we receive "Sorry, there was a problem and we can't open this document. If this happens again, try opening
the document in Microsoft Word."
We found a few How-To Setup Office Web Apps sites where other people provided step-by step instructions:
blogs.msdn.com/b/sowmyancs/archive/2012/10/29/install-configure-amp-monitor-office-web-apps-2013-for-sp-2013.aspx
http://www.wictorwilen.se/office-web-apps-2013-securing-your-wac-farm
http://blogs.technet.com/b/justin_gao/archive/2013/06/30/configuring-office-web-apps-server-communication-using-https.aspx
We reviewed the ULS logs and found the following error:
02/14/2014 13:38:40.24 w3wp.exe (0x1C04)                       0x1BB4 Office Web Apps
WAC Hosting Interaction       adhsk Unexpected WOPI CheckFile: Catch-All Failure [exception:Microsoft.Office.Web.Common.EnvironmentAdapters.UnexpectedErrorException: HttpRequest failed ---> Microsoft.Office.Web.Apps.Common.HttpRequestAsyncException:
No Response in WebException ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate
is invalid according to the validation procedure.     at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)     at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)     --- End of
inner exception stack trace ---     at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)     at Microsoft.Office.Web.Apps.Common.Ht... 7bed0d51-511d-4541-a059-e2f72942e617
None of the article provide specific step-by-step instructions with using HTTPS in a test environment specifically when it comes to Self-Signed Certs through Active Directory Certificate Services.
We tried creating a Self-Signed Cert through IIS on the Office Web Apps Box which did not work.
We tried creating a Cert through Active Directory Certificate Services which did not work.
We tried adding the Cert through Central Admin > Security > Manage Trust which did not help.
We verified "get-spwopizone" is set to internal-https
We can access the Web Apps https://test022/hosting/discovery site and view the XML with no issue on any machine on our network.
We added our domain to the list of approved domains that can use Office Web Apps as well as add "Domain Users" as the security group that can "EDIT" Office Documents through Office Web Apps.
After each step, we tried performing either a system reboot or IIS Reset on the Office Web Appcs and WFE box.
My Question is how do we generate a certificate (either self-signed through IIS on the Office Web Apps Box or through AD) that will allow this application to work? I read that the Fully Qualified Domain Name needs to be in the SAN field of the Cert but when
we request it, I have no way of entering this information. I tried following http://technet.microsoft.com/en-us/library/ff625722 to manually request a certificate with a Custom SAN but that did not work either.
I am assuming the certificate issue is with the New Office Web Apps box. Is this correct?
-Chris

If internal cert then you will have to add certificate from OWA to tursted certificates in each sharepoint server plus add the certificate from central admin in Sharepoint through manage trust. Also you will need to install p7b file (file that contains
path to root certificate to verify each intermediate certificate) for internal cert to each sharepoint server to not get certificate error.
sachin

Reporting services with R2 on DPM2012 - Could not establish trust relationship for the SSL/TLS secure channel

Hi everyone,
A somewhat similar question has been asked before by others but none of the answers given has helped me.I am attempting a DPM 2012 installation, which is failing at the "deploying reports" stage.My analysis of logs seems to point me in the direction of an SSL
error, which does not make sense since the configuration files say SSL is disabled (or at least, should be).
Here are the symptoms:
1.I am able to browse http://FQDN/Reports_MSDPM2012 folder from internet explorer
2.I am also able to browse http://FQDN/ReportServer_MSDPM2012 from internet explorer
3.The information given in the logs and relevant config files is shown below:
<<RSREPORTSERVER.CONFIG>>
<ConnectionType>Default</ConnectionType>
<LogonUser></LogonUser>
<LogonDomain></LogonDomain>
<LogonCred></LogonCred>
<InstanceId>MSRS10_50.MSDPM2012</InstanceId>
<InstallationID>{d9b1c335-5842-4a81-9148-79184c38bf09}</InstallationID>
<Add Key="SecureConnectionLevel" Value="0"/>
<Add Key="CleanupCycleMinutes" Value="10"/>
<Add Key="MaxActiveReqForOneUser" Value="20"/>
<Add Key="DatabaseQueryTimeout" Value="120"/>
<Add Key="RunningRequestsScavengerCycle" Value="60"/>
<Add Key="RunningRequestsDbCycle" Value="60"/>
<Add Key="RunningRequestsAge" Value="30"/>
<Add Key="MaxScheduleWait" Value="5"/>
<Add Key="DisplayErrorLink" Value="true"/>
<Add Key="WebServiceUseFileShareStorage" Value="false"/>





<Add Key="WatsonFlags" Value="0x0428"/>
<Add Key="WatsonDumpOnExceptions"
4.The DPM log file still appears to be using SSL even though i used reporting services configuration to remove SSL bindings:
running.Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException: exception ---> Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.ReportDeploymentException:
exception ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.WebException: The underlying connection was closed: Could
not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest,
Exception exception)
5:I do have an SCCM site on the default web site used by SMS clients but on different ports
I am stumped.Somebody please give some advice
Thank you

Hi
This is an old post but did you come right?

Unable to establish connection to R/3

Hi,
We have just installed XI and done all configurations.
I am doing one example ( connection r/3 to legacy system ) . When I open I outbound object in Integration Repository and in Imported objects when right click on IDocs and click Import SAP Objects, it asks me for SAP logon details , but when I try to connect it shows an error
Unable to establish connection to R/3 system 133.136.233.170 (system=00, client=110) Troubleshooting tips:
Is the target system online?
Check the connection data (note that server names and groups are case-sensitive)
Tips for administrators (see the configuration guide for more details):
Does the user have the required authorizations in the target system?
Is the target system configured correctly in "etc/services"?
I am putting IP address in application server and checked the system number as well.
I am able to ping From webas to R/3.
can anybody help me out what could be the error
Thanks
Rekha

Hi Rekha,
did you take a look at this page?:
http://help.sap.com/saphelp_nw04/helpdata/en/2b/a48f3c685bc358e10000000a11405a/content.htm
you can find sap notes - if you're expiriencing problems with idoc import (SAP Notes 677732 (authorizations), 672745 (missing function modules), 212011 (access to IDoc metadata), and 718320)
also "Authorizations Required to Import from Systems Based On SAP Web Application Server"
take a look at this page
and read if carefully it may help you with your problem:)
Regards,
michal

ADFS Proxy - unable to establish trust

Similar Messages

Maybe you are looking for