Problem with HTTPS requests to host with untrusted server certificate

Similar Messages

• Autoscaling Application block for Azure worker role console app not working. Get error as The HTTP request was forbidden with client authentication

  I have written a console application to test the WASABi(AutoScaling Application Block) for my worker role running in azure. The worker role processes the messages in the queue and I want to scale-up based on the queue length. I have configured and set the
  constraints and reactive rules properly. I get the following error when I run this application.
  [BEGIN DATA]{}
      DateTime=2013-12-11T21:30:02.5731267Z
  Autoscaling General Verbose: 1002 : Rule match.
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","MatchingRules":[{"RuleName":"default","RuleDescription":"The default constraint rule","Targets":["AutoscalingWebRole","AutoscalingWorkerRole"]},{"RuleName":"ScaleUpOnHighWebRole","RuleDescription":"Scale
  up the web role","Targets":[]},{"RuleName":"ScaleDownOnLowWebRole","RuleDescription":"Scale down the web role","Targets":[]},{"RuleName":"ScaleUpOnHighWorkerRole","RuleDescription":"Scale
  up the worker role","Targets":[]},{"RuleName":"ScaleDownOnLowWorkerRole","RuleDescription":"Scale down the worker role","Targets":[]},{"RuleName":"ScaleUpOnQueueMessages","RuleDescription":"Scale
  up the web role","Targets":[]},{"RuleName":"ScaleDownOnQueueMessages","RuleDescription":"Scale down the web role","Targets":[]}]}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling General Warning: 1004 : Undefined target.
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","TargetName":"AutoscalingWebRole"}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling Updates Verbose: 3001 : The current deployment configuration for a hosted service is about to be checked to determine if a change is required (for role scaling or changes to settings).
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","HostedServiceDetails":{"Subscription":"psicloud","HostedService":"rmsazure","DeploymentSlot":"Staging"},"ScaleRequests":{"AutoscalingWorkerRole":{"Min":1,"Max":2,"AbsoluteDelta":0,"RelativeDelta":0,"MatchingRules":"default"}},"SettingChangeRequests":{}}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling Updates Error: 3010 : Microsoft.Practices.EnterpriseLibrary.WindowsAzure.Autoscaling.ServiceManagement.ServiceManagementClientException: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure'
  in subscription id 'af1e96ad-43aa-4d05-b3f1-0c9d752e6cbb' and deployment slot 'Staging'. ---> System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException:
  The remote server returned an error: (403) Forbidden.
     at System.Net.HttpWebRequest.GetResponse()
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     --- End of inner exception stack trace ---
  Server stack trace: 
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  If anyone know why I am getting this anonymous access violation error. My webrole is secured site but worker role not.
  I appreciate any help.
  Thanks,
  ravi
    

  Hello,
  >>: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure' in subscription id **************
  Base on error message, I guess your azure service didn't get your certificate and other instances didn't have certificate to auto scale. Please check your upload the certificate on your portal management. Also, you could refer to same thread via link(
  http://stackoverflow.com/questions/12843401/azure-autoscaling-block-cannot-find-certificate ).
  Hope it helps.
  Any question or result, please let me know.
  Thanks
  Regards,
  Will 
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• HTTP request was forbidden with client authentication scheme 'anonymous'

  Hi,
  We have updated our support Package for version BPC NW 10.0 release 801 from 0002 to 0005.
  After the update we are not being to access the server folders in EPM Add-in.
  We have the following error "HTTP request was forbidden with client authentication scheme 'anonymous'". Nevertheless we only can't access to the content of folders that are not public or local.
  In SLG1 log, we have the error " Access not granted, You are not the member of team: BUSINESS ADMIN". This is not true because the user has SAP_ALL in BW and is a primary administrator in BPC. The data access profile associated is the administrator member access profile.
  Has anybody seen this error?
  Best regards,
  JA

  Hi Nilanjan,
  We are able to log in into EPM Add-in.
  We have the error when we try to open input forms or reports from server, but only from some folders.
  When we select the folder we have the error.
  For example we can see the content from:
  WEBEXCEL\REPORTLIBRARY\
  ADMIN\WEBEXCEL\TEAMREPORTLIBRARY\
  But we can't see the content from:
  BUSINESS ADMIN\WEBEXCEL\TEAMREPORTLIBRARY\
  TEAM FI\WEBEXCEL\TEAMREPORTLIBRARY\
  The user has administrator member access profile ans is included in all teams (ADMIN, BUSINESS ADMIN and TEAM FI)
  We really can't see what could be the problem
  Hope you can help us.
  regards,
  JA

• Dimmer control for LED lights with HTTP Requests

  Hello,
  I'm al little bit know with LabVIEW, but I have a problem that I can't get fixed.
  For a project we control the led lights in a house with http requests (we use the http get request): this exists of a http address, the number of the light, the PWM (the brightness of the led) and the current.
  Controlling the lights with the switches is easy and is working fine. Now what we want to do is create a dimmer that can be controlled with the switches in the rooms.
  The following should happen: if the users clicks one time (so lets say for less than a second) than the light should just switch on. If he/she pushes the light switch and keeps pushing it than the light should dim.
  So the value of the PWM (and this is a string value) should change from 0 to (lets say) 100 when pushing it once, and it should decrease form 100 tot 0 (step by step) when the user keeps pushing the button. The thing I'm having difficulties with is making a difference between just clicking once and keeping the button pushed for a few seconds in the labview software.
  Any tips or ideas? Any Help is Welcome!
  Thanks
  CORE CVBA

  CORECVBA wrote:
  The thing I'm having difficulties with is making a difference between just clicking once and keeping the button pushed for a few seconds in the labview software.
  It sounds like everything else is working and your problem is to detect the button action details.
  Are you talking about a real physical switch or is this a switch on the LbVIEW front panel?
  All you need to do is detect a off->on transition, When it occurs, place the current tick count into a shift register, then subtract it from the tick count in subsequent iterations (as long as the button is TRUE). Change your output as a function of the elapsed time until the button is released.
  LabVIEW Champion . Do more with less code and in less time .

• OfficialFile.asmx The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ERROR

  We are getting an error on the authentication piece when trying to submit a file to the OfficialFile.asmx web service to submit a document to the Drop-Off Library. Here is the code snippet -
  public string FileUpload(HttpPostedFile FileInput, RecordsRepositoryProperty[] properties)
  string strFileUrl = string.Empty;
  RecordsRepositorySoapClient repository = new RecordsRepositorySoapClient();
  BinaryReader b = new BinaryReader(FileInput.InputStream);
  byte[] binData = b.ReadBytes(FileInput.ContentLength);
  repository.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(iUserID, iUserPassword, iUserDomain);
  repository.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
  repository.SubmitFile(binData, properties, null, FileInput.FileName, HttpContext.Current.User.Identity.Name);
  strFileUrl = repository.GetFinalRoutingDestinationFolderUrl(properties, null, FileInput.FileName).Url;
  return strFileUrl;
  Although we are setting the network credential in the client call we still get the error
  - The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.
  Ideas?
  Thanks in advance.

  Hi,
  Based on the error message, the issue is related to the authentication type.
  I suggest you can specify the credential type like the below:
  CredentialCache credentialCache = new CredentialCache();
  NetworkCredential credentials = new NetworkCredential(UserName, PassWord, sDomain);
  credentialCache.Add(new Uri(recordCenterUrl), "NTLM", credentials);
  Here is a detailed code demo for your reference:
  http://blogs.msdn.com/b/mcsnoiwb/archive/2011/06/06/sending-files-to-a-record-center-using-the-sp2010-webservice-officialfile-asmx.aspx
  Best Regards
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jerry Guo
  TechNet Community Support

• The HTTP Request is unauthorized with client authentication scheme negotiate - MDS Excel Plugin error

  Hi,
  Some users in my company are experiencing a strange issue when connecting to our MDS server using the MDS Excel plugin. They receive the error message:
  "The HTTP Request is unauthorized with client authentication scheme negotiate. The authentication header received from the server was "NTLM,BASIC real="DOMAIN NAME IWA"
  They are receiving this error when first trying to connect. For some reason they only receive this error when connected to the work network via the VPN. They don't receive this error from within our network.
  Does anyone know what might be causing this issue and how to resolve?
  Many Thanks,
  Phil

  Try the following links and see if it helps:
  https://support.microsoft.com/en-us/kb/896861/
  https://social.technet.microsoft.com/Forums/projectserver/en-US/912c7179-8858-4c48-a71d-d9a21ff10a1b/the-http-request-is-unauthorized-with-client-authentication-scheme-ntlm-the-authentication?forum=project2010custprog
  -Nithesh Shetty Software Engineer, C & E -> IMML -> MDS, Microsoft.

• "404: No group with that name (wikigroupname) hosted on this server"

  I am running 10.6.8 as our wiki server. After rebooting the server, one of the wiki group seems to be not accessible. When try to access the web page it gives error "404: No group with that name (wikigroupname) hosted on this server", though it still exists in /Library/Collaboration/Groups/wikigroupname
  Do you know how to make it viewable again? I tried to create a new wiki "test" and then rsync /Library/Collaboration/Groups/wikigroupname to /Library/Collaboration/Groups/test, yet still can not see the old wiki group.
  Thank you in advance for you help.

  In all due respect Antonio, I believe that Francesc43 is fighting a flakey system. The 404 No Group is a problem that is confirmed by Apple according to others and very prevalent. At this point the only remediation appears to be a complete server rebuild and to avoid going beyond the "default" configuration for web domains.
  I have personally used only the 'any domain' default config, had the server working fairly well. I then added a FQDN and the server started giving 404s for all groups which previously worked and have data in the wiki. At the same time the simple web sites worked with and without the FQDN as expected. Then removing (not disabling) the default web domain config relieved the wiki 404s. Adding a new default domain config back in (via just hitting the "+" and "Save") recreated the 404's for the previously working wikis with no change to the groups. Removing the system created default domain config it alleviated the 404s.
  Adding a system generated default and a 3rd FQDN re-created the issue and then afterwords, removing all but the FQDN that worked could not alleviate the 404s. Regardless of the permutation of turning things on and off, deleting groups, removing webservices settings, putting them back in, restarting the server.. nothing. 404-DOA
  While the mystery seems to be related to a very fragile relationship with DNS on the server, the solution is again to erase the disk and start over. Wikis in 10.5 thus far are neither a robust nor a stable solution from 10.5 thru 10.5.5 in my experience.

• How to intercept Http requests by writing an App Server plugin?

  Hi all,
  My requirement of "Application Server plugin/filter" is to intercept all Httprequests coming to an
  Application Server instance (and not webserver), get the related information from the request, do whatever
  i want to do and then forward the request based on the info available in the request header to any
  webapplication or EAR deployed in the application server.
  I do not want to implement as a Servlet filter in a webapp. which is intrusive to the webapp.
  as we are aware, Servlet Filters can be attached to resources in a Web application and are configured in the
  web.xml file.
  I have tried out my requirements in Tomcat as follows, it works:
  In Tomcat, Valves are attached to a Tomcat container and are configured using a <Valve> element in the
  server.xml file.
  We have modified RequestDumperValve Filter ( source available) class extending Valve to intercept Http
  requests.
  I perform whatever i want to do in this custom Filter and then able to forward to the next valve in the valve
  chain of Tomcat container. I have Configured this valve in server.xml and it works fine.
  My queries are:
  1. Can i do it the same thing in WebLogic application server or other IBM Websphere application server ?
  2. Do the commercial appservers expose their APIs ( e.g. like Valve or Filter in Tomcat ) such that i can
  implement an application server plugin ?
  i.e. Are there any such Filter classes available which will intercept the Http request processing pipleine
  in application server ( precisely, its web container )
  If so, can you pls provide pointers for WebLogic application server and IBM Webpshere application server
  3. Is this against J2ee specs ?
  Appreciate if you can provide me any clues, tips, solutions, pointers regarding this problem.
  thanks and regards
  rajesh

  Try proxyHandler property and implement a custom ProxyHandler.
  ex:
  <property name="authPassthroughEnabled" value="true"/>
  <property name="proxyHandler" value="com.sun.enterprise.web.ProxyHandlerImpl"/>
  null

• Untrusted Server Certificate Chain error

  I am trying to use a certificate (digital signature) on the client, when accessing a Webservice. This fails with the following error :
  javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain
  My code is :
  KeyStore ks = null;
  String strURL = "https://myserver.com/myurl/lookup.asmx";
  SSLSocketFactory sslSocketFactory = null;
  System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  // Load certificate dynamically
  SSLContext sslContext = SSLContext.getInstance("SSLv3");
  TrustManagerFactory trustMgtFactory = TrustManagerFactory.getInstance("SunX509");
  CertificateFactory cert = CertificateFactory.getInstance("X.509");
  FileInputStream lo_fileinputstream = null;
  lo_fileinputstream = new FileInputStream("c:\\temp\\digital.cer");
  X509Certificate servercacert = (X509Certificate)cert.generateCertificate(lo_fileinputstream);
  lo_fileinputstream.close();
  String s1 = servercacert.getSerialNumber().toString();
  if(ks == null)
  ks = KeyStore.getInstance("JKS");
  ks.load(null, null);
  ks.setCertificateEntry(s1, servercacert);
  trustMgtFactory.init(ks);
  sslContext.init(null, trustMgtFactory.getTrustManagers(), null);
  sslSocketFactory = sslContext.getSocketFactory();
  HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
  // Call webservice
  URL cascadeURL = new URL(strURL);
  HttpsURLConnection conn = (HttpsURLConnection) cascadeURL.openConnection();
  String inputline=null;
  if (conn instanceof HttpsURLConnection) {
  conn.connect();
  BufferedReader in = new BufferedReader(
  new InputStreamReader(
  conn.getInputStream()));
  while ((inputline = in.readLine()) != null) {
  System.out.println(inputline);
  in.close();
  Please help - I am on a very tight deadline (as usual).

  Found the problem. I simply needed to add another certificate.

• Error: Untrusted Server Certificate

  When i click on Query Interfaces (IPS Manager: Configuration > Settings > Interfaces) i get the following error:
  An error occurred trying to get the interface information. An error occurred while trying to determine the sensor version. Detail = Error occurred while communicating with 172.17.xx.xx: java.security.cert.CertificateException: Untrusted Server Certificate Chain
  Any suggestion?
  Thank you,

      That is a pretty strange message. Have you had a chance to reach out to Windows Live?
  TamaraH_VZW
  Follow us on Twitter @VZWSupport

• Help with http request

  Please, help me with two problems I have to solve. I'm beginner in Java.
  1. Create a simple program that sends http request for index.html and shows the result.
  2. Create a simple program that gets the list of messages from a give mailbox over POP3 (server, username, pass - give as params).
  Thank you!

  But I think that I need request like this:
  GET /index.html HTTP/1.1
  Host: www.example.com
  and as a result (maybe) something like this:
  HTTP/1.1 200 OK
  Date: Mon, 23 May 2005 22:38:34 GMT
  Server: Apache/1.3.27 (Unix) (Red-Hat/Linux)
  Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
  Etag: "3f80f-1b6-3e1cb03b"
  Accept-Ranges: bytes
  Content-Length: 438
  Connection: close
  Content-Type: text/html; charset=UTF-8Well, under the covers, that will be what you have.
  It says "simple program" - do you think you are expected to connect your own socket and send a request you build from scratch yourself? Unlikely.
  As for the response - you can probably skip the headers and just display the content that follows (in your example 438 bytes).

• Event Log The request failed with HTTP status 401: Unauthorized. workstation to server fetch some reports

  The request failed with HTTP status 401: Unauthorized.
     at Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.GetSecureMethods()
     at Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.IsSecureMethod(String methodname)
     at Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.LoadReport(String Report, String HistoryID)
     at Microsoft.Reporting.WinForms.ServerReport.GetExecutionInfo()
     at Microsoft.Reporting.WinForms.ServerReport.SetParameters(IEnumerable`1 parameters)
     at Accounting.Reports.UI.FormReportPreview.LoadReport()
     at Accounting.UI.FormBase.PreLoadReportComponents()
  Please help me with this can't figure out, don't know how to troubleshoot this 5 days working on this error no changes so far, thanks in advance if u can figure it out....

  Hi willjohn520,
  Based on your description, it seems that you are getting the error when you connect to report server reports in workstation. If in this scenario, the issue can be caused by “Host Header”(<foo>) in  a URL that looks like http(s)://<foo>/reports
  is neither the machine name nor the loop back IP address nor the machine's IP address.
  For more details information about this issue, please refer to the following blog:
  http://blogs.msdn.com/b/lukaszp/archive/2008/07/18/reporting-services-http-401-unauthorized-host-headers-require-your-attention.aspx
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• Accessing a .exe file with HTTP Request

  Hi!
  Can I access an executable file located in a WEB page with JMeter?
  I'm tryng to use a HTTP Request:
  Server Name or IP: 111.111.111.1
  Port Number: 8080
  Path: /cliente/file.exe
  The file is in a Tomcat application.
  When I run, in the View Results Tree - Sampler Result, it shows:
  Load time: 63
  HTTP response code: 400
  HTTP response message: Bad Request
  HTTP response headers:
  HTTP/1.1 400 Bad Request
  Date: Wed, 27 Apr 2005 14:26:09 GMT
  Server: Apache-Coyote/1.1
  Connection: close
  I already had copied the link and placed it into the browser to verify
  if it was correct and i had access to the file normaly.
  What am I doing wrong?
  Thanks in advance.
  Marcelo.

  If the .exe file is publically-accessible from your web server (like other normal .html files are for example), then accessing that resource would be done the same way as accessing others (get a stream of bytes that the server would serve up, and do something with those bytes on the client end of the connection). I don't know what JMeter has to do with that.

• Java service invocation with HTTP Request

  A simple HTTP Request containing the SOAP envelope is a valid way of calling a web service, right?
  It seems simpler and more efficient than the "traditional" ways (Axis, JAX-RPC, etc), so what are the disadvantages?
  Thanks in advance
  Pedro

  kept the jars under APP-INF/lib

• Problem in HTTP Request HTTP_RESP_STATUS_CODE_NOT_OK

  Hai Gurus,
        I am sending request from HTTP --> XI --> ABAP Proxy (Inbound). Its working fine when i execute proxy manually in tcode "sproxy". When do the same with HTTP Client it is throwing the following error.
  <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!--  Call Adapter
    -->
  - <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
    <SAP:Category>XIServer</SAP:Category>
    <SAP:Code area="INTERNAL">HTTP_RESP_STATUS_CODE_NOT_OK</SAP:Code>
    <SAP:P1>500</SAP:P1>
    <SAP:P2>Internal Server Error</SAP:P2>
    <SAP:P3 />
    <SAP:P4 />
  My proxy does the work of uploading the files to Document Storage System KPro using standard BAPI's. I have used SAPFTP and SAPHTTP dlls in client machine's system32 folder (Which will help in downloading the document from client windows OS machine to SAP GUI AIX based machine).
  Still facing the same problem which will throw error HTTP_RESP_STATUS_CODE_NOT_OK with error code 500.
  Any help is highly appreciated.
  Regards,
  Pushparaju Bollapalli.

  Also Check these Foloowing ;
  - URL for the receiver is like this:
  http://<host>:<port>/sap/xi/engine?type=receiver .The XI 2.0 differs from XI 3.0 in this.
  -path in the receiver communication channel
  The path has to be defined as:
  /sap/xi/engine?type=entry for XI 3.0
  /sap/xi/engine?type=receiver for XI 2.0
  Regards
  Aashish Sinha
  PS : Reward points if Helpful