SSL & Document Security Server

Hi -
Previously I had successfully implemented a solution to allow me to apply a policy to a PDF remotely. I did this by creating an EJB to interact with the Document Security server. The EJB takes a byte[] as input (which is the unprotected PDF) and returns a byte[] as output (which is the protected PDF). This was working well.
I've now implemented SSL on JBoss/Document Security server and although the certificate seems fine, the application no longer works. At the point where it's writing the data back to the client the following error is presented within the server.log file:
2006-10-17 14:18:54,973 INFO [STDOUT] omniORB: From endpoint: giop:tcp:192.168.1.103:3528. Detected GIOP 1.2 protocol error in input message. Connection is
closed.
2006-10-17 14:18:55,116 INFO [STDOUT] omniORB: From endpoint: giop:tcp:192.168.1.103:3528. Detected GIOP 1.2 protocol error in input message. Connection is
closed.
2006-10-17 14:18:55,137 ERROR [com.adobe.document.PDFManipulation] Service PDFManipulation: Native process (PID=0) /opt/semantico/slot/Adobe/1/LiveCycle_7.0.
2/PolicyServer/jboss-3.2.5/server/all/svcnative/PDFManipulation/bin/PDFManipulation.exe terminated abnormally with error code 1
2006-10-17 14:18:55,140 INFO [com.adobe.service.logging.Logger] $$$/server/service/logging/msg.LogSvcInit=Logger com.adobe.service.logging.Logger initialize
d
The system doesn't actually seem to terminate as my client just sits there waiting for a response that doesn't seem to come.
Has anyone seen this before? Have I done something wrong when implementing the certificate? Is it unrelated to the SSL work that I've been doing?
I'm really confused and can't seem to find any forum topics addressing this issue so am very stuck. If anyone could offer any ideas as to how to solve this issue I'd be most grateful.
The steps I took to implement SSL were:
- generated a new certificate
- generated a CSR to get signed by a trusted authority
- added the signed certificate into my java environment
- performed an 'expert' installation of document security server to incorporate the new certificate (I had to do this as configtool doesn't seem to work on my machine)
- added the certificate to the JBoss installation & configured JBoss
If anyone could help me with this I'd be very grateful.
Anil.

Hi Steve (and anyone that can help!) - I've installed my SSL certificate onto JBoss etc, and when I go to: https://<machine>:8433/edc/Main.do I see the certificate and it is trusted etc. The certificate appears fine. But when I run my application to apply a policy to a PDF (which works without the SSL connection) I get a problem being displayed in the server.log file. It initially says it has a problem retrieving the trust info (I assume that it's related) and then when it tries to do the work I get an SSLHandshakeException. javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure vmcid: 0x0 minor code: 0 completed: No at org.jacorb.orb.iiop.IIOPConnection.to_COMM_FAILURE I'm confused as to why the certificate seems fine for the browser but there is a problem with the system communicating internally in order to apply the policy to the document. ------------- 2006-11-03 16:09:21,409 WARN [com.adobe.document.PDFManipulation] problem retrieving trust info, security functions will not work 2006-11-03 16:09:21,422 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] New jmx UCL with url null 2006-11-03 16:09:21,422 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] setRepository, r=org.jboss.mx.loading.HeirarchicalLoaderRepository3@1944379, ucl=org.jboss.mx.loading.HeirarchicalLoaderRepository3$CacheClassLoader@1002a9d{ url=null ,addedOrder=0} 2006-11-03 16:09:21,422 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] New jmx UCL with url null 2006-11-03 16:09:21,422 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] setRepository, r=org.jboss.mx.loading.HeirarchicalLoaderRepository3@1944379, ucl=org.jboss.mx.loading.UnifiedClassLoader3@71edc8{ url=null ,addedOrder=0} 2006-11-03 16:09:21,432 INFO [com.adobe.document.PDFManipulation] @@@ Starting PDFManipulation Services @@@ 2006-11-03 16:09:21,434 DEBUG [com.adobe.document.PDFManipulation] Service PDFManipulation: Signal READY received 2006-11-03 16:09:21,435 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] New jmx UCL with url null 2006-11-03 16:09:21,435 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] setRepository, r=org.jboss.mx.loading.HeirarchicalLoaderRepository3@1944379, ucl=org.jboss.mx.loading.HeirarchicalLoaderRepository3$CacheClassLoader@1c4ecb7{ url=null ,addedOrder=0} 2006-11-03 16:09:21,435 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] New jmx UCL with url null 2006-11-03 16:09:21,435 DEBUG [org.jboss.mx.loading.UnifiedClassLoader] setRepository, r=org.jboss.mx.loading.HeirarchicalLoaderRepository3@1944379, ucl=org.jboss.mx.loading.UnifiedClassLoader3@7c0754{ url=null ,addedOrder=0} 2006-11-03 16:09:21,490 INFO [com.adobe.document.PDFManipulation] Service PDFManipulation: Exception while allocating a connection. 2006-11-03 16:09:21,494 INFO [com.adobe.document.PDFManipulation] org.omg.CORBA.COMM_FAILURE: IOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure vmcid: 0x0 minor code: 0 completed: No org.omg.CORBA.COMM_FAILURE: IOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure vmcid: 0x0 minor code: 0 completed: No at org.jacorb.orb.iiop.IIOPConnection.to_COMM_FAILURE(Unknown Source) at org.jacorb.orb.iiop.IIOPConnection.flush(Unknown Source) at org.jacorb.orb.giop.GIOPConnection.sendMessage(Unknown Source) at org.jacorb.orb.giop.GIOPConnection.sendRequest(Unknown Source) at org.jacorb.orb.giop.ClientConnection.sendRequest(Unknown Source) at org.jacorb.orb.giop.ClientConnection.sendRequest(Unknown Source) at org.jacorb.orb.Delegate.invoke_internal(Unknown Source) at org.jacorb.orb.Delegate.invoke(Unknown Source) at org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:457) at com.adobe.service._ControlAgentStub.newRequestHandler(_ControlAgentStub.java:23) at com.adobe.service.ProcessResource.allocateConnection(ProcessResource.java:561) at com.adobe.service.ConnectionResource.getConnection(ConnectionResource.java:39) at com.adobe.service.J2EEConnectionFactoryManagerPeerImpl.getConnection(J2EEConnectionFactor yManagerPeerImpl.java:106) at com.semantico.depp.drm.documentsecurity.server.PolicyApplicationBean.applyPolicy(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:683) at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:185) at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:84) at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:1 44) at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:62) at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:72) at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:120) at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191) at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:122) at org.jboss.ejb.StatelessSessionContainer.internalInvoke(StatelessSessionContainer.java:331 ) -------------- Can anyone shed any light on what's going on here? I've configured my system as documented by a few people but I don't seem to be able to get it working. Many thanks, Anil.

Similar Messages

ClassCastException Document Security Server

Hi,
I've got problems invoking the PDF manipulation module.
Environment:
- Linux 9.0
- j2sdk1.4.2_13
- jboss-3.2.5
- Oracle 10i
the code:
public void createPDF()throws Exception{
UserTransaction transaction = null;
try{
ConnectionFactory dmConnectionFactory = null;
InitialContext namingContext = new InitialContext();
Object dmObject = namingContext.lookup("DataManagerService");
dmConnectionFactory = (ConnectionFactory)PortableRemoteObject.narrow(dmObject,ConnectionFactory.class);
transaction = (UserTransaction)namingContext.lookup("java:comp/UserTransaction");
transaction.begin();
DataManager mDataManager = DataManagerHelper.narrow((org.omg.CORBA.Object)dmConnectionFactory.getConnection());
Object pdfObject = namingContext.lookup("PDFManipulation");
//TODO Now the ClassCastExeption is thrown
ConnectionFactory pdfConnectionFactory = (ConnectionFactory)PortableRemoteObject.narrow(pdfObject,ConnectionFactory.class);
transaction.commit();
catch(Exception e){
transaction.rollback();
throw e;
server.log:
2007-01-31 17:32:19,236 WARN [org.jgroups.blocks.ConnectionTable] packet from /127.0.0.1:54127 has different version (0220) from ours (0227). This may cause problems
2007-01-31 17:32:19,236 WARN [org.jgroups.blocks.ConnectionTable] exception is java.io.InvalidClassException: org.jgroups.stack.IpAddress; local class incompatible: stream classdesc serialVersionUID = -4126459214503530426, local class serialVersionUID = -8753594169997651306
2007-01-31 17:32:54,523 INFO [STDOUT] java.lang.ClassCastException
2007-01-31 17:32:54,524 INFO [STDOUT] at com.sun.corba.se.internal.javax.rmi.PortableRemoteObject.narrow(PortableRemoteObject.java :293)
2007-01-31 17:32:54,524 INFO [STDOUT] at javax.rmi.PortableRemoteObject.narrow(PortableRemoteObject.java:134)
2007-01-31 17:32:54,524 INFO [STDOUT] at src.ch.ajila.server.layer1servlets.net.LookupUtil.createPDF(LookupUtil.java:57)
2007-01-31 17:32:54,525 INFO [STDOUT] at src.ch.ajila.server.layer1servlets.LoginServlet.handleRequest(LoginServlet.java:28)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.velocity.servlet.VelocityServlet.doRequest(VelocityServlet.java:372)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.velocity.servlet.VelocityServlet.doGet(VelocityServlet.java:333)
2007-01-31 17:32:54,525 INFO [STDOUT] at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
2007-01-31 17:32:54,525 INFO [STDOUT] at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:237)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:19 8)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:72)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
2007-01-31 17:32:54,527 INFO [S

Hi,
I've got problems invoking the PDF manipulation module.
Environment:
- Linux 9.0
- j2sdk1.4.2_13
- jboss-3.2.5
- Oracle 10i
the code:
public void createPDF()throws Exception{
UserTransaction transaction = null;
try{
ConnectionFactory dmConnectionFactory = null;
InitialContext namingContext = new InitialContext();
Object dmObject = namingContext.lookup("DataManagerService");
dmConnectionFactory = (ConnectionFactory)PortableRemoteObject.narrow(dmObject,ConnectionFactory.class);
transaction = (UserTransaction)namingContext.lookup("java:comp/UserTransaction");
transaction.begin();
DataManager mDataManager = DataManagerHelper.narrow((org.omg.CORBA.Object)dmConnectionFactory.getConnection());
Object pdfObject = namingContext.lookup("PDFManipulation");
//TODO Now the ClassCastExeption is thrown
ConnectionFactory pdfConnectionFactory = (ConnectionFactory)PortableRemoteObject.narrow(pdfObject,ConnectionFactory.class);
transaction.commit();
catch(Exception e){
transaction.rollback();
throw e;
server.log:
2007-01-31 17:32:19,236 WARN [org.jgroups.blocks.ConnectionTable] packet from /127.0.0.1:54127 has different version (0220) from ours (0227). This may cause problems
2007-01-31 17:32:19,236 WARN [org.jgroups.blocks.ConnectionTable] exception is java.io.InvalidClassException: org.jgroups.stack.IpAddress; local class incompatible: stream classdesc serialVersionUID = -4126459214503530426, local class serialVersionUID = -8753594169997651306
2007-01-31 17:32:54,523 INFO [STDOUT] java.lang.ClassCastException
2007-01-31 17:32:54,524 INFO [STDOUT] at com.sun.corba.se.internal.javax.rmi.PortableRemoteObject.narrow(PortableRemoteObject.java :293)
2007-01-31 17:32:54,524 INFO [STDOUT] at javax.rmi.PortableRemoteObject.narrow(PortableRemoteObject.java:134)
2007-01-31 17:32:54,524 INFO [STDOUT] at src.ch.ajila.server.layer1servlets.net.LookupUtil.createPDF(LookupUtil.java:57)
2007-01-31 17:32:54,525 INFO [STDOUT] at src.ch.ajila.server.layer1servlets.LoginServlet.handleRequest(LoginServlet.java:28)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.velocity.servlet.VelocityServlet.doRequest(VelocityServlet.java:372)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.velocity.servlet.VelocityServlet.doGet(VelocityServlet.java:333)
2007-01-31 17:32:54,525 INFO [STDOUT] at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
2007-01-31 17:32:54,525 INFO [STDOUT] at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:237)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
2007-01-31 17:32:54,525 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:19 8)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:72)
2007-01-31 17:32:54,526 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
2007-01-31 17:32:54,527 INFO [S

SSRS Report Server Could not establish connection. The underlying connection was closed. Could not establish trust relationship for the SSL/TLS Secure channel

Hi
Had to un-install and then re-install MS SQL Server 2012 with SSRS.
After we re-installed we are able to get to the Web Services page but not the Report Server page and get the above error message. We need to use SSL and when we bind the cert in RS Configuration Manager it says it does this successfully on the WebServices
tab. We also do a similar exercise on the ReportServer page.
Any help warmly welcomed :D
Thanks

Hi Rich Whight,
According to your description, after you re-installed SQL Server 2012 with SSRS, you are able to access Web Service URL, but when you tried to access Report Manager URL, the error occurred: The underlying connection was closed. Could not establish trust
relationship for the SSL/TLS Secure channel.
The issue may be caused when the certificate isn't installed correctly in the trusted root for the local computer. To verify and install the certificate, Please refer to the steps blow:
In RsReportServer.config file(default location: C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer), change the “SecureConnectionLevel” element value from 0 to 3.
Add correct value to <UrlRoot> element.
Add the same value to the <ReportServerUrl> element as step2.
Go to Microsoft management Console, add the certificate which you use to access the report server under “Trusted Root Certification Authorities”.
For more information about SSL configuration and Managing Trusted Root Certificates, please refer to the following documents:
http://blogs.msdn.com/b/mariae/archive/2007/12/12/ssl-configuration-and-reporting-services.aspx
http://technet.microsoft.com/en-us/library/cc754841.aspx
If you have any more questions, please feel free to ask.
Best Regards,
Wendy Fu

Advanced Security Server /Entrust-enabled SSL

We are expermenting to configure Advanced Security Server to work with Entrust. I had a quick look on Oracle 9i Advanced Security Server /Administrators Guide, and found a lot more detailed instructions about configuring Entrust-enabled SSL.. In addition, there are samples of how sqlnet.ora will look like. The question: Can we use 9i manual to configure Entrust-enabled SSL for Oracle 817? If we can't use the 9i manual, is there any addendum document to the Chapter 10-Enabling Entrust
Authentication in Oracle8i Advanced Security Administrators Guide, other than CR #281745 ....
null

Hi Justin,
The Visual Basic application software uses Oracle OLEDB Provider 9.2.0.7.0
We use various classes available in OLEDB for acessing the database. For example, the connection string looks like the following:
Provider=oraoledb.oracle; data source=oraserve; user id=myuserid; password=mypasswd;
The application uses ADODB objects to access data.
Hope this clarifies
Regards,
SAM

HELP - SSL Secure Server Issue (SSL_ERROR_NO_CYPHER_OVERLAP)

My attempts to enable SSL functionality on my app server has failed. When I hit the site from a browser using "https://servername", this error appears in the app server log:
[28/May/2003:11:19:55] SEVERE (11476): HTTP3068: Error receiving request from 10.147.82.44 (SSL_ERROR_NO_CYPHER_OVERLAP: no common encryption algorithm(s) with client)
I have already taken the following steps:
-generate request from web server
-obtain cert from CA
-install cert on web server
-create https listener on web server
-enable ssl on web server
-install CA cert on web browser
-lowered encryption level on app server (SSL2, SSL3 in addition to SSL3/TLS)
Anybody experience something similar? Any tips?

You can check the ssl and tls prefs on the about:config page.
If any ssl or tls pref is bold (user set) then right-click that pref and choose "Reset" to reset the pref to the default value.
Paste this regular expression in the Search bar at the top of the about:config page:
*/security.*ssl|security.*tls/
You can open the about:config page via the location/address bar.
You can accept the warning and click "I'll be careful" to continue.
*http://kb.mozillazine.org/about:config
You can also try to delete the cert8.db file in the Firefox profile folder to remove all intermediate certificates that Firefox automatically stores when you visit a web server.
You can use this button to go to the currently used Firefox profile folder:
*Help > Troubleshooting Information > Profile Directory: Open Containing Folder
*http://kb.mozillazine.org/Profile_folder_-_Firefox

Livecycle Policy Server and Livecycle Document Security

Do I need Document Security to use Policy Server??

Hello,
I've been hunting around but can't find it. Is there a concise refernce for how to use Adobe Acrobat8 Security features with the Adobe Document Center? Is it so new that there's no book (Quick Start, etc.) on it?
I send PDFs to people. But I only want them to be able to print the PDF, not copy any of its content. I also want the PDF to "self destruct" after a 3 month period. I was going to use Pinion Software's AutoShred product, but then I stumbled upon Adobe8 and the Document Center, which seemed like a perfect fit. So I immediately upgraded to Adobe8 and signed up for the trial at the Document Center.
I have created security policies. But when I look at the policy, there is nothing allowing the detailed modifications permitted in Acrobat8 - Secure / Show Security Properties / SecurityTab / and the list for Document Restrictions Summary.
For some reason, when I set up a security policy - most restrictive to only permit printing and file non-access after 3 months - the "page extraction: allowed" always shows up when I examine Show Security Properties / Security Tab / Document Restrictions Summary, even though for everything else it is "Not allowed" which is what I want.
I thought maybe its a bug, because when I close the file and then reopen it, the page extraction is grayed out. But I don't know if people I send the file to will be able to extract the pages, thus getting around my objective of not allowing them to copy/paste any of my proprietary content onto some other file format.
Any help on this?
Thanks,
Robert

Could Not Establish trust relationship for the SSL/TLS secure channel Sharepoint Web services

I am trying to updateList items into a sharepoint list from the xml document stored in my shared drive in remote server. To make that work i wrote down a Powershell Script that utilizes Sharepoint Webservices Api Updatelistitems function to perform the acitivity.
I ran the script over in Dev environment it works, Then i went into QA that Works too. At last i am now in PROD and agains ran the script i am now receicing following error:
New-WebServiceProxy : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
All of my servers dev, QA and PROD web apps are encrypted by Https 443 using Cerified root certificate. Powershell script i am running are mirror copy. System accoutn i am using has owner privileages to sharepoint site and its list.
Am i missing something here, what is blocking this traffic i have no clue.
Thank You

are u using self singed certificate?
also check this http://www.poshpete.com/powershell/new-webserviceproxy-and-ssl
http://www.brainlitter.com/2012/03/13/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel/
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

Certificates from Oracle Security Server

Hi everyone
Has anyone been able to genereate a certificate using the Oracle Security Server (OSS) and been able to use that to set up a HTTP listener to use SSL with that?
If so, how????
OAS documentation goes on and on about how to install a certificate from a known CA, but forgets to document it's own OSS.
Please help.
Regards Gerard.

John,
I appreciate you asking around...FYI, I found reference to Oracle Security Server in Metalink...but couldn't attach it to a version of Oracle or another product!
Thanks,
Ed

TF215097: An error occurred while initializing a build for build definition : Could not establish trust relationship for the SSL/TLS secure channel

Hello,
We are facing an issue when triggering a new build using TFS 2013 Update 4, VS2013 Update 4 using TFVCTemplate.12.XAML template. All our other older build definitions just work fine but not the TFVCTemplate.12.XAML. It seems to me that some certificate
might be invalidated. Can anyone please point me in the right direction?
Thanks,
Mitul
TF215097: An error occurred while initializing a build for build definition :
Exception Message: One or more errors occurred. (type AggregateException)
Exception Stack Trace: at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFile(TfsTeamProjectCollection projectCollection, String itemPath, Stream outputStream)
at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFileAsString(TfsTeamProjectCollection projectCollection, String itemPath)
at Microsoft.TeamFoundation.Build.Client.ProcessTemplate.Download(String sourceGetVersion)
at Microsoft.TeamFoundation.Build.Hosting.BuildControllerWorkflowManager.PrepareRequestForBuild(WorkflowManagerActivity activity, IBuildDetail build, WorkflowRequest request, IDictionary`2 dataContext)
at Microsoft.TeamFoundation.Build.Hosting.BuildWorkflowManager.TryStartWorkflow(WorkflowRequest request, WorkflowManagerActivity activity, BuildWorkflowInstance& workflowInstance, Exception& error, Boolean& syncLockTaken)
Inner Exception Details:
Exception Message: An error occurred while sending the request. (type HttpRequestException)
Exception Stack Trace: at Microsoft.VisualStudio.Services.WebApi.VssHttpRetryMessageHandler.<SendAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.HttpClientExtensions.<DownloadFileFromTfsAsync>d__2.MoveNext()
Inner Exception Details:
Exception Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. (type WebException)Exception Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
Inner Exception Details:
Exception Message: The remote certificate is invalid according to the validation procedure. (type AuthenticationException)
Exception Stack Trace: at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)

Hi Mitul,
Thanks for your reply.
It’s strange, if your old build definitions can work using the same TFS Build Server, that indicate your TFS Server configuration is correct and can works. But only new build definition with default TfvcTemplate.12.xaml template cannot build successful.
Please share your TFS Server detailed environment information here. And share your
Build Service Properties dialog screenshot here.
Try to clean the Cache for TFS 2013 manually(delete the content of the folder only, not the cache folder itself):
Clean the Cache folder on Server machine. The folder path is:
C:\Program Files\Microsoft Team Foundation Server 12.0\Application Tier\Web Services\_tfs_data.
After cleaned, on Server machine, click Start and select
Run… to open the dialog box, then input iisreset.exe and click OK, wait it run completely.
Additionally, you can run the TFS 2013 Power Tools BPA to scan the installation of your TFS Server.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

How do I reconnect using SSL/TLS security in Dreamweaver using Windows 7?

I am using an old version of Dreamweaver on Windows 7. When I try to upload a file, I get a message saying that I need to reconnect using SSL/TLS security mechanisms. Is this a setting in Dreamweaver or Windows 7? Thanks for any help or suggestions.

It sounds like it is a requirement of the server, not Dreamweaver or Windows7
Dreamweaver, even older versions, can connect using both FTP and SFTP. But SSL/TLS are on the HTTP protocol, not FTP, so I don't understand why you would get such an error using DW file upload.

WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote

I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
server is configured on http port 80
ERROR
Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
I've checked proxy server connectivity. I'm able browse following site from WSUS server
http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
I did telnet proxy server on the particular port (8080) and that is also fine.
I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
Any tips appreciated !
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM

Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
Your reply ("SSL is enabled/configured, and the certificate being used is invalid
(or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
Any other hints where I can prove them it's a sure shot problem from their side.
Thanks again !!
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM

Sharepoint and SSRS report trust relationship ssl/tls secure channel remote certificate is invalid

I have no experience with sharepoint at all. but this is what I observed.
I intermittently getting this error message on my sharepoint. could not establish trust relationship for the ssl/tls secure channel. Remote Certificate is invalid according to the validation procedure.
Screnshot of the error
This is how the sharepoint page layout.
I have report.aspx. and below is the content of the aspx file.
The url is http://sharepoint.COMPANY.com/Pages/Report.aspx.
The URL is intranet only.
The sharepoint is hosted in SERVER1 and the SSRS is hosted in SERVER.
I observed this error happens on both HTTP and HTTPS http sharepoint COMPANY com/Pages/Report.aspx OR https sharepoint COMPANY com/Pages/Report.aspx
So far, the step I did was to follow this blog http://krishnasangani.blogspot.ca/2013/06/the-remote-certificate-is-invalid.html Restarted
IIS in SERVER1 AND SERVER2. but the problem persist. Another I have done is to click the certificate in internet explorer and everything looks ok on that side to (certificate is valid)
It seems to only happen earlier during the morning, then it fixes itself around 9 Oclock. It has been on going for about 2 weeks. Please help troubleshooting this.
<%@ Page Inherits="Microsoft.SharePoint.Publishing.TemplateRedirectionPage,Microsoft.SharePoint.Publishing,Version=14.0.0.0,Culture=neutral,PublicKeyToken=71e9bsasdasdasd9c" %> <%@ Reference VirtualPath="~TemplatePageUrl" %> <%@ Reference VirtualPath="~masterurl/custom.master" %><%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bsasdasdasd9c" %>
<html xmlns:mso="urn:schemas-microsoft-com:office:office" xmlns:msdt="uuid:547SF010-65B3-11d1-A29F-00457845FFSW"><head>

<title>Report</title></head>
A few questions I have in mind is Any pointer to troubleshoot this problem AND By looking at the ASPX file, Would you be able to determine what method is my Sharepoint page calling the SSRS report , integrated mode, native mode? IEFrame? The reason I am asking
this is that maybe IF I google using the right terminology I can get to the similar problem and solution.
Thanks

Please let us know if you are using
SharePoint communicates to an external service via HTTPS
Please try perform following steps:
Fix is to setup a trust between SharePoint and the server requiring certificate validation.
In SharePoint Central Administration site, go to “Security” and then “Manage Trust”. Upload the certificates to SharePoint. The key is to get both the root and subordinate certificates on to SharePoint.
The steps to get the certificates from the remote server hosting the WCF service are as follows:
1. Browse from IE to the WCF service (e.g., https://remotehost/service.svc?wsdl)
2. Right click on the browser body and choose “Properties” and then “Certificates” and then “Certificate Path”.
This tells you the certificate chain that’s required by the other server in order to communicate with it properly. You can double-click on each level in the certificate chain to go to that particular certificate, then click on “Details” tab, “Copy to
File” to save the certificate with the default settings.
As an example, get both VeriSign & VeriSign Class 3 Extended Validation SSL CA.
reference : http://blogs.technet.com/b/sharepointdevelopersupport/archive/2013/06/13/could-not-establish-trust-relationship-for-ssl-tls-secure-channel.aspx
If my contribution helps you, please click Mark As Answer on that post and
Vote as Helpful
Thanks, ShankarSingh(MCP)

Document Security API Issue

I have developed a web application through which I can apply a policy to a set of documents present on my server's file system,(using APS and DSS API's ) and it is working fine on my jboss.I want to develop an application through which i can apply policy to documents from remote client's file system. And I don't want to upload my files to the server. Imagine if i have a 100 mb document
Document Security service can't be accessed remotely.
Is there any solution to this

Acrobat and Acrobat Professional can both apply policies to documents. The engine on the server side that does this is called PDF Manipulation but the same technology is built into Acrobat.

LDAP SSL and Secure

I am unable to get SSL or Secure LDAP connection to work.
These are my settings for Directory-service:
name: TEST
description: TEST
login-prefix: TEST
type: GenericLdap
last-sync: (no value)
last-sync-error: The server is not operational.
users: (no value)
groups: (no value)
Connection settings
host: ldap.xon-ionx.****.se
port: 636
top-directory: ou=USER_CONTAINER,o=ROOT
binding-type: Secure
synchronization-account: cn=ZAV_User,ou=external,o=ROOT
password: ********
Schema settings
user-filter: (objectClass=inetOrgPerson)
user-class: inetOrgPerson
user-login-name: cn
user-first-name:
user-last-name:
user-full-name: cn
group-filter: (objectClass=groupOfNames)
group-class: groupOfNames
group-name: cn
group-description: description
group-members: member
Message from server is not saying much: Not synchronized (error: The server is not operational.)
Debug log output as follows:
05-07-2013 08:47:09.9960 - Critical - 0x0C5C: Directory service TEST could not be completely synced. Connection settings: host ldap.xon-ionx.****.se, port 636, top ou=USER_CONTAINER,o=ROOT, user cn=ZAV_User,ou=external,o=ROOT, type Secure, ufilter (objectClass=inetOrgPerson), uclass inetOrgPerson, uuname cn, ufname , ulname , uflname cn, gfilter (objectClass=groupOfNames), gclass groupOfNames, gdescription description, gmembership member
The server is not operational.
at System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
at System.DirectoryServices.DirectorySearcher.FindAll (Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindAll ()
at Spoon.Server.Common.Data.Library.DirectoryService. _SyncNode(LibraryDataContext dc, DirectoryServiceNode dsn, Dictionary`2 dictUsers, Dictionary`2 dictGroups, Dictionary`2 dictUsersToInclude, Dictionary`2 dictGroupsToInclude, Int32& iUsersAdded, Int32& iGroupsAdded)
at Spoon.Server.Common.Data.Library.DirectoryService. Sync()
/Mathias

Do other binding options function as expected (Simple, Anonymous)? I'm also working on setting up a test environment to try and reproduce this. If I find something that can help, I'll update the thread.
The support team could open a proper ticket with Spoon about this, but it requires that you open an SR first.

Set-IRMConfiguration failed with error "Cou ld not establish trust relationship for the SSL/TLS secure channel."

Hi, experts
I'm trying to configure a lab environment according tutorial http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/rights-management-server-exchange-2010-part3.html
After completing configuration, I execute cmdlet Set-IRMConfiguration -InternalLicensingEnabled $true, but get error
The remote certificate is invalid according to the validation procedure. ---> The underlying connection was closed: Cou
ld not establish trust relationship for the SSL/TLS secure channel. ---> Failed to get Server Info from https://exhv-65
94/_wmcs/certification/server.asmx.
+ CategoryInfo : InvalidOperation: (:) [Set-IRMConfiguration], Exception
+ FullyQualifiedErrorId : C810E449,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
Then I run cmdlet Test-IRMConfiguration -Sender [email protected] and get error
Results : Checking Exchange Server ...
- PASS: Exchange Server is running in Enterprise.
Loading IRM configuration ...
- PASS: IRM configuration loaded successfully.
Retrieving RMS Certification Uri ...
- PASS: RMS Certification Uri: https://server1/_wmcs/certification.
Verifying RMS version for https://server1/_wmcs/certification ...
- WARNING: Failed to verify RMS version. IRM features require AD RMS on Windows Server 2008 SP2 with the
hotfixes specified in Knowledge Base article 973247 (http://go.microsoft.com/fwlink/?linkid=3052&kbid=973247)
or AD RMS on Windows Server 2008 R2.
Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
//server1/_wmcs/certification/server.asmx. ---> System.Net.WebException: The underlying connection was clos
ed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authenticatio
n.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest async
Request, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequ
est asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Obje
ct state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
uests)
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
--- End of inner exception stack trace ---
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
rviceType serviceType)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
OVERALL RESULT: PASS with warnings on disabled features
From the error message, this issue seem to related with SSL/TLS connection. So I go back to check configuration and find out a difference to tutorial. Current SCP url is https://server1/_wmcs/certification, but in tutorial it is https://server1:433/_wmcs/certification.
On my opinion, I don't think it is the real reason.
So, how can I resolve this error? Could you give me some suggestion? Thanks in advance.
System Info:
Windows Server 2008 R2 + Exchange Server 2010 SP3 RTM

Hi
Please have a try with the solution on this KB article
“Error message when you try to test access from the Microsoft Dynamics CRM E-mail Router: "Incoming Status: Failure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"”
http://support.microsoft.com/kb/954584/en-us
Cheers
Zi Feng
TechNet Community Support

SSL & Document Security Server

Similar Messages

Maybe you are looking for