"The OCSP server returned unexpected/invalid HTTP data"

In april I posted about this, but the issue still exists. About one in 10 times visits to archlinux.org I get this error in Firefox. The strange thing is that it only happens when I visit archlinux.org not any other site. Could it be some kind of misconfiguration on this site?

Northrop wrote:As far as I know it's a problem with CACert's OCSP server. They've had a few issues these past days, I keep on getting 403 Unauthorized errors when requesting OCSP. But it's strange only 1 in 10 visits gives you an error, since FF only checks OCSP once per session.
1 in 10 was just an estimate. It could be that it coincides with the first visit after starting the browser. I sometimes keep the browser open for days, sometimes only minutes so I wasn't sure.

Similar Messages

IOS Mobile Device Management - The SCEP server returned an invalid response

I am in the process of writing an open source iOS mobile device management module in Java. For this I am referring the Apple provided Ruby code at [1]. I have set this up and it works fine for me. Now I need to convert this code to Java. So far I have accomplished to do that up to PKIOperation. In the PKI operation I get "The SCEP server returned an invalid response" which I believe is due to wrong response I sent to device upon PKIOperation.
However when I do search on the internet I get this is something to do with the "maxHttpHeaderSize" as I am using the server as Apache Tomcat. Although I increase that since still it does not get resolved.
Here is the code I need to convert - taken from Apple provided Ruby script
if query['operation'] == "PKIOperation"
    p7sign = OpenSSL::PKCS7::PKCS7.new(req.body)
    store = OpenSSL::X509::Store.new
    p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
    signers = p7sign.signers
    p7enc = OpenSSL::PKCS7::PKCS7.new(p7sign.data)
    csr = p7enc.decrypt(@@ra_key, @@ra_cert)
    cert = issueCert(csr, 1)
    degenerate_pkcs7 = OpenSSL::PKCS7::PKCS7.new()
    degenerate_pkcs7.type="signed"
    degenerate_pkcs7.certificates=[cert]
    enc_cert = OpenSSL::PKCS7.encrypt(p7sign.certificates, degenerate_pkcs7.to_der,
        OpenSSL::Cipher::Cipher::new("des-ede3-cbc"), OpenSSL::PKCS7::BINARY)
    reply = OpenSSL::PKCS7.sign(@@ra_cert, @@ra_key, enc_cert.to_der, [], OpenSSL::PKCS7::BINARY)
    res['Content-Type'] = "application/x-pki-message"
    res.body = reply.to_der
end
So this is how I written this in Java using Bouncycastle library.
X509Certificate generatedCertificate = generateCertificateFromCSR(
                privateKeyCA, certRequest, certCA.getIssuerX500Principal()
                        .getName());
        CMSTypedData msg = new CMSProcessableByteArray(
                generatedCertificate.getEncoded());
        CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
        edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(
                receivedCert).setProvider(AppConfigurations.PROVIDER));
        CMSEnvelopedData envelopedData = edGen
                .generate(
                        msg,
                        new JceCMSContentEncryptorBuilder(
                                CMSAlgorithm.DES_EDE3_CBC).setProvider(
                                AppConfigurations.PROVIDER).build());
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        ContentSigner sha1Signer = new JcaContentSignerBuilder(
                AppConfigurations.SIGNATUREALGO).setProvider(
                AppConfigurations.PROVIDER).build(privateKeyRA);
        List<X509Certificate> certList = new ArrayList<X509Certificate>();
        CMSTypedData cmsByteArray = new CMSProcessableByteArray(
                envelopedData.getEncoded());
        certList.add(certRA);
        Store certs = new JcaCertStore(certList);
        gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
                new JcaDigestCalculatorProviderBuilder().setProvider(
                        AppConfigurations.PROVIDER).build()).build(
                sha1Signer, certRA));
        gen.addCertificates(certs);
        CMSSignedData sigData = gen.generate(cmsByteArray, true);
        return sigData.getEncoded();
The returned result here will be output in to the servlet output stream with the content type "application/x-pki-message".
It seems I get the CSR properly and I generate the X509Certificate using following code.
public static X509Certificate generateCertificateFromCSR(
        PrivateKey privateKey, PKCS10CertificationRequest request,
        String issueSubject) throws Exception {
    Calendar targetDate1 = Calendar.getInstance();
    targetDate1.setTime(new Date());
    targetDate1.add(Calendar.DAY_OF_MONTH, -1);
    Calendar targetDate2 = Calendar.getInstance();
    targetDate2.setTime(new Date());
    targetDate2.add(Calendar.YEAR, 2);
    // yesterday
    Date validityBeginDate = targetDate1.getTime();
    // in 2 years
    Date validityEndDate = targetDate2.getTime();
    X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(
            new X500Name(issueSubject), BigInteger.valueOf(System
                    .currentTimeMillis()), validityBeginDate,
            validityEndDate, request.getSubject(),
            request.getSubjectPublicKeyInfo());
    certGen.addExtension(X509Extension.keyUsage, true, new KeyUsage(
            KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
    ContentSigner sigGen = new JcaContentSignerBuilder(
            AppConfigurations.SHA256_RSA).setProvider(
            AppConfigurations.PROVIDER).build(privateKey);
    X509Certificate issuedCert = new JcaX509CertificateConverter()
            .setProvider(AppConfigurations.PROVIDER).getCertificate(
                    certGen.build(sigGen));
    return issuedCert;
The generated certificate commonn name is,
Common Name: mdm(88094024-2372-4c9f-9c87-fa814011c525)
Issuer: mycompany Root CA (93a7d1a0-130b-42b8-bbd6-728f7c1837cf), None
[1] - https://developer.apple.com/library/ios/documentation/NetworkingInternet/Concept ual/iPhoneOTAConfiguration/Introduction/Introduction.html

I am in the process of writing an open source iOS mobile device management module in Java. For this I am referring the Apple provided Ruby code at [1]. I have set this up and it works fine for me. Now I need to convert this code to Java. So far I have accomplished to do that up to PKIOperation. In the PKI operation I get "The SCEP server returned an invalid response" which I believe is due to wrong response I sent to device upon PKIOperation.
However when I do search on the internet I get this is something to do with the "maxHttpHeaderSize" as I am using the server as Apache Tomcat. Although I increase that since still it does not get resolved.
Here is the code I need to convert - taken from Apple provided Ruby script
if query['operation'] == "PKIOperation"
    p7sign = OpenSSL::PKCS7::PKCS7.new(req.body)
    store = OpenSSL::X509::Store.new
    p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
    signers = p7sign.signers
    p7enc = OpenSSL::PKCS7::PKCS7.new(p7sign.data)
    csr = p7enc.decrypt(@@ra_key, @@ra_cert)
    cert = issueCert(csr, 1)
    degenerate_pkcs7 = OpenSSL::PKCS7::PKCS7.new()
    degenerate_pkcs7.type="signed"
    degenerate_pkcs7.certificates=[cert]
    enc_cert = OpenSSL::PKCS7.encrypt(p7sign.certificates, degenerate_pkcs7.to_der,
        OpenSSL::Cipher::Cipher::new("des-ede3-cbc"), OpenSSL::PKCS7::BINARY)
    reply = OpenSSL::PKCS7.sign(@@ra_cert, @@ra_key, enc_cert.to_der, [], OpenSSL::PKCS7::BINARY)
    res['Content-Type'] = "application/x-pki-message"
    res.body = reply.to_der
end
So this is how I written this in Java using Bouncycastle library.
X509Certificate generatedCertificate = generateCertificateFromCSR(
                privateKeyCA, certRequest, certCA.getIssuerX500Principal()
                        .getName());
        CMSTypedData msg = new CMSProcessableByteArray(
                generatedCertificate.getEncoded());
        CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
        edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(
                receivedCert).setProvider(AppConfigurations.PROVIDER));
        CMSEnvelopedData envelopedData = edGen
                .generate(
                        msg,
                        new JceCMSContentEncryptorBuilder(
                                CMSAlgorithm.DES_EDE3_CBC).setProvider(
                                AppConfigurations.PROVIDER).build());
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        ContentSigner sha1Signer = new JcaContentSignerBuilder(
                AppConfigurations.SIGNATUREALGO).setProvider(
                AppConfigurations.PROVIDER).build(privateKeyRA);
        List<X509Certificate> certList = new ArrayList<X509Certificate>();
        CMSTypedData cmsByteArray = new CMSProcessableByteArray(
                envelopedData.getEncoded());
        certList.add(certRA);
        Store certs = new JcaCertStore(certList);
        gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
                new JcaDigestCalculatorProviderBuilder().setProvider(
                        AppConfigurations.PROVIDER).build()).build(
                sha1Signer, certRA));
        gen.addCertificates(certs);
        CMSSignedData sigData = gen.generate(cmsByteArray, true);
        return sigData.getEncoded();
The returned result here will be output in to the servlet output stream with the content type "application/x-pki-message".
It seems I get the CSR properly and I generate the X509Certificate using following code.
public static X509Certificate generateCertificateFromCSR(
        PrivateKey privateKey, PKCS10CertificationRequest request,
        String issueSubject) throws Exception {
    Calendar targetDate1 = Calendar.getInstance();
    targetDate1.setTime(new Date());
    targetDate1.add(Calendar.DAY_OF_MONTH, -1);
    Calendar targetDate2 = Calendar.getInstance();
    targetDate2.setTime(new Date());
    targetDate2.add(Calendar.YEAR, 2);
    // yesterday
    Date validityBeginDate = targetDate1.getTime();
    // in 2 years
    Date validityEndDate = targetDate2.getTime();
    X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(
            new X500Name(issueSubject), BigInteger.valueOf(System
                    .currentTimeMillis()), validityBeginDate,
            validityEndDate, request.getSubject(),
            request.getSubjectPublicKeyInfo());
    certGen.addExtension(X509Extension.keyUsage, true, new KeyUsage(
            KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
    ContentSigner sigGen = new JcaContentSignerBuilder(
            AppConfigurations.SHA256_RSA).setProvider(
            AppConfigurations.PROVIDER).build(privateKey);
    X509Certificate issuedCert = new JcaX509CertificateConverter()
            .setProvider(AppConfigurations.PROVIDER).getCertificate(
                    certGen.build(sigGen));
    return issuedCert;
The generated certificate commonn name is,
Common Name: mdm(88094024-2372-4c9f-9c87-fa814011c525)
Issuer: mycompany Root CA (93a7d1a0-130b-42b8-bbd6-728f7c1837cf), None
[1] - https://developer.apple.com/library/ios/documentation/NetworkingInternet/Concept ual/iPhoneOTAConfiguration/Introduction/Introduction.html

The SCEP server returned an invalid response.

Hello
We are trying to enroll iPhone 3GS device with iOS 4.1 to be used with MDM. For SCEP server we use MSCEP in Windows Server 2008. We can't get over "Enrolling Certificate" step because it always fails with message "The SCEP server returned an invalid response.". How can we get more details? Analyzing captured HTTP stream revealed no issues.
Thanks in advance for any help.
frustrated Martin

We are testing in LAN and have configured our router to translate some domains to our local IPs. Could this be a problem? In payloads there are no IP addresses but these local domains.
It looks CA is issued the certificate, you might seen that from cert manger console. I don't see any obvious reason why cert got rejected by iPhone. (May be some one experts from apple can find from following dump) Anyway I suggest following option to you.
1) try with http if you are using https
2) install CA cert to phone and try again
3) check time between server and phone
4) try to change default scep issue template to issue 2048 key.
5) double check finger print(in SCEP profile) you config with ca cert.
Followings are SCEP PKI Message dump:
PKCS7 Message:
CMSG_SIGNED(2)
CMSGSIGNED_DATA_PKCS_1_5VERSION(1)
Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data
PKCS7 Message Content:
================ Begin Nesting Level 1 ================
PKCS7 Message:
CMSG_ENVELOPED(3)
CMSGENVELOPED_DATA_PKCS_1_5VERSION(0)
Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data
Content Encryption Algorithm:
Algorithm ObjectId: 1.3.14.3.2.7 des
Algorithm Parameters:
04 08 ed 76 05 85 cc 10 e0 71
04 08 ed 76 05 85 cc 10 e0 71
PKCS7 Message Content:
0000 30 00 6d 16 ce 8c 77 04 cd e4 e0 3d 33 9c 86 84 0.m...w....=3...
0010 36 6c 1c 4c e7 32 b1 8b ae 12 74 1d 2b bf 5a 52 6l.L.2....t.+.ZR
0020 3d e2 34 8c e7 e5 cf 98 35 a3 fa e7 47 da 7e eb =.4.....5...G.~.
0030 02 dd 68 23 de 37 92 c6 91 3a 1e b5 1b 61 5f 98 ..h#.7...:...a_.
0040 50 d3 27 de b5 bf 61 93 b7 ac 54 c9 c6 16 d0 8c P.'...a...T.....
0050 89 2e 92 ba 6d 52 d7 de 80 98 ad 2d ce b0 5e 5a ....mR.....-..^Z
0060 79 b4 e2 6f 7b c6 e6 13 4b b7 f4 81 f5 45 d8 3d y..o{...K....E.=
0070 c7 29 7c ca 78 34 ff 47 dc d1 fc 21 8c aa 43 3a .)|.x4.G...!..C:
0080 29 52 15 60 fb 37 54 46 aa a9 11 98 ef af b5 58 )R.`.7TF.......X
0090 e0 21 4d 99 10 2b 00 b3 44 df d9 fa e3 df 98 5c .!M..+..D......\
00a0 69 06 f9 92 5c d5 a3 32 97 ed 9c 1b 19 55 be 57 i...\..2.....U.W
00b0 85 53 df 71 87 f1 8b 62 0e b8 f7 7d 6b 47 d4 99 .S.q...b...}kG..
00c0 c0 47 f9 bb 7e 57 76 4f 55 a8 59 de b2 77 88 cc .G..~WvOU.Y..w..
00d0 e5 a7 02 de af 44 3c fb ab b9 0d ee 87 78 66 a4 .....D<......xf.
00e0 aa bc 5f 3b 90 56 90 2b c9 0f de 46 05 9c ed 9b .._;.V.+...F....
00f0 b4 a1 64 f5 5e 57 a0 d5 75 46 da 35 1e 79 d9 79 ..d.^W..uF.5.y.y
0100 1c a9 35 d1 12 47 7a de 99 d6 cc b8 a8 71 1c 72 ..5..Gz......q.r
0110 f3 28 a0 1f 44 62 8d 17 23 c1 8e 2c a1 19 3d 57 .(..Db..#..,..=W
0120 4b 12 ac 81 d2 14 6f da 67 47 25 32 05 1f 2b c3 K.....o.gG%2..+.
0130 1d 7d 2c 97 95 1b ee 6e f2 b5 36 7f 69 ea f4 c0 .},....n..6.i...
0140 b5 88 61 f7 26 db 44 13 6c ef da 8d 78 6c bd c3 ..a.&.D.l...xl..
0150 6e 45 41 7b 79 d3 92 c8 5e fd b0 1d 9c 0e ea ee nEA{y...^.......
0160 98 58 6b a8 5f c3 f4 90 16 87 9a 49 c6 99 9b fe .Xk._......I....
0170 0c d8 0a 45 ce 4e 28 59 cf 43 b1 f9 c4 d5 3b e2 ...E.N(Y.C....;.
0180 70 69 c8 ca 0e 16 2f ff 7a 3e 76 d6 dd 7e e9 86 pi..../.z>v..~..
0190 13 a3 8b 66 f8 92 6e f1 84 9b 2d 8c 89 ab d7 3a ...f..n...-....:
01a0 e9 ca 08 2a 68 76 ed f3 70 ac 52 e7 e6 7e b1 28 ...*hv..p.R..~.(
01b0 9e 0b 5d 8b 09 54 a7 60 9b 7c 4b 0d 94 76 55 0e ..]..T.`.|K..vU.
No Signer
Recipient Count: 1
Recipient Info[0]:
CMSGKEY_TRANSRECIPIENT(1)
CERTID_ISSUER_SERIALNUMBER(1)
Serial Number: 61047aca000000000003
Issuer:
CN=WIN2008SCEP-CA
No Certificates
No CRLs
---------------- End Nesting Level 1 ----------------
Signer Count: 1
Signing Certificate Index: 0
dwFlags = CAVERIFY_FLAGS_CONSOLETRACE (0x20000000)
dwFlags = CAVERIFY_FLAGS_DUMPCHAIN (0x40000000)
ChainFlags = CERTCHAIN_REVOCATION_CHECK_CHAIN_EXCLUDEROOT (0x40000000)
HCCELOCALMACHINE
CERTCHAIN_POLICYBASE
-------- CERTCHAINCONTEXT --------
ChainContext.dwInfoStatus = CERTTRUST_HAS_PREFERREDISSUER (0x100)
ChainContext.dwErrorStatus = CERTTRUST_IS_UNTRUSTEDROOT (0x20)
SimpleChain.dwInfoStatus = CERTTRUST_HAS_PREFERREDISSUER (0x100)
SimpleChain.dwErrorStatus = CERTTRUST_IS_UNTRUSTEDROOT (0x20)
CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=20
Issuer: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
NotBefore: 10/26/2010 1:14 AM
NotAfter: 10/26/2011 1:14 AM
Subject: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
Serial: 01
11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
Element.dwInfoStatus = CERTTRUST_HAS_NAME_MATCHISSUER (0x4)
Element.dwInfoStatus = CERTTRUST_IS_SELFSIGNED (0x8)
Element.dwInfoStatus = CERTTRUST_HAS_PREFERREDISSUER (0x100)
Element.dwErrorStatus = CERTTRUST_IS_UNTRUSTEDROOT (0x20)
Exclude leaf cert:
da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09
Full chain:
11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
Issuer: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
NotBefore: 10/26/2010 1:14 AM
NotAfter: 10/26/2011 1:14 AM
Subject: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
Serial: 01
11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b01
09 (-2146762487)
Verifies against UNTRUSTED root
Signer Info[0]:
Signature matches Public Key
CMSGSIGNER_INFO_PKCS_1_5VERSION(1)
CERTID_ISSUER_SERIALNUMBER(1)
Serial Number: 01
Issuer:
CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
Subject:
CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
Hash Algorithm:
Algorithm ObjectId: 1.2.840.113549.2.5 md5 (md5NoSign)
Algorithm Parameters: NULL
Encrypted Hash Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters: NULL
Encrypted Hash:
0000 2a 49 b0 b9 6e a0 0b f3 db 14 7d 0d f9 fd 89 25
0010 b1 fe ad 44 6b 79 c5 31 1a 70 a0 71 d3 bf 22 07
0020 b5 e3 5b 37 cd ee 63 9a 5b ed 85 d5 d8 fb 44 51
0030 5c 80 a4 cf 53 78 f0 b4 b7 63 57 fa f1 f9 9d 5d
0040 fb 4f 22 c7 f4 fb 34 65 1a e2 b1 cd ea b0 45 ab
0050 af ca 09 bf da 92 ea eb 10 3f 04 e5 2c a3 ae 34
0060 9a a1 50 67 27 a0 c5 aa d5 29 45 71 40 d1 73 cb
0070 53 69 5d fa 14 1d db b8 df a2 13 20 e6 da 7a 16
Authenticated Attributes[0]:
6 attributes:
Attribute[0]: 2.16.840.1.113733.1.9.2
Value[0][0]:
Unknown Attribute type
0000 13 02 31 39 ..19
0000: 13 02 ; PRINTABLE_STRING (2 Bytes)
0002: 31 39 ; 19
; "19"
Attribute[1]: 1.2.840.113549.1.9.3 (Content Type)
Value[1][0]:
Unknown Attribute type
1.2.840.113549.1.7.1 PKCS 7 Data
0000 06 09 2a 86 48 86 f7 0d 01 07 01 ..*.H......
0000: 06 09 ; OBJECT_ID (9 Bytes)
0002: 2a 86 48 86 f7 0d 01 07 01
; 1.2.840.113549.1.7.1 PKCS 7 Data
Attribute[2]: 1.2.840.113549.1.9.5 (Signing Time)
Value[2][0]:
Unknown Attribute type
Signing Time: 10/26/2010 1:14 AM
0000 17 0d 31 30 31 30 32 36 30 38 31 34 32 39 5a ..101026081429Z
0000: 17 0d ; UTC_TIME (d Bytes)
0002: 31 30 31 30 32 36 30 38 31 34 32 39 5a ; 101026081429Z
; 10/26/2010 1:14 AM
Attribute[3]: 1.2.840.113549.1.9.4 (Message Digest)
Value[3][0]:
Unknown Attribute type
Message Digest:
c3 01 9e 56 65 b3 08 20 d4 22 f3 73 1a 3a 06 b7
0000 04 10 c3 01 9e 56 65 b3 08 20 d4 22 f3 73 1a 3a .....Ve.. .".s.:
0010 06 b7 ..
0000: 04 10 ; OCTET_STRING (10 Bytes)
0002: c3 01 9e 56 65 b3 08 20 d4 22 f3 73 1a 3a 06 b7 ; ...Ve.. .".s.:..
Attribute[4]: 2.16.840.1.113733.1.9.5
Value[4][0]:
Unknown Attribute type
0000 04 10 91 73 92 a0 d5 02 e3 89 2c 2c ab 31 dc 35 ...s......,,.1.5
0010 78 69 xi
0000: 04 10 ; OCTET_STRING (10 Bytes)
0002: 91 73 92 a0 d5 02 e3 89 2c 2c ab 31 dc 35 78 69 ; .s......,,.1.5xi
Attribute[5]: 2.16.840.1.113733.1.9.7
Value[5][0]:
Unknown Attribute type
0000 13 28 30 38 34 34 36 44 45 31 44 45 37 42 31 41 .(08446DE1DE7B1A
0010 32 45 38 36 30 33 44 36 43 33 45 42 38 44 33 43 2E8603D6C3EB8D3C
0020 38 30 44 41 36 30 31 38 31 30 80DA601810
0000: 13 28 ; PRINTABLE_STRING (28 Bytes)
0002: 30 38 34 34 36 44 45 31 44 45 37 42 31 41 32 45 ; 08446DE1DE7B1A2E
0012: 38 36 30 33 44 36 43 33 45 42 38 44 33 43 38 30 ; 8603D6C3EB8D3C80
0022: 44 41 36 30 31 38 31 30 ; DA601810
; "08446DE1DE7B1A2E8603D6C3EB8D3C80DA601810"
Unauthenticated Attributes[0]:
0 attributes:
Computed Hash: 24 92 3c f9 15 fb 4d ad f8 dc f9 08 d3 6c 7d 79
No Recipient
Certificates:
================ Begin Nesting Level 1 ================
Element 0:
X509 Certificate:
Version: 3
Serial Number: 01
01
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Issuer:
CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
[0,0]: CERTRDN_PRINTABLESTRING, Length = 36 (36/64 Characters)
2.5.4.3 Common Name (CN)="14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC"
31 34 45 45 44 38 45 38 2d 42 44 30 43 2d 34 43 14EED8E8-BD0C-4C
44 39 2d 39 39 30 44 2d 34 34 41 39 39 42 37 44 D9-990D-44A99B7D
43 36 42 43 C6BC
31 00 34 00 45 00 45 00 44 00 38 00 45 00 38 00 1.4.E.E.D.8.E.8.
2d 00 42 00 44 00 30 00 43 00 2d 00 34 00 43 00 -.B.D.0.C.-.4.C.
44 00 39 00 2d 00 39 00 39 00 30 00 44 00 2d 00 D.9.-.9.9.0.D.-.
34 00 34 00 41 00 39 00 39 00 42 00 37 00 44 00 4.4.A.9.9.B.7.D.
43 00 36 00 42 00 43 00 C.6.B.C.
NotBefore: 10/26/2010 1:14 AM
NotAfter: 10/26/2011 1:14 AM
Subject:
CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
[0,0]: CERTRDN_PRINTABLESTRING, Length = 36 (36/64 Characters)
2.5.4.3 Common Name (CN)="14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC"
31 34 45 45 44 38 45 38 2d 42 44 30 43 2d 34 43 14EED8E8-BD0C-4C
44 39 2d 39 39 30 44 2d 34 34 41 39 39 42 37 44 D9-990D-44A99B7D
43 36 42 43 C6BC
31 00 34 00 45 00 45 00 44 00 38 00 45 00 38 00 1.4.E.E.D.8.E.8.
2d 00 42 00 44 00 30 00 43 00 2d 00 34 00 43 00 -.B.D.0.C.-.4.C.
44 00 39 00 2d 00 39 00 39 00 30 00 44 00 2d 00 D.9.-.9.9.0.D.-.
34 00 34 00 41 00 39 00 39 00 42 00 37 00 44 00 4.4.A.9.9.B.7.D.
43 00 36 00 42 00 43 00 C.6.B.C.
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 88 02 81 80 7c 9f 78 02 50 de 9c 86 88 5b
0010 9d 4e af cb 70 5e c9 a8 a9 7b 53 c6 29 7b ae 90
0020 28 92 10 9a af 03 09 da b7 01 a1 15 19 ee 22 35
0030 f4 45 5d 5a 5b 60 7c ef 98 5b 2d 47 b9 d7 78 c0
0040 cd 78 1c 63 dd 81 4a b7 d9 6e 2e e8 f4 9d 52 2c
0050 3a c5 fb c3 d8 9a 6b ef 49 5c fa 53 07 88 c0 e3
0060 98 a7 88 18 79 41 da f4 33 08 3c 57 a6 f0 5e 4e
0070 04 c6 8c e6 25 56 70 17 ae 38 49 c2 fd 37 7a 2b
0080 78 1f 7d 35 12 19 02 03 01 00 01
Certificate Extensions: 1
2.5.29.15: Flags = 1(Critical), Length = 4
Key Usage
Digital Signature, Key Encipherment (a0)
0000 03 02 05 a0 ....
0000: 03 02 ; BIT_STRING (2 Bytes)
0002: 05
0003: a0
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 40 c0 34 02 4c 6d 59 4d 43 21 90 d4 43 e0 69 3b
0010 83 dc e8 5d b0 9b c9 4f 50 6e 7c a3 8c fb e9 0b
0020 99 21 40 27 e8 99 f6 83 2d 6a 79 03 c5 a7 2c 0b
0030 f3 d7 5a 7c 45 2c 7d af 13 a1 02 e7 3a d4 0c 41
0040 4f b6 42 b9 c9 d3 ec f0 33 a9 92 cf 0b ba d4 46
0050 b0 04 b6 99 a4 c1 92 c2 3b 3c 1e d9 e4 ed 09 ca
0060 27 c3 74 ba 68 93 a9 65 a3 7a 1a 4e c3 a5 51 f6
0070 8e 06 94 76 b4 c3 af 55 0f 7b b5 05 36 55 fd 1e
Signature matches Public Key
Root Certificate: Subject matches Issuer
Key Id Hash(rfc-sha1): 08 44 6d e1 de 7b 1a 2e 86 03 d6 c3 eb 8d 3c 80 da 60 18 10
Key Id Hash(sha1): 21 cd df fe 7c 70 f9 0d 38 cd f5 30 e9 62 3f 7d 8a 7c bf 8b
Cert Hash(md5): 6e 8e c8 90 f7 e5 a6 0d a4 e3 4c 4f 38 28 75 1b
Cert Hash(sha1): 11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
---------------- End Nesting Level 1 ----------------
No CRLs

ISE BYOD Microsoft SCEP NDES 802.1x The SCEP server returned an invalid response

Hello,
Using ISE 1.2 with WLC and on-boarding with single SSID. On occasion the error 'The SCEP server returned an invalid response' is received on the IPHONE being on-boarded - this is intermittent. The issue resolves itself in time. Any ideas on troubleshooting? tnks

On the NDES server regedit EnforcePassword = 0 and still having issues.
This has been done as well;
It is possible for ISE to generate URLs that are too long for the IIS web server. In order to avoid this problem, the default IIS configuration can be modified to allow for longer URLs. Enter this command from the NDES server CLI:
%systemroot%\system32\inetsrv\appcmd.exe set config /section:system.webServer/
security/requestFiltering /requestLimits.maxQueryString:"8192" /commit:apphost

Workflow Manager for SP2013. The remote server returned an error: (500) Internal Server Error.

I am *almost* all the way through provisioning my on premise SP 2013 farm for SharePoint 2013 Workflows. Workflow manager is installed alongside Service Bus. Workflow Manager client is installed on the SP servers. I built a new simple list-based
workflow in SP Designer 2013, saved it, and published it without any errors. However, when I go back to the list in my portal and try to run the workflow, I get the "Sorry, something went wrong" page, and the logs say this:
05/15/2013 12:41:05.07 w3wp.exe (0x071C)                       0x085C SharePoint Foundation
Runtime                       tkau Unexpected System.Net.WebException: The remote server returned an error: (500) Internal Server
Error.    at Microsoft.Workflow.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)     at Microsoft.Workflow.Client.HttpGetResponseAsyncResult`1.End(IAsyncResult result)     at Microsoft.Workflow.Client.ClientHelpers.SendRequest[T](HttpWebRequest
request, T content) 27be1b9c-f990-f096-34a8-7ac8816bc7a5
05/15/2013 12:41:05.08 w3wp.exe (0x071C)                       0x085C SharePoint Foundation
General                       ajlz0 High    Getting Error Message for Exception System.Web.HttpUnhandledException
(0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> Microsoft.Workflow.Client.InternalServerException: Exception thrown from the data layer. For more details, please see the server logs. HTTP headers received from the server
- ActivityId: 0c03f692-8153-43a7-bed5-096214b06168. NodeId: VM22. Scope: /SharePoint/default/d386fdc7-ea7b-4d46-9a39-5c114096eef8/f203a564-e83a-47a3-b11b-e432ac1e6dab. Client ActivityId : 27be1b9c-f990-f096-34a8-7ac8816bc7a5. ---> System.Net.WebException:
The remote server returned an error: (500) Internal Server Error.     at Microsoft.Workflow.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)     at Microsoft.Workflow.Client.HttpGetResponseAsyncResult`1.End(... 27be1b9c-f990-f096-34a8-7ac8816bc7a5
05/15/2013 12:41:05.08* w3wp.exe (0x071C)                       0x085C SharePoint Foundation
General                       ajlz0 High    ...IAsyncResult result)     at Microsoft.Workflow.Client.ClientHelpers.SendRequest[T](HttpWebRequest
request, T content)     --- End of inner exception stack trace ---     at Microsoft.Workflow.Client.ClientHelpers.SendRequest[T](HttpWebRequest request, T content)     at Microsoft.Workflow.Client.InstanceManager.GetInternal(Int32
skip, Int32 count, String workflowName, WorkflowInstanceStatus workflowStatus, IDictionary`2 activationMetadataFilter)     at Microsoft.SharePoint.WorkflowServices.FabricWorkflowInstanceProvider.EnumerateByMonitoringParameter(Guid monitoringParameter,
Int32 offset, Int32 count, Boolean checkPermissions)     at Microsoft.SharePoint.WorkflowServices.FabricWorkflowInstanceProvider.EnumerateInstancesForListItem(Guid listId, Int32 itemId, Int32 offset)     at Microsoft.Sh... 27be1b9c-f990-f096-34a8-7ac8816bc7a5
05/15/2013 12:41:05.08* w3wp.exe (0x071C)                       0x085C SharePoint Foundation
General                       ajlz0 High    ...arePoint.WorkflowServices.FabricWorkflowInstanceProvider.EnumerateInstancesForListItem(Guid
listId, Int32 itemId)     at Microsoft.SharePoint.WorkflowServices.ApplicationPages.WorkflowPageBase.ConstructStatusArraysWF4(ArrayList running, ArrayList completed, Boolean onlyMyWorkflows)     at Microsoft.SharePoint.WorkflowServices.ApplicationPages.WorkflowPage.ConstructStatusArrays()
at Microsoft.SharePoint.WorkflowServices.ApplicationPages.WorkflowPage.OnLoad(EventArgs e)     at System.Web.UI.Control.LoadRecursive()     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.HandleError(Exception e)     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStages... 27be1b9c-f990-f096-34a8-7ac8816bc7a5
05/15/2013 12:41:05.08* w3wp.exe (0x071C)                       0x085C SharePoint Foundation
General                       ajlz0 High    ...AfterAsyncPoint)     at System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.ProcessRequest()     at System.Web.UI.Page.ProcessRequest(HttpContext context)     at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) 27be1b9c-f990-f096-34a8-7ac8816bc7a5
05/15/2013 12:41:05.08 w3wp.exe (0x071C)                       0x085C SharePoint Foundation
General                       aat87 Monitorable 27be1b9c-f990-f096-34a8-7ac8816bc7a5
Some sort of "general server error" returns a 500 code, but I can't tell from this what the problem(s) might be. Has anyone seen this before?
Thanks.

Go to the server running Workflow Manager and open the Event Viewer; Applications and Services Logs; Microsoft-Workflow; Operational; and look for the underlying error. In our case, the CU for Workflow Manager did something to the SQL permissions and
we ended up using the workaraound described here:
http://social.msdn.microsoft.com/Forums/windowsazure/en-US/054d2a58-8847-4a6a-b1ab-05a79f49fe65/workflow-manager-cumulative-update-february-error?forum=wflmgr
Joe

ASMX web service and The remote server returned an error: (500) Internal Server Error issue

i have developed a very small web service and which is hosted along with our web site. our webservice url is
http://www.bba-reman.com/Search/SearchDataIndex.asmx
web service code
namespace WebSearchIndex
#region SearchDataIndex
/// <summary>
/// SearchDataIndex is web service which will call function exist in another library for part data indexing
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
// [System.Web.Script.Services.ScriptService]
public class SearchDataIndex : System.Web.Services.WebService
//public AuthHeader ServiceAuth=null;
public class AuthHeader : SoapHeader
public string Username;
public string Password;
#region StartIndex
/// <summary>
/// this function will invoke CreateIndex function of SiteSearch module to reindex the data
/// </summary>
[WebMethod]
public string StartIndex(AuthHeader auth)
string strRetVal = "";
if (auth.Username == "Admin" && auth.Password == "Admin")
strRetVal = SiteSearch.CreateIndex(false);
else
SoapException se = new SoapException("Failed : Invalid credentials",
SoapException.ClientFaultCode,Context.Request.Url.AbsoluteUri,new Exception("Invalid credentials"));
throw se;
return strRetVal;
#endregion
#endregion
when i was calling that web service from my win apps using
HttpWebRequest
class then getting error The remote server returned an error: (500) Internal Server Error
here is code of my win apps from where i am calling web service
string strXml = "";
strXml = "<s:Envelope xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'><s:Body><StartIndex xmlns='http://tempuri.org/' xmlns:i='http://www.w3.org/2001/XMLSchema-instance'><auth><Username>joy</Username><Password>joy</Password></auth></StartIndex></s:Body></s:Envelope>";
string url = "http://www.bba-reman.com/Search/SearchDataIndex.asmx";
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.Method = "POST";
req.ContentType = "text/xml";
req.KeepAlive = false;
req.ContentLength = strXml.Length;
StreamWriter streamOut = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII);
streamOut.Write(strXml);
streamOut.Close();
StreamReader streamIn = new StreamReader(req.GetResponse().GetResponseStream());
string strResponse = streamIn.ReadToEnd();
streamIn.Close();
i am just not being able to understand when this line execute
StreamReader streamIn = new StreamReader(req.GetResponse().GetResponseStream());
then getting the error The remote server returned an error: (500) Internal Server Error
not being able to understand where i made the mistake. mistake is in the code of web service end or in calling code?
help me to fix this issue. thanks

Hi Mou,
I just tried your win app code about calling web service, but failed. I got the 500 error after I called your service:
The error message I quoted from Fiddler:
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>System.Web.Services.Protocols.SoapException: Failed : Invalid credentials ---> System.Exception: Invalid credentials
--- End of inner exception stack trace ---
at BBAReman.WebSearchIndex.SearchDataIndex.StartIndex(AuthHeader auth)</faultstring><faultactor>http://www.bba-reman.com/Search/SearchDataIndex.asmx</faultactor><detail /></soap:Fault></soap:Body></soap:Envelope>
I am not totally sure that error occurred by the authentication. But I suggest you can try to add this service into your project using this method below:
1.right click the Reference and select Add Service Reference
2.input your service link and click "Go"
And you can use this service as the following:
private async void callService()
ServiceReference1.SearchDataIndexSoapClient client =new ServiceReference1.SearchDataIndexSoapClient();
var Str= await client.StartIndexAsync(new ServiceReference1.AuthHeader { Username = "Admin", Password = "Admin" });
Please try it.
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Provider-hosted Apps debug error: The remote server returned an error: (401) unauthorised

Hi,
Any help appreciated!!
I'm getting this error: "The remote server returned an error: (401) unauthorised when I debug a provider-hosted app. I get the error on this line:
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
See code below
I created a high trust development environment following the instructions provided here:
http://msdn.microsoft.com/en-us/library/office/fp179901(v=office.15).aspx and
http://msdn.microsoft.com/library/office/fp179923
I created a provider-hosted app with the intent to:
create a SharePoint list in the appweb
Use self-signed certificate, tokenhepler.cs and sharepointcontext.cs to retrieve current user context and access on SharePoint. (No changes were made to tokenhelper.cs and sharepointcontext.cs)
retrieve list items from the SharePoint list in a button click event handler on a default.aspx of the remote web
What happens:
The app is deployed successfully to the Dev site
The SharePoint feature is deployed and activated
The default.aspx page of the remote web loads
The error (see image) is returned on clicking of the button
My environment is an on-premise SharePoint 2013 with AD and my dev box is standalone windows 8.1 running Visual Studio Professional 2013 Update 3.
The code block below is a copy of the default.aspx code-behind
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using Microsoft.SharePoint.Client;
using Microsoft.IdentityModel.S2S.Tokens;
using System.Net;
using System.IO;
using System.Xml;
using System.Data;
using System.Xml.Linq;
using System.Xml.XPath;
namespace Idea.GeneratorWeb
public partial class Default : System.Web.UI.Page
SharePointContextToken contextToken;
string accessToken;
Uri sharepointUrl;
protected void Page_PreInit(object sender, EventArgs e)
Uri redirectUrl;
switch (SharePointContextProvider.CheckRedirectionStatus(Context, out redirectUrl))
case RedirectionStatus.Ok:
return;
case RedirectionStatus.ShouldRedirect:
Response.Redirect(redirectUrl.AbsoluteUri, endResponse: true);
break;
case RedirectionStatus.CanNotRedirect:
Response.Write("An error occurred while processing your request.");
Response.End();
break;
protected void Page_Load(object sender, EventArgs e)
//// The following code gets the client context and Title property by using TokenHelper.
//// To access other properties, the app may need to request permissions on the host web.
var spContext = SharePointContextProvider.Current.GetSharePointContext(Context);
//var spContext = new ClientContext("MySPDevInstance");
//spContext.Credentials = new NetworkCredential("username", "password");
//using (var clientContext = spContext.CreateUserClientContextForSPHost())
// clientContext.Load(clientContext.Web, web => web.Title);
// clientContext.ExecuteQuery();
// Response.Write(clientContext.Web.Title);
string contextTokenString = TokenHelper.GetContextTokenFromRequest(Request);
if (contextTokenString != null)
// Get context token
contextToken = TokenHelper.ReadAndValidateContextToken(contextTokenString, Request.Url.Authority);
// Get access token
sharepointUrl = new Uri(Request.QueryString["SPAppWebUrl"]);
accessToken = TokenHelper.GetAccessToken(contextToken, sharepointUrl.Authority).AccessToken;
// Pass the access token to the button event handler.
Button1.CommandArgument = accessToken;
protected void Button1_Click(object sender, EventArgs e)
// Retrieve the access token that the Page_Load method stored
// in the button's command argument.
string accessToken = ((Button)sender).CommandArgument;
if (IsPostBack)
sharepointUrl = new Uri(Request.QueryString["SPAppWebUrl"]);
// REST/OData URL section
string oDataUrl = "/_api/Web/lists/getbytitle('Diagrams In Idea Generator')/items?$select=Title,Diagram,SharingStatus";
// HTTP Request and Response construction section
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(sharepointUrl.ToString() + oDataUrl);
request.Method = "GET";
request.Accept = "application/atom+xml";
request.ContentType = "application/atom+xml;type=entry";
request.Headers.Add("Authorization", "Bearer " + accessToken);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
// Response markup parsing section
XDocument oDataXML = XDocument.Load(response.GetResponseStream(), LoadOptions.None);
XNamespace atom = "http://www.w3.org/2005/Atom";
XNamespace d = "http://schemas.microsoft.com/ado/2007/08/dataservices";
XNamespace m = "http://schemas.microsoft.com/ado/2007/08/dataservices/metadata";
List<XElement> entries = oDataXML.Descendants(atom + "entry")
.Elements(atom + "content")
.Elements(m + "properties")
.ToList();
var entryFieldValues = from entry in entries
select new
Character = entry.Element(d + "Title").Value,
Actor = entry.Element(d + "Diagram").Value,
CastingStatus = entry.Element(d + "SharingStatus").Value
GridView1.DataSource = entryFieldValues;
GridView1.DataBind();
Any ideas what I might be doing wrong

Hi ,
Use the below code
Public string GetAccessToken(){
string sharePointSiteUrlHost = Page.Request["SPHostUrl"].Tostring();
string AccessToken = tokenHelper.GetS2SAccessTokenWithWindowsIdentity(sharePointSiteUrlHost, Request.LogonUserIdentity);
return accessToken;
Than initialize the ClientCOntext with the below Method
private static ClientContext GetClientContextWithAccessTokenString(string targetUrl, object accessToken)
ClientContext clientContext = new ClientContext(targetUrl);
clientContext.AuthenticationMode = ClientAuthenticationMode.Anonymous;
clientContext.FormDigestHandlingEnabled = false;
clientContext.ExecutingWebRequest +=
delegate(object oSender, WebRequestEventArgs webRequestEventArgs)
webRequestEventArgs.WebRequestExecutor.WebRequest.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
webRequestEventArgs.WebRequestExecutor.RequestHeaders["Authorization"] =
"Bearer " + accessToken;
return clientContext;
use this clientCOntext and it will work.
Do not use
SharePointContextProvider
Whenever you see a reply and if you think is helpful,Vote As Helpful! And whenever you see a reply being an answer to the question of the thread, click Mark As Answer

Test-ActiveSyncConnectivity fails with The remote server returned an error: (400) Bad Request.

Hi all,
I'm on the process of transition from Exchange 2003 to 2010, everything is going perfectly alright however ActiveSync is bugging me!
when I try to test activesync I get the following error:
[PS] C:\>Test-ActiveSyncConnectivity -MailboxCredential $user -TrustAnySSLCertificate |FL
RunspaceId : 136b8f68-26ec-4e29-a5bb-cf5ee816e04b
LocalSite : SITE
SecureAccess : True
VirtualDirectoryName :
Url :
UrlType : Unknown
Port : 0
ConnectionType : Plaintext
ClientAccessServerShortName : cas01
LocalSiteShortName : SITE
ClientAccessServer : CASSERVERNAME
Scenario : Options
ScenarioDescription : Issue an HTTP OPTIONS command to retrieve the Exchange ActiveSync protocol version.
PerformanceCounterName :
Result : Success
Error :
UserName : user1
StartTime : 12/12/2012 1:02:23 PM
Latency : 00:00:00.0312496
EventType : Success
LatencyInMillisecondsString : 31.25
Identity :
IsValid : True
RunspaceId : 136b8f68-26ec-4e29-a5bb-cf5ee816e04b
LocalSite : Reckon_NS
SecureAccess : True
VirtualDirectoryName :
Url :
UrlType : Unknown
Port : 0
ConnectionType : Plaintext
ClientAccessServerShortName : CASSERVERNAME
LocalSiteShortName : SITE
ClientAccessServer : CASSERVERNAME
Scenario : FolderSync
ScenarioDescription : Issue a FolderSync command to retrieve the folder hierarchy.
PerformanceCounterName : DirectPush Latency
Result : Failure
Error : [System.Net.WebException]: The remote server returned an error: (400) Bad Request.
HTTP response headers:
MS-Server-ActiveSync: 6.5.7638.1
Content-Length: 46
Cache-Control: private
Content-Type: text/html
Date: Wed, 12 Dec 2012 02:02:23 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
UserName : user1
StartTime : 12/12/2012 1:02:23 PM
Latency : -00:00:01
EventType : Error
LatencyInMillisecondsString :
Identity :
IsValid : True
environment:
Ex 2003 'Exchange' virtual directory permission: Integrated Windows Authentication, Basic
Ex 2003 'OMA' permission: Basic Authentication
Ex 2003 'ActiveSync' permission: Integrated, Basic
Ex 2010 successfully redirects users from 2010 to 2003 webmail if you login to OWA with a mailbox on 2003

Yes Martina,
It has been done through ESM
I cannot test using testexchangeconnectivity.com since I cannot put the 2010 one into production, I will get into trouble if I change the DNS record to the new mail server!
Yes, EAS works perfectly fine with 2010 mailboxes.
OK.
It might be that it's not possible to run Test-ActiveSyncConnectivity against a mailbox stored in Exchange 2003.
Installing KB937031 and enabling Windows Authentication is really all that needs to be done in EX03, in order for Exchange 2010 to proxy the EAS requests.
Martina Miskovic

ESB Portal : The remote server returned an error: (400) Bad Request

Hi,
I am getting the below error message while trying to access ESB Portal:
========================
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 12/18/2013 12:07:10 PM
Event time (UTC): 12/18/2013 12:07:10 PM
Event ID: 2a429911fb69455ab3b77348c8b259ce
Event sequence: 10
Event occurrence: 2
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT/ESB.Portal-1-130318418493427545
Trust level: Full
Application Virtual Path: /ESB.Portal
Application Path: C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\ESB.Portal\
Machine name: WIN-HG1MJEC7KJS
Process information:
Process ID: 3220
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM
Exception information:
Exception type: WebException
Exception message: The remote server returned an error: (400) Bad Request.
Request information:
Request URL: http://localhost/esb.portal/default.aspx
Request path: /esb.portal/default.aspx
User host address: ::1
User: WIN-HG1MJEC7KJS\ESBUser
Is authenticated: True
Authentication Type: Negotiate
Thread account name: NT AUTHORITY\SYSTEM
Thread information:
Thread ID: 4
Thread account name: NT AUTHORITY\SYSTEM
Is impersonating: False
Stack trace: at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
Custom event details:
====================
I also looked at thread : http://social.msdn.microsoft.com/Forums/en-US/1fb510a8-9f4b-4e1e-9261-3273b037786c/esbportal-bad-request-400?forum=biztalkesb
However didn't able to find the workaround for the same.
Best Regards,
Harkirat

Hi,
On a local server you don't have to change the web.config if you use local Windows Groups. Check if the User is added to the "BizTalk Server Administrators" Group. Also check if the Group or the User has rights to access EsbExceptionDb & ESBAdmin
database. You also have to enable "Windows Authentication" in IIS for the ESB.Portal.
Local Machine settings:
ESB.Exceptions.Service\Web.config
<connectionStrings><add providerName="System.Data.SqlClient" connectionString="Integrated Security=SSPI;Data Source=.;Initial Catalog=EsbExceptionDb" name="EsbExceptionDbConnectionString"/></connectionStrings>
C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\ESB.Portal\Web.config
<connectionStrings>
<add name="AdminDatabaseServer" providerName="System.Data.SqlClient" connectionString="Network Library=dbmssocn;Data Source=(local);Integrated Security=True;Initial Catalog=ESBAdmin;"/>
</connectionStrings>
<authentication mode="Windows"/>
<authorization><allow roles="BizTalk Application Users"/>
<allow roles="BizTalk Server Administrators"/>
<allow roles="Administrators"/>
<deny users="*"/>
</authorization>
Kind regards,
Tomasso Groenendijk
Blog
| Twitter
MCTS BizTalk Server 2006, 2010
If this answers your question please mark it accordingly

DataSource.Error: SharePoint: Request failed: The remote server returned an error: (500) Internal Server Error.

Seeing this error when retrieving data from a SharePoint list. I have full access to the list. Any help would be appreciated.
DataSource.Error: SharePoint: Request failed: The remote server returned an error: (500) Internal Server Error. (An error occurred while processing this request.)
Details:
https://xyz/_vti_bin/ListData.svc/ListName


I think I figured out how to use Fiddler. Here's the information I captured-
This is a Tunnel. Status: OPEN, Raw Bytes Out: 3,797; In: 7,604
The selected session is a HTTP CONNECT Tunnel. This tunnel enables a client to send raw traffic (e.g. HTTPS-encrypted streams or WebSocket messages) through a HTTP Proxy Server (like Fiddler).
To enable Fiddler's HTTPS-decryption feature and view decrypted traffic, click Tools > Fiddler Options > HTTPS.
Request Count:   1
Bytes Sent:      107  (headers:107; body:0)
Bytes Received: 107  (headers:107; body:0)
Tunnel Sent:     3,797
Tunnel Received: 7,604
ACTUAL PERFORMANCE
ClientConnected: 11:06:11.389
ClientBeginRequest: 11:06:11.395
GotRequestHeaders: 11:06:11.395
ClientDoneRequest: 11:06:11.395
Determine Gateway: 0ms
DNS Lookup:   176ms
TCP/IP Connect: 77ms
HTTPS Handshake: 0ms
ServerConnected: 11:06:11.649
FiddlerBeginRequest: 11:06:11.649
ServerGotRequest: 11:06:11.649
ServerBeginResponse: 00:00:00.000
GotResponseHeaders: 00:00:00.000
ServerDoneResponse: 00:00:00.000
ClientBeginResponse: 11:06:11.649
ClientDoneResponse: 11:06:11.649
Overall Elapsed: 0:00:00.254
-= Fiddler Event Log =-
See http://fiddler2.com/r/?FiddlerLog for details.
10:33:33:8092 Fiddler Running...
10:33:33:8118 Fiddler.Network.AutoProxy> AutoProxy Detection failed.
10:33:33:8118 AutoProxy failed. Disabling for this network.
10:33:33:8118 Windows 8+ AppContainer isolation feature detected.
11:01:21:4125 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:4145 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:4185 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:4258 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:4268 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:4298 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:4398 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:4398 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:4518 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:4518 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:4528 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:4828 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:5789 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:5820 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:5879 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:6179 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:6530 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
11:01:21:6924 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance

Error while executing script for sharepoint online (office 365) - the remote server returned an error: (503) server unavailable

error while executing script for sharepoint online (office 365) - the remote server returned an error: (503) server unavailable.
I am creating many site collections reading records from sharepoint list using powershell in sharepoint online tenant (office 365).
Few site collections are created and then getting above error so this error record will be skipped then few succeeding record processed then again getting error.
pattern is like:
success
success
success
success
Error
success
success
success
success
success
success
error
success

Hi,
As it is an online environment, to troubleshoot this issue in an easier way, I suggest you contact Office 365 Support to see if there is any useful information in
the log files in the server side:
https://support.office.com/en-us/article/Contact-Office-365-for-business-support-32a17ca7-6fa0-4870-8a8d-e25ba4ccfd4b?ui=en-US&rs=en-US&ad=US
Best regards
Patrick Liang
TechNet Community Support

Power BI analysis services connector - the remote server returned an error (403)

Hi all, does any one have any suggestions what to try to identify the configuration problem I have?
I have, a SSAS 2012 tabular instance with SP2, there is a database on the instance with a read role with everyone assigned permissions.
When configuring the Power BI analysis services connector, at the point where you enter Friendly Name, Description and Friendly error message, when you click next I receive the error "The remote server returned an error (403)."
I've tested connecting to the database from Excel on a desktop and connect fine.
I don't use a "onmicrosoft" account so don't have that problem to deal with.
We use Power BI Pro with our Office 365. As far as I can tell that part is working ok as I pass that stage of the configuration with a message saying connected to Power BI.
The connector is installed on the same server as tabular services, its a Win2012 Standard server. The tabular instance is running a domain account that is the admin account for the instance (this is a dev environment) that account is what I've used in the
connector configuration. It's also a local admin account. There is no gateway installed on the server.
Any help would be greatly appreciated, thanks, Brian
Brian Searle

Brian-
One other common issue I've seen is the UPN not quite matching. Log onto the SSAS server as the user who's logged into Power BI. Then open a command prompt and run:
whoami /upn
Hopefully the UPN it says will match your EffectiveUserName test and will match exactly how you're signing into the Power BI site.
If that doesn't work, your best bet is to go to
http://support.powerbi.com/ and click Contact Support and describe this situation and someone from the Power BI support team should get in touch with you to troubleshoot.
http://artisconsulting.com/Blogs/GregGalloway

Getting "The remote server returned an error 503 server unavailable" in azure web jobs

I have created one web
job - on demand schedule under azure web site. This web jobs contains .execmd(i.e.)
Console Application.
I am retrieving the data from SQL Azure database and uploaded the data in sharepoint online lists. (i.e.)I have uploaded the data to several(7) lists in each subsites. I have 3 subsites.
I am getting this error "The remote server returned an error 503 server unavailable", while uploaded the data into lists.
Full Error Message:
Message - The remote server returned an error 503 server unavailable.
StackTrace - at System.Net.HttpWebRequest.GetResponse()
> cc525c: INFO] at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute()
> cc525c: INFO] at Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb)
> cc525c: INFO] at Microsoft.SharePoint.Client.ClientRequest.ExecuteQuery()
> cc525c: INFO] at Microsoft.SharePoint.Client.ClientRuntimeContext.ExecuteQuery()
> cc525c: INFO] at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
This is not occur every time. Some time i didn't get any error data successfully uploaded in share point online list.
Totally 4 hours taken uploaded the data into list for completed all 3 subsites.
If anyone know how to resolve this.
Thanks,
A.Ramu

Hi,
Per my understanding, there is an issue when uploading data from SQL Azure database to a SharePoint list in Online environment.
For narrowing down the issue, I suggest you create a Console Application in Visual Studio without accessing the SQL Azure database and upload some sample data to the same SharePoint
list to see if the issue still occurs intermittently.
Thanks
Patrick Liang
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

Error: Load operation failed for query 'GetAuthenticationInfo'. The remote server returned an error: NotFound.

Hello,
I have a lightswitch web-application in development, which I need to copy from one computer to the other. I have tried doing it both through Git and by simply copying the solution and opening the project on another machine. The project builds without errors,
but when I try to debug it, it opens a web-browser, loads to 100% and pops up an error - Load operation failed for query 'GetAuthenticationInfo'. The remote server returned an error: NotFound.
Now, I have tried repairing Visual Studio on my machine, reinstalling .NET framework and setting <basicAuthentication enabled="false" /> in web.config, yet it still does not run.
When using Fiddler, it shows an error while loading the application - "HTTP/1.1 500 Internal Server Error" , which I honestly don't know what it means.
The application uses ComponentOne and Telerik modules, but they are both installed on both machines.
The application does run perfectly on the original machine, but it is not working on any other one.
Both machines are using Win 8.1 and Visual Studio 2013 Update 4.
I have tried to look this up online, but most people's problem are when they are deploying the app, not just debugging. I would be really happy for any help with this issue.
Thanks!

I have the same problem on one of my development machines. Whenever I create a new project, the System.IdentityModel.Tokens.Jwt nuget package is not referenced properly. The project compiles correctly but you are not able to debug as I get the same error
as you.
If you open up your references and there is an error next to any of your references make sure that you correct them. In the case of the jwt reference error, I have to remove the jwt reference and then add it back from the packages folder.
This may not be your problem but could point you in a direction?

Powershell Error for SharePoint Online -"The remote server returned an error: (407) Proxy Authentication Required."

I am trying to call sharepoint online from powershell. Below is the code. I get
Exception calling "ExecuteQuery" with "0" argument(s): "The remote server returned an error: (407) Proxy Authentication Required."
$loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
$loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
$webUrl = "ZZZZ"
$username = "XXX"
$password = "YYYY"
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)
$web = $ctx.Web
$lists = $web.Lists
$ctx.Load($lists)
$ctx.ExecuteQuery()
$lists| select -Property Title
Raj-Shpt

Hi,
About how to access SharePoint online site using PowerShell, the blog below would be helpful:
http://social.technet.microsoft.com/wiki/contents/articles/29518.csom-sharepoint-powershell-reference-and-example-codes.aspx
Another two demos for your reference:
http://www.hartsteve.com/2013/06/sharepoint-online-powershell/
http://www.sharepointnutsandbolts.com/2013/12/Using-CSOM-in-PowerShell-scripts-with-Office365.html
Thanks
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

"The OCSP server returned unexpected/invalid HTTP data"

Similar Messages

Maybe you are looking for