Why I cannot access Firebase Storage - firebase

I'm using Firebase Storage to keep some files of my App. Suddenly I started to get an SSL errors on both iOS and Android platform and no idea what's the issue.
iOS :
NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://firebasestorage.googleapis.com:443/v0/b/XXXXX.appspot.com/o?delimiter=/, NSUnderlyingError=0x600002e81440 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9816, _kCFStreamErrorDomainKey=3, _kCFStr
FLTFirebaseStorage: An unknown error occurred while calling method Reference#listAll
Android :
V/NativeCrypto(16839): SSL handshake aborted: ssl=0xbd081f68: Failure in SSL library, usually a protocol error
V/NativeCrypto(16839): error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER (third_party/openssl/boringssl/src/ssl/tls_record.cc:242 0x9b4e9d4c:0x00000000)
W/NetworkRequest(16839): error sending network request GET https://firebasestorage.googleapis.com/v0/b/XXXXXX.appspot.com/o

According to our investigations, USOM (National Cyber Incident Response Center) seems to block firebase cloud storage services. The issue is interestingly seemed to be related more with Turkish Government rather than Firebase. This explains why VPNs still work for accessing your files. ISP is blocked by the government in order not to reach storage services of google. I think someone (may be a responsible team in Google) need to reach them and illuminate that their action is weird and they should not block whole storage service for preventing an access to a file which they think is illegal..
Here you can check the block list:
https://www.usom.gov.tr/url-list.txt
you can search firebasestorage.googleapis.com, it is there.

Related

How to identify app source of SCHANNEL error?

Recently used IISCrypto to disable protocols less than TLS 1.2 on the IIS web server. Starting to see numerous SCHANNEL errors in the event log like so:
A fatal error occurred while creating an SSL client credential. The internal error state is 10013.
How do you determine which app is logging this error?

Email sending stopped working on Siteground Cloud server

The Offload SES Lite plugin is super cool and it was working perfectly when my website is hosted with WP-Engine server. Now I moved my website to Siteground Cloud server and it stopped working. However, when I deactivated the plugin then again the email starts working but then it is delivering in spam/junk folder.
My DKIM and all TXT records are showing as verified on my Amazon AWS Console
Verification Status: verified
DKIM Status: verified
Enabled for Sending: Yes
This is the error message keep getting when I send test email from plugin's page:
Error executing "SendRawEmail" on "https://email.us-east-1.amazonaws.com"; AWS HTTP error: Client error: `POST https://email.us-east-1.amazonaws.com` resulted in a `400 Bad Request` response: <ErrorResponse xmlns="http://ses.amazonaws.com/doc/2010-12-01/">
<Error> <Type>Sender</Type>
<Code>MessageReje (truncated...) MessageRejected (client): Sending paused for this account. For more information, please check the inbox of the email address associated with your AWS account. - <ErrorResponse xmlns="http://ses.amazonaws.com/doc/2010-12-01/">
<Error> <Type>Sender</Type>
<Code>MessageRejected</Code>
<Message>Sending paused for this account. For more information, please check the inbox of the email address associated with your AWS account.</Message>
</Error>
<RequestId>207abefe-4ed7-4013-9c11-4aa1f47c0f04</RequestId>
</ErrorResponse>
Please suggest what causing issue as this was working on previous server but stopped when we moved to new cloud server on siteground.
I also contacted the Siteground team and they are saying that the issue is from applications end but its not.
Thanks.
SiteGround VPS's by default often set the 'envelope-from' email header when left to their own devices, and they will set it to something that is not the same as the declaired 'From' email header you've defined. It will likely be fdo0gbo8mjhs#c54292.sgvps.net or something similar.
This will instantly make DKIM fail.
For any such DKIM rejection errors, you need to actively set the envelope-from value in your code.

Cannot connect to a localhost SQL server database in UWP

I have created a UWP application for testing purposes in which my purpose is to be able the application to connect to a ASP.NET Web API with a certificate for Indivual User Accounts, I've hosted the db into localhost, after ensuring the connection its correct and everything its ok I have deployed my UWP app, the problem is that when I execute a call to a method inside the Account controller (api/Account), the compiler throws me an exception which is the following:
System.Net.Http.HttpRequestException
Message=An error occurred while sending the request.
Source=System.Net.Http
...
Inner Exception 1:
COMException: The text associated with this error code could not be found.
The certificate authority is invalid or incorrect
I have searched for the problem but there's not a "specific" or "correct" answer I've found, could anyone help me with this issue please?
if code snippets are required, let me know!

How to use Firebase behind Firewall / Proxy?

We are running a simple application that connects to Firebase are reads some data. It fails to connect with the following timeout error:
#firebase/database: FIREBASE WARNING: {"code":"app/invalid-credential",
"message":"Credential implementation provided to initializeApp()
via the \"credential\" property failed to fetch a valid Google OAuth2 access token
with the following error: \"Failed to parse access token response: Error: Error
while making request: connect ETIMEDOUT
We are behind Firewall / Proxy and it appears that is blocking traffic to/from Firebase and hence failed connection. My question is what ports need to be opened and to what destination URLs to make this application work normally?
Any help will be much appreciated!
Finally, after struggling with the issue for several days got it working. Needed to contact network team and request to perform following actions:
Open ports 5228, 5229, 5230 for Firebase communication.
Opened communication at proxy level between the source server and following URLs:
fcm.googleapis.com
gcm-http.googleapis.com
accounts.google.com
{project-name}.firebaseio.com
Added following code in my node.js application:
var globalTunnel = require('global-tunnel-ng');
globalTunnel.initialize({
host: '<proxy-url>',
port: <proxy-port>,
//proxyAuth: 'userId:password', // optional authentication
sockets: 50 // optional pool size for each http and https
});
Installed module global-tunnel-ng:
npm install global-tunnel-ng
It solved the my problem and I hope it can help others too. :-)
I used Wireshark to monitor a local install of a Node.js application using the Admin SDK for firestore. I also referenced this list by Netify. This is what I found:
*.firebaseio.com
*.google.com
*.google-analytics.com
*.googleapis.com
*.firebase.com
*.firebaseapp.com

The authentication endpoint Kerberos was not found on the configured Secure Token Service

I've encountered a challenge regarding internet-facing deployment installation for CRM using a AD FS server. After the setup is complete, users are able to access the CRM server - but when trying to run custom pages the following error message is prompted:
"The authentication endpoint Kerberos was not found on the configured Secure Token Service!"
I've found several solutions on the internet for this issue:
First I found a KB article from Microsoft providing a possible
solution, this involves updating MEX endpoints by running a provided
PowerShell script.
(https://support.microsoft.com/en-us/help/2828015/configuring-ad-fs-2.1-with-microsoft-dynamics-crm-2011).
But this doesn't seem to be the issue.
Another solution could be to update the CRM rollup version (currently have version 14 installed, latest is version 18) - this is something that I want to avoid as it might lead to further issues.
Have anybody else encountered a similar issue, and in that case how did you solve it?
I have just spent last few days to figure this exact same error message and it turned out that it was the "Domain" attribute in crm connection string. Copied my answer to my own question at the Microsoft Dynamics CRM community forum here:
"Well, I found the culprit - it was the Domain attribute in the connection string:
For connecting from outside the domain, it does not like to have a Domain in the connection string:
Connection string format 1 (without Domain attribute): "Authentication Type=Passport;Server=https://devcrm.myco.com;Username=devuser#myco.com;Password=pwd" - this works both inside and outside the domain "myco.com"
Connection string format 2 (with Domain attribute): "Authentication Type=Passport;Server=https://devcrm.myco.com;Domain=myco;Username=devuser#myco.com;Password=pwd" - this only works inside the domain myco.com but NOT outside (exception: The authentication endpoint Kerberos was not found on the configured Secure Token Service!)

The key is in the Xrm.Client.CrmConnection.ClientCredential:
If Domain is NOT specified in the connection string, when connecting from outside domain, Xrm.Client.CrmConnection.ClientCredentials.UserName is populated whereas the ClientCredentials.Windows.ClientCredentials.UserName is empty.
But if the Domain is specified, Xrm.Client.CrmConnection.ClientCredentials.UserName becomes null and Xrm.Client.CrmConnection.ClientCredentials.Windows.ClientCredentials.UserName populated, which led to the service trying to authenticate user as a Windows AD user so of course it would fail when running app from outside Windows domain. And it explains why the same app works inside the domain even with Domain specified in the connection string.
For more detail, refer here for my original post asking for help in Dynamics CRM Forum

Resources