How to identify app source of SCHANNEL error? - iis-7

Recently used IISCrypto to disable protocols less than TLS 1.2 on the IIS web server. Starting to see numerous SCHANNEL errors in the event log like so:
A fatal error occurred while creating an SSL client credential. The internal error state is 10013.
How do you determine which app is logging this error?

Related

Symfony Mailer with SendinBlue configuration problem

I am trying do deploy my website, and i'm using a third party transport to dispatch my emails like : confirmation after subscription and reset password emails.
I am using SendinBlue. I followed Symfony documentation and run composer require symfony/sendinblue-mailer
Then i added MAILER_DSN=sendinblue+smtp://USERNAME:PASSWORD#default in my .env file. Username and password seems correct, i also encoded special characters in my username.
My website is hosted on OVH, i can connect by SSH and run php bin/console messenger:consume async
I have an error message saying : WARNING [messenger] Error thrown while handling message Symfony\Component\Mailer\Messenger\SendEmailMessage. Sending for retry #1 using 1000 ms delay. Error: "Handling "Symfony\Component\Mailer\Messenger\SendEmailMessage" failed: Connection could not be established with host "ssl://smtp-relay.sendinblue.com:587": stream_socket_client(): unable to connect to ssl://smtp-relay.sendinblue.com:587 (Connection refused)"
I also tried to use the SendinBlue API key and got this message : WARNING [messenger] Error thrown while handling message Symfony\Component\Mailer\Messenger\SendEmailMessage. Sending for retry #1 using 1000 ms delay. Error: "Handling "Symfony\Component\Mailer\Messenger\SendEmailMessage" failed: Could not reach the remote Sendinblue server."
I guess i missed something, it's the first time i build a symfony application and im a little lost. I spent all day on this and could not find a solution.
Does anyone have an idea what i did wrong ?

Why I cannot access Firebase Storage

I'm using Firebase Storage to keep some files of my App. Suddenly I started to get an SSL errors on both iOS and Android platform and no idea what's the issue.
iOS :
NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://firebasestorage.googleapis.com:443/v0/b/XXXXX.appspot.com/o?delimiter=/, NSUnderlyingError=0x600002e81440 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9816, _kCFStreamErrorDomainKey=3, _kCFStr
FLTFirebaseStorage: An unknown error occurred while calling method Reference#listAll
Android :
V/NativeCrypto(16839): SSL handshake aborted: ssl=0xbd081f68: Failure in SSL library, usually a protocol error
V/NativeCrypto(16839): error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER (third_party/openssl/boringssl/src/ssl/tls_record.cc:242 0x9b4e9d4c:0x00000000)
W/NetworkRequest(16839): error sending network request GET https://firebasestorage.googleapis.com/v0/b/XXXXXX.appspot.com/o
According to our investigations, USOM (National Cyber Incident Response Center) seems to block firebase cloud storage services. The issue is interestingly seemed to be related more with Turkish Government rather than Firebase. This explains why VPNs still work for accessing your files. ISP is blocked by the government in order not to reach storage services of google. I think someone (may be a responsible team in Google) need to reach them and illuminate that their action is weird and they should not block whole storage service for preventing an access to a file which they think is illegal..
Here you can check the block list:
https://www.usom.gov.tr/url-list.txt
you can search firebasestorage.googleapis.com, it is there.

Cannot connect to a localhost SQL server database in UWP

I have created a UWP application for testing purposes in which my purpose is to be able the application to connect to a ASP.NET Web API with a certificate for Indivual User Accounts, I've hosted the db into localhost, after ensuring the connection its correct and everything its ok I have deployed my UWP app, the problem is that when I execute a call to a method inside the Account controller (api/Account), the compiler throws me an exception which is the following:
System.Net.Http.HttpRequestException
Message=An error occurred while sending the request.
Source=System.Net.Http
...
Inner Exception 1:
COMException: The text associated with this error code could not be found.
The certificate authority is invalid or incorrect
I have searched for the problem but there's not a "specific" or "correct" answer I've found, could anyone help me with this issue please?
if code snippets are required, let me know!

Unable to find SignalR trace logs on disk

I tried following links to generate server side SignalR trace on my production environment:
http://www.asp.net/signalr/overview/testing-and-debugging/enabling-signalr-tracing#server_text
https://github.com/SignalR/SignalR/wiki/Tracing-on-the-server-side
But, trace is not getting saved on disk as mentioned in the links(e.g., "default_traces.txt" or "transports.log.txt" respectively).
Please suggest where trace log file get saved?
I also checked following folders mentioned in first tutorial:
C:\inetpub\logs\LogFiles\W3SVC1
C:\inetpub\logs\FailedReqLogFiles\W3SVC1
But nothing related with SignalR found there. Any idea?
In my environment (VS2015 + IIS Express) log files are stored in web application folder (folder with web.config).
Be sure that your application pool has write permission on logs folder.
Also check SignalR error on client side. It can direct you to the cause of the problem.
For example, if client receives response 401 (Not authorized) (for example, on $.connection.hub.start()) it could mean that authentication middleware can not authenticate the client and responds with 401 without passing the request further through OWIN pipeline to SignalR. In this case SignalR does not emit any logs (it doesn't know about any request).

Classic asp "An error occurred when verifying security for the message." iis7 transport level security

On II7 we host a WCF/asp.net based API. In order to allow users of a classic asp application to connect to the API we had to publish a version we refer to as "transport". This Transport version is written in asp.net too, it points to the same assembly , its just the security layer is different to allow classic asp to authenticate. Transport level security is used as opposed to message based security.
When using a browser to load the service reference i can loading the svcutil.exe ... WDSL page.
When using my test asp page to call a web method from this reference i get the following returned:
Finished calling Web Service.
Status = Internal Server Error
ResponseText = a:InvalidSecurityAn error occurred when verifying security for the message.
This suggests that the authentication is failing. When testing using asp.net or the application WCF storm to contact the normal API everything works well.
The API was recently migrated , it would appear something has not been setup correctly but i am at a loss to explain what.
I can browse to the svcutil.exe ... WDSL service reference, when selecting it via the browser i get the expect XML response.
The USER NAME and password utilised work when using the non-classic asp publicaiton of the API using the message based secuirty.
Would it be possible to post some troubleshooting tip that may help diagnoise the issue please specifically regarding transport level security fault finding and setup ?
Thank you
Scott
EDITED TO ADD THE FOLLOWING UPDATE:
Attempted to use the Default App Pool and a new App Pool but same problem persists.
My test page error: ResponseText = a:InvalidSecurityAn error occurred when verifying security for the message.
IIS LOG shows:
v3/transport/testclassicasptransportwcfservice.asp ( 200 0 0 ) (i.e iis 200)
/V3/Transport/DeviceService.svc/DeviceService (500 0 0) (i.e iis error 500)
note: virtual dir defined on TRANSPORT and V3. V3 works ok using .net as opposed to classic asp to authenticate.
EVENT LOG:
The Template Persistent Cache initialization failed for Application Pool 'transport' because of the following error: Could not create a Disk Cache Sub-directory for the Application Pool. The data may have additional error codes.
This reference appears to suggest a fix but many of the DIR paths and references in "appcmd" dont exist.
_http://theether.net/kb/100127
REF http://theether.net/kb/100127
load cmd prompt
CD to C:\Windows\System32\inetsrv
enter: appcmd list config -section:system.webServer/asp
the following path is displayed: c:\inetpub\conf\temp\ASP compiled templates
check path exists (it does)
Check if the NETWORK SERVICE has permissions to access "ASP compiled templates" If not from appcmd execute;
icacls "c:\inetpub\conf\temp\ASP Compiled Templates" /grant "NETWORK SERVICE:(OI)(CI)(M)"
should read "sucessfully processed 1 files"
restarted app pool.
THE "InvalidSecurityAn error occurred when verifying security for the message" problem still persists but the "COULD NOT CREATE A DISK CACHE SUB-DIRECORY .... " error from the eventlog is no longer occurring.
Sorry another update. The network service permission change DID NOT resolve the issue , changeing to the DEFAULT APP POOL solved the problem.
Got a lead at last. Examined:
ServiceSecurityAudit set in service behaviour. Ref http://intrepiddeveloper.wordpress.com/2008/08/07/security-event-logging-auditing/#
IIS logs (simply shows the non-specific error 500.)
Fault tracing enabled( also shows error 500).
Custom errors were off
Friendly IE messages were off
Asp client side and server side debugging on
ProcessMon running , no errors.
Web.config httpErrors errorMode="Detailed" /> +
ServiceSecurityAudit found me an "Object reference not set to an instance of an object" so sounds like our app has a bug.
Follow up (17/08/11):
Service Security Audit documented here:
http://intrepiddeveloper.wordpress.com/2008/08/07/security-event-logging-auditing/
Was the key for us to resolve this issue. Uncovered the Object Reference Error which indicated out Business Objects and Data Access dlls were out of alignment. Using CLASSIC ASP to contact the WCF.NET API using TRANSPORT AUTHENTICATION there was abolutely no indication of this error until Service Security Audit was enavled on the behaviour.config file in the WCF deployment.

Resources