I am using exchange listener inside wcf service.
Recently we moved the applications to new Server.
we have installed SSL certificate as well in IIS.
we are getting error in ExchangeService.AutodiscoverUrl(string emailAddress) method in new server.
in old server it is working fine.
In the event viewer we are able to see the below error.
An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.
The TLS encryption protocol is not enabled on Windows Server. This may cause the connection failure of applications that connect via HTTPS protocol and TLS encryption.
You can determine which protocols are enabled by viewing the following registry keys:
To enable SSL3.0, please follow the steps below:
Using regedit to add the following keys:
1.Right click on protocols -> new -> key -> "SSL 3.0" then "TLS 1.0"
2.Under each of the keys above you need to create additional keys "Client" and "Server"
3.create DWORD (32bit) value called "Enabled" under each "Client" and "Server" key for "SSL 3.0 and TLS 1.0"
DWORD (32bit) Value
Value name = Enabled
Value date = 0
Value date can be set to "1" - Enabled or "0" – Disabled
4、restart your computer to implement the change
Related
I am trying to add DataPower 7.7 into API Management 2018.1.
I need to configure API Connect Gateway Service in DataPower (new APIC 2018.1 doesn't work with XML Management Service).
After configuration I got an error:
8:07:19 mgmt notice 959 0x00350015 apic-gw-service (default):
Operational state down
8:07:19 apic-gw-service error 959 0x88e00001 apic-gw-service
(default): Unexpected queue error: Domain check failed! Please ensure that
the 'default' domain exists and is enabled. Also, please verify that the API
Gateway Service is configured with the correct domain and SOMA credentials.
8:07:19 apic-gw-service error 959 0x88e000a0 apic-gw-service
(default): Failed to initialize gateway environment: datapower
DP version is 7.7.
Please suggest, if you have any information or manuals.
Note: Domain exists, main services are enabled
It's hard to tell what exactly the problem is based on the log messages shown above.
Update to original answer:
See also the documentation that is now available in the IBM API Connect Knowledge Center: https://www.ibm.com/support/knowledgecenter/SSMNED_2018/com.ibm.apic.install.doc/tapic_install_datapower_gateway.html
However, here are the basic steps for configuring a DataPower gateway to work with API Connect 2018.x.
You will need to ensure:
DataPower is running DP 7.7.0.0 or higher.
You have the AppOpt license installed. (Use the “show license” command in the DataPower CLI to confirm.)
You have a shared certificate and a private key for securing the
communication between the API Connect management server and the
gateway.
On DataPower, you need to:
Create an application domain. All of the subsequent configuration should be done in the application domain.
Enable statistics
Upload your private key and shared certificate to the cert:// directory in the application domain.
Create a crypto key object, a crypto certificate and a crypto identification credentials object using your key and certificate.
Create an SSL client profile and an SSL server profile that reference the crypto identification credential object.
Configure a gateway-peering object.
Configure and enable the API Connect Gateway Service in the application domain.
At that point, you should be able to configure the gateway in the API Connect cloud manager.
Here are the DataPower CLI commands to create a basic configuration. In the configuration below, IP address 1.1.1.1 represents a local IP address on your DataPower appliance. Traffic from the API Connect management server to the gateway will be sent to port 3000. API requests will go to port 9443 (but you can change it to the more standard port, 443, if you prefer.)
For a production environment, you will want to build on this configuration to ensure you are running with at least 3 gateways in the peer group, but this will get you started.
Create the application domain called apiconnect
top; configure terminal;
domain apiconnect; visible default; exit;
write mem
Use the Web GUI to upload your private key and shared certificate to the cert:// folder in the apiconnect domain
Then run these commands to create the configuration in the apiconnect domain
switch apiconnect
statistics
crypto
key gw_to_apic cert:///your-privkey.cer
certificate gw_to_apic cert:///your-sscert.cer
idcred gw_to_apic gw_to_apic gw_to_apic
ssl-client gwd_to_mgmt
idcred gw_to_apic
no validate-server-cert
exit
ssl-server gwd_to_mgmt
idcred gw_to_apic
no request-client-auth
validate-client-cert off
exit
exit
gateway-peering apic
admin-state enabled
local-address 1.1.1.1
local-port 15379
monitor-port 25379
priority 100
enable-ssl off
enable-peer-group off
persistence local
exit
apic-gw-service
admin-state enabled
local-address 0.0.0.0
local-port 3000
api-gw-address 0.0.0.0
api-gw-port 9443
v5-compatibility-mode on
gateway-peering apic
ssl-server gwd_to_mgmt
ssl-client gwd_to_mgmt
exit
write mem
The problem you are seeing is an issue with creating your api connect service in the default domain. To work around just put your Api Gateway Service in a domain other than default.
I have a WCF-BasicHTTP send port configuredas follows:
Security tab Security mode:Transport;
Transport client credential type: Certificate;
Client certificate: (thumbprint of our client cert);
Service certificate: (thumbprint of the service's public key cert).
General tab, Endpoint Identity: everything is left blank.
There is a send pipeline component that substitutes alternative endpoint addresses depending on the interaction type (all endpoints share the same base URL).
Recently, our trading partner has renewed their server certificate, and failed to notify us in advance. The send port continues working (good). However, the behaviour leads me to believe that even though BizTalk forced me to specify some service certificate thumbprint, the adapter then does not actually verify the service certificate thumbprint against what's set in the binding. I can't figure out if this is a bug or by design?
I have got a simple BizTalk Application in which there is only one schema and pipeline. I have simply add XML Validator in validate stage of pipeline.I have deployed this app in BizTalk Server 2010.
Now I have created a receive location which takes a XML file and set its receive pipeline which i have created. I have also marked "Enable routing for failed messaged" in receive port.
I have also created a SMTP send port and and configured it with mail server name and etc.
Receive port is working fine but send port is unable to send emails.
When i check "Track Service Instance" is shows an error "Transport failed to connect to the server".
Update: I am using Gmail SMTP server name in order to send e-mails and I am getting the error "The server rejected the sender address. The server response was: 530 5.7.0 Must issue a STARTTLS command first. ye1sm22267001pab.19 - gsmtp"
Where could be the problem? Any help will be appreciated
With that error in your update the problem is clear.
The Gmail server is expecting a SSL connection.
See SMTP TLS problem
The standard SMTP adapter does not support SSL/TLS connections.
You will need to write a custom adapter or purchase a third party
adapter to support SSL connections
http://www.nsoftware.com/products/biztalk/adapters/emails.aspx
Greg.Forsythe
EDIT: An alternative is to connect to a local SMTP server that doesn't require SSL/TLS and let it route the e-mails.
Are you running 32 bit or 64 bit? Is your tracking host in 32 bit or 64 bit? MIME/SMIME encoder pipeline can't run in 64 bit mode... are you using that?
http://msdn.microsoft.com/en-us/library/gg634591.aspx
"Transport failed to connect to the server"
This error message basically means the BizTalk SMTP adapter is unable to connect to the SMTP server or the server does not allow to send the e-mail.
Try connecting to the SMTP server with the telnet client (you may need to install this as an additional feature) or by configuring the proxy (available on the SMTP adapter and adapter defaults).
It might also be the case that you need to authenticate towards the SMTP server.
Also, some SMTP servers do not allow to send an e-mail from an unknown domain like "someone#notthenameofthecompany.com".
Hope this helps.
I have a WCF service which is being called from my web application.
The WCF service call is made on SSL port 443.
When my application makes the call, i recieve the following error message in my log file:
The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'
I checked the iis authentication headers on my machine(IIs 5.1) and the machine where the WCF service is deployed(IIS 6.0) using the cscript command:
For iis 5.1
adsutil set w3svc/1/ntauthenticationproviders "Negotiate,NTLM"
Simlilarly, the header has been set on server machine IIS 6.0 using the command:
adsutil set w3svc/1/root/ntauthenticationproviders "Negotiate,NTLM"
I have repeatedly checked the headers and they have the same value of "Negotiate,NTLM" at both ends, yet my service call is failing.
Kindly help.
With NTLM authentication, the user executing on the calling server must be verifiable within the domain within the headers. This would mean that your IIS 5.1 machine would have to have its IIS instance (application pool) running under a domain viable user. Since the application pool is almost universally run by either Local System, Network Service, or AppPoolService (or similar system account) nome of which are domain available, you will need to configure the IIS instance that is performing the call to be run by a service account with appropriate permissions in the domain.
My company is currently migrating some of their really old db's to sql server 2005. Some legacy apps have problems connecting to the new server. The connection string works in Asp.NET 2.0, probably because it assumes tcp:1433 automatically.
I have to construct the connection string like this in ASP.NET 1.1 for it to work:
"Server=tcp:my.server.com,1433;..."
Without the protocol and the port, the connection fails ("Invalid Connection exception")
TCP 1433 and UDP 1434 are open on our firewall. On SQL Server 2005 Remote Access is enabled, so is TCPIP, the SQL Browser service is running, I use the proper login credentials.
Any ideas why I can't just specify the server name without protocol and port number?
IIRC SQL Server 2005 defaults to find any-old-port that is available. On my laptop this means port 1212.
To force it to a specific port you must go to Start->Programs->SQL Server 2005->Configuration Tools->SQL Server Configuration Manager
From here you must go to SQL Server 2005 Network Configuration->Protocols for (name of service)->Right click on TCP/IP->Properties->Choose tab "IP Address" and set TCP Dynamic Ports to .
For some reason "0" means "Yes, use dynamic ports" and (i.e. no entry in field) menas "No, I will specify it myself"
Then fill in the field TCP Port with 1433.
Do so on all adapters that are listed, and restart the SQL Service.
You can now check if the service is indeed on the right port by doing the following
Start->Run->cmd.exe
C:>netstat -ano
look for an entry like this
local address <stuff> PID
0.0.0.0:1433 <some number>
Now do
C:>tasklist
and look for the task with the number from above. This task should be called something like sqlsrvr.exe.
Perhaps your SQL Server is configured for multi-protocol, and it's trying to use the other protocol first and failing, perhaps for some security reason (the account that the app is running as in IIS). Just a guess.
Check the "SQL Native Client Configuration" settings in "SQL Configuration Manager" on the ASP.NET machine. The default connection settings are set there. Also try messing with the MDAC configuration:
http://msdn.microsoft.com/en-us/library/ms131035.aspx