While calling HTTPS REST service inside BPEL SOA Process, I am getting remote fault with the below error:
oracle.fabric.common.FabricInvocationException:
javax.ws.rs.ProcessingException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
detail:
unable to find valid certification path to requested target
I can access the same REST service from basic java REST Client.
Both my WebLogic server and the sample java class (which connects to the web service without error) run on the same machine using same truststore cacerts.
What could be wrong here? Any help appreciated
I have already downloaded the certificates from the browser URL and imported to cacerts
Related
I have disabled TLS 1.0 and TLS 1.1. in Identity Server (v4 running in a Service Fabric Cluster using WebHostBuilder, targeting .NET 4.6.2 using a self-signed cert). I have added the following in Startup.cs:
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
And I receive the following error:
System.InvalidOperationException: IDX10803: Unable to create to obtain
configuration from: 'https://services.mytest.com:8443/oauth/.well-
known/openid-configuration'. ---> System.IO.IOException: Unable to get
document from: https://services.mytest.com:8443/oauth/.well-
known/openid-configuration ---> System.Net.Http.HttpRequestException: An
error occurred while sending the request. ---> System.Net.WebException: The
underlying connection was closed: An unexpected error occurred on a receive.
---> System.ComponentModel.Win32Exception: The client and server cannot
communicate, because they do not possess a common algorithm
I've looked at the questions here:
IDX10803: Unable to create to obtain configuration
Unable to obtain configuration from well-known/openid-configuration
I've tried the suggestions (including adding the cert to trusted root)
I don't know much about that particular piece of software but the problem here is not that the certificate is not trusted (according to the error message) but your server and client try to negotiate during TLS handshake which protocol version, cryptographic ciphers and keyexchange mechanism should be used. It would seem that the client and server have now become incompatible. Either change the client or the server.
See also for an related and post with a possible solution:
The client and server cannot communicate, because they do not possess a common algorithm
My servers has been recently upgraded to support TLS 1.2 and rest other (TLS 1.0 and TLS 1.1.) has been disabled. Now when I tries to generate the reference it gives me following exception:
service Url = https://server-name/service.asmx
Error: Cannot obtain Metadata from "service url" If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: "service url" Metadata contains a reference that cannot be resolved: "service url". An error occurred while making the HTTP request to "service url" This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. The underlying connection was closed: An unexpected error occurred on a send. Received an unexpected EOF or 0 bytes from the transport stream. HTTP GET Error URI: "service url" There was an error downloading "service url". The underlying connection was closed: An unexpected error occurred on a send. Received an unexpected EOF or 0 bytes from the transport stream.
I tried the solution at following link but didn't worked for me, Kindly help.
support.microsoft.com/kb/888528
We recently ran into this exact issue, after PCI compliance forced us to blanket-disable SSL3 and TLS 1.0. Ultimately, the best solution we found was the same one that client apps are using to allow connectivity to web services on .NET 4.5+; namely, adding some code to adjust that setting for Visual Studio at runtime. In the most basic form, that looks like this:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls | System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls12;
We did this via a VS package with a simple configuration UI, which is available in the visual studio gallery, if you want a drop-in solution:
https://visualstudiogallery.msdn.microsoft.com/63750942-1ebe-45dd-bade-552dd850873e
If you'd rather handle it yourself, all you need to do is create a VSIX package or an Add-In (both of which require the visual studio sdk).
Good luck!
I faced the same issue also, i was not able to add service reference in visual studio.
But after installing the Add-In and enabling the TLS1.2 in visual studio, I was able to update the service reference.
Tools -> Security Protocol Manager 2013
https://visualstudiogallery.msdn.microsoft.com/63750942-1ebe-45dd-bade-552dd850873e
I was getting error:
The request was aborted: Could not create SSL/TLS secure channel.
Metadata contains a reference that cannot be resolved:
An error occurred while making the HTTP request to https://...Service.svc.
This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
For ASP.NET project MSBuild gives some files in E:\Build such as:
TestProjectA.deploy.cmd
TestProjectA.SetParameters.xml
TestProjectA.SourceManifest.xml
TestProjectA.zip
To deploy from Windows 7 to Windows Server 2008 R2 (IIS 7)
Executing command gives following error message:
Command
C:\Program Files\IIS\Microsoft Web Deploy V3>msdeploy.exe -verb:sync -source:contentPath='E:\Build' -dest:contentPath='ra/files-to-pub',ComputerName="https://<IP>:8172/msdeploy.axd?site=ra",UserName='DEV\Administrator',Password='MyPassword',AuthType='Basic' -enableRule:DoNotDeleteRule -whatif -allowUntrusted
Error Message:
Info: Using ID 'd1bbee7a-e940-4be1-b41d-1847b3e7022d' for connections to the remote server.
Error Code: ERROR_COULD_NOT_CONNECT_TO_REMOTESVC
More Information: Could not connect to the remote computer ("[IP ADDRESS]") using the specified process ("Web Management Service") because the server did not respond. Make sure that the process ("Web Management Service") is started on the remote computer.
Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_COULD_NOT_CONNECT_TO_REMOTESVC.
Error: The remote server returned an error: (550).
Error count: 1
Given link suggest to do:
Ping the remote machine. *STATUS-OK
The msdepsvc or wmsvc service is started on the remote server. *STATUS-OK
Firewall is not blocking incoming connections of your ports on the destination. If it used the default installation, then it would be 80 for msdepsvc and 8172 for wmsvc. *STATUS-OK
Both of service are running at target server:
Web Management Services
Web Deployment Agent Service
What can do now to solve it?
If you have checked the basic stuff like
Credentials are correct
Website name is spelt correctly everywhere
And have tried the steps mentioned here
And it still didn't work then may I suggest troubleshooting using Web Management Service Failed Request Tracing
This might be too late, but for others checking this error. Verify the Site name too. IE, Default Web Site/SiteDeploy (or whatever you call it)
k
I'm getting this error when trying to deploy to azure using "Publish" from my MVC project. I checked Web Management Service and Web Deployment Agent Service and there are both running. Credentials I'm using are valid since I get access to server instance through remote desktop
I've also checked values for the properties VS filled for me on the "Publish Web" dialog and they are correct:
Service Url: https://*.cloudapp.net:8172/MsDeploy.axd (where * is my hosted service ID)
Site/Application: NLSubscriber.Web_IN_0_Web
Error 66 Web deployment task failed.(Could not connect to the destination computer (".cloudapp.net"). On the destination computer, make sure that Web Deploy is installed and that the required process ("The Web Management Service") is started.)
This error indicates that you cannot connect to the server. Make sure the service URL is correct, firewall and network settings on this computer and on the server computer are configured properly, and the appropriate services have been started on the server.
Error details:
Could not connect to the destination computer (".cloudapp.net"). On the destination computer, make sure that Web Deploy is installed and that the required process ("The Web Management Service") is started.
Unable to connect to the remote server
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxx.xxx.xxx.xxx:8172
0 0 NLSubscriber.Web
I've checked that the service url is reachable (and not blocked by
the firewall), by directly accessing it through my browser typing
just the same address VS is showing and after warning me about the
not trusted certificated, it prompted me for user/password, which I
provided and accessed it with no problem at all.
I've opened Remote Desktop and checked site name from IIS manager,
which is the same as pre-inputted by VS: NLSubscriber.Web_IN_0_Web.
What am I missing?
It seems Arwind has solved this issue on http://social.msdn.microsoft.com/Forums/en-US/windowsazuredevelopment/thread/dfe98f28-b211-4124-a505-0c664f48b3e5/
Please check the link and see whether it helps.
Best Regards,
Ming Xu.
Blockquote
I'm trying to test an already deployed web service through SoapUI. The service URL is https://hostname:82/Service.asmx. I modified the test Endpoint to reflect this. Web requests go through a proxy that uses Windows Authentication.
First I attempted to run the test directly but without success. All I got was an error:
401 - Unauthorized: Access is denied due to invalid credentials
Next, I entered proxy details and domain username/password into SoapUI proxy settings. This creates another error:
status# HTTP/1.1 502 Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. Forefront TMG is not configured to allow
SSL requests from this port. Most Web browsers use port 443 for SSL requests. )
I wasn't really paying attention to this until now so I ignored the error and went on to install Burp Suite hoping that this would help with Windows Authentication. I got the Internet working through Burp Suite but soapUI still doesn't do anything and I can't run any tests. This time the error is a bit different:
XML Parsing Error: syntax error Location:
https://hostname:82/Service.asmx Line Number 1, Column 1:Burp proxy
error: failed to connect to IP.
What am I doing wrong? :)
Figured it out in the end. I configured Burp proxy the wrong way. Instead of redirecting to my WS server, I was redirecting to our internet proxy which of course didn't know what to do.