|
Home > Archive > BizTalk Server > April 2004 > BizTalk.SendHTTPX.1 server odd-size(1000 bit) certificate issue
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
BizTalk.SendHTTPX.1 server odd-size(1000 bit) certificate issue
|
|
|
| Hi All,
Please read this message carefully before you reply, thanks! I have searched through all the newsgroup for possible solution. but nothing helped!
We have encounted a very strange problem here.
We send XML message over HTTPS to our partner. Our production server worked fine with their old production server. The root certificate of their (web ) server certificate is the same for both their new/old production systems. So I can assure that the
root certificate was installed correctly on my production biztalk server.(otherwise it wouldn't work with their old production server).
Now problem happens when we connect to their new production server, we find the error in the event log
*****************begin of error**************
[0x80090327] An error occurred during transmission:
A secure connection with the remote server could not be negotiated. The server's certificate may not be valid.
Request information:
***************end of error*******************
After the network sniffing, we found that the traffic was fine when it reached our firewall. but sniffing result on our production server showed that only part of their Root certificate was received (web server certificate was received well) and the com
municate failed at SSL handshake phase.
Now we are totally confused and don't know where the problem is - if it is biztalk, then why Biztalk worked with partner's old production server with the same CA root certificate? If it is partner's problem, then the traffic was good at firewall?
Then I found a Microsoft KB article Q296833 - stating that windows has problem in handling odd-sized key certificate. But that's also not very convincing since it worked with partner old production server. (althought their root certificate is indeed odd-s
ized key, 1000-bit)
Ok, now we upgrade the machine from win2k to win2003, but unfortunate the problem persistes!
Any one experience the same problem?
Thanks for any possible help!
| |
| larry franks 2004-04-23, 3:36 pm |
| I would think that if the certificate is changing when it comes through the
firewall that this is most likely the problem. What happens if you use a
web browser to go to the customers site? Do you get a popup or other
error/warning on the certificate? Also does a network sniff of that
connection look different in regards to the certificate when it comes
through the firewall?
Larry Franks
This posting is provided "AS IS" with no warranties,and confers no rights.
Subscribe at
http://support.microsoft.com/defaul...msdn/nospam.asp
&SD=msdn
--------------------
| Thread-Topic: BizTalk.SendHTTPX.1 server odd-size(1000 bit) certificate
issue
| thread-index: AcQpLAv6HGn4aXOTRNuy2Ewzl/cdgA==
| X-WN-Post: microsoft.public.biztalk.server
| From: =?Utf-8?B?VG9t?= <sapj2ee@nospam.nospam>
| Subject: BizTalk.SendHTTPX.1 server odd-size(1000 bit) certificate issue
| Date: Fri, 23 Apr 2004 05:11:02 -0700
| Lines: 26
| Message-ID: <9AD541AC-9A3B-4486-8800-CF13FD361B63@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.biztalk.server
| Path: cpmsftngxa10.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.biztalk.server:9353
| NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
| X-Tomcat-NG: microsoft.public.biztalk.server
|
| Hi All,
Please read this message carefully before you reply, thanks! I have
searched through all the newsgroup for possible solution. but nothing
helped!
We have encounted a very strange problem here.
We send XML message over HTTPS to our partner. Our production server
worked fine with their old production server. The root certificate of their
(web ) server certificate is the same for both their new/old production
systems. So I can assure that the root certificate was installed correctly
on my production biztalk server.(otherwise it wouldn't work with their old
production server).
Now problem happens when we connect to their new production server, we
find the error in the event log
*****************begin of error**************
[0x80090327] An error occurred during transmission:
A secure connection with the remote server could not be negotiated. The
server's certificate may not be valid.
Request information:
***************end of error*******************
After the network sniffing, we found that the traffic was fine when it
reached our firewall. but sniffing result on our production server showed
that only part of their Root certificate was received (web server
certificate was received well) and the communicate failed at SSL handshake
phase.
Now we are totally confused and don't know where the problem is - if it
is biztalk, then why Biztalk worked with partner's old production server
with the same CA root certificate? If it is partner's problem, then the
traffic was good at firewall?
Then I found a Microsoft KB article Q296833 - stating that windows has
problem in handling odd-sized key certificate. But that's also not very
convincing since it worked with partner old production server. (althought
their root certificate is indeed odd-sized key, 1000-bit)
Ok, now we upgrade the machine from win2k to win2003, but unfortunate the
problem persistes!
Any one experience the same problem?
Thanks for any possible help!
|
| |
|
| Larry,
When I open the IE to the customer site, everything is normal, no pop-up for certificate since the root certifcate has been installed correctly on the production biztalk server. and the network sniffing showed everything was correct with the IE session
. (certificate was fine at both firewall and biztalk server macine.) SSL handshake was fine in IE session.
Thanks
Tom
| |
| larry franks 2004-04-27, 10:36 am |
| Ok, let me see if I can find anything on this.
Larry Franks
This posting is provided "AS IS" with no warranties,and confers no rights.
Subscribe at
http://support.microsoft.com/defaul...msdn/nospam.asp
&SD=msdn
--------------------
| Thread-Topic: BizTalk.SendHTTPX.1 server odd-size(1000 bit) certificate
issue
| thread-index: AcQpajZPutZnXFOERgCjnu2T4Ez6+Q==
| X-WN-Post: microsoft.public.biztalk.server
| From: =?Utf-8?B?VG9t?= <sapj2ee@nospam.nospam>
| References: <9AD541AC-9A3B-4486-8800-CF13FD361B63@microsoft.com>
<BaI3lZWKEHA.2520@cpmsftngxa10.phx.gbl>
| Subject: RE: BizTalk.SendHTTPX.1 server odd-size(1000 bit) certificate
issue
| Date: Fri, 23 Apr 2004 12:36:02 -0700
| Lines: 7
| Message-ID: <59C13BA6-D96C-4AC5-825A-7ACF88B4C7A1@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.biztalk.server
| Path: cpmsftngxa10.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.biztalk.server:9360
| NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
| X-Tomcat-NG: microsoft.public.biztalk.server
|
| Larry,
When I open the IE to the customer site, everything is normal, no pop-up
for certificate since the root certifcate has been installed correctly on
the production biztalk server. and the network sniffing showed everything
was correct with the IE session. (certificate was fine at both firewall and
biztalk server macine.) SSL handshake was fine in IE session.
Thanks
Tom
|
| |
| larry franks 2004-04-27, 11:37 am |
| Followup, what version of BizTalk and what service pack level?
Larry Franks
This posting is provided "AS IS" with no warranties,and confers no rights.
Subscribe at
http://support.microsoft.com/defaul...msdn/nospam.asp
&SD=msdn
--------------------
| Newsgroups: microsoft.public.biztalk.server
| From: larryfr@online.microsoft.com ("larry franks")
| Organization: Microsoft
| Date: Tue, 27 Apr 2004 14:44:13 GMT
| Subject: RE: BizTalk.SendHTTPX.1 server odd-size(1000 bit) certificate
issue
| X-Tomcat-NG: microsoft.public.biztalk.server
| MIME-Version: 1.0
| Content-Type: text/plain
| Content-Transfer-Encoding: 7bit
|
| Ok, let me see if I can find anything on this.
|
| Larry Franks
|
| This posting is provided "AS IS" with no warranties,and confers no
rights.
| Subscribe at
|
http://support.microsoft.com/defaul...msdn/nospam.asp
| &SD=msdn
| --------------------
| | Thread-Topic: BizTalk.SendHTTPX.1 server odd-size(1000 bit) certificate
| issue
| | thread-index: AcQpajZPutZnXFOERgCjnu2T4Ez6+Q==
| | X-WN-Post: microsoft.public.biztalk.server
| | From: =?Utf-8?B?VG9t?= <sapj2ee@nospam.nospam>
| | References: <9AD541AC-9A3B-4486-8800-CF13FD361B63@microsoft.com>
| <BaI3lZWKEHA.2520@cpmsftngxa10.phx.gbl>
| | Subject: RE: BizTalk.SendHTTPX.1 server odd-size(1000 bit) certificate
| issue
| | Date: Fri, 23 Apr 2004 12:36:02 -0700
| | Lines: 7
| | Message-ID: <59C13BA6-D96C-4AC5-825A-7ACF88B4C7A1@microsoft.com>
| | MIME-Version: 1.0
| | Content-Type: text/plain;
| | charset="Utf-8"
| | Content-Transfer-Encoding: 7bit
| | X-Newsreader: Microsoft CDO for Windows 2000
| | Content-Class: urn:content-classes:message
| | Importance: normal
| | Priority: normal
| | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| | Newsgroups: microsoft.public.biztalk.server
| | Path: cpmsftngxa10.phx.gbl
| | Xref: cpmsftngxa10.phx.gbl microsoft.public.biztalk.server:9360
| | NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
| | X-Tomcat-NG: microsoft.public.biztalk.server
| |
| | Larry,
| When I open the IE to the customer site, everything is normal, no
pop-up
| for certificate since the root certifcate has been installed correctly on
| the production biztalk server. and the network sniffing showed everything
| was correct with the IE session. (certificate was fine at both firewall
and
| biztalk server macine.) SSL handshake was fine in IE session.
|
| Thanks
|
| Tom
|
| |
|
| |
|
|
| larry franks 2004-04-30, 10:38 am |
| There's nothing I'm finding on this. The only suggestions I can make at
this point would be to have your trade partner try reloading the
certificate on the new machine and to try reloading the root ca on this
machine. Also try logging on as he BizTalk service account and using IE to
see if it returns a failure talking to the remote web site.
If the only thing that changed here is that your trade partner changed to a
new machine, then there really should be no config changes that we'd need
to make to BizTalk or your firewall. It almost has to be something with
the cert or the new machine.
Beyond those generic suggestions I would recommend opening a support
incident to troubleshoot this further. Most likely we'd need to coordinate
netmon logs on both sides of the firewall as well as from your tradepartner
sending the packets out and have the IIS group look them over.
Larry Franks
This posting is provided "AS IS" with no warranties,and confers no rights.
Subscribe at
http://support.microsoft.com/defaul...msdn/nospam.asp
&SD=msdn
--------------------
| Thread-Topic: BizTalk.SendHTTPX.1 server odd-size(1000 bit) certificate
issue
| thread-index: AcQska4KfQ9rh1ydTeKYEocSpv68bw==
| X-WN-Post: microsoft.public.biztalk.server
| From: =?Utf-8?B?VG9t?= <sapj2ee@nospam.nospam>
| References: <9AD541AC-9A3B-4486-8800-CF13FD361B63@microsoft.com>
<BaI3lZWKEHA.2520@cpmsftngxa10.phx.gbl>
<59C13BA6-D96C-4AC5-825A-7ACF88B4C7A1@microsoft.com>
<MeTkgYGLEHA.1460@cpmsftngxa10.phx.gbl>
<$rnlq1GLEHA.1460@cpmsftngxa10.phx.gbl>
| Subject: RE: BizTalk.SendHTTPX.1 server odd-size(1000 bit) certificate
issue
| Date: Tue, 27 Apr 2004 12:56:07 -0700
| Lines: 1
| Message-ID: <A4F27B00-B207-4210-99EF-4EE2ADEE3124@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.biztalk.server
| Path: cpmsftngxa10.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.biztalk.server:9375
| NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
| X-Tomcat-NG: microsoft.public.biztalk.server
|
| it is biztalk2002+SP1
|
|
|
|
|
|