I have an WPF app, which uses SSLStream to connect to server and send/receive some messages. My code is largerly based on this example (SslTcpClient): https://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx.
This worked fine for months. However, after getting this windows update (Cumulative Update for Windows 10 version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016 — https://support.microsoft.com/en-us/kb/3163018). My app started to report this exception:
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The Local Security Authority cannot be contacted
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at MyAPP.Core.Services.Network.Impl.SslTcpClient.ClientSideHandshake()
at MyAPP.Core.Services.Network.Impl.SslTcpClient.Connect()
at MyAPP.Core.Services.Impl.MessageService.SendMessage(String message)
What can I do ?
У меня есть следующий код:
public GetUserDataResponse GetUserDataFromService(X509Certificate2 certificate)
{
ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract> factory = new ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract>("NetTcpBinding_IMyApp4SITHSServiceContract_Certificate");
MyApp4SITHSService.IMyApp4SITHSServiceContract service;
GetUserDataResponse response;
factory.Credentials.ClientCertificate.Certificate = certificate;
//factory.Credentials.UserName.UserName = "me";
//factory.Credentials.UserName.Password = "password";
service = factory.CreateChannel();
LogHandler.WriteLine("Connecting to service");
response = service.GetUserData(new GetUserDataRequest());
LogHandler.WriteLine("Data received");
factory.Abort();
return response;
}
В первый раз, когда я запускаю это, он работает отлично, во второй раз я получаю следующее исключение на service.GetUserData:
Произошла первая случайная ошибка типа «System.ServiceModel.Security.SecurityNegotiationException» в mscorlib.dll
Не удалось выполнить вызов SSPI, см. внутреннее исключение.
Локальный центр безопасности не может связаться
Im, используя следующие конфигурации:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="CertificateEndpointBehavior">
<clientCredentials>
<!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople"/>-->
<!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>-->
<serviceCertificate>
<authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="Infinite" sendTimeout="01:00:00" transactionFlow="false"
transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="1000"
maxBufferPoolSize="2147483647" maxBufferSize="2147483647"
maxConnections="200" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="Infinite"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
<message clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://localhost:8135/MyApp4SITHSService/Client/sll"
behaviorConfiguration="CertificateEndpointBehavior" binding="netTcpBinding"
bindingConfiguration="netTcpCertificate" contract="MyApp4SITHSService.IMyApp4SITHSServiceContract"
name="NetTcpBinding_IMyApp4SITHSServiceContract_Certificate">
<identity>
<dns value="MyAppServer" />
</identity>
</endpoint>
</client>
</system.serviceModel>
Любая идея, почему я получаю эту проблему и как ее решить?
You may get the errors, «A call to SSPI failed, see inner exception» and «The certificate chain was issued by an authority that is not trusted«. While they should have no impact on your end-users, you’d still like to clean them up from the logs.
Qlik Sense otherwise functions without issues.
Example error:
System.Proxy.Qlik.Sense.Communication.Communication.Tcp.StreamFactory 16 c2972806-6ae3-4559-8ebf-c7c2201335f3 xxxxx Failed to authenticate stream as Server The client and server cannot communicate, because they do not possess a common algorithm↵↓A call to SSPI failed, see inner exception. NO-STACKTRACE↵↓ at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
These, unfortunately, are not Qlik Sense errors, but rather errors from Windows that Qlik Sense reports. You should also be able to see them in your Windows Application logs. For more information, please search out Windows Support.
- A possible root cause for Windows reporting these errors is a missing or wrong certificate thumbprint.
If a third party certificate is being used in the environment, verify that the correct thumbprint is added to the Qlik Sense Proxy.
- It may also be related to the load balancer.
A common behaviour for a load balancer is a quite constant interval between two SSPI failures on Sense, generally because the basic load balances HTTPS health check doesn’t complete the HTTPS handshake. The error «because they do not possess a common algorithm» is for this reason. The fast check can be done by changing the frequency of HTTP health check on the load balancer and seeing the corresponding interval change on the Qlik Sense side pay attention if multiple LB nodes are present.
try
{
_apnsStream.AuthenticateAsClient("gateway.sandbox.push.apple.com", certificates, System.Security.Authentication.SslProtocols.Ssl3, false);
}
I am getting this error "A call to SSPI failed, see inner exception" at the above line while using Moon-Apns dll in my .net web service… can any one suggest me to solve this issue.
Jon
4,7362 gold badges24 silver badges37 bronze badges
asked Sep 19, 2013 at 11:25
2
Change:
System.Security.Authentication.SslProtocols.Ssl3
to:
System.Security.Authentication.SslProtocols.Tls
Wyetro
8,4199 gold badges45 silver badges64 bronze badges
answered Oct 16, 2014 at 19:56
JCLopezJCLopez
911 silver badge3 bronze badges
use production certificate and not development certificate.
use gateway.push.apple.com instead of gateway.sandbox.push.apple.com
AND System.Security.Authentication.SslProtocols.Ssl3 to System.Security.Authentication.SslProtocols.Tls
Pop
12.1k5 gold badges54 silver badges68 bronze badges
answered Nov 3, 2014 at 12:19
I do not know if this will be helpful after a year, but I leave the answer for iOS8.
Apple has changed the server security and right on the line you mention, you have to change from SSL to TLS:
Original code:
_apnsStream.AuthenticateAsClient(host,certificates,System.Security.Authentication.SslProtocols.Ssl3, false);
New code:
_apnsStream.AuthenticateAsClient(host,certificates,System.Security.Authentication.SslProtocols.Tls, false);
I hope this information is helpful to someone.
Someone commented this in the GIT forum
answered Oct 14, 2014 at 7:29
Stornu2Stornu2
2,2843 gold badges27 silver badges47 bronze badges
I faced same issue currently, The reason was whatever .p12 given/assigned in ASP.net script in back end that .p12 file’s corresponding certificate of push notification in keychain was expired, i simply created new developer certificate in and new developer provisioning profile then exported the .p12 file on newly created developer certificate and given to back end developer he assigned that new .p12 in his script, i assigned the newly created provisioning profile in my xcode. and it worked.
answered Dec 16, 2016 at 12:17
iShwariShwar
1,6251 gold badge16 silver badges31 bronze badges
Есть сервер с настройкой:
ServiceHost host = new ServiceHost(typeof(MyService)); NetTcpBinding binding = new NetTcpBinding(); binding.PortSharingEnabled = true; host.AddServiceEndpoint(typeof(IContract), binding, "net.tcp://localhost"); host.Open();
Есть клиент с подключением:
NetTcpBinding binding = new NetTcpBinding();
IContract channel = ChannelFactory<IContract>.CreateChannel(binding, new EndpointAddress("net.tcp://192.168.0.10"));
channel.Metod();
При работе клиента и сервера на одном ПК всё работает, а по локальной сети клиент не видит сервер. Выдает ошибка TCP 10060.
Какие настройки нужно поменять и где, чтобы ПК с «сервером» был виден «клиенту» на другой машине?
Где можно чего почитать на эту тему?