none
Web Service MA with TLS and client certificate RRS feed

  • Question

  • Hi!

    I've been struggling with the MIM sync 'Web Service' MA for weeks. The config-tool for web-services is able to successfully connect to our web-service, but when I try to create an MA for it it fails to connect. Only relevant error message is from SChannel that says its received a fatal alert from endpoint (code 40 - handshake failed). By increasing the logging of SChannel we also get a warning stating that it did not find a suitable client cert, and attempts to connect without any. (EventID 36875)

    I've been following this wiki for instructions for setting up the MA. One of the things that I cannot understand is that there is no mention of which certificate is going to be used when creating the actual MA. In the config-tool, I get to specify store and name of certificate, but not so when creating the MA in MIM Sync:

    • Under Connectivity there's only the config-file, server and port.
    • Under Global Params, there's only username and password:

    This is with the latest connectors from MS (1.1.953.0), and tested in three different environments on MIM 2016 SP1 (4.4.1642, 4.5.34) and SP2. OS's are win2012r2 or win2016.

    Any input would be greatly appreciated, as I'm all out of ideas...


    • Edited by SteinIP Wednesday, January 15, 2020 3:59 PM Added connector version number
    Wednesday, January 15, 2020 3:21 PM