UAG SP4 - ADFS - Issues Sharepoint 2010 Team Services RRS feed

  • Question

  • We have the following setup :

    Single Node UAG with HTTPS trunk using ADFS 2.0 :
     a claims aware Sharepoint 2010 site published with the SP 2010 template as :
      Public host name : host_public
      Server : host_internal
      HTTPS port : 443

    A hardware Load balancer with a VIP listening on host_internal:443 with a SSL certificare cert_a
     with 2 backend Sharepoint 2010 Win 2008 R2 servers using SSL with certificate cert_a

    When we're opening the following url on the UAG server itself : https://host_internal/_vti_bin/shtml.dll (to test the extensions), we're receiving a "Sharepoint Foundation Error".. which is normal but we can acces the extension.

    When doing the same on a client machine : https://host_public/_vti_bin/shtml.dll we receive an "HTTP 500 - Internal server error ". So we're unable to acces the extension. When we run a trace on uag we do see 3 errors:

    [0]10b8.1578 10/15/2014-10:03:09.286 [01eb7c40-f800-0000-1b7e-35aca4e7cf01] [sslbox SSLMachine::HandleDecryptMessageError SSLMachine.cpp@753] ERROR:SSLMachine::Read(): DecryptMessage failed (SEC_I_CONTEXT_EXPIRED) Error: 0

    [0]10b8.1578 10/15/2014-10:03:09.286 [01eb7c40-f800-0000-1b7e-35aca4e7cf01] [whlcspssl CCSPSSLDevice::SSLRead WhlCSPSSLDevice.cpp@2836] ERROR:SSLRead(3, 5356, host_internal:443, 0000000003A55390): m_pSSLMachine->Read() returned false

    [0]10b8.1578 10/15/2014-10:03:09.286 [01eb7c40-f800-0000-1b7e-35aca4e7cf01] [whlcspssl CCSPSSLDevice::ReadStateInternalRead WhlCSPSSLDevice.cpp@2465] ERROR:ReadStateInternalRead(3, 5356, host_internal:443, 0000000003A55390, ReadSSLBox): SSLRead() returned CSP_SSL_FAIL, Last read request returned CSP_SSL_MORE_R
    Unknown(234): GUID=03a4e905-377a-c24e-e675-8737734d2c95 (No Format Information found).
    Unknown(436): GUID=03a4e905-377a-c24e-e675-8737734d2c95 (No Format Information found).


    When we run the following url : https://host_public/_vti_bin/lists.asmx we do get to see all supported operations on the lists.asmx webservice.. So there's no SSL decrypting problem there...

    Anyone has an idea on why this is happening and only on the shtml.dll?



    • Edited by frederikvb Wednesday, October 15, 2014 8:14 AM
    Wednesday, October 15, 2014 8:13 AM