locked
PerformancePoint DashboardDesigner with SSL - problem RRS feed

  • Question

  • Hello!

    DashboardDesigner encounters problem trying to get the lists dropdown menu when creating new SharePoint list data

    connection to a SharePoint 2010 site with a SSL certificate(a valid 90 days Komodo test certificate).

    First of all: when the site is accessed using anogher access mapping without SSL, everything works fine.
    One the other hand when using SSL the issue appears. So the problem is, no doubt, somehow related to SSL.

    The SSL certificate is added to local computer "Trusted Root Certification Authorities" using  mmc  "Certificates"

    snap-in on server. Also it's added to SharePoint's own certificates store using ManageTrust administration

    interface page.


    2 errors are produced in the server's event log any time a user reproduces the scenario.

    1.
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}"

    />
    <EventID>8311</EventID>
    <Version>14</Version>
    <Level>2</Level>
    <Task>13</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-18T16:12:41.751694800Z" />
    <EventRecordID>338808</EventRecordID>
    <Correlation ActivityID="{EC86D14D-7033-4AD6-B618-FD17A8E61081}" />
    <Execution ProcessID="8176" ThreadID="11956" />
    <Channel>Application</Channel>
    <Computer>XXX</Computer>
    <Security UserID="S-1-5-21-2076379620-870084425-2862497515-1292" />
    </System>
    <EventData>
    <Data Name="string0">CN=YYY, OU=Free SSL, OU=Hosted by LiderTelecom LTD, OU=Domain Control Validated</Data>
    <Data Name="string1">CN=EssentialSSL CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB</Data>
    <Data Name="string2">3095B7118E2D9043EB803CDE7085EFE8FD8F5B85</Data>
    <Data Name="string3">The root of the certificate chain is not a trusted root authority.</Data>
    </EventData>
    </Event>

    2.
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-SharePoint Products-PerformancePoint Service" Guid="{A7CD5295-CBBA-4DCA-8B67-

    D5BE061B6FAE}" />
    <EventID>1</EventID>
    <Version>14</Version>
    <Level>2</Level>
    <Task>1</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-18T16:12:41.754692700Z" />
    <EventRecordID>338809</EventRecordID>
    <Correlation ActivityID="{EC86D14D-7033-4AD6-B618-FD17A8E61081}" />
    <Execution ProcessID="8176" ThreadID="11956" />
    <Channel>Application</Channel>
    <Computer>XXX</Computer>
    <Security UserID="S-1-5-21-2076379620-870084425-2862497515-1292" />
    </System>
    <EventData>
    <Data Name="string1">The PerformancePoint Server could not connect to the specified data source. Verify that either

    the current user or application pool user has Read permissions to the data source, depending on your security

    configuration. Also verify that all required connection information is provided and correct.

    System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the

    SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is

    invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal

    (ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at

    System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at

    System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at

    System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at

    System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at

    System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at

    System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at

    System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest

    asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at

    System.Threading.ExecutionContext.runTryCode(Object userData) at

    System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode

    backoutCode, Object userData) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext,

    ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at

    System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer,

    Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack

    trace --- at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request) at

    System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request) at

    System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at

    Microsoft.PerformancePoint.Scorecards.DataSourceProviders.ListService.GetListCollection() at

    Microsoft.PerformancePoint.Scorecards.DataSourceProviders.SpListDataSourceProvider.GetCubeNameInfos() Error

    codePerformancePoint Services: 201.</Data>
    </EventData>
    </Event>

    The certificate information in error log corresponds the installed SSL certificate.

    Any help would be appreciated.
    • Moved by Anjali Ch -MSFT Monday, August 23, 2010 3:23 PM Moving to PPS (From:SharePoint 2010 - Setup, Upgrade, Administration and Operation)
    Wednesday, August 18, 2010 4:30 PM

Answers

  • I applied to MS support and  an MS support specialist Shazeb Khan basically suggested to check if all proper certificates are properly installed both to windows certificate store and to SP's own certificate store. So I took a closer look of the the things and the following cleared out.

    The problem scenario in 2 words. When I had been installing the certificates I did it through a file manager and and had chosen the option in wizard  to chose the store authomatically. One of the certificates in the certification path was “UTN - Datacorp SGC”. The wizard had chosen to install the certificate to user account certificate store, not local machine certificate store. But! In the local machine certificate store a certificate with the same name presented preventing me to understand, that something is going wrong. And only hardcore comparison of the certificate thumbprints made the situation clear for me.

    • Marked as answer by Nick Taranov Tuesday, August 24, 2010 6:45 AM
    Tuesday, August 24, 2010 6:43 AM

All replies

  • Hi,

    I think here it is.

    http://blogs.technet.com/b/blairb/archive/2010/08/18/using-ssl-with-sharepoint-2010-send-to-connections.aspx

     

    Regards.

    Shafaquat Ali.


    M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, URL: http://blog.WhatDoUC.net Phone: +923008210320
    Wednesday, August 18, 2010 6:17 PM
  • Hi,

    I think here it is.

    http://blogs.technet.com/b/blairb/archive/2010/08/18/using-ssl-with-sharepoint-2010-send-to-connections.aspx

    Thanks for the response.

    Unfortunately it's not :(  There and in some other blogs similar problems are resolved through adding the certificate to SP's own certificate store. But in my case it is already added, as I mention in the initial post, to SP's own certificate store(and readded and reckecked with PS and with the interface). And it still doesn't work.

    Any other ideas/thoughts?

    Thursday, August 19, 2010 6:01 AM
  • I applied to MS support and  an MS support specialist Shazeb Khan basically suggested to check if all proper certificates are properly installed both to windows certificate store and to SP's own certificate store. So I took a closer look of the the things and the following cleared out.

    The problem scenario in 2 words. When I had been installing the certificates I did it through a file manager and and had chosen the option in wizard  to chose the store authomatically. One of the certificates in the certification path was “UTN - Datacorp SGC”. The wizard had chosen to install the certificate to user account certificate store, not local machine certificate store. But! In the local machine certificate store a certificate with the same name presented preventing me to understand, that something is going wrong. And only hardcore comparison of the certificate thumbprints made the situation clear for me.

    • Marked as answer by Nick Taranov Tuesday, August 24, 2010 6:45 AM
    Tuesday, August 24, 2010 6:43 AM