none
Web Node HTTPS Configuration Error RRS feed

  • Question

  • Hey TechNet,

    I am trying to enable HTTPS between Client Applications and Microsoft R Server. I followed the instructions here: https://docs.microsoft.com/en-us/machine-learning-server/operationalize/configure-https

    The web node has started. In the Administration Utility it says the endpoint is https://localhost/ , so I think I have my config file correct.

    However, when i try to connect with 

    remoteLogin("https://localhost", 
                diff = TRUE,
                session = TRUE,
                commandline = TRUE)

    in RGUI, it gives me "Error: SSL connect error". When I try to Run diagnostics in the Administration Utility it gives me Error:Cannot establish connection with the web node.

    In the log file it gives me this stack trace.

    2017-09-25 11:14:57.730 -04:00 [Error] ConnectionFilter.OnConnection
    System.AggregateException: One or more errors occurred. (A call to SSPI failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The context has expired and can no longer be used
       --- End of inner exception stack trace ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
       at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
       at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.<OnConnectionAsync>d__6.MoveNext()
       --- End of inner exception stack trace ---
    ---> (Inner Exception #0) System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The context has expired and can no longer be used
       --- End of inner exception stack trace ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
       at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
       at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.<OnConnectionAsync>d__6.MoveNext()<---

    Any ideas? 

    Monday, September 25, 2017 4:56 PM

All replies

  • My cert is a wildcard cert. Could that have something to do with it? Is that supported?
    Monday, September 25, 2017 7:41 PM
  • This error happens both with LDAP and the builtin admin account.
    Monday, September 25, 2017 7:47 PM
  • So I created a new cert that is not a wildcard and I get some new errors.

    2017-09-26 11:06:02.494 -04:00 [Information] 
    Error: Cannot establish connection with the web node. Please check if the web node is running and try to start it if it is not.
    2017-09-26 11:06:02.494 -04:00 [Error] 
    Error: Cannot establish connection with the web node. Please check if the web node is running and try to start it if it is not.
    System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: A security error occurred
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
       at System.Net.Http.WinHttpHandler.<StartRequest>d__105.MoveNext()
       --- End of inner exception stack trace ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
       at System.Net.Http.HttpClient.<FinishSendAsync>d__58.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.RServer.Utils.Client.DeployRClient.<LoginAsync>d__8.MoveNext() in C:\swarm\workspace\deployr-9.0.2\product\utils\src\Microsoft.RServer.Utils.Client\DeployRClient.cs:line 51
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.RServer.Utils.AdminUtil.Authentication.LdapLoginPrompt.<LoginDeployRClientAsync>d__2.MoveNext() in C:\swarm\workspace\deployr-9.0.2\product\utils\src\Microsoft.RServer.Utils.AdminUtil\Authentication\LdapLoginPrompt.cs:line 28

    That appears in the Admin Utility log.

    2017-09-26 10:56:10.274 -04:00 [Error] ConnectionFilter.OnConnection
    System.AggregateException: One or more errors occurred. (The credentials supplied to the package were not recognized) ---> System.ComponentModel.Win32Exception: The credentials supplied to the package were not recognized
       at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface secModule, String package, CredentialUse intent, SecureCredential scc)
       at System.Net.SslStreamPal.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential secureCredential)
       at System.Net.SslStreamPal.AcquireCredentialsHandle(X509Certificate certificate, SslProtocols protocols, EncryptionPolicy policy, Boolean isServer)
       at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPrint)
       at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
       at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
       at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
       at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.<OnConnectionAsync>d__6.MoveNext()
       --- End of inner exception stack trace ---
    ---> (Inner Exception #0) System.ComponentModel.Win32Exception: The credentials supplied to the package were not recognized
       at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface secModule, String package, CredentialUse intent, SecureCredential scc)
       at System.Net.SslStreamPal.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential secureCredential)
       at System.Net.SslStreamPal.AcquireCredentialsHandle(X509Certificate certificate, SslProtocols protocols, EncryptionPolicy policy, Boolean isServer)
       at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPrint)
       at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
       at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
       at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
       at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.<OnConnectionAsync>d__6.MoveNext()<---

    This appears in the Web Node log.

    I think the problem lies with the cert somehow.



    Tuesday, September 26, 2017 3:11 PM
  • The Web Node log error has stopped appearing. I think that may have been because I forgot to add Network Services permissions on the new cert.
    Tuesday, September 26, 2017 7:38 PM
  • I'm getting the 'A security error has occured' error with both my wildcard and the microsoftr cert now. So either something is wrong with both of my certs or it's something else.

    I made sure with the IISCrypto Utility that my server was looking at TLS 1.2.


    Tuesday, October 3, 2017 6:02 PM
  • So I don't know why it wasn't working in 9.1, but today I saw there was a 9.2.1 and I was able to get it working using the same settings I was using in 9.1.
    Wednesday, October 4, 2017 7:03 PM