locked
Publish HTTPS web application with error message "An unknown error occurred while processing the certificate" RRS feed

  • Question

  • Hi all,

    I have setup a UAG server and tried to publish a internal HTTPS web site. When endpoint client tried to open the application, the brower displayed the error message: "An unknown error occurred while processing the certificate".

    I have imported all CA root cert into local computer Trusted Root CA and I have tested it using IE in UAG server which can be connected successfully.

    There is some tricks when accessing the web site. When a normal user visit the web site, the default page will redirect the request to another web page for user login. Once the user logged in, it will redirect the request to orginal page.

    https://apps.localdomain.local --> https://login.localdomain.local --> https://apps.localdomain.local

    We have enabled the tracing tool and following error was logged:

    [0]1434.ce0 08/03/2010-11:43:46.550 [sslbox HandshakeConfirmState::PerformNegotiationStep HandshakeConfirmState.cpp@270] ERROR:Failed to initialize security context. Returned error: 0x90312. GetLastError: 997
    [0]1434.ce0 08/03/2010-11:43:46.550 [whlcspssl CCSPSSLDevice::SSLRead WhlCSPSSLDevice.cpp@2961] ERROR:SSLRead(2, 5672, login.localdomain.local:443, 0000000003DD78E0): m_pSSLMachine->Read() returned false
    [0]1434.ce0 08/03/2010-11:43:46.550 [whlcspssl CCSPSSLDevice::WriteStateInternalRead WhlCSPSSLDevice.cpp@2295] ERROR:WriteStateInternalRead(2, 5672, login.localdomain.local:443, 0000000003DD78E0): SSLRead() returned CSP_SSL_FAIL
    [0]1434.ce0 08/03/2010-11:43:46.550 [whlcspssl CCSPSSLDevice::AnalyzeReadOperation WhlCSPSSLDevice.cpp@1608] ERROR:AnalyzeReadOperation(2, 5672, login.localdomain.local:443, 0000000003DD78E0, InWriteState): WriteStateInternalRead() failed
    [0]1434.ce0 08/03/2010-11:43:46.550 [whlfilter CExtECB::OnWrite WhlExt2IWS.cpp@6109] ERROR:OnWrite(login.localdomain.local:443, 0000000003E331C0): received error <CSP_SSL_FAIL> details: <0>! (ExtECB=0000000004352AE0), (PFC=0000000006FF8F78)
    [0]1434.ce0 08/03/2010-11:43:46.550 [whlfilter CExtECB::OnWrite WhlExt2IWS.cpp@6126] ERROR:OnWrite(0000000003E331C0): status <512>.(ExtECB=0000000004352AE0), (PFC=0000000006FF8F78)
    [0]1434.ce0 08/03/2010-11:43:46.550 [whlfilter CExtECB::OnRead WhlExt2IWS.cpp@5887] ERROR:OnRead(login.localdomain.local:443, 0000000003E331C0): received error <CSP_SSL_FAIL> details: <0>! (ExtECB=0000000004352AE0), (PFC=0000000006FF8F78)
    [0]1434.ce0 08/03/2010-11:43:46.550 [whlfilter CExtECB::OnRead WhlExt2IWS.cpp@5897] ERROR:OnRead(0000000003E331C0): dwStatus <[!0x201!]>. (ExtECB=0000000004352AE0), (PFC=0000000006FF8F78)

    Is there any idea to troublshoot the problem? Thanks.

    Martin

    Wednesday, August 4, 2010 4:27 AM

Answers

  • Martin,

    There is no fix available as of yet, therefore you did not find anything.

    What I meant is that Microsoft Support has received a similar case and the UAG team is working to identify the cause and to issue a fix. This is why I suggested you open a case with Microsoft Support, in order for: a) your specific issue to be checked if it is similar to the scenario we are already aware of, and b) in order for us to be able to notify you as soon as a fix will be released, when it will be released

    Regards,

    -Ran

    • Proposed as answer by Ran [MSFT] Thursday, August 5, 2010 8:43 AM
    • Marked as answer by TinTin.Lui Thursday, August 5, 2010 4:10 PM
    Thursday, August 5, 2010 8:38 AM

All replies

  • Hi Martin,

    This looks like an issue which we have already encountered and a fix is in the works. Therefore I would advise you to open a case with Microsoft Support to ensure your specific issue is accounted for, and that you will be notified when a fix is released.

    Regards,

    -Ran

    Wednesday, August 4, 2010 12:52 PM
  • Hi Ran,

    Thanks for your opinion. But can you explain more details on the fix that Microsoft Support provided? It seems that I cannot found any related information from Microsoft KB....

    Regards,

    Martin

    Thursday, August 5, 2010 2:07 AM
  • Martin,

    There is no fix available as of yet, therefore you did not find anything.

    What I meant is that Microsoft Support has received a similar case and the UAG team is working to identify the cause and to issue a fix. This is why I suggested you open a case with Microsoft Support, in order for: a) your specific issue to be checked if it is similar to the scenario we are already aware of, and b) in order for us to be able to notify you as soon as a fix will be released, when it will be released

    Regards,

    -Ran

    • Proposed as answer by Ran [MSFT] Thursday, August 5, 2010 8:43 AM
    • Marked as answer by TinTin.Lui Thursday, August 5, 2010 4:10 PM
    Thursday, August 5, 2010 8:38 AM
  • Hello,

    We appear to be experiencing the exact same issue when attempting to publish a back-end HTTPS web app via an HTTPS trunk.

    Our UAG server is running UAG Update 1.

    The certificate on the back-end app is valid and I can browse the website from the UAG server with no certificate errors.

    We are also able to successfully publish other backend apps that use the same internal Certificate Authority.  We're just having issues with this one app.

    Is there an update from MSFT on whether this has been recognised as a bug and if there's a potential fix?

    Below is the trace logging output -

     [0]10e4.b88 09/08/2010-13:39:51.699 [sslbox HandshakeConfirmState::PerformNegotiationStep HandshakeConfirmState.cpp@270] ERROR:Failed to initialize security context. Returned error: 0x90312. GetLastError: 0

    [0]10e4.b88 09/08/2010-13:39:51.699 [whlcspssl CCSPSSLDevice::SSLRead WhlCSPSSLDevice.cpp@2961] ERROR:SSLRead(52, 4536, website.domain.local:443, 00000000039BAE60): m_pSSLMachine->Read() returned false

    [0]10e4.b88 09/08/2010-13:39:51.699 [whlcspssl CCSPSSLDevice::WriteStateInternalRead WhlCSPSSLDevice.cpp@2295] ERROR:WriteStateInternalRead(52, 4536, website.domain.local:443, 00000000039BAE60): SSLRead() returned CSP_SSL_FAIL

    [0]10e4.b88 09/08/2010-13:39:51.699 [whlcspssl CCSPSSLDevice::AnalyzeReadOperation WhlCSPSSLDevice.cpp@1608] ERROR:AnalyzeReadOperation(52, 4536, website.domain.local:443, 00000000039BAE60, InWriteState): WriteStateInternalRead() failed

    [0]10e4.b88 09/08/2010-13:39:51.699 [whlfilter CExtECB::OnWrite WhlExt2IWS.cpp@6109] ERROR:OnWrite(website.domain.local:443, 0000000003B0BF20): received error <CSP_SSL_FAIL> details: <0>! (ExtECB=0000000004928250), (PFC=000000001F6F2AA8)

    [0]10e4.b88 09/08/2010-13:39:51.699 [whlfilter CExtECB::OnWrite WhlExt2IWS.cpp@6126] ERROR:OnWrite(0000000003B0BF20): status <512>.(ExtECB=0000000004928250), (PFC=000000001F6F2AA8)

    [0]10e4.b88 09/08/2010-13:39:51.699 [whlfilter CExtECB::OnRead WhlExt2IWS.cpp@5887] ERROR:OnRead(website.domain.local:443, 0000000003B0BF20): received error <CSP_SSL_FAIL> details: <0>! (ExtECB=0000000004928250), (PFC=000000001F6F2AA8)

    [0]10e4.b88 09/08/2010-13:39:51.699 [whlfilter CExtECB::OnRead WhlExt2IWS.cpp@5897] ERROR:OnRead(0000000003B0BF20): dwStatus <[!0x201!]>. (ExtECB=0000000004928250), (PFC=000000001F6F2AA8)

    Thanks in advance

    Andrew

    Wednesday, September 8, 2010 1:25 PM
  • Hi Andrew,

    Your traces, just like Martin's above, look like an issue that the UAG team has already identified. A fix for this issue will be included in the next UAG update, which is expected to be available very soon, probably within a matter of days.

    As a side note, if you want to keep up to date with the latest updates and service packs released for the different Forefront products, you can check the Updates for Microsoft Forefront and Related Technologies TechNet page.

    -Ran

    Saturday, September 11, 2010 11:41 PM
  • UAG Update was released. It solved the problem of the SSL handshake between UAG and backend servers. You can download it from MS Download Center:

    http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9dcccebc-accb-4229-901a-792cc66791de

     

    Martin

    Friday, September 24, 2010 2:32 PM