none
Error when trying to receive an encrypted AS/2 message RRS feed

  • Question

  • Hello all,

    I'm currently working on an AS/2 implementation (my first BizTalk project) and I'm facing an issue with certificates. I've checked numerous websites, blogs, MSDN and until now, I don't get it working.

    Here's the scenario:
    From a specific partner, I need to receive an AS/2 encrypted message.

    Here's how I test this:
    - I have my local computer and a server which both run BizTalk 2013.
    - I have generated 1 certificate (DES3 2048 bits) by using OpenSSL.

    The certificates are installed as follows:

    Sending machine: Local Computer\Other People (My CER file).
    Sending machine: Local Computer\Trusted Root Certification Authorities (My CER file) - To make the certificate trusted.
    Receiving machine: Current User\Personal Store (My PFX file) - NOTE: Current user is the user under which the In-Process host instance of BizTalk is running.
    Receiving machine: Current User\Personal Store (My PFX file) - to make the certificate trusted.  - NOTE: Current user is the user under which the In-Process host instance of BizTalk is running.

    In IIS, the application pool running the BTSHttpReceive.dll is running under the ApplicationPoolIdentity.

    And finally, here's the BizTalk configuration:

    (Sending parter):
    ----------------------

    - Send port -> Certificate: Receiving parner certificate (CER).
    - Pary agreement (Sending partner -> Receing partner) -> Validation: "Message should be encrypted is selected" and the encryption algorithm is set to DES3.

    (Receiving partner):
    -------------------------

    - Host (BizTalkServerApplication) -> Certificates: My certificate (PFX).
    - Party agreement (Sendingp partner -> Receing partner) -> Validation: "Message should be encrypted is selected" and encryption algorithm is set to DES3.

    When I try to send a message from the sending computer to the receiving computer (just a text file with one line) the receiving computer generates two errors in BizTalk Event Viewer:

    Error message 1:

    The AS2 Decoder encountered an exception during processing.  Details of the message and exception are as follows:  AS2-From:"AS2-xxx" AS2-To:"AS2-xxx" MessageID:"<xxx_EE47EC3F-A253-48E3-90FB-45849E793E06>" MessageType: "unknown" Exception:"An error occurred when decrypting an AS2 message."

    Error message 2:

    A message received by adapter "HTTP" on receive location "xxx" with URI "/BTSHttpReceive.dll" is suspended. 
     Error details: An output message of the component "Microsoft.BizTalk.EdiInt.PipelineComponents" in receive pipeline "Microsoft.BizTalk.EdiInt.DefaultPipelines.AS2Receive, Microsoft.BizTalk.Edi.EdiIntPipelines, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" is suspended due to the following error: 
         An error occurred when decrypting an AS2 message..
     The sequence number of the suspended message is 2.  
     MessageId:  {BFE72958-E968-4FF6-B7DA-EB31340D81F6}
     InstanceID: {B2B08761-4403-44AE-A788-D487F94CC270}

    Here's what I have checked already:

    Serial numbers or the certificate as I've seen that this might cause an issue:

    Sending computer certificate serial number: ‎00 8a 42 09 ee af c2 29 b1
    Receiving computer certificate serial number: ‎00 8a 42 09 ee af c2 29 b1

    I hope someone can point me in the right direction because I'm searching for days on this issue.

    Kind regards,


    Wednesday, April 30, 2014 8:39 AM

Answers

  • Thanks for your response but I must say that I've managed to find the issue. It seems that the decrypting certificate should be registeren as the  BizTalk Isolated Host process user account.

    Anyway, that solved my issue.
    • Proposed as answer by Lcey Thursday, May 1, 2014 1:25 AM
    • Marked as answer by Pengzhen Song Wednesday, May 7, 2014 1:28 AM
    Wednesday, April 30, 2014 5:55 PM

All replies

  • Thanks for your response but I must say that I've managed to find the issue. It seems that the decrypting certificate should be registeren as the  BizTalk Isolated Host process user account.

    Anyway, that solved my issue.
    • Proposed as answer by Lcey Thursday, May 1, 2014 1:25 AM
    • Marked as answer by Pengzhen Song Wednesday, May 7, 2014 1:28 AM
    Wednesday, April 30, 2014 5:55 PM
  • Thanks for your response but I must say that I've managed to find the issue. It seems that the decrypting certificate should be registeren as the  BizTalk Isolated Host process user account.

    Anyway, that solved my issue.

    Glad that you've solved your problem by yourself, thanks for sharing your solution. :)

    • Edited by Lcey Thursday, May 1, 2014 1:26 AM
    Thursday, May 1, 2014 1:24 AM