none
Exception of type 'Microsoft.BizTalk.Component.MIMEException' was thrown.

    Question

  • Dear Experts,

    I need help regarding below issue

    I have a requirement to send multipart SOAP message to consume a web service. That web service provider share the certificate of type ‘.p7b’ does not have private key (just have thumb print), I added that certificate under CA ‘Personal’.

    I created a custom pipeline with ‘MIME/SMIME encoder’.

    On ‘BizTalk Server Administration’ and Send port when I click certificates and browse for the certificates it does not show my required certificate, and I just provide thumb print.

    When I try to send the message I receive below error:

    “Orchestration suspend due to following exception:

     An error occurred while processing the message, refer to the details section for more information

    Message ID: {A201E720-7EA2-46C4-92EE-2E99BDD978EA}

    Instance ID: {B074D15E-DFB9-4DE3-99E0-93D408AAE6BA}

    Error Description: There was a failure executing the send pipeline: "GSOC002001.Production.Biztalk.XXXXXXSendPipeline, Production.Biztalk, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f6fdc96bd71c9803" Source: "MIME/SMIME encoder" Send Port: "XXXXXSendPort" URI: "XXXXXXXXXXX?wsdl" Reason: Exception of type 'Microsoft.BizTalk.Component.MIMEException' was thrown.”

    -Muhammad Masood

    Sunday, March 5, 2017 7:27 AM

Answers

  • You should be able to access their service endpoint from your browser, irrespective of whether their WSDL is public or not.  WSDL is entirely standalone and describes a service that can be anywhere.  Often the endpoint is included in the WSDL so you can copy that into your browser.

    But if they require client authentication then yes, you will need a private key.  There are three ways to do this:

    • You generate your own private key (either self-signed or by a CA) and send them your public certificate.
    • You generate a Certificate Signing Request (CSR) and send it to them to be signed by their CA and they send you back a public certificate (this way, you never let anybody else see your private key)
    • They generate a key and certificate and give it to you as a .pfx (or other similar format) and you use that.  This is less secure as they know your key, but it's fairly common practice for business-to-business scenarios.

    Either way, you need to install your certificate and key via MMC - normally you assign it to the Local Computer, Personal store and allocate out key permissions but I don't think that works with BizTalk.  You need to Run As... MMC under the credentials of the BizTalk service-account and then add it into the Personal store for that account.  It's a bit of a faff.

    You will also need to add at least the certificate part to your own Personal store so you can browse and select it when using the Administration console.


    If this is helpful or answers your question - please mark accordingly.
    Because I get points for it which gives my life purpose (also, it helps other people find answers quickly)

    Tuesday, March 7, 2017 10:44 AM

All replies

  • Have you tried the service call using SOAP UI. Try that and inspect the request/response using fiddler. 

    You will have needed tools to solve the issue.


    Pi_xel_xar

    Blog: My Blog

    BizTalkApplicationDeploymentTool: BizTalk Application Deployment Tool/

    Monday, March 6, 2017 7:28 AM
    Answerer
  • If they have included a certificate without a private key then it's likely that is just the certificate that is being presented by their HTTP daemon.  Verify this by pointing your web-browser at the HTTPS URL and seeing if the certificate has the same thumbprint or serial number.

    If this is the case, and the certificate validates in Internet Explorer, then you don't really need to do anything else.  SChannel SSL will take care of validation.

    If on the other hand they're expecting you to send a Client Certificate as part of mutual authentication then you will need a private key.


    If this is helpful or answers your question - please mark accordingly.
    Because I get points for it which gives my life purpose (also, it helps other people find answers quickly)

    Monday, March 6, 2017 2:42 PM
  • I tried to Use SOAP UI but other party do not allowed to consume web service as I am getting below error on SOAP UI
    "connection to http://xxxxxxxx refused"
    Tuesday, March 7, 2017 5:37 AM
  • Thanks Alastair for the reply
    I am not able to access their web service from internet explorer as WSDL is not public.

    Secondly they need client certificate for mutual authentication.

    They shared public certificate with no private key and certificate is of type “. p7b”

    Now as per your suggestion I should request them to share their private certificate with private key having extension “.pfx” right?

    Then install that certificate under MMC right?

    Brother I have no idea of certificates actually it’s my very first experience to deal with certificates.

    -Muhammad Masood

    Tuesday, March 7, 2017 6:10 AM
  • Dear I tried several solutions to fix my above error.

    Now I am getting below error:

    Orchestration suspend due to following exception :
    An error occurred while processing the message, refer to the details section for more information
    Message ID: {B3AC2AA2-4869-4CCA-8A7C-724240D3F149}
    Instance ID: {C5A46347-A4EE-4AB4-8FD7-F90C6695D9CB}
    Error Description: Failed to retrieve the message part for parameter "AddDrivRequest".

    As I am using SOAP adapter to send multi part messages,

    1. login

    2. AddDrivRequest

    -Muhammad Masood

    Tuesday, March 7, 2017 6:21 AM
  • Dear Alastair,

    Sorry I just spoke to the customer, they are changing their business and their web services are down. They are going to update web services, and URL will also be updated just because of SSL certificates.

    appreciate your help :)

    If I need help I will ask you again.

    -Muhammad Masood

    Tuesday, March 7, 2017 7:15 AM
  • You should be able to access their service endpoint from your browser, irrespective of whether their WSDL is public or not.  WSDL is entirely standalone and describes a service that can be anywhere.  Often the endpoint is included in the WSDL so you can copy that into your browser.

    But if they require client authentication then yes, you will need a private key.  There are three ways to do this:

    • You generate your own private key (either self-signed or by a CA) and send them your public certificate.
    • You generate a Certificate Signing Request (CSR) and send it to them to be signed by their CA and they send you back a public certificate (this way, you never let anybody else see your private key)
    • They generate a key and certificate and give it to you as a .pfx (or other similar format) and you use that.  This is less secure as they know your key, but it's fairly common practice for business-to-business scenarios.

    Either way, you need to install your certificate and key via MMC - normally you assign it to the Local Computer, Personal store and allocate out key permissions but I don't think that works with BizTalk.  You need to Run As... MMC under the credentials of the BizTalk service-account and then add it into the Personal store for that account.  It's a bit of a faff.

    You will also need to add at least the certificate part to your own Personal store so you can browse and select it when using the Administration console.


    If this is helpful or answers your question - please mark accordingly.
    Because I get points for it which gives my life purpose (also, it helps other people find answers quickly)

    Tuesday, March 7, 2017 10:44 AM