none
An error occurred while making the HTTPS request to service? No trace on service? RRS feed

  • Question

  • I have a solution contining 2 WCF services selfhosted in one Windows Service, one for regular http and one for https. The client(winform) can connect to the http service but when connecting to the https service I get :

    An error occurred while making the HTTP request to https://192.168.130.29:44390/MyAppService/SSl. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

    Activateing the WCF trace on client gives me this : 

    Receive bytes on connection https://192.168.130.29:44390/MyAppService/Sll

    <ExceptionType>System.ServiceModel.CommunicationException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
    <Message>An error occurred while making the HTTP request to https://192.168.130.29:44390/MyAppService/Sll. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.</Message>
    <StackTrace>
    at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
    at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
    at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.OnGetResponse(IAsyncResult result)
    at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
    at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
    at System.Net.ContextAwareResult.CompleteCallback(Object state)
    at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
    at System.Net.ContextAwareResult.Complete(IntPtr userToken)
    at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
    at System.Net.HttpWebRequest.SetResponse(Exception E)
    at System.Net.HttpWebRequest.CheckWriteSideResponseProcessing()
    at System.Net.ConnectStream.ProcessWriteCallDone(ConnectionReturnResult returnResult)
    at System.Net.HttpWebRequest.WriteCallDone(ConnectStream stream, ConnectionReturnResult returnResult)
    at System.Net.ConnectStream.CallDone(ConnectionReturnResult returnResult)
    at System.Net.ConnectStream.IOError(Exception exception, Boolean willThrow)
    at System.Net.ConnectStream.HandleWriteHeadersException(Exception e, WebExceptionStatus error)
    at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
    at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
    at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
    at System.Net.TlsStream.ResumeIOWorker(Object result)
    at System.Net.TlsStream.WakeupPendingIO(IAsyncResult ar)
    at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
    at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
    at System.Net.FixedSizeReader.ReadCallback(IAsyncResult transportResult)
    at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
    at System.Net.ContextAwareResult.CompleteCallback(Object state)
    at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
    at System.Net.ContextAwareResult.Complete(IntPtr userToken)
    at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
    at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
    at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
    </StackTrace>
    <ExceptionString>System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://192.168.130.29:44390/MyAppService/Sll. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---&gt; System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---&gt; System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---&gt; System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
       at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
       at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
       --- End of inner exception stack trace ---
       at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
       at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)
       at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
       --- End of inner exception stack trace ---
       at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
       at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
       --- End of inner exception stack trace ---</ExceptionString>
    <InnerException>
    <ExceptionType>System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
    <Message>The underlying connection was closed: An unexpected error occurred on a send.</Message>
    <StackTrace>
    at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
    at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
    </StackTrace>
    <ExceptionString>System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---&gt; System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---&gt; System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
       at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
       at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
       --- End of inner exception stack trace ---
       at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
       at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)
       at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
       --- End of inner exception stack trace ---
       at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
       at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)</ExceptionString>
    <InnerException>
    <ExceptionType>System.IO.IOException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
    <Message>Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.</Message>
    <StackTrace>
    at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
    at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)
    at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
    </StackTrace>
    <ExceptionString>System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---&gt; System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
       at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
       at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
       --- End of inner exception stack trace ---
       at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
       at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)
       at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)</ExceptionString>
    <InnerException>
    <ExceptionType>System.Net.Sockets.SocketException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
    <Message>An existing connection was forcibly closed by the remote host</Message>
    <StackTrace>
    at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
    at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
    </StackTrace>
    <ExceptionString>System.Net.Sockets.SocketException (0x80004005): An existing connection was forcibly closed by the remote host
       at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
       at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)</ExceptionString>
    <NativeErrorCode>2746</NativeErrorCode>
    </InnerException>
    </InnerException>
    </InnerException>

    Activating WCF trace on the service gives me no information about incoming messages?

    The certificate is installed on both server and client and it is valid(even privet key exists).

    The certificate set to another host so I use this to grant it on both server and client

    ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => {return true;};

    If I run the solution local in Visual Studio everything works great but when the service is installed on this other server, then it failes.

    This is how the client creates the channel : 

    private async Task<ChannelFactory<T>> CreateChannelFactory(LoginTypeBase loginType, MyAppToken token)
    {
        var service = await _ConsulService.GetServiceBlocking(loginType.MyAppServicesToUse, forceRefresh: true, token: new CancellationTokenSource(TimeSpan.FromSeconds(30)).Token);
    
        if (service == null)
            throw new MyAppServiceCommunicationException();
    
        var uri = loginType.GetMyAppClientServiceURL(service.Address, service.Port);
    
        var header = AddressHeader.CreateAddressHeader(nameof(MyAppToken), nameof(MyAppToken), token);
        var endpointAddress = new EndpointAddress(uri, header);
    
        ServiceEndpoint serviceEndpoint = null;
        if (loginType.LoginType == LoginType.SmartCard || loginType.LoginType == LoginType.UsernamePasswordSecure)
        {
            var binding = new NetHttpsBinding("netHttpsBinding");
            binding.Security.Mode = BasicHttpsSecurityMode.Transport;
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
    
            serviceEndpoint = new ServiceEndpoint(ContractDescription.GetContract(typeof(T)), binding, endpointAddress);
        }
        else
        {
            var binding = new NetHttpBinding("netHttpBinding");
            serviceEndpoint = new ServiceEndpoint(ContractDescription.GetContract(typeof(T)), binding, endpointAddress);
        }
    
        serviceEndpoint.EndpointBehaviors.Add(new ProtoEndpointBehavior());
        serviceEndpoint.EndpointBehaviors.Add(new CustomMessageInspectorBehavior());
    
    
        var v = new ChannelFactory<T>(serviceEndpoint);
        return v;
    }

    I have checked that the URL is correct and that both the service and client uses the same settings for the binding(No client certificate).

    The service starts properly with the certificate even on the server.

    Why do I get this? How do I troubleshoot it?

    BestRegards

    Edit 
    I can see in the event log > Security Audit Failure right when doing the call. It says : 

    An account failed to log on
    Failure Information:
    Failure Reason: Unknown user name or bad password.
    Status: 0xC000006D
    Sub Status: 0xC0000064
    Process Information:
    Caller Process ID: 0x22c
    Caller Process Name: C:\Windows\System32\lsass.exe

    Network Information:
    Workstation Name: TITAN
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: Schannel
    Authentication Package: Kerberos
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    And 

    Detailed Authentication Information:
    Logon Process: Schannel
    Authentication Package: Microsoft Unified Security Protocol Provider
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon request fails. It is generated on the computer where access was attempted.

    The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

    The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

    The Process Information fields indicate which account and process on the system requested the logon.

    The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.



    • Edited by SnowJim Friday, May 12, 2017 2:19 PM
    Friday, May 12, 2017 1:02 PM

Answers

All replies

  • Which credential did you used to run Windows Service?

    After running Windows Serivce, could you access the wsdl of WCF Service from IE by “https”?

    Did you configure the port 44390 with an SSL certificate?

    I would suggest you check below document.

    # https://blogs.msdn.microsoft.com/james_osbornes_blog/2010/12/10/selfhosting-a-wcf-service-over-https/


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, May 15, 2017 6:35 AM
  • Thansk! Apparently it works when binding the certificate to the port on the Servar A(Windows Server 2012 R2).

    When running both the client and service on computer A(Windows 10) it works without binding certificate? The same goes for  when running Service on computer B(Windows 10) and client on computer A?

    I hade the same problem with a WCF webservice(basicHttpBinding) and this was solved by moving the web.config content to code. The new service do also use code instead of web.config to set up the service but the big diffrens is that it uses netHTTPBinding(with protobuf) instead of BasicHTTPBinding, maybe this is the problem? netHttpBinding is more picky?

    Is there any way to avoid bidning port to certificate with the netHTTPBinding? If not I will probably have to do this in code like the article you provided.

    Monday, May 15, 2017 9:31 AM
  • >> Is there any way to avoid bidning port to certificate with the netHTTPBinding?

    When using SSL over TCP, you could specify the certificate by using SetCertificate method, and there is no need to bound certificate to a port.

    You could refer below link for more information.

    # How to: Use Transport Security and Message Credentials

    https://msdn.microsoft.com/en-us/library/ms789011(v=vs.110).aspx


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, May 16, 2017 2:32 AM
  • Thanks, 

    I am using the SetCertificate method on the service like this : 

    public ServiceHostBuilder<T> UseSecureConnection(SecureConnectionSettings settings)
            {
                if (settings != null && settings.Enabled)
                {
                    Console.WriteLine("Setting certificates");
                    X509Store store = new X509Store(settings.CertificateStore, settings.CertificateLocation);
                    store.Open(OpenFlags.ReadOnly);
                    X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint, settings.Thumbprint, true);
                    store.Close();
    
                    if (certs.Count > 0)
                    {
                        LogHandler.Instance.Log(LogLev.Info, $"UseSecureConnection > Location:{settings.CertificateLocation}, Store:{settings.CertificateStore}, Thumbprint:{settings.Thumbprint}");
                        _serviceHost.Credentials.ServiceCertificate.SetCertificate(settings.CertificateLocation,
                        settings.CertificateStore, X509FindType.FindByThumbprint, settings.Thumbprint);
                    }
                    else
                        throw new Exception("Could not find certificate with thumbprint " + settings.Thumbprint);
                }
                return this;
            }

    But this do not work If i dont bind the certificate to the specific port first. 

    I have created BindCertificateToPort method that I run before setting up the ServiceHost, it looks like this now : 

    private void BindCertificateToPort(string certificateThumbnail, int port)
            {
                var process = new Process();
                process.StartInfo.FileName = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.SystemX86), "netsh.exe");
                process.StartInfo.Arguments = $"http delete sslcert ipport=0.0.0.0:{port}";
                process.StartInfo.UseShellExecute = false;
                process.StartInfo.RedirectStandardOutput = true;
                process.StartInfo.RedirectStandardError = true;
                process.Start();
                process.WaitForExit();
    
                process.StartInfo.FileName = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.SystemX86), "netsh.exe");
                process.StartInfo.Arguments = $"http add sslcert ipport=0.0.0.0:{port} certhash={certificateThumbnail} appid={{082cc6ef-6c7e-4b97-864b-93061d8cc3f7}}";
                process.Start();
                var error = process.StandardError.ReadToEnd();
    
                if (error != null && error.Length > 0)
                    LogHandler.Instance.Log(LogLev.Info, $"Failed Binding Certificate{certificateThumbnail} To Port{port} : {error}");
    
                process.WaitForExit();
            }

    Tuesday, May 16, 2017 6:29 AM
  • Did you use SSL over HTTP or SSL over TCP?

    For this new issue about how to set certificate in code, I would suggest you post a new thread, and share us more information.

    For your original post about “An error occurred while making the HTTPS request to service”, since it could be resolved by binding certificate to port, I would suggest you mark the helpful reply as answer to close the original post.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, May 17, 2017 2:33 AM