none
Exchange Server 2010 SP3.The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. RRS feed

  • Question

  • Hi ,

    I'm using Exchange Server 2010 SP3 with EWS API 2.0 and VB.Net.

    When I make the calls using the webservices, for the Exchange version I use the SP2 option for the Exchange Version.

    For the Certification I use the below code which in the client side I accept everything.

      ServicePointManager.ServerCertificateValidationCallback = New  _
                        RemoteCertificateValidationCallback(AddressOf CertificateValidationCallBack)

     Private Shared Function CertificateValidationCallBack(ByVal sender As Object, ByVal certificate As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
            Return True
        End Function

    I'm always returning true since I am inside my domain etc etc.

    The thing is that when I try to get the inbox for example I'm getting the below errors

    The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

    -2146233088

    The remote certificate is invalid according to the validation procedure

    I have checked the user name and passwords and also I am ABLE to connect from OWA.

    Why am I getting these errors and what should I need to check  ???

    Is it something that I need to do in the client side ? Exchange server side ?

    Exchange server in is different IPs-machines from the client who makes the calls but they both belongs at the same domain.

    Appreciate any help you could give me.

    thank you

    Monday, November 25, 2013 11:16 AM

Answers

  • If you run your code in a debugger and step through each line do you see your ServerCertificateValidationCallback being called ? are you multi threading your code ?

      It should work okay the only alternative to the call-back is to use the other method http://support.microsoft.com/kb/823177 (I've found in PowerShell with version 2.0 of the Managed API this is the only method that works).

    Cheers
    Glen

    • Marked as answer by zakkar Wednesday, November 27, 2013 9:55 AM
    Tuesday, November 26, 2013 4:25 AM
  • It's been depreciated but will should still work fine (what version of the framework are you using) , if you ignore the warning have you tried it ?

    Its sounds like a issue in your code somewhere but its hard to say without seeing the full code.  eg maybe its the order of your requests.  You might want to try just creating a very simple console app that that connects to one folder to see if that works and then work back from there.

    Another thing you can try is the ewsEditor if you use the option menu there is some extra SSL debug options http://ewseditor.codeplex.com/ 

    Cheers
    Glen

    • Marked as answer by zakkar Wednesday, November 27, 2013 9:55 AM
    Wednesday, November 27, 2013 2:16 AM
  • Hi Glen ,

    I have reverted the code as it was. The problem was that in my connection I used as domain name for the login ,the IP but it wanted the resolved name.

      MyCredentialCache.Add(New System.Uri(Me.WebServiceUrl), _
                                        Authentication_Type, _
                                        New System.Net.NetworkCredential(UserName, PassWord, Domain) _
                                        )

    The domain variable wanted the alias. 

    Anyway .

    Thank you Glen for all your help

    • Marked as answer by zakkar Wednesday, November 27, 2013 9:55 AM
    Wednesday, November 27, 2013 9:55 AM

All replies

  • Hi ,

    I'm using Exchange Server 2010 SP3 with EWS API 2.0 and VB.Net.

    When I make the calls using the webservices, for the Exchange version I use the SP2 option for the Exchange Version.

    For the Certification I use the below code which in the client side I accept everything.

      ServicePointManager.ServerCertificateValidationCallback = New  _
                        RemoteCertificateValidationCallback(AddressOf CertificateValidationCallBack)

     Private Shared Function CertificateValidationCallBack(ByVal sender As Object, ByVal certificate As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
            Return True
        End Function

    I'm always returning true since I am inside my domain etc etc.

    The thing is that when I try to get the inbox for example I'm getting the below errors

    The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

    -2146233088

    The remote certificate is invalid according to the validation procedure

    I have checked the user name and passwords and also I am ABLE to connect from OWA.

    Why am I getting these errors and what should I need to check  ???

    Is it something that I need to do in the client side ? Exchange server side ?

    Exchange server in is different IPs-machines from the client who makes the calls but they both belongs at the same domain.

    Appreciate any help you could give me.

    thank you

    I don't know if it is much of a help but the client has Windows XP OS with SP3
    Monday, November 25, 2013 12:06 PM
  • If you run your code in a debugger and step through each line do you see your ServerCertificateValidationCallback being called ? are you multi threading your code ?

      It should work okay the only alternative to the call-back is to use the other method http://support.microsoft.com/kb/823177 (I've found in PowerShell with version 2.0 of the Managed API this is the only method that works).

    Cheers
    Glen

    • Marked as answer by zakkar Wednesday, November 27, 2013 9:55 AM
    Tuesday, November 26, 2013 4:25 AM
  • Hi Glen ,

    Yes it is being called. About the multi threading. Now that you are mentioning , I have developed two objects with two different calls.

    I have the one to retrieve Inbox , SentItems and the other object does all the "Calendar" things.

    There are two separate object and TWO different connects with the same user credentials though.

    I think that Exchange can afford that . Correct ? It allows by default until 5 connections each time with the same user ? Also when the objects do their jobs I'm "destroying" them.  Is Exchange still have them (their connections) in memory so this is why I cannot get access ?

    I will use the other method you have suggested and revert.

    thank you Glen

    Tuesday, November 26, 2013 5:21 AM
  • Hi Glen ,

    I try to use this

    System.Net.ServicePointManager.CertificatePolicy = New MyPolicy()

    and it says that it is obsolete and  I should use the ServerCertificateValidationCallback

    Suggestions ?

    thank you

    Tuesday, November 26, 2013 7:04 AM
  • It's been depreciated but will should still work fine (what version of the framework are you using) , if you ignore the warning have you tried it ?

    Its sounds like a issue in your code somewhere but its hard to say without seeing the full code.  eg maybe its the order of your requests.  You might want to try just creating a very simple console app that that connects to one folder to see if that works and then work back from there.

    Another thing you can try is the ewsEditor if you use the option menu there is some extra SSL debug options http://ewseditor.codeplex.com/ 

    Cheers
    Glen

    • Marked as answer by zakkar Wednesday, November 27, 2013 9:55 AM
    Wednesday, November 27, 2013 2:16 AM
  • Hi Glen ,

    I have already installed my app in other companies and works fine. 

    I have tested EWSeditor and it can connect. That was weird because I used the same credentials . 

    I'm using .NET framework 4.0.

    Today I will go to their premises and give it a try with the new code. I will debug from inside their domain and see if I can find something. I have a feeling that using two objects with two different connects doesn't work in my case and I'm being blocked from Exchange.

    I will revert 

    thank you

    Wednesday, November 27, 2013 5:18 AM
  • Hi Glen ,

    I have reverted the code as it was. The problem was that in my connection I used as domain name for the login ,the IP but it wanted the resolved name.

      MyCredentialCache.Add(New System.Uri(Me.WebServiceUrl), _
                                        Authentication_Type, _
                                        New System.Net.NetworkCredential(UserName, PassWord, Domain) _
                                        )

    The domain variable wanted the alias. 

    Anyway .

    Thank you Glen for all your help

    • Marked as answer by zakkar Wednesday, November 27, 2013 9:55 AM
    Wednesday, November 27, 2013 9:55 AM