locked
TlsFailureException when trying to instanciate a CollaborationPlataform with ServerPlataformSettings RRS feed

  • Question

  • Hello, i'm trying to connect my application endpoint to a OCS Front End. I have done the provisioning process, and i created a certificate that is in Certificates (Local Computer)\Personal\Certificates. But when i try to initialize the collaboration plataform:

     

     

                ServerPlatformSettings settings = new ServerPlatformSettings(_applicationName, _localhost, _servicePort, _serverGruu, cert);

                _collabPlatform = new CollaborationPlatform(settings);

    i have the following exception:  TlsFailureException (i have runned the console application with Administrator) 

     

     

    Microsoft.Rtc.Signaling.TlsFailureException was unhandled

      Message="The operation failed due to issues with Tls. See the exception for more information."

      Source="Microsoft.Rtc.Collaboration"

      DetectionStackTrace="   at System.Environment.get_StackTrace()\r\n   at Microsoft.Rtc.Signaling.RealTimeException..ctor(String message, Exception innerException)\r\n   at Microsoft.Rtc.Signaling.TlsFailureException..ctor(String message, Exception innerException, Int32 errorCode, TlsFailureReason tlsFailureReason)\r\n   at Microsoft.Rtc.Signaling.RealTimeServerTlsConnectionManager.SetDefaultTlsTuple()\r\n   at Microsoft.Rtc.Signaling.RealTimeConnectionManager.SetLocalCertificate(String certificateIssuerName, Byte[] certificateSerialNumber)\r\n   at Microsoft.Rtc.Signaling.RealTimeServerTlsConnectionManager.SetLocalCertificate(String certificateIssuerName, Byte[] certificateSerialNumber)\r\n   at Microsoft.Rtc.Signaling.RealTimeConnectionManager..ctor(String localHost, String certificateIssuerName, Byte[] certificateSerialNumber)\r\n   at Microsoft.Rtc.Signaling.RealTimeServerConnectionManager..ctor(String localHost, String certificateIssuerName, Byte[] certificateSerialNumber)\r\n   at Microsoft.Rtc.Signaling.RealTimeServerTlsConnectionManager..ctor(String localHost, String certificateIssuerName, Byte[] certificateSerialNumber)\r\n   at Microsoft.Rtc.Collaboration.CollaborationPlatform.CreateConnectionManager()\r\n   at Microsoft.Rtc.Collaboration.CollaborationPlatform.Initialize(CollaborationPlatformSettings platformSettings)\r\n   at Microsoft.Rtc.Collaboration.CollaborationPlatform..ctor(ServerPlatformSettings platformSettings)\r\n   at UCMASampleCode_PublishAlwaysOnline.PublishAlwaysOnline.InitalizePlatform() in C:\\Users\\Telmo\\Desktop\\PublishAlwaysOnline\\PublishAlwaysOnline.cs:line 66\r\n   at UCMASampleCode_PublishAlwaysOnline.PublishAlwaysOnline.Run() in C:\\Users\\Telmo\\Desktop\\PublishAlwaysOnline\\PublishAlwaysOnline.cs:line 51\r\n   at UCMASampleCode_PublishAlwaysOnline.PublishAlwaysOnline.Main(String[] args) in C:\\Users\\Telmo\\Desktop\\PublishAlwaysOnline\\PublishAlwaysOnline.cs:line 44"

      ErrorCode=-2146893042

      StackTrace:

           at Microsoft.Rtc.Signaling.RealTimeServerTlsConnectionManager.SetDefaultTlsTuple()

           at Microsoft.Rtc.Signaling.RealTimeConnectionManager.SetLocalCertificate(String certificateIssuerName, Byte[] certificateSerialNumber)

           at Microsoft.Rtc.Signaling.RealTimeServerTlsConnectionManager.SetLocalCertificate(String certificateIssuerName, Byte[] certificateSerialNumber)

           at Microsoft.Rtc.Signaling.RealTimeConnectionManager..ctor(String localHost, String certificateIssuerName, Byte[] certificateSerialNumber)

           at Microsoft.Rtc.Signaling.RealTimeServerConnectionManager..ctor(String localHost, String certificateIssuerName, Byte[] certificateSerialNumber)

           at Microsoft.Rtc.Signaling.RealTimeServerTlsConnectionManager..ctor(String localHost, String certificateIssuerName, Byte[] certificateSerialNumber)

           at Microsoft.Rtc.Collaboration.CollaborationPlatform.CreateConnectionManager()

           at Microsoft.Rtc.Collaboration.CollaborationPlatform.Initialize(CollaborationPlatformSettings platformSettings)

           at Microsoft.Rtc.Collaboration.CollaborationPlatform..ctor(ServerPlatformSettings platformSettings)

           at UCMASampleCode_PublishAlwaysOnline.PublishAlwaysOnline.InitalizePlatform() in C:\Users\Telmo\Desktop\PublishAlwaysOnline\PublishAlwaysOnline.cs:line 66

           at UCMASampleCode_PublishAlwaysOnline.PublishAlwaysOnline.Run() in C:\Users\Telmo\Desktop\PublishAlwaysOnline\PublishAlwaysOnline.cs:line 51

           at UCMASampleCode_PublishAlwaysOnline.PublishAlwaysOnline.Main(String[] args) in C:\Users\Telmo\Desktop\PublishAlwaysOnline\PublishAlwaysOnline.cs:line 44

      InnerException: Microsoft.Rtc.Internal.Sip.TLSException

           Message="CertificateInfoNative::AcquireCredentialsHandle() failed; HRESULT=-2146893042"

           Source="SIPEPS"

           ErrorCode=-2146893042

           StackTrace:

                at Microsoft.Rtc.Internal.Sip.CertificateInfoNative.AcquireCredentialsHandleW(CertificateInfoNative* )

                at Microsoft.Rtc.Internal.Sip.CertificateInfoNative.{ctor}(CertificateInfoNative* , SipConnectionDirection isIncoming, String issuerName, Byte[] serialNumber, Int32 serialNumberLength, Boolean reverseIssuerName)

                at Microsoft.Rtc.Internal.Sip.TlsCredentials..ctor(SipConnectionDirection isIncoming, String issuerName, Byte[] serialNumber, String[] allowedDomains, String[] allowedEnhancedKeyUsage)

                at Microsoft.Rtc.Signaling.RealTimeServerTlsConnectionManager.SetDefaultTlsTuple()

           InnerException: 

    Saturday, June 19, 2010 7:31 PM

Answers

  • This exception is caused by the application not having a certificate available to authenticate with the Front End Server. There are a few things to check for if you get a TlsFailureException:

    • Make sure the server where the application is running has a TLS certificate. Its subject name should be the FQDN of the application server and it should be marked for both server and client authentication.
    • If the app is running in Visual Studio, make sure you've started Visual Studio as an administrator.
    • If it's a console app or another type of application, make sure the user account that is running the application has permission to access the private key of the certificate. You can check this by going into Microsoft Management Console (type mmc in the Start menu), adding the Certificates snap-in (Computer account), then right-clicking on the certificate and going to All Tasks -> Manage Private Keys.
    • Make sure that when your application loads the certificate from the certificate store, it is looking up the certificate using the local machine's FQDN and is NOT using a case-sensitive compare.

    One of these is almost always the cause of the TlsException. If anyone gets this exception even after checking all of the above, feel free to post here and I'm happy to help.


    Michael Greenlee | linkedin: http://www.linkedin.com/in/michaelgreenlee | blog: http://blog.greenl.ee
    Tuesday, September 20, 2011 1:56 AM
  • Hi Michael,

     

    Thank you very much for your reply and sorry for taking long time to reply since I wanted to find out what was exactly causes the issue because I did try all your steps but still could not make it work. Finally my boss found an additional step that is adding my machine on the ocs server (not sure how he did) and it works. Again, thank you for your help.


    Thank you, Phuong Vo
    Tuesday, September 27, 2011 5:47 AM

All replies

  • 1) If you are debugging your application in Visual Studio, validate that you are running Visual Studio as an administrator.
    Right-click on Visual Studio in the start menu and select Run as Administrator.

    2) Make sure you have permission to access the private key of your certificate under which account you are executing application.

     

    Hope this helps.

    Sunday, June 20, 2010 4:34 AM
  • Hello;

     

    Have you resolved this problem?

     

    Thanks

    Wednesday, August 11, 2010 2:01 PM
  • Hello Telmo,

     

    Have you resolved this issue?

     

    Thank you.

    Monday, September 19, 2011 4:17 PM
  • This exception is caused by the application not having a certificate available to authenticate with the Front End Server. There are a few things to check for if you get a TlsFailureException:

    • Make sure the server where the application is running has a TLS certificate. Its subject name should be the FQDN of the application server and it should be marked for both server and client authentication.
    • If the app is running in Visual Studio, make sure you've started Visual Studio as an administrator.
    • If it's a console app or another type of application, make sure the user account that is running the application has permission to access the private key of the certificate. You can check this by going into Microsoft Management Console (type mmc in the Start menu), adding the Certificates snap-in (Computer account), then right-clicking on the certificate and going to All Tasks -> Manage Private Keys.
    • Make sure that when your application loads the certificate from the certificate store, it is looking up the certificate using the local machine's FQDN and is NOT using a case-sensitive compare.

    One of these is almost always the cause of the TlsException. If anyone gets this exception even after checking all of the above, feel free to post here and I'm happy to help.


    Michael Greenlee | linkedin: http://www.linkedin.com/in/michaelgreenlee | blog: http://blog.greenl.ee
    Tuesday, September 20, 2011 1:56 AM
  • Hi Michael,

     

    Thank you very much for your reply and sorry for taking long time to reply since I wanted to find out what was exactly causes the issue because I did try all your steps but still could not make it work. Finally my boss found an additional step that is adding my machine on the ocs server (not sure how he did) and it works. Again, thank you for your help.


    Thank you, Phuong Vo
    Tuesday, September 27, 2011 5:47 AM
  • Hi,

     

    We have the same issue while trying to install OCS collaboration service on our Blackeberry Enterprise Server.

    Phuong: can you give some tips how you guys resoved the issue.


    Thanks and Regards Hemachandran
    Thursday, January 19, 2012 3:44 AM
  • We are facing the same issue. However ours is a windows service and using a certificate which doesn't have a key.

    What else could be the reason of this exception ?

    Saturday, November 21, 2015 1:15 AM
  • Hi Michael,

    I too facing the same issue.

    Everything is working fine with Windows Application in my Application server. But when I converted the same to WCF Service, it is giving the same above TLS issue while creating the CollaborationPlatform object.

    We installed lync server certificate in Application Server in Local Machine.

    Do we need to do any addition configuration for WCF service in order to create the CollaborationPlatform object.

    I too running the application in Administrator role. User also have the Administrator privilege.

    Could you please suggest us?

    Thanks in Advance.

    Saturday, March 12, 2016 11:38 AM