none
The client and server cannot communicate, because they do not possess a common algorithm RRS feed

  • Question

  • I am facing this issue in our migration of an existing product to windows 2016 server.

    I rebuilt my WCF service with .net framework 4.6.2, Enabled TLS1.1 and TLS1.2 on server. 

    Client is consuming this service via certificates using RSASHA1 algo. Not sure where i am missing bit to make it run.

    My WCF service is hosted as net.tcp envrionment.

    Any help would be much appreciated.

    Error i am getting:

    <ExceptionType>System.ComponentModel.Win32Exception, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
    <Message>The client and server cannot communicate, because they do not possess a common algorithm</Message>
    <StackTrace>
    at System.ServiceModel.Security.TlsSspiNegotiation.GetOutgoingBlob(Byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
    at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessNegotiation(SspiNegotiationTokenAuthenticatorState negotiationState, Message incomingMessage, BinaryNegotiation incomingNego)
    at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, SspiNegotiationTokenAuthenticatorState&amp; negotiationState)
    at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.ProcessRequestCore(Message request)
    at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.NegotiationHost.NegotiationSyncInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
    at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
    at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
    at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc&amp; rpc)
    at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
    at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext)
    at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext)
    at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)
    at System.ServiceModel.Dispatcher.ChannelHandler.OnAsyncReceiveComplete(IAsyncResult result)
    at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
    at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
    at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)
    at System.Runtime.InputQueue`1.Dispatch()
    at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
    at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
    at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
    </StackTrace>
    <ExceptionString>System.ComponentModel.Win32Exception (0x80004005): The client and server cannot communicate, because they do not possess a common algorithm</ExceptionString>
    <NativeErrorCode>80090331</NativeErrorCode>
    </Exception>



    • Edited by fillic Thursday, July 19, 2018 1:42 PM
    Thursday, July 19, 2018 7:32 AM

All replies

  • Hi There,

    Recently i have migrated my WCF to host onto windows server 2016. Since then i started getting the error. Mentioned in the subject line.

    Note:

    1. My wcf service was hosted on net.tcp

    2. It was built with .net framework 4.5.2

    3.This service uses certificates to communicate to client

    Action i took

    - Build the service to 4.6.2 to enable TLS1.2 by default

    - Checked the setting in service registry and made TLS1.1 and 1.2 as enable

    Still i am getting the same error.stack trace is mentioned below. I am not sure how to debug this at all to find where is the issue.

    <Exception>
    <ExceptionType>System.ComponentModel.Win32Exception, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=XXXXXXX</ExceptionType>
    <Message>The client and server cannot communicate, because they do not possess a common algorithm</Message>
    <StackTrace>
    at System.ServiceModel.Security.TlsSspiNegotiation.GetOutgoingBlob(Byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
    at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessNegotiation(SspiNegotiationTokenAuthenticatorState negotiationState, Message incomingMessage, BinaryNegotiation incomingNego)
    at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessRequestSecurityToken(Message request, RequestSecurityToken requestSecurityToken, SspiNegotiationTokenAuthenticatorState&amp; negotiationState)
    at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.ProcessRequestCore(Message request)
    at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.NegotiationHost.NegotiationSyncInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
    at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
    at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
    at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc&amp; rpc)
    at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
    at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext)
    at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext)
    at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)
    at System.ServiceModel.Dispatcher.ChannelHandler.OnAsyncReceiveComplete(IAsyncResult result)
    at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
    at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
    at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)
    at System.Runtime.InputQueue`1.Dispatch()
    at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
    at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
    at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
    </StackTrace>
    <ExceptionString>System.ComponentModel.Win32Exception (0x80004005): The client and server cannot communicate, because they do not possess a common algorithm</ExceptionString>
    <NativeErrorCode>80090331</NativeErrorCode>
    </Exception>

    Wednesday, July 18, 2018 12:54 PM
  • Hi fillic,

    Welcome to the MSDN forum.

    It seems your issue is about the WCF development and our forum is to discuss the VS IDE, I will help you move this thread to the appropriate forum for a more professional support, thank you for your understanding.

    Best regards,

    Sara


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Friday, July 20, 2018 5:39 AM
  • Thanks Sara, Is this moved to different forum.. as i am struggling to get help on this desperately.
    Friday, July 20, 2018 9:18 AM
  • Hi fillic,

    >>The client and server cannot communicate, because they do not possess a common algorithm

    Based on this error, it seems to be related with TLS and SSL.

    Based on your description, it seems you have configured TLS on the server.

    What is your client application? Is it built by .net 4.6 and later? 

    I suggest you check whether client is support TLS.

    Best Regards,

    Tao Zhou 


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, July 20, 2018 9:32 AM
  • Yes the client is also built on .net framework 4.6.2 after searching that this one provides compatibility with TLS1.2 by default...

    Also have this configuration in my app

    <startup>

        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2"/>
      </startup>

    Just tried capturing the wireshark dump and strange to see all the traffic is showing TCP protocol.. shouldn't this show TLS1.2?
    • Edited by fillic Friday, July 20, 2018 11:14 AM
    Friday, July 20, 2018 10:45 AM
  • I tried further analyzing the traffic detail on my server and found a very nice workflow.

    All the request coming from my system ip to server, protocol shown is TLS1.2 but in response its showing TCP.

    However on my machine wireshark is showing all traffic in TCP. Now i am completly confused which is going in which format......

    Monday, July 23, 2018 12:15 PM
  • If you host your service on your local computer, then, the client and service are in the same computer, will this issue still exist?

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, July 25, 2018 9:03 AM
  • Yes this works like a charm.... it is an existing wcf service which is running fine in production environment. I just need to host this in our new server Windows2016 from old windows boxes. However the moment i try to connect to this service. i get the error(mentioned in the subject). I tried setting regedit entries for  TLS1.2 and TLS1.1 and forching secure communication. 

    i see some communication handshake happening in TLS1.2 but again client is still not able to send secure details on TLS1.2 and same error appearing.

    We uses client and server certificate which are in SHA1RSA and here is my setting for the service.

         <behavior name="XXServiceBehavior">
              <serviceCredentials>
                <serviceCertificate findValue="CN=Service.Authentication.STS" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />
                <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Service.Authentication.UserNameValidator, Service.Authentication" />
              </serviceCredentials>
              <serviceDebug includeExceptionDetailInFaults="true" />
              <serviceMetadata httpGetEnabled="false" />
            </behavior>
       


    • Edited by fillic Wednesday, July 25, 2018 11:08 AM
    Wednesday, July 25, 2018 10:59 AM
  • >>i see some communication handshake happening in TLS1.2 but again client is still not able to send secure details on TLS1.2 and same error appearing.

    If you host the service in your computer, the client could request correctly, I assume there is something wrong in the new server. 

    If you move the client to the new server, will it work? 

    I am wondering whether it will work if you create a new wcf service and client based on net 4.7.

    Best Regards,

    Tao Zhou


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, July 27, 2018 8:34 AM
  • Let me try this on server. Also i started moving to 4.7 version. Will update you as soon i have it up
    Friday, July 27, 2018 1:17 PM
  • same negotiation issue even if i host client app on server to interact with service.
    Tuesday, July 31, 2018 12:56 PM
  • Hey Tao any update?
    Tuesday, August 7, 2018 11:36 AM
  • Finally i got the solution for this issue.

    I had to add below settings for both client and serve. This is what was provided by Microsoft. Hope this would help for others...But feel pity on such a small solution not in public domain..all the things are to the chest of MS and that is why i don't like their product...i feel like a lame in case there is no fix available in public domain

    <runtime>

       <AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false;Switch.System.Net.DontEnableSchUseStrongCrypto=false" />

    </runtime>

    Wednesday, September 26, 2018 3:43 PM
  • HI I am having the same issue with 2016 Server, but this config update did not work. Do i still miss something.

    Where my service calls work from my local client to hosted service on server, but server client and service can not communicate.

    Thanks,

    Biswa


    bplthebest

    Tuesday, November 12, 2019 2:14 PM