Showing posts with label IIS Errors. Show all posts
Showing posts with label IIS Errors. Show all posts

Tuesday, July 7, 2015

502.3 - Bad Gateway security error code

Problem Statement:


 Whenever you are using IIS ARR with URL Rewrite for Reverse proxy. 
HTTPS to HTTPS. You might receive following error.

 Error: IIS 7.5 Detailed Error - 502.3 - Bad Gateway security error code 0x80072f8f

Casue of Problem:


 IIS where you configured ARR it doesn't trust the BackEnd IIS Server certificate.

Solution:


 Please export the Back End IIS Server certificate and Import it into IIS-ARR local machine under
Trusted Store.

 Reference: http://blog.lint.at/iis-as-reverseproxy-with-ssl-offloading/



Posted by at 5 comments:
Labels:

Tuesday, April 29, 2014

IIS: 403 Forbidden, 403.7 Client Certificate Required errors

Problem Statement:

Getting error : 403 Forbidden  or 403.7 Client Certificate Required kind of error while access a service which requires SSL certificate.

Scenario:

1. Web service exposed from IIS with "https" and SSL settings
     "Require SSL" and "Client Certificate: Require".
2. While client try to send message to service (even if all the certificates are properly installed         and       configured) gets either "403 Forbidden, 403.7 Client Certificate Required " 
    errors.

Root Cause :


During the handshake protocol for client certificate authorization, the server sends a list of Trusted Root Certification Authorities to the client.  The client will in this case only provide Client Certificates, issued by one of these Trusted Root Certification Authorities. 

 It seems that IIS (where service is hosted) is configured to use a CTL (Certificate Trust List ) with SendTrustedIssuerList=0 so not sending a list and some clients configured if server doesn't send the list client doesn't send its client certificate with the message.

 due to this reason client/service can see either "403 Forbidden, 403.7 Client Certificate Required " errors  

Solution

This can be done by adding this registry entry on the web server:

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
        Value name: SendTrustedIssuerList
        Value type: REG_DWORD
        Value data: 1 (True)

References:

http://support.microsoft.com/kb/2802568



Posted by at No comments:
Labels: ,

Wednesday, February 5, 2014

IIS error: java.net.socketException:connection reset by peer

Problem:


Sometimes while calling WCF (.NET WCF or BizTalk schema/orchestration exposed as WCF service) service with hudge / large receives below error.

"java.net.socketException:connection reset by peer:socket write error"

It usually happens when sending attachment (base64 format) with SOAP request.

Root Cause :


Web-service which is hosted on Web-Server (IIS) couldn't handle large message.

Solution:

Need to configure the HTTP Runtime to accept large messages

1. Go to IIS
2. Open the web.config or corresponding web-service.
3. Put below entries.

<system.web>
     <httpRuntime maxRequestLength="2097151" />
</system.web>
Note: maxRequestLength value should be as per your need and below the max limit.

Regards

Kundan

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)