Blogroll

Thursday, August 7, 2014

SharePoint 2007 Search: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel

Issue: We have a much wearied issue reported today morning on one of our SharePoint 2007 environment.

Error: Out WFE’s were flooded with the below error message.

Event Type:  Error
Event Source:         Office SharePoint Server
Event Category:      Office Server Shared Services
Event ID:      6482
Date:           07/08/2014
Time:           16:05:32
User:            N/A
Computer:   
Description:
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (99cefecd-f814-4ead-bd5a-a79f79d3a757).
Reason: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Techinal Support Details:
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at Microsoft.Office.Server.Search.Administration.SearchApi.RunOnServer[T](CodeToRun`1 remoteCode, CodeToRun`1 localCode, Boolean useCurrentSecurityContext, Int32 versionIn)
   at Microsoft.Office.Server.Search.Administration.SearchApi..ctor(WellKnownSearchCatalogs catalog, SearchSharedApplication application)
   at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
   at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)

ULS Logs says:

08/07/2014 16:09:32.25   OWSTIMER.EXE (0x0914)                     0x0A98        Search Server Common                    MS Search Administration            86ze   High             Exception caught in Search Admin web-service proxy (client). System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.     at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)     at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)     at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)     at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyn...     

Search Administration in Says:

Could not connect to server for application 'Web App Name'. This error might occur if the server is not responding to client requests, the firewall or proxy configuration is preventing the server from being contacted, or the search administration Web service is not running on the server.



Troubleshooting:

I was not sure from where to start with, but first thing was to check on the SSL side.
Checked on the server but no SSL was installed and as I am aware of we have never used SSL on out this environment. So what could have caused the issue?

There are many post around the internet which gives to many details about the event ID 6482 specially for Office Search being affected but they had different Reason given with this Event ID, which was not relating to issue I had in my environment.

I have checked every possible combination of the search to check the search application down or affected due to SSL issue.

I thought of giving it a go by comparing it with outer WFE’s we have and out of 4 WFE’s had ‘View Certificates’ option as disabled 



And one among them had it active.



Once I clicked on view Certificate, then I get to know the root cause of the issue.
  
The certificate was expired on the 4 of Aug, 14 and it needs to be re-issued. 



Resolution:

Coming to the resolution part if we have IIS 6.0 resource kit installed then its good. If not first install it form here: http://www.microsoft.com/en-gb/download/details.aspx%3Fid%3D17275


Assigned a new SSL certificate to the Office SharePoint Server Web Services site on the index server using the selfssl tool from the resource kit.
Selfssl /s:(IIS ID of the Office Server Web Services site) /v:(length of validity for the certificate in days)
Selfssl /s:1720207907 /v:99999
Replaced the existing certificate with the newly created SelfSSL certificate.
Restart IIS and check if the certificate validity had changed and check in Event logs, ULS logs and Search administration if you still see the issue.

Applies to:
  • SharePoint Server 2007
  • IIS 6.0


No comments:

ShareThis

snow flakes

blogger widgets Blogspot Tutorial

LinkWithin

Related Posts Plugin for WordPress, Blogger...