Issue: We have a much wearied issue reported
today morning on one of our SharePoint 2007 environment.
Error: Out WFE’s were flooded with the below
error message.
Event Type: Error
Event
Source: Office SharePoint
Server
Event
Category: Office Server Shared Services
Event
ID: 6482
Date:
07/08/2014
Time:
16:05:32
User:
N/A
Computer:
Description:
Application Server
Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance
(99cefecd-f814-4ead-bd5a-a79f79d3a757).
Reason: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS
secure channel.
Techinal Support Details:
System.Net.WebException:
The underlying connection was closed: Could not establish trust relationship
for the SSL/TLS secure channel. --->
System.Security.Authentication.AuthenticationException: The remote certificate
is invalid according to the validation procedure.
at
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message,
AsyncProtocolRequest asyncRequest, Exception exception)
at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count,
AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count,
AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count,
AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest
asyncRequest)
at
System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[]
buffer, AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state)
at
System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at
System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at
System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at
System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of
inner exception stack trace ---
at
Microsoft.Office.Server.Search.Administration.SearchApi.RunOnServer[T](CodeToRun`1
remoteCode, CodeToRun`1 localCode, Boolean useCurrentSecurityContext, Int32
versionIn)
at
Microsoft.Office.Server.Search.Administration.SearchApi..ctor(WellKnownSearchCatalogs
catalog, SearchSharedApplication application)
at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
at
Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean
isAdministrationServiceJob)
ULS Logs says:
08/07/2014 16:09:32.25
OWSTIMER.EXE
(0x0914)
0x0A98 Search Server
Common
MS Search
Administration
86ze High
Exception caught in Search Admin web-service proxy (client). System.Net.WebException:
The underlying connection was closed: Could not establish trust relationship
for the SSL/TLS secure channel. --->
System.Security.Authentication.AuthenticationException: The remote certificate
is invalid according to the validation procedure. at
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message,
AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count,
AsyncProtocolRequest asyn...
Search Administration in
Says:
Could not connect to
server for application 'Web App Name'. This error might
occur if the server is not responding to client requests, the firewall or proxy
configuration is preventing the server from being contacted, or the search administration
Web service is not running on the server.
Troubleshooting:
I was not sure from where
to start with, but first thing was to check on the SSL side.
Checked on the server
but no SSL was installed and as I am aware of we have never used SSL on out
this environment. So what could have caused the issue?
There are many post
around the internet which gives to many details about the event ID 6482
specially for Office Search being affected but they had different Reason given
with this Event ID, which was not relating to issue I had in my environment.
I have checked every
possible combination of the search to check the search application down or
affected due to SSL issue.
I thought of giving it a
go by comparing it with outer WFE’s we have and out of 4 WFE’s had ‘View
Certificates’ option as disabled
And one among them had
it active.
Once I clicked on view
Certificate, then I get to know the root cause of the issue.
The certificate was expired
on the 4 of Aug, 14 and it needs to be re-issued.
Resolution:
Coming to the resolution
part if we have IIS 6.0 resource kit installed then its good. If not first
install it form here: http://www.microsoft.com/en-gb/download/details.aspx%3Fid%3D17275
KB supporting this
is: http://support.microsoft.com/kb/840671
Assigned a new SSL
certificate to the Office SharePoint Server Web Services site on the index
server using the selfssl tool from the resource kit.
Selfssl /s:(IIS ID of
the Office Server Web Services site) /v:(length of validity for the certificate
in days)
Selfssl /s:1720207907
/v:99999
Replaced the existing
certificate with the newly created SelfSSL certificate.
Restart IIS and check
if the certificate validity had changed and check in Event logs, ULS logs and
Search administration if you still see the issue.
Applies to:
- SharePoint Server 2007
- IIS 6.0