SharePoint 2007 Troubleshooting: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
Applies to:
- SharePoint Server 2007
- IIS 6.0
Issue:
Out WFE’s were flooded with the below error message.
Error:
Event Type: Error
Event Source: Office SharePoint Server
Event Category: Office Server Shared Services
Event ID: 6482
Date: 07/08/2014
Time: 16:05:32
User: N/A
Computer: <Server name>
Description:
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (99cefecd-f814-4ead-bd5a-a79f79d3a757).
Reason: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Techinal Support Details:
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at Microsoft.Office.Server.Search.Administration.SearchApi.RunOnServer[T](CodeToRun`1 remoteCode, CodeToRun`1 localCode, Boolean useCurrentSecurityContext, Int32 versionIn)
at Microsoft.Office.Server.Search.Administration.SearchApi..ctor(WellKnownSearchCatalogs catalog, SearchSharedApplication application)
at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
ULS Logs
08/07/2014
16:09:32.25
OWSTIMER.EXE (0x0914)
0x0A98
Search Server Common
MS Search Administration
86ze High
Exception caught in Search Admin web-service proxy (client).
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyn...
Search Administration:
Could not connect to server <Server name> for application 'Web App Name'. This error might occur if the server is not responding to client requests, the firewall or proxy configuration is preventing the server from being contacted, or the search administration Web service is not running on the server.
Troubleshooting:
Not sure from where to start but first thing was to check on the SSL side.
Checked on the server but no SSL was installed and as far as we know we have never used SSL on out this environment. So what could have caused the issue?
There are many posts around the internet which gives many details about the event ID 6482 specially for Office Search being affected but they had different reason given with this Event ID, which was not relating to issue in this environment.
Checked every possible combination of the search to check the search application down or affected due to SSL issue.
Thought of giving it a go by comparing it with outer WFE’s we have and out of 4 WFE’s had ‘View Certificates’ option as disabled
And one among them had it active.
Clicked on View Certificate and got to know the root cause of the issue.
The certificate was expired on the 4 of Aug, 14 and it needs to be re-issued.
Resolution:
Coming to the resolution part, if we have IIS 6.0 resource kit installed then its good. If not, first install it from here: http://www.microsoft.com/en-gb/download/details.aspx%3Fid%3D17275
KB supporting this is: http://support.microsoft.com/kb/840671
Assigned a new SSL certificate to the Office SharePoint Server Web Services site on the index server using the selfssl tool from the resource kit.
Selfssl /s:(IIS ID of the Office Server Web Services site) /v:(length of validity for the certificate in days)
Selfssl /s:1720207907 /v:99999
Replaced the existing certificate with the newly created SelfSSL certificate.
Restart IIS and check if the certificate validity had changed and check in Event logs, ULS logs and Search administration if you still see the issue.
References
Read at my Blog: http://mossnwss.blogspot.co.uk/2014/08/sharepoint-2007-search-underlying.html