Udostępnij za pośrednictwem


When configuring FTPS in BizTalk Server 2010, there is an error "The client and server cannot communicate, because they do not possess a common algorithm"

Problem
Description

==================

When
configuring the new feature FTPS adapter (receive or send) to connect FTP
server in BizTalk Server 2010, there may raise the following error in the event
log on BizTalk Server:

“The client and server cannot communicate, because they do not possess a
common algorithm”

Problem
Analysis

================

We collect dump files forBTSNTSvc.exe when reproducing this issue, and we
have the following information.

The status code 0x80090331 means SEC_E_ALGORITHM_MISMATCH.

In addition, after we look into the source code, from the parameters which
was passed to sspicli!AcquireCredentialsHandleW by the BizTalk xceedftpbiztalk
module, we could see BizTalk FTPS only support TLS v1. So the problem is caused
by that TLS v1 is disabled in the BizTalk Server box.

0:027> p

Time Travel
Position:

FE3840000296.

eax=80090331
ebx=00000000

ecx=01a55038 edx=00000001 esi=5d02a0e8 edi=01a54c88

eip=74b3151e
esp=254cebd4

ebp=254cebd4 iopl=0 nv up ei pl

zr na pe nc

cs=0023 ss=002b

ds=002b es=002b fs=0053

gs=002b

efl=00000246

sspicli!AcquireCredentialsHandleW+0x27:

74b3151e

5d

pop ebp

0:027> !gle

LastErrorValue:
(Win32) 0x1

(1) - Incorrect function.

LastStatusValue:
(NTSTATUS) 0x80090331 - The client and server cannot

communicate, because they do not possess a common algorithm.

0:027> gu

Time Travel
Position:

FE384000006A.

eax=80090331
ebx=00000000

ecx=768d0175 edx=1bf364e0 esi=00000000 edi=00000000

eip=74b253d8
esp=254cea84

ebp=254ceb10 iopl=0 nv up ei pl

nz na pe nc

cs=0023 ss=002b

ds=002b es=002b fs=0053

gs=002b

efl=00000206

sspicli!SspipAcquireCredentialsHandle+0xf9:

74b253d8

8945e0

mov dword ptr [ebp-20h],eax ss:002b:254ceaf0=254ceb10

0:027> k

ChildEBP
RetAddr

254ceb10
74b2dccf sspicli!SspipAcquireCredentialsHandle+0xf9

[d:\w7rtm\minio\security\base\lsa\security\sspiwrap.cxx @ 196]

254ceb68
74b3030b

sspicli!LsaAcquireCredentialsHandleW+0x8e
[d:\w7rtm\minio\security\base\lsa\security\sspicli\lsastubs.cxx

@ 581]

254ceba4
74b3151e

sspicli!AcquireCredentialsHandleCommon+0xce

[d:\w7rtm\minio\security\base\lsa\security\sspicli\newstubs.cxx @ 592]

254cebd4
5d01fc86

sspicli!AcquireCredentialsHandleW+0x27
[d:\w7rtm\minio\security\base\lsa\security\sspicli\newstubs.cxx

@ 463]

254cec54
5d02037d

xceedftpbiztalk!CXwlSslSocketWrapper::GetClientCredentials+0xc9

[d:\bt\9359137\private\source\runtime\msg\adapters\ftp\xceedftp\winsock\xwlsslsocketwrapper.cpp

@ 183]

254cec80
5d0128dd

xceedftpbiztalk!CXwlSslSocketWrapper::SetupTLS+0x51

[d:\bt\9359137\private\source\runtime\msg\adapters\ftp\xceedftp\winsock\xwlsslsocketwrapper.cpp

@ 303]

254ced18
5d0100c5

xceedftpbiztalk!CXceedFtp::ConnectPerformer+0x341
[d:\bt\9359137\private\source\runtime\msg\adapters\ftp\xceedftp\activex\xceedftpperformers.cpp

@ 473]

254ced60
1be164d6

xceedftpbiztalk!CXceedFtp::Connect+0xf3

[d:\bt\9359137\private\source\runtime\msg\adapters\ftp\xceedftp\activex\xceedftpmethods.cpp

@ 332]

254cedcc
1be16309

DomainBoundILStubClass.IL_STUB_CLRtoCOM()+0x86

254cee10
1be13fe5

Microsoft_BizTalk_CoreAdapter!Microsoft.BizTalk.Adapter.FtpAdapter.FtpUtil.Connect(XceedFtpLib.XceedFtp,

System.String, System.String)+0x29

[d:\bt\9359137\private\source\Runtime\Msg\Adapters\Ftp\Runtime\FtpUtil.cs @

201]

254cef18
1be12ec6

Microsoft_BizTalk_CoreAdapter!Microsoft.BizTalk.Adapter.FtpAdapter.FtpReceiverEndpoint.EndpointTask()+0x235

[d:\bt\9359137\private\source\Runtime\Msg\Adapters\Ftp\Runtime\FtpReceiverEndpoint.cs

@ 325]

254cef60
1be129ba

Microsoft_BizTalk_CoreAdapter!Microsoft.BizTalk.Adapter.FtpAdapter.FtpReceiverEndpoint.ControlledEndpointTask()+0x56

[d:\bt\9359137\private\source\Runtime\Msg\Adapters\Ftp\Runtime\FtpReceiverEndpoint.cs

@ 251]

254cef8c
1be12838
Microsoft_BizTalk_BaseAdapter!Microsoft.BizTalk.Adapter.Common.SimpleTask.Start()+0x2a

[d:\bt\9359137\private\source\Runtime\Msg\Adapters\BaseAdapter\SimpleTask.cs @

45]

254cefb8
1be1256d

Microsoft_BizTalk_Scheduler_Runtime!Microsoft.BizTalk.Scheduler.TaskController.StartTask()+0x28

[d:\bt\9359137\private\source\Runtime\Scheduler\Runtime\TaskController.cs @

638]

254cefc4
1be1241e

Microsoft_BizTalk_Scheduler_Runtime!Microsoft.BizTalk.Scheduler.TaskController+StartPendingState.OnThreadAvailable(Microsoft.BizTalk.Scheduler.TaskController)+0x1d

Problem
Resolution

=================

Please check
the following registry key in your BizTalk Server box to see if there is any
TLS v1 registry key been disabled, that means the value is 0. If so, please
change the TLS 1.0 Client registry key value to 1, that enable TLS 1.0 for
client.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.0\Client