Using System.Net trace to troubleshooting SSL problem in .NET 2.0 application
In .NET Framework 2.0, System.Net has a new feature called Tracing. System.Net Tracing is very useful for some special scenarions:
- Client and server are on the same machine, in case of this network monitor doesn’t work for you as it can’t capture the loop back traffic.
- Secure communication like HTTPS.
Here is a sample about using System.Net tracing to resolve a SSL problem. Consider follow scenario, an AuthenticationException throw out on frontend web service when it calling the backend web service.
Client --- SSL --- Frontend Web Service (ASP.NET 2.0) --- SSL --- Backend Web Service
[AuthenticationException: The remote certificate is invalid according to the
validation procedure.]
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message,
AsyncProtocolRequest asyncRequest, Exception exception) +1036754
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest) +333
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) +313
To fix this problem, we enabled System.Net tracing, below is the configuration file. Please:
- Insert this config part into your web.config
- Make sure application pool identity has write permission to the log file.
<system.diagnostics>
<sources>
<source name="System.Net" tracemode="includehex" maxdatasize="1024">
<listeners>
<add name="System.Net"/>
</listeners>
</source>
<source name="System.Net.Sockets">
<listeners>
<add name="System.Net"/>
</listeners>
</source>
<source name="System.Net.Cache">
<listeners>
<add name="System.Net"/>
</listeners>
</source>
</sources>
<switches>
<add name="System.Net" value="Verbose"/>
<add name="System.Net.Sockets" value="Verbose"/>
<add name="System.Net.Cache" value="Verbose"/>
</switches>
<sharedListeners>
<add name="System.Net"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="d:\temp\network.log" />
</sharedListeners>
<trace autoflush="true"/>
</system.diagnostics>
And, we found follow detailed information in the trace file.
System.Net Information: 0 : [0308] SecureChannel#59995477 - Remote certificate has
errors:
System.Net Information: 0 : [0308] SecureChannel#59995477 - A certificate chain
processed, but terminated in a root certificate which is not trusted by the trust
provider.
System.Net Information: 0 : [0308] SecureChannel#59995477 - Remote certificate was
verified as invalid by the user.
System.Net.Sockets Verbose: 0 : [0308] Socket#54041329::Dispose()
System.Net Error: 0 : [0308] Exception in the HttpWebRequest#27598891:: - The
underlying connection was closed: Could not establish trust relationship for the
SSL/TLS secure channel.
System.Net Error: 0 : [0308] Exception in the
HttpWebRequest#27598891::EndGetResponse - The underlying connection was closed:
Could not establish trust relationship for the SSL/TLS secure channel.
Regards,
Wei Zhao
Comments
- Anonymous
August 04, 2009
More about System.Net tracing can be found from this KB article,http://support.microsoft.com/kb/947285