We've been trying to fix a developer's machine with all sorts of HTTPS issues running:
Windows 11
Visual Studio 2022
A .NET 7 C# MVC application
When we attempt to start debugging in Visual Studio, it fails on app.Run() with the following exception:
System.IO.IOException
HResult=0x80131620
Message=Failed to bind to address https://localhost:7090.
Source=Microsoft.AspNetCore.Server.Kestrel.Core
StackTrace:
at Microsoft.AspNetCore.Server.Kestrel.Core.LocalhostListenOptions.<BindAsync>d__2.MoveNext()
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.<BindAsync>d__2.MoveNext()
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.<BindAsync>d__0.MoveNext()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.<BindAsync>d__33.MoveNext()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.<StartAsync>d__30`1.MoveNext()
at Microsoft.AspNetCore.Hosting.GenericWebHostService.<StartAsync>d__37.MoveNext()
at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>d__12.MoveNext()
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.<RunAsync>d__4.MoveNext()
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.<RunAsync>d__4.MoveNext()
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
at Program.<Main>$(String[] args) in C:\MyApp\Program.cs:line 78
This exception was originally thrown at this call stack:
[External Code]
Inner Exception 1:
AggregateException: One or more errors occurred. (The server mode SSL must use a certificate with the associated private key.) (The server mode SSL must use a certificate with the associated private key.)
Inner Exception 2:
NotSupportedException: The server mode SSL must use a certificate with the associated private key.
We recently reinstalled IIS and Visual Studio to get the IIS Express Development Certificate regenerated on the machine. It was then exported from Personal->Certificates and imported into Trusted Root Certification Authorities->Certificates.
We also tried using dotnet dev-certs https to generate a certificate as well. It does say:
A trusted certificate was found: 5DA2.....AFAC - CN=localhost - Valid from 2022-12-09 15:33:53Z to 2023-12-09 15:33:53Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
When we deploy the .NET 7 application and run it through the local IIS, the page loads, but some static content files (like jquery.js and site.css) will error out with ERR_CONNECTION_RESET and sometimes the page will just load forever without timing out. The Event Viewer reports nothing out of the ordinary. And everything works fine under HTTP.
Related
I am using alfresco 5.2.3 enterprise with solr6 search services.
Everything works fine when I deploy our application custom code inside the alfresco-platform jar and alfresco-share jar.
Now, when I install alfresco records management amp file, the search stops working. I am not able to search even a single document or folder.
RM amp version: alfresco-rm-enterprise-repo-2.7.0.amp and alfresco-rm-enterprise-share-2.7.0.amp
There are three different instances: repo (where alfresco.war sits), share (where share.war and ADF sits) and index server (where indexes are maintained).
I install alfresco-rm-enterprise-repo-2.7.0.amp on repo, and alfresco-rm-enterprise-share-2.7.0.amp on share. And restart the servers. RM installation is successful without any errors. But search is not at all working after this.
Is it possible that after RM installation, some indexes are corrupted, and we need to conduct reindexing ? Can that resolve this issue ?
NOTE: The versions of alfresco and RM are already in the supported stack as per the alfresco documentation link: https://docs.alfresco.com/5.2/concepts/supported-platforms-ACS.html
Any help would be appreciated.
Finally, the problem is resolved.
The keystore, truststore certificate files were the culprit.
New keystore, truststore files were required to be generated as the communication between ACS and Index server was not happening and resulting into GetModelsDiff 403 error in the logs.
Additionally, we ensured the following settings were put up in ACS and index server files:
ACS alfresco-global.properties:
alfresco.host=alfresco-dev-repo.domain.com
alfresco.port=443
alfresco.protocol=https
share.host=alfresco-dev-repo.domain.com
share.port=443
share.protocol=https
db.ssl_params=&useSSL=true&requireSSL=true&verifyServerCertificate=true&trustCertificateKeyStoreUrl=file:///opt/alfresco-content-services/alf_data/keystore/ssl.truststore&trustCertificateKeyStoreType=JCEKS&trustCertificateKeyStorePassword=kT9X6oe68t
db.url=jdbc:mysql://${db.host}/${db.name}?${db.params}${db.ssl_params}
index.subsystem.name=solr6
dir.keystore=${dir.root}/keystore
solr.host=alfresco-dev-index.domain.com
solr.port.ssl=8983
solr.port=80
solr.secureComms=https
#ssl encryption
encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore
encryption.ssl.keystore.type=JCEKS
encryption.ssl.keystore.keyMetaData.location=${dir.keystore}/ssl-keystore-passwords.properties
encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore
encryption.ssl.truststore.type=JCEKS
encryption.ssl.truststore.keyMetaData.location=${dir.keystore}/ssl-truststore-passwords.properties
Solr Configuration:
solr.in.sh file:
SOLR_PORT=8983
SOLR_SSL_KEY_STORE=/opt/alfresco-search-services/solrhome/keystore/ssl.keystore
SOLR_SSL_KEY_STORE_PASSWORD=kT9X6oe68t
SOLR_SSL_TRUST_STORE=/opt/alfresco-search-services/solrhome/keystore/ssl.truststore
SOLR_SSL_TRUST_STORE_PASSWORD=kT9X6oe68t
SOLR_SSL_NEED_CLIENT_AUTH=true
SOLR_SSL_WANT_CLIENT_AUTH=false
alfresco core > solrcore.properties AND archive core > solrcore.properties
alfresco.secureComms=https
data.dir.root=/opt/alfresco-search-services/solrhome/
alfresco.port.ssl=8443
alfresco.encryption.ssl.keystore.passwordFileLocation=ssl-keystore-passwords.properties
alfresco.encryption.ssl.truststore.passwordFileLocation=ssl-truststore-passwords.properties
alfresco.baseUrl=/alfresco
alfresco.host=alfdevhostname.domain.com
alfresco.encryption.ssl.keystore.provider=
alfresco.encryption.ssl.truststore.type=JCEKS
alfresco.encryption.ssl.truststore.provider=
alfresco.encryption.ssl.keystore.type=JCEKS
alfresco.encryption.ssl.keystore.location=ssl.keystore
alfresco.port=80
alfresco.version=5.2.3
alfresco.encryption.ssl.truststore.location=ssl.truststore
No need of touching the files under this location:
/opt/alfresco-search-services/solrhome/templates/rerank/conf
And finally the most important part:
Latest/Updated Certificate files placed under:
/opt/alfresco-search-services/solrhome/keystore
And the same certificate files placed under:
/opt/alfresco-search-services/solrhome/alfresco/conf
and
/opt/alfresco-search-services/solrhome/archive/conf
and on ACS server:
/opt/alfresco-content-services/alf_data/keystore
On top of it, if the issue is still not getting resolved, you can try the following:
Set solr.secureComms=none in alf-global, and alfresco.secureComms=none in archive core and alfresco core, and restart both entities to see if the normal HTTP connection is working without SSL or HTTPS
Validate with infra/netwk team is certificates installed r correct or not
Try pointing directly the IP address of alfresco and solr to each other, instead of host name –as it might be coming through LB
Try Telnet solr host from alfresco repo server, and also vice-versa
Put -Djavax.net.debug=all under alfresco > tomcat/scripts/ctl.sh and see if you get any useful information
Check not just the alfresco.log, solr.log, see access-logs if you can find 404 or 200 status responses. OR curl on solr machine against the URL that is logged in localhost-access logs.
Starting/stopping solr with root user – ideally should be another dedicated user for solr
Ideally certificates should be copied from alfresco (alf_data/keystore) to solr server, not from solr to alfresco server. But if not working, you can try the other way around.
The alfresco.host, share.host, alfresco.port, share.port in alf-global should match with properties in solrhome/alfresco/conf/solrcore.properties + solrhome/archive/conf/solrcore.properties
Try putting debugger on i.e debug statements on from alfresco repo side as well as solr side to capture any unknown or hidden exceptions/errors.
You can also check the solr-admin console page from browser and check the logs from there.
I faced similar issue on Alfresco 6.2.2 with alfresco-insight-engine 2.0.0. Multiple errors like below I had faced one by one after changing the configurations :-
If certificates are not matching between ACS, Solr OR between ACS, Solr and AWS OR certificates generated are incorrect OR certificates compatible only with particular java version OR certificates not added to truststore correctly, then you may get:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException ,
unable to find valid certification path to requested target ,
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
I checked the configuration (certificate) was imported correctly at AWS side. And no restriction was applied at AWS side.
But, finally I was able to resolve with the following combination:
Alfresco side
Server.xml:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https"
keystoreFile="/app/tomcat/keystores/ssl.keystore"
keystorePass="pwd" keystoreType="JCEKS"
secure="true" connectionTimeout="240000"
truststoreFile="/app/tomcat/keystores/ssl.truststore"
truststorePass="pwd" truststoreType="JCEKS"
clientAuth="false" sslProtocol="TLS" />
alfresco-global.properties:
index.subsystem.name=solr6
solr.secureComms=https
solr.port=8984
solr.port.ssl=8984
solr.host=domainname
alfresco.context=alfresco
alfresco.host=host
alfresco.port=8443
alfresco.protocol=https
#
share.context=share
share.host=host
share.port=8443
share.protocol=https
#ssl encryption
encryption.ssl.keystore.location=/app/tomcat/keystores/ssl.keystore
encryption.ssl.keystore.type=JCEKS
encryption.ssl.keystore.keyMetaData.location=/app/tomcat/keystores/ssl-keystore-passwords.properties
encryption.ssl.truststore.location=/app/tomcat/keystores/ssl.truststore
encryption.ssl.truststore.type=JCEKS
encryption.ssl.truststore.keyMetaData.location=/app/tomcat/keystores/ssl-truststore-passwords.properties
solr side
solr.in.sh
SOLR_SOLR_HOST=domainname
SOLR_ALFRESCO_HOST=domainname
SOLR_SSL_CUSTOM="-Dsolr.ssl.checkPeerName=false -Dsolr.allow.unsafe.resourceloading=true"
SOLR_OPTS="$SOLR_SSL_CUSTOM"
SOLR_PORT=8984
SOLR_HOST=domainname
SOLR_SSL_KEY_STORE=/app/alfresco-insight-engine/solrhome/keystore/ssl.repo.client.keystore
SOLR_SSL_KEY_STORE_PASSWORD=pwd
SOLR_SSL_KEY_STORE_TYPE=JCEKS
SOLR_SSL_TRUST_STORE=/app/alfresco-insight-engine/solrhome/keystore/ssl.repo.client.truststore
SOLR_SSL_TRUST_STORE_PASSWORD=pwd
SOLR_SSL_TRUST_STORE_TYPE=JCEKS
SOLR_SSL_NEED_CLIENT_AUTH=false
SOLR_SSL_WANT_CLIENT_AUTH=true
solrcore.properties (both cores)
alfresco.encryption.ssl.truststore.location=ssl.repo.client.truststore
alfresco.encryption.ssl.keystore.provider=
alfresco.encryption.ssl.truststore.type=JCEKS
alfresco.host=ip-10-233-4-126.ap-east-1.compute.internal
alfresco.encryption.ssl.keystore.location=ssl.repo.client.keystore
alfresco.encryption.ssl.truststore.provider=
alfresco.port.ssl=8443
alfresco.encryption.ssl.truststore.passwordFileLocation=ssl-truststore-passwords.properties
alfresco.port=8080
alfresco.encryption.ssl.keystore.type=JCEKS
alfresco.secureComms=https
alfresco.encryption.ssl.keystore.passwordFileLocation=ssl-keystore-passwords.properties
solrcore.properties (under rerank/conf)
alfresco.host=domainname
alfresco.port=8080
alfresco.port.ssl=8443
alfresco.secureComms=https
alfresco.encryption.ssl.keystore.type=JCEKS
alfresco.encryption.ssl.keystore.provider=
alfresco.encryption.ssl.keystore.location=ssl.repo.client.keystore
alfresco.encryption.ssl.keystore.passwordFileLocation=ssl-keystore-passwords.properties
alfresco.encryption.ssl.truststore.type=JCEKS
alfresco.encryption.ssl.truststore.provider=
alfresco.encryption.ssl.truststore.location=ssl.repo.client.truststore
alfresco.encryption.ssl.truststore.passwordFileLocation=ssl-truststore-passwords.properties
The alfresco keystore files (used/pointed to by Alfresco) are under /app/tomcat/keystores.
And solr keystore files (used/pointed to by solr) are under /app/alfresco-insight-engine/solrhome/keystore.
NOTE: We have copied the solr keystores files to following locations also: /app/alfresco-insight-engine/solrhome/alfresco/conf , /app/alfresco-insight-engine/solrhome/archive/conf , /app/alfresco-insight-engine/solrhome/templates/rerank/conf
NOTE: If it's just a certificate not added to truststore cacerts, then you can add the certificate to the cacerts using this link: Error - trustAnchors parameter must be non-empty
Other points which can be checked if above does not work:
Check if java version is a supported one (in supported stack) and certificates are correctly getting added to the truststore.
Check the java version from alfresco's admin summary page and verify if certificates get added into the correct java
Check if solr host, port and ssl port is correctly picked up. Verify this location - http://domainname/alfresco/s/enterprise/admin/admin-searchservice , as port might be picked up from here which might not match with the one in alfresco-global.properties file. In case of mismatching properties between alf-global and admin-searchservice URL, you may get “Connection refused” error in alfresco logs when alfresco tries to connect to solr.
If JKS type of certi has become obsolete, try generating PKCS12 or JCEKS type certi.
When solr is running on 8983 (http) as well as 8984 (https/ssl), you may get error "Unsupported or unrecognized SSL message". Try stopping one which is not used.
If https with 8984 solr url is not accessible from browser, then try importing the correct certificate at AWS, and also try adding following entry in /app/alfresco-insight-engine/solr/server/etc/jetty-ssl.xml file: FALSE
Short error description:
Ms.Dynamics.Performance.CreateUsers.exe from PerfSDK throws error
There was no endpoint listening at https://mytest.sandbox.operations.dynamics.com/Services/AxUserManagement/Service.svc/ws2007FedHttp that could accept the message.
Long error description:
I have created a single user C# test from an XML recording and run it with PerfSDK successfully as described in the first part of the PerfSDK and multiuser testing with Visual Studio Online guide.
I am having trouble running multiuser load tests as described in the second part of the lab. The link above seems to be the only resource online describing how a multiuser test can be created from a singleuser test and how Visual Studio Online can be used to run it in a sandbox environment. I've also watched a few videos such as Tools to Measure and Improve Microsoft Dynamics AX Performance, Performance Tools and the like, but none of them explains all the steps that need to be taken in as much detail as the above article.
I've done the following:
Created a recording of a scenario with Task Recorder in Dynamics 365
for Operations.
Created C# perf test from recording in Visual Studio using the
PerfSDKSample project from the PerfSDK folder.
Followed all 'Steps to run single user performance test with Perf
SDK' from the article;
Built the solution and successfully ran my test from Test Explorer:
Internet Explorer opened starting and replaying the scenario that I
had recorded.
Note: I used DEV environment usnconeboxax1aos.cloud.onebox.dynamics.com for testing. When I tried using another hostname in CloudEnvironment.Config (a sandbox, e.g. mysandbox.sandbox.operations.dynamics.com), the singleuser test failed with the following error message:
System.TypeInitializationException: The type initializer for 'MS.Dynamics.TestTools.CloudCommonTestUtilities.Authentication.UserManagement' threw an exception. ---> System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at https://mysandbox.sandbox.operations.dynamics.com/Services/AxUserManagement/Service.svc/ws2007FedHttp that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.Net.WebException: The remote server returned an error: (404) Not Found..
For multiuser testing, I launched Visual Studio from Visual Studio
Online portal https://app.vssps.visualstudio.com/profile/view
I modified the TestSetup method as follows:
Single-user TestSetup:
public void TestSetup()
{
SetupData();
_userContext = new UserContext(UserManagement.AdminUser);
Client = DispatchedClient.DefaultInstance;
Client.ForceEditMode = false;
Client.Company = "GB01";
Client.Open();
}
Multi-user TestSetup:
public void TestSetup()
{
var testroot = System.Environment.GetEnvironmentVariable("DeploymentDir");
if (string.IsNullOrEmpty(testroot))
{
testroot = System.IO.Directory.GetCurrentDirectory();
}
Environment.SetEnvironmentVariable("testroot", testroot);
if (this.TestContext != null)
{
timerProvider = new TimerProvider(this.TestContext);
}
SetupData();
_userContext = new UserContext(UserManagement.AdminUser);
Client = new DispatchedClientHelper().GetClient();
Client.ForceEditMode = false;
Client.Company = "GB01";
Client.Open();
}
I set the HostName in CloudEnvironment.Config to the sandbox URL e.g. mysandbox.sandbox.operations.dynamics.com.
Logged in to the sandbox machine and installed the certificate I had generated earlier for the single-user testing.
Updated wif.config on the sandbox machine in the same way it had been updated in DEV earlier, and restarted IIS.
Double-clicked vsonline.testsettings in Solution Explorer and used the settings recommended in the above article (accordingly modified for my certificate and test scenario).
Opened SampleLoadTest.loadtest from Solution Explorer and tweaked it to use only my test in the Test Mix node, reduced test duration and user count.
Run the load test.
The load test ended with a few errors. The first TestError is the same as mentioned above:
Initialization method MS.Dynamics.Performance.Application.TaskRecorder.GenJnlBase.TestSetup threw exception. System.TypeInitializationException: System.TypeInitializationException: The type initializer for 'MS.Dynamics.TestTools.CloudCommonTestUtilities.Authentication.UserManagement' threw an exception. ---> System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at https://mysandbox.sandbox.operations.dynamics.com/Services/AxUserManagement/Service.svc/ws2007FedHttp that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.Net.WebException: The remote server returned an error: (404) Not Found..
Finally, even though I was able to run Ms.Dynamics.Performance.CreateUsers.exe on my DEV machine successfully (a number of test AX users were created in usnconeboxax1aos.cloud.onebox.dynamics.com), when the sandbox environment URL was set in CloudEnvironment.Config, Ms.Dynamics.Performance.CreateUsers.exe failed with same error:
C:\PerfSDK>Ms.Dynamics.Performance.CreateUsers.exe 3 GB01
Failed with the following error:
System.TypeInitializationException: The type initializer for 'MS.Dynamics.TestTools.CloudCommonTestUtilities.Authentication.UserManagement' threw an exception. ---> System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at https://mytest.sandbox.operations.dynamics.com/Services/AxUserManagement/Service.svc/ws2007FedHttp that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
...
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at MS.Dynamics.TestTools.CloudCommonTestUtilities.AxUserManagementServiceReference.IAxUserManagement.EnumUsers()
at MS.Dynamics.TestTools.CloudCommonTestUtilities.Authentication.UserManagement.PopulateAxUsers()
at MS.Dynamics.TestTools.CloudCommonTestUtilities.Authentication.UserManagement..cctor()
--- End of inner exception stack trace ---
at MS.Dynamics.TestTools.CloudCommonTestUtilities.Authentication.UserManagement.get_AdminUser()
at MS.Dynamics.Performance.CreateUsers.Program.Main(String[] args)
As per the walkthrough,
If you have an ARR-enabled environment, i.e. you have 2 endpoints like
this:
apr-arr8aossoap.axcloud.test.dynamics.com
apr-arr8aos.axcloud.test.dynamics.com
You would need to enter both endpoints in CloudEnvironment.Config
The no endpoint listening error can be resolved by specifying correct SOAP hostname, e.g.
<ExecutionConfigurations Key="HostName" Value="mysandbox.sandbox.operations.dynamics.com" />
<ExecutionConfigurations Key="SoapHostName" Value="mysandboxaossoap.sandbox.operations.dynamics.com" />
In order to keep my scripts I used to use Microsoft source safe but after many issues, I migrated to sourceGear Vault, which stores all the data in a few sql server databases, so that you can backup them, etc.
This question is specific to this version control system called SourceGear Vault.
In the past I had problems with SourceGear Vault installation and they were fixed.
Now again I am finding it not straight forward to install the SourceGear Vault client.
What I have done so far
I have used the following powershell commands to install the server and client:
msiexec /i VaultProServer64_10_0_0_30736.msi
msiexec /i VaultProClient_10_0_0_30736.msi
The server installation went on without major problems, other that you need to make sure you run the powershell above as Administrator. Same is valid for the client install.
Client install is ok too, the bit that I have got a problem is the IIS.
to find the version of IIS on powershell:
powershell "get-itemproperty HKLM:\SOFTWARE\Microsoft\InetStp\ | select setupstring,versionstring"
About the .NET version(s) I have installed
running the below Powershell script I get:
Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -recurse |
Get-ItemProperty -name Version,Release -EA 0 |
Where { $_.PSChildName -match '^(?!S)\p{L}'} |
Select PSChildName, Version, Release, #{
name="Product"
expression={
switch -regex ($_.Release) {
"378389" { [Version]"4.5" }
"378675|378758" { [Version]"4.5.1" }
"379893" { [Version]"4.5.2" }
"393295|393297" { [Version]"4.6" }
"394254|394271" { [Version]"4.6.1" }
"394802|394806" { [Version]"4.6.2" }
"460798" { [Version]"4.7" }
{$_ -gt 460798} { [Version]"Undocumented 4.7 or higher, please update script" }
}
}
}
this is my current IIS SourceGear Environment:
The Application Pools
In the IIS Manager, click on Application Pools. there are multiple
pools for Vault. Check the Advanced Settings for each and look for
"Enable 32-bit Apps." That should be set to False.
I have all disabled the Enabled 32-bits Apps as you can see on the pictures below:
I show only one of the application pools but they are all set the same.
I had the following error but it is fixed now - see below for more info:
when I go to the http://localhost/vaultservice/index.html using google chrome,
I get the following error message:
HTTP Error 500.19 - Internal Server Error The requested page cannot be
accessed because the related configuration data for the page is
invalid.
Error Code 0x80070021
Config Error This configuration section cannot be used at this
path. This happens when the section is locked at a parent level.
Locking is either by default (overrideModeDefault="Deny"), or set
explicitly by a location tag with overrideMode="Deny" or the legacy
allowOverride="false".
This locked at parental level was fixed by doing the following:
I needed to change from read only to read/write some of the features: handler mappings and modules
before:
after:
The error message when using the application
This is the error message I am currently getting when connecting using the Vault client:
Unable to connect to http://mathura/VaultService. No server was found
at the specified URL. Please verify your network settings using the
Options dialog under the Tools menu in the Vault GUI Client. Web
Exception: The request failed with HTTP status 405: Method Not
Allowed.
How can I troubleshoot this and get to a healthy installation?
I fixed the problem.
when going to http://mathura/VaultService/VaultService.asmx
I was getting the following error:
The page you are requesting cannot be served because of the extension
configuration. If the page is a script, add a handler. If the file
should be downloaded, add a MIME map.
Then from the question below:
“The page you are requesting cannot be served because of the extension configuration.” error message
I had to check .NET Framework 4.5 Advanced Services > WCF Services >
HTTP Activation
and that solved my problem.
BEFORE:
AFTER:
I'm running into a problem with getting SSL to work in the Development Fabric. I'm running a clean install of Windows 8 Pro with Visual Studio 2012 Ultimate and the October 2012 Azure SDK for .NET. IIS8 is not installed, only IIS Express, which claims to support HTTPS so I'm hoping that's not the issue.
Running VS 12 as administrator, I've created a blank VS solution, added a new (.NET 4.5) cloud service with a new ASP.NET MVC 4 Internet web application project, and hit F5. Everything works fine. Then, when I add an SSL certificate to the web role and replace the HTTP endpoint (port 80) with an HTTPS endpoint (port 443, with the certificate), hitting F5 produces the following error message:
Windows Azure Tools for Microsoft Visual Studio
There was an error attaching the debugger to the role instance 'deployment18(32).WindowsAzureCloudService.Mvc4WebRole_IN_0' with Process Id: 4892'. Unable to attach. Access is denied.
Note, the last part ("Access is denied") comes in a few variations, a particularly pleasant one being "Catastrophic failure". :)
The only message in the VS Output window ('General' output) is:
Windows Azure Tools: Warning: Remapping private port 443 to 444 in role 'Mvc4WebRole' to avoid conflict during emulation.
The Compute Emulator UI is not much help; just before the instance disappears, this is the only console output that I get consistently (sometimes other messages appear, but sporadically every few runs; I'm not sure how to capture these):
[fabric] Role Instance: deployment18(33).WindowsAzureCloudService.Mvc4WebRole.0
[fabric] Role state Unknown
[fabric] Role state Suspended
[fabric] Role state Busy
[fabric] Role state Unhealthy
[fabric] Role state Stopped
The certificate was obtained from a CA and properly imported into the Local Machine/Personal/Certificates store as a .pfx with private key, extended properties, and marked as exportable, for what it's worth.
When I attempt to publish the service to Azure, I get one build (validation) warning about the database connection string (which I assume is irrelevant):
The connection string 'DefaultConnection' is using a local database '(LocalDb)\v11.0' in project 'Mvc4WebRole'. This connection string will not work when you run this application in Windows Azure. To access a different database, you should update the connection string in the web.config file.
Probably more important, the deployment actually fails with the following history in the Windows Azure Activity Log window:
9:00:25 AM - Warning: There are package validation warnings.
9:00:25 AM - Preparing deployment for WindowsAzureCloudService - 1/3/2013 8:59:55 AM with Subscription ID '<...>' using Service Management URL 'https://management.core.windows.net/'...
9:00:25 AM - Connecting...
9:00:26 AM - Object reference not set to an instance of an object.
9:00:26 AM - Deployment failed with a fatal error
Can someone help me troubleshoot this issue? I've rebooted a few times. ;)
Thanks in advance!
EDIT (Jan. 3, 4:44 PM): I have a few ideas that might help me make progress, but some are pretty drastic so any advice would be appreciated:
Is there a way to capture all the output from the Compute Emulator (Dev Fabric) to a log file so I can review it? (System.Diagnostic.Trace calls from my service won't help, since I don't even get as far as the RoleEntryPoint when using HTTPS!) I figured this out; see next edit.
That null pointer exception during the Azure deployment has me worried. Is it worthwhile to try reinstalling the Azure SDK, and if so, how should I go about doing a clean install of it?
Has anyone seen a problem of this sort disappear when switching to using full IIS for the emulator? (That seems unlikely since IIS vs. IIS Express should have no relevance to the Azure deployment.)
EDIT (Jan. 4, 10:15 AM): Bad news: I tried the suggestion to grant Read access to the certificates, but it didn't help in my case. Good news: I managed to capture one of those sporadic messages in the Compute Emulator UI before it shut down; it was a bit of info from some diagnostics. Not helpful in and of itself, but it revealed where the Development Fabric was storing its temporary files:
[Diagnostics] Information: C:\Users\Lars\AppData\Local\dftmp\Resources\0005155d-4592-40f4-812e-18793b26576c\directory\DiagnosticStore\Monitor
The GUID portion gets recreated for every deployment, and it is deleted when the deployment goes away (as it always does in my case). But in the parent directory ('dftmp'), there are a few helpful directories that I then monitored during a new deployment: DevFCLogs, DFAgentLogs, and IISConfiguratorLogs. I guess that answers the first question I had yesterday! :)
DFAgentLogs\DFAgent.log: (41KB) No useful information. A bunch of "Failure to read pipe" messages and failures to get the role/deployment instance ID, which I assume are just noise.
DevFCLogs\DevFabric--2013.01.04--<...>.log: (510 KB) No useful information. I skimmed the file and also searched for 'error', 'failure', 'not found', 'certificate', and 'Mvc4WebRole_IN_0'; none of those showed any hints of what was going on.
IISConfiguratorLogs\IISConfigurator.log: (6 KB) Now we're making progress!! :) Can someone tell me what this means? (In the meantime, I'm off ILSpy-hunting... fun fun...)
IISConfigurator Information: 0 : [00006356:00000005, 2013/01/04 16:07:08.915] Using IIS Express appdomain
(...)
IISConfigurator Information: 0 : [00006356:00000005, 2013/01/04 16:07:08.936] Adding binding 127.255.0.0:444: to site deployment18(40).WindowsAzureCloudService.Mvc4WebRole_IN_0_Web
IISConfigurator Information: 0 : [00006356:00000005, 2013/01/04 16:07:10.484] Caught exception
IISConfigurator Information: 0 : [00006356:00000005, 2013/01/04 16:07:10.487] Exception:System.Runtime.InteropServices.COMException (0x800401F3): Invalid class string (Exception from HRESULT: 0x800401F3 (CO_E_CLASSSTRING))
Server stack trace:
at Microsoft.Web.Administration.Interop.IAppHostProperty.get_Value()
at Microsoft.Web.Administration.ConfigurationElement.GetPropertyValue(IAppHostProperty property)
at Microsoft.Web.Administration.Binding.get_CertificateHash()
at Microsoft.Web.Administration.BindingCollection.Add(Binding binding)
at Microsoft.WindowsAzure.ServiceRuntime.IISConfigurator.WasManager.DeploySite(String roleId, WASite roleSite, String appPoolName, String sitePath, String iisLogsRootFolder, String failedRequestLogsRootFolder, List1 bindings, List1 protocols, FileManager fileManager, WAAppPool defaultAppPoolSettings, String roleGuid, String& appPoolSid, List`1 appPoolsAdded, String configPath)
EDIT (Jan. 4, 11 AM): ILSpy wasn't much help; the exception is being thrown at an interop point (we knew that already) while trying to get the hash of a certificate in order to set up the binding (we knew that too). Does anyone know what COM object would need to be registered in order to get a certificate hash for a binding in Microsoft.Web.Administration? Or how I could intercept the interop call to find out? Bonus points if you can tell me why this is happening in the first place. :)
I've had similar problem on two computers. On both cases installing IIS solved the problem.
It seems to be enough to just install the IIS (via add/remove Windows components). You don't need to start using it. The installation changes something and after that my IIS Express started working again with HTTPS from Visual Studio.
There is a discussion on similar issue on MSDN Social:
http://social.msdn.microsoft.com/Forums/nl-NL/windowsazuredevelopment/thread/ad362016-16f6-459a-8022-9307aa5f910e
And the issue has been also raised on Microsoft connect:
https://connect.microsoft.com/VisualStudio/feedback/details/758533
In my case the error in the log files was:
IISConfigurator Information: 0 : [00007644:00000007, 2013.01.17
00:39:18.523] Exception:System.Runtime.InteropServices.COMException
(0x800401F3): Invalid class string (Exception from HRESULT: 0x800401F3
(CO_E_CLASSSTRING))
I found the log files from C:\Users\\AppData\Local\dftmp\IISConfiguratorLogs directory.
When running locally with a private key cert for SSL, you'll need to give the user the emulator app is running under access to the private key. Open mmc.exe and add the Certificates >> Local Computer Snap-In to view your certificate. Right Click on the certificate, then All Tasks >> Manage Private Keys - then add IUSR and Network Service with at least read access.
For deployment to azure, you'll need to upload the certificate to the Cloud Service and make sure the certificate is valid for the domain.
Follow step 11 from http://www.microsoft.com/en-us/download/details.aspx?id=35448. From this SO post
I have windows 2008 r2 installed on my server, so iis 7.5 is.
I am not able run any of the class.net applications on iis. one of the compression modules throws exception.
Detailed Error Information
Module DynamicCompressionModule
Notification SendResponse
Handler StaticFile
Error Code 0x8007007e
Requested URL http://localhost:8081/a.html
Physical Path C:\inetpub\TestWebSite\a.html
Logon Method Anonymous
Logon User Anonymous
i tried diferent logon methods, different sites even static html pages are not served. Error never changes.
sorry for poor english.
A quick bit of searching found this: http://forums.iis.net/t/1149768.aspx. Are you running a 64bit server? If so, is it possible you are (potentially inadvertently) mixing 32bit and 64bit code in the same application pool?
More information with slightly more detailed steps to resolve the problem found here: http://blogs.msdn.com/webtopics/archive/2010/03/08/troubleshooting-http-500-19-errors-in-iis-7.aspx (search down for error code 0x8007007e)
Error Message:
HTTP Error 500.19 - Internal Server
Error The requested page cannot be
accessed because the related
configuration data for the page is
invalid. Module
DynamicCompressionModule Notification
SendResponse Handler StaticFile
Error Code 0x8007007e Requested URL
http://localhost:80/ Physical Path
C:\inetpub\wwwroot Logon Method
Anonymous Logon User Anonymous
Reason:
Error Code 0x8007007e is:
ERROR_MOD_NOT_FOUND - The specified
module could not be found.
This problem occurs because the
ApplicationHost.config file or the
Web.config file references a module
that is invalid or that does not
exist. To resolve this problem: In the
ApplicationHost.config file or in the
Web.config file, locate the module
reference or the DLL reference that is
invalid, and then fix the reference.
To determine which module reference is
incorrect, enable Failed Request
Tracing, and then reproduce the
problem.
For above specific error (mentioned in
this example),
DynamicCompressionModule module is
causing the trouble. This is because
of the XPress compression scheme
module (suscomp.dll) which gets
installed with WSUS. Since Compression
schemes are defined globally and try
to load in every application Pool, it
will result in this error when 64bit
version of suscomp.dll attempts to
load in an application pool which is
running in 32bit mode.
This module entry looks like:
Hence to get rid of this problem:
Ø Remove/Disable the XPress
compression scheme from the
configuration using the command below:
%windir%\system32\inetsrv\appcmd.exe
set config
-section:system.webServer/httpCompression
/-[name='xpress']
OR
Ø Add an attribute of "precondition=
"64bitness" for this module entry so
that it loads only in 64bit
application pools
Refer this blog for more details on
Preconditions in IIS7
OR
Ø Use a 32bit version of suscomp.dll