Community
Select to view content in your preferred language

Connection to Portal fails after 10.7 upgrade

1677
7
04-01-2019 03:55 PM
JoeHershman
by MVP Regular Contributor
MVP Regular Contributor
‎04-01-2019 03:55 PM

Just upgraded our portal to 10.7 and now cannot connect from Runtime application

Receive the following error:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The remote certificate is invalid according to the validation procedure.

This same code worked at 10.6.1 (and has worked on previous versions).  If I change to using agol it will work

public async Task<TokenCredential> GetPortalCredential(string user, string password)
{
	try
	{
		var portalUri = new Uri($"{ConfigurationSettings.PortalUrl}/sharing/rest");
		var credential = await AuthenticationManager.Current.GenerateCredentialAsync(portalUri, user, password);
		return credential;
	}
	catch (Exception e)
	{
		_log.Log(e.Message, Category.Exception, Priority.None);

		return null;
	}
}
Thanks,
-Joe
0 Kudos
7 Replies
dotMorten_esri
by Esri Notable Contributor
Esri Notable Contributor
‎04-01-2019 05:13 PM

This error would happen if your server's SSL certificate is invalid (or missing). According to this page, SSL is now default in 10.7: http://enterprise.arcgis.com/en/server/latest/get-started/windows/what-s-new-in-arcgis-for-server.ht...

At 10.7, only communication over HTTPS is enabled in ArcGIS Server by default. Previously, communication over both HTTP and HTTPS was enabled by the default setting. The default TLS protocol settings have also changed: now, only TLS version 1.2 is enabled by default on ArcGIS Server, though you can modify the settings to enable TLS versions 1.0 and 1.1. 

0 Kudos
JoeHershman
by MVP Regular Contributor
MVP Regular Contributor
‎04-03-2019 08:23 AM

I have had Portals using SSL since 10.5.  After a full re-install (previously had upgraded) the SSL error is gone.  Kind of a drag as now I need to recreate all the content, but that's a different compliant.  But prior to upgrade everything showed a valid certificate if I browsed to the pages in chrome

I now have issue that can only connect with enterprise credentials when on a domain machine and IWA is turned on in IIS (passing no credentials)  If IWA is not enabled on IIS and I pass network credentials it does not work (different exception than the SSL).  This worked prior to upgrading, so not sure what the issue is

Thanks,
-Joe
0 Kudos
MichaelBranscomb
by Esri Frequent Contributor
Esri Frequent Contributor
‎04-03-2019 09:41 AM

Is this a WPF application? And if so, what version of .NET Framework is the app targeting?

0 Kudos
JoeHershman
by MVP Regular Contributor
MVP Regular Contributor
‎04-04-2019 10:05 AM

.net 4.6.1 (corrected)

Thanks,
-Joe
0 Kudos
MichaelBranscomb
by Esri Frequent Contributor
Esri Frequent Contributor
‎04-04-2019 10:15 AM

I assume you mean .NET 4.6.1 - just in case you're running into .NET Framework / TLS 1.2 issues: can you try updating your project to target .NET Framework 4.7 (or later)?

Cheers

0 Kudos
NathanRaley
by
Occasional Contributor
‎04-04-2019 03:33 PM

Any solution if you can't update to 4.7 or later?  Just wandering b/c it appears we are having some issues relating to this as well.

0 Kudos
MichaelBranscomb
by Esri Frequent Contributor
Esri Frequent Contributor
‎04-04-2019 03:57 PM

More info:

- TLS 1.2 and .NET Framework: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls.

- TLS 1.2 and Esri software: https://support.esri.com/en/tls

Cheers

0 Kudos