Connection to Portal fails after 10.7 upgrade

Discussion created by minerjoe on Apr 1, 2019
Latest reply on Apr 4, 2019 by MBranscomb-esristaff

Like • Show 0 Likes0
Comment • 7

Just upgraded our portal to 10.7 and now cannot connect from Runtime application

Receive the following error:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The remote certificate is invalid according to the validation procedure.

This same code worked at 10.6.1 (and has worked on previous versions). If I change to using agol it will work

public async Task<TokenCredential> GetPortalCredential(string user, string password)
{
     try
     {
          var portalUri = new Uri($"{ConfigurationSettings.PortalUrl}/sharing/rest");
          var credential = await AuthenticationManager.Current.GenerateCredentialAsync(portalUri, user, password);
          return credential;
     }
     catch (Exception e)
     {
          _log.Log(e.Message, Category.Exception, Priority.None);

          return null;
     }
}

Outcomes

mnielsen-esristaff

Apr 1, 2019 5:13 PM

This error would happen if your server's SSL certificate is invalid (or missing). According to this page, SSL is now default in 10.7: http://enterprise.arcgis.com/en/server/latest/get-started/windows/what-s-new-in-arcgis-for-server.htm

At 10.7, only communication over HTTPS is enabled in ArcGIS Server by default. Previously, communication over both HTTP and HTTPS was enabled by the default setting. The default TLS protocol settings have also changed: now, only TLS version 1.2 is enabled by default on ArcGIS Server, though you can modify the settings to enable TLS versions 1.0 and 1.1.

Actions

minerjoe @ mnielsen-esristaff on Apr 3, 2019 8:23 AM

I have had Portals using SSL since 10.5. After a full re-install (previously had upgraded) the SSL error is gone. Kind of a drag as now I need to recreate all the content, but that's a different compliant. But prior to upgrade everything showed a valid certificate if I browsed to the pages in chrome

I now have issue that can only connect with enterprise credentials when on a domain machine and IWA is turned on in IIS (passing no credentials) If IWA is not enabled on IIS and I pass network credentials it does not work (different exception than the SSL). This worked prior to upgrading, so not sure what the issue is

Actions

MBranscomb-esristaff

@ minerjoe on Apr 3, 2019 9:41 AM

Is this a WPF application? And if so, what version of .NET Framework is the app targeting?

Actions

minerjoe @ MBranscomb-esristaff on Apr 4, 2019 11:54 AM

.net 4.6.1 (corrected)

Actions

MBranscomb-esristaff

@ minerjoe on Apr 4, 2019 10:15 AM

I assume you mean .NET 4.6.1 - just in case you're running into .NET Framework / TLS 1.2 issues: can you try updating your project to target .NET Framework 4.7 (or later)?

Cheers

Actions

nathan.raley @ MBranscomb-esristaff on Apr 4, 2019 3:33 PM

Any solution if you can't update to 4.7 or later? Just wandering b/c it appears we are having some issues relating to this as well.

Actions

MBranscomb-esristaff

@ nathan.raley on Apr 4, 2019 4:00 PM

More info:

- TLS 1.2 and .NET Framework: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls.

- TLS 1.2 and Esri software: https://support.esri.com/en/tls

Cheers

Actions

7 Replies

mnielsen-esristaff Apr 1, 2019 5:13 PM
This error would happen if your server's SSL certificate is invalid (or missing). According to this page, SSL is now default in 10.7: http://enterprise.arcgis.com/en/server/latest/get-started/windows/what-s-new-in-arcgis-for-server.htm

At 10.7, only communication over HTTPS is enabled in ArcGIS Server by default. Previously, communication over both HTTP and HTTPS was enabled by the default setting. The default TLS protocol settings have also changed: now, only TLS version 1.2 is enabled by default on ArcGIS Server, though you can modify the settings to enable TLS versions 1.0 and 1.1.
Like • Show 0 Likes0
Actions
- minerjoe @ mnielsen-esristaff on Apr 3, 2019 8:23 AM
  I have had Portals using SSL since 10.5. After a full re-install (previously had upgraded) the SSL error is gone. Kind of a drag as now I need to recreate all the content, but that's a different compliant. But prior to upgrade everything showed a valid certificate if I browsed to the pages in chrome
  
  I now have issue that can only connect with enterprise credentials when on a domain machine and IWA is turned on in IIS (passing no credentials) If IWA is not enabled on IIS and I pass network credentials it does not work (different exception than the SSL). This worked prior to upgrading, so not sure what the issue is
  Like • Show 0 Likes0
  Actions
  - MBranscomb-esristaff @ minerjoe on Apr 3, 2019 9:41 AM
    Is this a WPF application? And if so, what version of .NET Framework is the app targeting?
    Like • Show 0 Likes0
    Actions
    - minerjoe @ MBranscomb-esristaff on Apr 4, 2019 11:54 AM
      .net 4.6.1 (corrected)
      Like • Show 0 Likes0
      Actions
      - MBranscomb-esristaff @ minerjoe on Apr 4, 2019 10:15 AM
        I assume you mean .NET 4.6.1 - just in case you're running into .NET Framework / TLS 1.2 issues: can you try updating your project to target .NET Framework 4.7 (or later)?
        
        Cheers
        Like • Show 0 Likes0
        Actions
        nathan.raley @ MBranscomb-esristaff on Apr 4, 2019 3:33 PM
        Any solution if you can't update to 4.7 or later? Just wandering b/c it appears we are having some issues relating to this as well.
        Like • Show 0 Likes0
        Actions
        MBranscomb-esristaff @ nathan.raley on Apr 4, 2019 4:00 PM
        More info:
        
        - TLS 1.2 and .NET Framework: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls.
        - TLS 1.2 and Esri software: https://support.esri.com/en/tls
        
        Cheers
        Like • Show 0 Likes0
        Actions

GeoNet

The Esri Community

Connection to Portal fails after 10.7 upgrade

Outcomes

Related Content

Recommended Content