Connection to Portal fails after 10.7 upgrade

1393
7
04-01-2019 03:55 PM
JoeHershman
MVP Regular Contributor

Just upgraded our portal to 10.7 and now cannot connect from Runtime application

Receive the following error:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The remote certificate is invalid according to the validation procedure.

This same code worked at 10.6.1 (and has worked on previous versions).  If I change to using agol it will work

public async Task<TokenCredential> GetPortalCredential(string user, string password)
{
	try
	{
		var portalUri = new Uri($"{ConfigurationSettings.PortalUrl}/sharing/rest");
		var credential = await AuthenticationManager.Current.GenerateCredentialAsync(portalUri, user, password);
		return credential;
	}
	catch (Exception e)
	{
		_log.Log(e.Message, Category.Exception, Priority.None);

		return null;
	}
}
Thanks,
-Joe
0 Kudos
7 Replies
dotMorten_esri
Esri Notable Contributor

This error would happen if your server's SSL certificate is invalid (or missing). According to this page, SSL is now default in 10.7: http://enterprise.arcgis.com/en/server/latest/get-started/windows/what-s-new-in-arcgis-for-server.ht...

At 10.7, only communication over HTTPS is enabled in ArcGIS Server by default. Previously, communication over both HTTP and HTTPS was enabled by the default setting. The default TLS protocol settings have also changed: now, only TLS version 1.2 is enabled by default on ArcGIS Server, though you can modify the settings to enable TLS versions 1.0 and 1.1. 

0 Kudos
JoeHershman
MVP Regular Contributor

I have had Portals using SSL since 10.5.  After a full re-install (previously had upgraded) the SSL error is gone.  Kind of a drag as now I need to recreate all the content, but that's a different compliant.  But prior to upgrade everything showed a valid certificate if I browsed to the pages in chrome

I now have issue that can only connect with enterprise credentials when on a domain machine and IWA is turned on in IIS (passing no credentials)  If IWA is not enabled on IIS and I pass network credentials it does not work (different exception than the SSL).  This worked prior to upgrading, so not sure what the issue is

Thanks,
-Joe
0 Kudos
MichaelBranscomb
Esri Frequent Contributor

Is this a WPF application? And if so, what version of .NET Framework is the app targeting?

0 Kudos
JoeHershman
MVP Regular Contributor

.net 4.6.1 (corrected)

Thanks,
-Joe
0 Kudos
MichaelBranscomb
Esri Frequent Contributor

I assume you mean .NET 4.6.1 - just in case you're running into .NET Framework / TLS 1.2 issues: can you try updating your project to target .NET Framework 4.7 (or later)?

Cheers

0 Kudos
NathanRaley
New Contributor III

Any solution if you can't update to 4.7 or later?  Just wandering b/c it appears we are having some issues relating to this as well.

0 Kudos
MichaelBranscomb
Esri Frequent Contributor

More info:

- TLS 1.2 and .NET Framework: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls.

- TLS 1.2 and Esri software: https://support.esri.com/en/tls

Cheers

0 Kudos