Skip to main content

Hi,

When executing a process flow with an HTTP connector in it that does a POST request into IAM I get the following error:

[err] Process action "connector_create_external_user_group" in process flow "create_external_user_in_iam" in application 97 threw an exception. (dedd009e) System.Net.WebException: The SSL connection could not be established, see inner exception. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'. ---> System.ComponentModel.Win32Exception (0x80090326): The message received was unexpected or badly formatted.    --- End of inner exception stack trace ---

The thing is that the same request / process flow works on our dev enviroment. This error occurs only in the test environment. Is it some kind of certificate issue?

Both the app services (dev and test) are running on .NET version ASP.NET v4.8 and TLS version 1.2. When making the same POST request authenticated as the pool user (same as in the process flow) in Postman, the request is handled with no problems.

Anyone has any kind of idea on where to look, not really familiar with this kind of stuff :)

Thanks!

Hi rbiram,

If I have to guess, I think this is a DNS issue.

If I understand you correctly you have a process flow that is calling the Indicium that it is running on and that it works for test but not on dev.

That it works from postman is interesting, but because you probably execute it from your computer - it might work a bit different due to DNS/Network configuration.

 

If you open a remote desktop to your server and open a browser, can you validate that:
On the test server, the URL to your Indicium works
On the dev server, the URL to your Indicium probably does not work - and fails with an SSL warning.

If the above assumption is correct, I think the issue is similar to the user in this post:

Calling the import API through a processflow executed by indicium | Thinkwise Community (thinkwisesoftware.com)

If that is the case, you can cheat by adding a line on the server that is not working to this file: C:\windows\system32\drivers\etc\hosts. If you add 127.0.0.1 dvdb-dev.thinkwise.com it probably starts working. (replace dvdb-dev.thinkwise.com with your hostname).

But I do recommend setting up some internal DNS record on your DNS server. You should probably ask someone from your IT infra department. 

You can also execute a ping -4 <hostname> on both servers. Probably you will see an internal IP for your test server but not for dev.

Regards,

Dick van den Brink

 


@rbiram Did you manage to find the cause, a workaround or something alike?


Hey @Ricky, how's everything?

I haven’t found anything yet. Contacted our cloud provider who's responsible for setting up the environments. They're stumped as well as everything seems to be set up correctly (cross checked all DTAP environment settings in Azure by downloading them as a template). 

Certificates, TLS version, DNS records, all a-okay. I have a meeting with them this week, I'll update the topic if there's anything worthwhile to add. 


Hi @rbiram,

Did the meeting with your cloud provider shine any light on the situation?


Hi @Jeroen van den Belt,

Sadly, no. They haven't been able to find anything, so it's now going through Microsoft. I'll update when I know more.