cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

8.5 SSL site encryption.

     I upgraded from 8.1 to 8.5. I discovered if you have the 'require secure channel (SSL)' checked on the 'Directory Security' tab in IIS the installer fails with an "Unable to write web configuration file" error. If you diasble it and run the config wizard again it installs without error. However, Now if you try to login using SSL you get error below.

     I have a case open with support but wanted to know if anybody else who has upgraded to 8.5 is having problems with SSL encryption on the site as well? Or, if you did how did you fix it?

     Orion must suport SSL encryption or it will be the end of its use in my organization. Too much sensitive information is contained within it to not allow SSL encryption.

 

Orion Website Error

An error has occurred with the Orion website.

Additional Information

System.Net.WebException: The operation has timed out
   at System.Net.HttpWebRequest.GetResponse()
   at ClassicSiteProxy.Login(HttpContext context, String username, String password)
   at Login.DoLoginAction(String username, String password)
   at Login.LoginButton_Click(Object sender, EventArgs e)
   at System.Web.UI.WebControls.ImageButton.OnClick(ImageClickEventArgs e)
   at System.Web.UI.WebControls.ImageButton.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.WebControls.ImageButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 
Tags (1)
0 Kudos
23 Replies
Level 19

8.5 has a known issue with SSL. We have it fixed in-house and are working on getting together a hotfix for it.

0 Kudos

I'm having the same problem.


Any word on when the hotfix will be available?

0 Kudos

 very soon. it's going through internal testing now- until then try the workaround.

0 Kudos

I use SSL, and when I upgraded to 8.5, most of my site was broken.  I could still get some of the pages, and while they were mostly functional, they didn't look right (the style was different from the rest of the Orion site).  If I turned off SSL, the site worked fine.


 So, I applied Hotfix 1, and now the site is completely broken.  I can't get to any of Orion's web pages, and the application is completely unavailable.  During the HF1 install, I got an error: "Unable to update web configuration file".  Tried rebooting/reinstalling, and always get that error.


 Now, when I try to acces the Orion site, I get the error below.  I have a trouble ticket open since yesterday (#18303), but haven't heard anything from support.


Orion Website Error
An error has occurred with the Orion website.
Additional Information
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.TlsStream.CallProcessAuthentication(Object state)
   at System.Threading.ExecutionContext.runTryCode(Object userData)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()
   at ClassicSiteProxy.Login(HttpContext context, String username, String password)
   at Login.DoLoginAction(String username, String password)
   at Login.LoginButton_Click(Object sender, EventArgs e)
   at Login.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

0 Kudos

I was also getting the unable to update configuration error. If you uncheck the 'require SSL' option in IIS under directory security you can run the configuration manager and hotfix without it throwing an error.


 I was instructed to install the hotfix as well by support and get the same error now for all SSL pages. Although, since none of my SSL pages were working after the upgrade it didn't represent a change for me. I just get a different error message now.


I have a support ticket open for this at their highest severity but I haven't heard from them since Monday! Either they are stumped, too busy on other update problems, or both. However, I wish they would at least send a quick 'our dev team is working on the problem' update. At least Tim was nice enough to give me a heads up in the forum.

0 Kudos

 rdeprez-

What is your case number? I'll see if I can get an status update for you. 

0 Kudos

17782 is the case number.


Thanks Mark!!

0 Kudos

Rich


 


I just sent you a mail .can you please try the following .


 Can you do one thing First


In The below Directory
C:\Inetpub\SolarWinds\Orion\custom.config.txt

Change the "localhost" to the server's ip address. and rename it to custom.config

If this doesnt Work Undo the change i just mentioned in the custom.config.txt file and go into web.config located here

 


C:\Inetpub\SolarWinds\web.config

and change "WARN" to "DEBUG"


Save this file and try to browse again . Run diagnostics and Send to me with the case


 


Thanks


 Joe Hanly

0 Kudos

Joe,


   I responded. No change to the behavior. The new diag is attached to the case.

0 Kudos

 rdeprez-

Check your ticket again, I know the DEV guys just sent you a test fix.  

0 Kudos

illsend this to you directly


 joe

0 Kudos

Joe,


   I got it. It works! I was able to set the require secure channel option in IIS and browse around. I don't see any broken links or problems yet. I still have to add all my customizations back in and fix path problems but the base install works with SSL now. I'll post again if the customizations do not work with SSL for some reason. Thanks! And please pass my thanks onto the rest of the dev team.

0 Kudos

Excellent Rich


 


I will pass on .Glad your up and Running


 


Joe

0 Kudos

Hotfix 2 addresses this issue-




 

0 Kudos

UGH....just applied the hotfix and the problem is back....Tried copying the fixed classicproxy back over again and no luck.

I get this...

Orion Website Error

An error has occurred with the Orion website.

Additional Information

System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: The handshake failed due to an unexpected packet format.
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.TlsStream.CallProcessAuthentication(Object state)
   at System.Threading.ExecutionContext.runTryCode(Object userData)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()
   at ClassicSiteProxy.Login(HttpContext context, String username, String password)
   at Login.DoLoginAction(String username, String password)
   at Login.InitiateLogin()
   at Login.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
0 Kudos

There is
an issue with Hotfix 2 & SSL. It will be

fixed in 8.5.1 which will be about 2 weeks time, so try this workaround.



Edit \Inetpub\Solarwinds\Orion\custom.config and change the port to 443.



0 Kudos

That did the trick. Thanks for the quick response!

0 Kudos

there was no attachement in the email. I responded asking them to resend the fix.

0 Kudos

Rich


 


Earlier you were referring to a hotfix which you had already installed . I need you to make sure that you applied Not only the netflow Hotfix but the Orion 8.5 Hotfix1 also


Thanks


 


Joe


 


 


 


 

0 Kudos

I applied hot fixes for both 8.5 and NTA 2.2. I am trying the new file posted now and will reply with the outcome.

0 Kudos