Variety of errors appearing randomly

Question

I have decided to revise this question as it was a rush job after hours of frustration. Apologies to all that wasted time on it.

Topology: Two distinct application. 1. WPF Application C#. Includes DevExpress tools, SignalR, AutoRest implemation of web api. ADAL authenication. 2. Webapi ASP.NET that resides on Azure, recently upgraded to .net version 4.6.1 (Post errors). I use versioning also via headers. 3.Azure SQL Server as the backend. Recently upgraded DTU (Memory, CPU etc) from 10 to 20. (Post errors)

System has been running successfully for approx three years, with a lot of development work over that period.

After no releases for several days, Monday morning comes and errors start appearing. I log all errors to SQL Server via NLog.

First Error: (By far the most I am getting)

System.Net.Http.HttpRequestException: Error while copying content to a stream. ---> System.IO.IOException: The decryption operation failed, see inner exception. ---> System.ComponentModel.Win32Exception: The specified data could not be decrypted

then I started seeing

System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---

This error is less frequent, but happened 8 times yesterday.

Also I am seeing this error, which today I am starting to think may be the main culprit. I will be looking closely at my ADAL call, thought this has been working fine.

Microsoft.Rest.HttpOperationException: Operation returned an invalid status code 'Unauthorized'

The errors appear randomly, you can bypass them, and the system continues to work. Quite often there is a requirement to refresh the data.

I have since rebuilt the api from an earlier version that I know was stable, and adding in the few calls I have created since. I rebuilt the WPF app yesterday, and then had the same outcome.

So I started to think it was infrastructure on Azure.

I upgraded the DTU's on SQL Server (That was topping out, and was needed).

I upgrade the API web service plan to the next level.

I set mimimum TLS on the api to 1.2 via Azure. No changes on the api code, I just don't know enought about how TLS works.

I now have application insights running on azure, to see how the web api is running and see if I can spot anything.

I am still seeing the errors this morning. Its been a long week!

have you read [this question](https://stackoverflow.com/questions/2859790/the-request-was-aborted-could-not-create-ssl-tls-secure-channel)? — Wyck, May 20 '20 at 17:56
are you using https in the wpf application and testing https call via postman? If http is enabled, can you check if http is working fine? — Atul, May 21 '20 at 01:46
Doesn't appear to be race conditions at all. Just normal errors that you need to debug one at a time. If you can't fix the problems, then create a separate question with a dedicated [MCVE] for each issue. — mason, May 21 '20 at 14:36
Could not create SSL/TLS secure channel means your server can't make a TLS connection. Most likely it's an issue with the server certificate you're talking to. It may be self signed, it may be missing the full certificate chain pointing back to a trusted root, or it may use an untrusted root. — Brian White, May 21 '20 at 15:09

G.Dimov · Answer 1 · 2020-05-21T15:38:33.837

2

I will try to help you based on the errors that you mentioned. I was struggling with the same error:

An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

Considering that you provided no code, I cannot be sure if this is the same issue, but based on errors, I would suggest trying the following:

In your Global.asax file add the following line directly in the Application_Start method:

ServicePointManager.SecurityProtocol = 
((IEnumerable<SecurityProtocolType>)ConfigurationManager
    .AppSettings["SecurityProtocol"]
    .Split(',')
    .Select(a => (SecurityProtocolType)Enum.Parse(typeof(SecurityProtocolType), a)))
    .Aggregate<SecurityProtocolType, SecurityProtocolType>(0, (current, item) => current | (SecurityProtocolType)item);

and in your Web.config:

<add key="SecurityProtocol" value="Tls12" />

in the <appSettings> section.

This is SecurityProtocol error as the other mentioned and would suggest you a really good discussion here.

edited May 21 '20 at 15:38

answered May 21 '20 at 15:32

G.Dimov

1,716
1
8
28

Thank you. I will check this out tomorrow. This webapi is sitting on Azure. I can set TLS 1.2 on Azure. I will check out tomorrow, and report back. I really appreciate your help. I know the question isn't well planned out, but I had three long days and nights dealing with it and just hit a brick wall. Sure we have all been there. Thanks! – scottsanpedro May 21 '20 at 22:11
The main error I am seeing now is the second one I posted. The decryption operation failed. I'll go into more detail tomorrow, and update the question – scottsanpedro May 21 '20 at 22:12
No worries, I will check the updated version later. I hope I can help you. – G.Dimov May 22 '20 at 06:22
Any updated information on what happened? Did my code resolve your problem? – G.Dimov Jun 02 '20 at 08:45
1

100% related. I will do a write up on what I went through as an answer, to hopefully help anyone else. Thanks for your help. – scottsanpedro Jun 02 '20 at 11:15
Good news! I am really glad I helped you in a way. I gave you a +1 when I answered. If the answer helped you out, I would really appreciate an up vote. :) – G.Dimov Jun 02 '20 at 11:27

score 0 · Answer 2 · answered May 21 '20 at 15:13

Mostly I debug these issues very crudely. Open a browser on the server running your app. Go to the url you're hitting. Evaluate the lock/untrusted part of the url and take a look at the certificate being presented. 98% of the time that is all that's needed. For the other 2%, Wireshark is your friend. It will show the details of the TLS negotiation. Your server and the remote server may have no ciphers in common, and you can see that in the logs. You can also use nmap to get a list of ciphers from remote server, and compare to the ones enabled in registry

Dang it I meant to add another comment and don't seem to be able to delete this now — Brian White, May 21 '20 at 15:14

score 0 · Answer 3 · answered May 23 '20 at 03:20

I have a feeling this is a tls mismatch issue. maybe one of the systems started requiring tls 1.2 and your application is not sending it. you weren't very specific about where the error is originating from, is it between your webapi and the sql db or is it between the wpf and the webapi,

assuming its between the wpf and webapi, open a powershell, type [Net.ServicePointManager]::SecurityProtocol then see what you see there, then run in powershell, this will set the default for the .net versions below 4.7 to always force tls1.2 connections

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

then restart powershell and do the [Net.ServicePointManager]::SecurityProtocol again to ensure it says Tls12 in there too.

or set it manually in your code, but I would run that first on your wpf side computer to test if that's the issue.

Variety of errors appearing randomly

3 Answers3