Messages stay in “Active” status for quite a long time without suspending or error when using a certificate to call external WCF service on BizTalk server
Consider the following scenario:
- You have a BizTalk send port setup to call a third party external WCF service.
- You are using a certificate to call this WCF service.
In this scenario, you may encounter that there are messages stay in “Active” status for quite a long time without suspending or error. Therefore, corresponding orchestrations which are waiting for those messages become dehydrated：
We captured dump files for the BizTalk process which hosts the send port, and found the reason why the messages are in Active status without suspending should be, the function called ultimately lead to an actual Dialog being opened that requires user input. Since BTS is a service, the dialog will never be displayed so it will just hang here:
KERNELBASE!WaitForSingleObjectEx(void * hHandle = 0x00002028, unsigned long
dwMilliseconds = 0xffffffff, int bAlertable = 0n0)+0x98
kernel32!WaitForSingleObjectExImplementation(void * hHandle = 0x00002028,
unsigned long dwMilliseconds = 0xffffffff, int bAlertable = 0n0)+0x75
kernel32!WaitForSingleObject(void * hHandle = 0x00002028, unsigned long
dwMilliseconds = 0xffffffff)+0x12
DlgType = SKUseDialog (0n1), struct __PROMPT_PARAMS * pParams = 0x222ac278, int
* pnButton = 0x222ac274)+0x65
Then we go ahead and check the ForceKeyProtection key on BizTalk server at : MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection. The value of this registry key has been set as 1.
ForceKeyProtection=1 represents the strong private key protection was enabled, which means the user must use a password to protect their private key, thus there is a dialog being opened for user input as we observed in dump files. This setting can be set when you import a certificate: If you want to be able to use strong private key protection, select the Enable strong private key protection check box. For detailed information, please refer to: http://technet.microsoft.com/en-us/library/cc776889(v=ws.10).aspx .
Create a new certificate with strong private key protection disabled for calling external WCF service on BizTalk server.