When configuring FTPS in BizTalk Server 2010, there is an error "The client and server cannot communicate, because they do not possess a common algorithm"

  • Article

Problem Description

==================

 

When configuring the new feature FTPS adapter (receive or send) to connect FTP server in BizTalk Server 2010, there may raise the following error in the event log on BizTalk Server:

 

“The client and server cannot communicate, because they do not possess a common algorithm”

Problem Analysis

================

 

We collect dump files forBTSNTSvc.exe when reproducing this issue, and we have the following information.

 

The status code 0x80090331 means SEC_E_ALGORITHM_MISMATCH.

 

In addition, after we look into the source code, from the parameters which was passed to sspicli!AcquireCredentialsHandleW by the BizTalk xceedftpbiztalk module, we could see BizTalk FTPS only support TLS v1. So the problem is caused by that TLS v1 is disabled in the BizTalk Server box.

 

0:027> p

Time Travel Position:
FE3840000296.

eax=80090331 ebx=00000000
ecx=01a55038 edx=00000001 esi=5d02a0e8 edi=01a54c88

eip=74b3151e esp=254cebd4
ebp=254cebd4 iopl=0         nv up ei pl
zr na pe nc

cs=0023  ss=002b 
ds=002b  es=002b  fs=0053 
gs=002b            
efl=00000246

sspicli!AcquireCredentialsHandleW+0x27:

74b3151e
5d             
pop     ebp

0:027> !gle

LastErrorValue: (Win32) 0x1
(1) - Incorrect function.

LastStatusValue: (NTSTATUS) 0x80090331 - The client and server cannot
communicate, because they do not possess a common algorithm.

 

0:027> gu

Time Travel Position:
FE384000006A.

eax=80090331 ebx=00000000
ecx=768d0175 edx=1bf364e0 esi=00000000 edi=00000000

eip=74b253d8 esp=254cea84
ebp=254ceb10 iopl=0         nv up ei pl
nz na pe nc

cs=0023  ss=002b 
ds=002b  es=002b  fs=0053 
gs=002b            
efl=00000206

sspicli!SspipAcquireCredentialsHandle+0xf9:

74b253d8
8945e0         
mov     dword ptr [ebp-20h],eax ss:002b:254ceaf0=254ceb10

 

0:027> k

ChildEBP RetAddr 

254ceb10 74b2dccf sspicli!SspipAcquireCredentialsHandle+0xf9
[d:\w7rtm\minio\security\base\lsa\security\sspiwrap.cxx @ 196]

254ceb68 74b3030b
sspicli!LsaAcquireCredentialsHandleW+0x8e [d:\w7rtm\minio\security\base\lsa\security\sspicli\lsastubs.cxx
@ 581]

254ceba4 74b3151e
sspicli!AcquireCredentialsHandleCommon+0xce
[d:\w7rtm\minio\security\base\lsa\security\sspicli\newstubs.cxx @ 592]

254cebd4 5d01fc86
sspicli!AcquireCredentialsHandleW+0x27 [d:\w7rtm\minio\security\base\lsa\security\sspicli\newstubs.cxx
@ 463]

254cec54 5d02037d
xceedftpbiztalk!CXwlSslSocketWrapper::GetClientCredentials+0xc9
[d:\bt\9359137\private\source\runtime\msg\adapters\ftp\xceedftp\winsock\xwlsslsocketwrapper.cpp
@ 183]

254cec80 5d0128dd
xceedftpbiztalk!CXwlSslSocketWrapper::SetupTLS+0x51
[d:\bt\9359137\private\source\runtime\msg\adapters\ftp\xceedftp\winsock\xwlsslsocketwrapper.cpp
@ 303]

254ced18 5d0100c5
xceedftpbiztalk!CXceedFtp::ConnectPerformer+0x341 [d:\bt\9359137\private\source\runtime\msg\adapters\ftp\xceedftp\activex\xceedftpperformers.cpp
@ 473]

254ced60 1be164d6
xceedftpbiztalk!CXceedFtp::Connect+0xf3
[d:\bt\9359137\private\source\runtime\msg\adapters\ftp\xceedftp\activex\xceedftpmethods.cpp
@ 332]

254cedcc 1be16309
DomainBoundILStubClass.IL_STUB_CLRtoCOM()+0x86

254cee10 1be13fe5
Microsoft_BizTalk_CoreAdapter!Microsoft.BizTalk.Adapter.FtpAdapter.FtpUtil.Connect(XceedFtpLib.XceedFtp,
System.String, System.String)+0x29
[d:\bt\9359137\private\source\Runtime\Msg\Adapters\Ftp\Runtime\FtpUtil.cs @
201]

254cef18 1be12ec6
Microsoft_BizTalk_CoreAdapter!Microsoft.BizTalk.Adapter.FtpAdapter.FtpReceiverEndpoint.EndpointTask()+0x235
[d:\bt\9359137\private\source\Runtime\Msg\Adapters\Ftp\Runtime\FtpReceiverEndpoint.cs
@ 325]

254cef60 1be129ba
Microsoft_BizTalk_CoreAdapter!Microsoft.BizTalk.Adapter.FtpAdapter.FtpReceiverEndpoint.ControlledEndpointTask()+0x56
[d:\bt\9359137\private\source\Runtime\Msg\Adapters\Ftp\Runtime\FtpReceiverEndpoint.cs
@ 251]

254cef8c 1be12838 Microsoft_BizTalk_BaseAdapter!Microsoft.BizTalk.Adapter.Common.SimpleTask.Start()+0x2a
[d:\bt\9359137\private\source\Runtime\Msg\Adapters\BaseAdapter\SimpleTask.cs @
45]

254cefb8 1be1256d
Microsoft_BizTalk_Scheduler_Runtime!Microsoft.BizTalk.Scheduler.TaskController.StartTask()+0x28
[d:\bt\9359137\private\source\Runtime\Scheduler\Runtime\TaskController.cs @
638]

254cefc4 1be1241e
Microsoft_BizTalk_Scheduler_Runtime!Microsoft.BizTalk.Scheduler.TaskController+StartPendingState.OnThreadAvailable(Microsoft.BizTalk.Scheduler.TaskController)+0x1d

 

 

Problem Resolution

=================

 

Please check the following registry key in your BizTalk Server box to see if there is any TLS v1 registry key been disabled, that means the value is 0. If so, please change the TLS 1.0 Client registry key value to 1, that enable TLS 1.0 for client.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.0\Client