Using System.Net trace to troubleshooting SSL problem in .NET 2.0 application


 


In .NET Framework 2.0, System.Net has a new feature called Tracing. System.Net Tracing is very useful for some special scenarions:


          Client and server are on the same machine, in case of this network monitor doesn’t work for you as it can’t capture the loop back traffic.


           Secure communication like HTTPS.


Here is a sample about using System.Net tracing to resolve a SSL problem. Consider follow scenario, an AuthenticationException throw out on frontend web service when it calling the backend web service.


Client — SSL — Frontend Web Service (ASP.NET 2.0)  — SSL — Backend Web Service


[AuthenticationException: The remote certificate is invalid according to the
validation procedure.]
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message,
AsyncProtocolRequest asyncRequest, Exception exception) +1036754
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest) +333
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) +313



To fix this problem, we enabled System.Net tracing, below is the configuration file. Please:


          Insert this config part into your web.config


          Make sure application pool identity has write permission to the log file.


<system.diagnostics>


                        <sources>


                                    <source name=”System.Net” tracemode=”includehex” maxdatasize=”1024″>


                                                <listeners>


                                                            <add name=”System.Net”/>


                                                </listeners>


                                    </source>


                                    <source name=”System.Net.Sockets”>


                                                <listeners>


                                                            <add name=”System.Net”/>


                                                </listeners>


                                    </source>


                                    <source name=”System.Net.Cache”>


                                                <listeners>


                                                            <add name=”System.Net”/>


                                                </listeners>


                                    </source>


                        </sources>


                        <switches>


                                    <add name=”System.Net” value=”Verbose”/>


                                    <add name=”System.Net.Sockets” value=”Verbose”/>


                                    <add name=”System.Net.Cache” value=”Verbose”/>


                        </switches>


                        <sharedListeners>


                                    <add name=”System.Net”


                                      type=”System.Diagnostics.TextWriterTraceListener”


                                      initializeData=”d:\temp\network.log”    />


                        </sharedListeners>


                        <trace autoflush=”true”/>


</system.diagnostics>


 


And, we found follow detailed information in the trace file.


System.Net Information: 0 : [0308] SecureChannel#59995477 – Remote certificate has
errors:
System.Net Information: 0 : [0308] SecureChannel#59995477 – A certificate chain
processed, but terminated in a root certificate which is not trusted by the trust
provider.

System.Net Information: 0 : [0308] SecureChannel#59995477 – Remote certificate was
verified as invalid by the user.
System.Net.Sockets Verbose: 0 : [0308] Socket#54041329::Dispose()
System.Net Error: 0 : [0308] Exception in the HttpWebRequest#27598891:: – The
underlying connection was closed: Could not establish trust relationship for the
SSL/TLS secure channel.
System.Net Error: 0 : [0308] Exception in the
HttpWebRequest#27598891::EndGetResponse – The underlying connection was closed:
Could not establish trust relationship for the SSL/TLS secure channel.


Regards,


Wei Zhao

Comments (1)

  1. Garry Trinder says:

    More about System.Net tracing can be found from this KB article,

    http://support.microsoft.com/kb/947285

Skip to main content