Using System.Net trace to troubleshooting SSL problem in .NET 2.0 application


 


In .NET Framework 2.0, System.Net has a new feature called Tracing. System.Net Tracing is very useful for some special scenarions:


-          Client and server are on the same machine, in case of this network monitor doesn’t work for you as it can’t capture the loop back traffic.


-           Secure communication like HTTPS.


Here is a sample about using System.Net tracing to resolve a SSL problem. Consider follow scenario, an AuthenticationException throw out on frontend web service when it calling the backend web service.


Client --- SSL --- Frontend Web Service (ASP.NET 2.0)  --- SSL --- Backend Web Service


[AuthenticationException: The remote certificate is invalid according to the
validation procedure.]
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message,
AsyncProtocolRequest asyncRequest, Exception exception) +1036754
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest) +333
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) +313



To fix this problem, we enabled System.Net tracing, below is the configuration file. Please:


-          Insert this config part into your web.config


-          Make sure application pool identity has write permission to the log file.


<system.diagnostics>


                        <sources>


                                    <source name="System.Net" tracemode="includehex" maxdatasize="1024">


                                                <listeners>


                                                            <add name="System.Net"/>


                                                </listeners>


                                    </source>


                                    <source name="System.Net.Sockets">


                                                <listeners>


                                                            <add name="System.Net"/>


                                                </listeners>


                                    </source>


                                    <source name="System.Net.Cache">


                                                <listeners>


                                                            <add name="System.Net"/>


                                                </listeners>


                                    </source>


                        </sources>


                        <switches>


                                    <add name="System.Net" value="Verbose"/>


                                    <add name="System.Net.Sockets" value="Verbose"/>


                                    <add name="System.Net.Cache" value="Verbose"/>


                        </switches>


                        <sharedListeners>


                                    <add name="System.Net"


                                      type="System.Diagnostics.TextWriterTraceListener"


                                      initializeData="d:\temp\network.log"    />


                        </sharedListeners>


                        <trace autoflush="true"/>


</system.diagnostics>


 


And, we found follow detailed information in the trace file.


System.Net Information: 0 : [0308] SecureChannel#59995477 - Remote certificate has
errors:
System.Net Information: 0 : [0308] SecureChannel#59995477 - A certificate chain
processed, but terminated in a root certificate which is not trusted by the trust
provider.

System.Net Information: 0 : [0308] SecureChannel#59995477 - Remote certificate was
verified as invalid by the user.
System.Net.Sockets Verbose: 0 : [0308] Socket#54041329::Dispose()
System.Net Error: 0 : [0308] Exception in the HttpWebRequest#27598891:: - The
underlying connection was closed: Could not establish trust relationship for the
SSL/TLS secure channel.
System.Net Error: 0 : [0308] Exception in the
HttpWebRequest#27598891::EndGetResponse - The underlying connection was closed:
Could not establish trust relationship for the SSL/TLS secure channel.


Regards,


Wei Zhao

Comments (1)

  1. Garry Trinder says:

    More about System.Net tracing can be found from this KB article,

    http://support.microsoft.com/kb/947285

Skip to main content