0

Trying to configure an SSL endpoint for a self-hosted WCF service on Windows XP. My configuration works fine on Windows 7; but Windows XP, using the same certificate, doesn't respond. I get a server not found error.

When I run netstat -an, I can see that the service is listening on port 443. There are no conflicting applications listening on the port and the firewall is off.

Has anyone seen this before? Any ideas on how to resolve?

Running httpcfg query ssl yields the following:

C:\Documents and Settings\Kane>httpcfg query ssl
    IP                      : 0.0.0.0:443
    Hash                    :  4857fcdc71a69b8df67bb7cb7c6fb1073a08f23
    Guid                    : {00000000-0000-0000-0000-000000000000}
    CertStoreName           : (null)
    CertCheckMode           : 0
    RevocationFreshnessTime : 0
    UrlRetrievalTimeout     : 0
    SslCtlIdentifier        : (null)
    SslCtlStoreName         : (null)
    Flags                   : 0
------------------------------------------------------------------------------
    IP                      : 0.0.0.0:8443
    Hash                    :  4857fcdc71a69b8df67bb7cb7c6fb1073a08f23
    Guid                    : {00000000-0000-0000-0000-000000000000}
    CertStoreName           : (null)
    CertCheckMode           : 0
    RevocationFreshnessTime : 0
    UrlRetrievalTimeout     : 0
    SslCtlIdentifier        : (null)
    SslCtlStoreName         : (null)
    Flags                   : 0
------------------------------------------------------------------------------

Below is my config file:

<?xml version="1.0"?>
<configuration>
  <system.web>
    <compilation debug="true" targetFramework="4.0"/>
  </system.web>
  <system.serviceModel>
    <protocolMapping>
      <add binding="webHttpBinding" scheme="http"/>
    </protocolMapping>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="false"/>
    <services>
      <service name="SomeWindowsService.SomeService" behaviorConfiguration="webServiceBehaviorConfig">
        <host>
          <baseAddresses>
            <add baseAddress="http://*:8080/"/>
            <add baseAddress="https://*/ssl/"/>
          </baseAddresses>
        </host>
        <!-- this endpoint is exposed at the base address provided by host: http://localhost:8080/someservice  -->
        <endpoint address="" binding="webHttpBinding"  behaviorConfiguration="WebHttpEndPointBehaviour" contract="SomeWindowsService.IFileAccessService"/>
        <endpoint name="someservice" address="someservice" binding="basicHttpBinding" bindingConfiguration="soapBindingConfig" contract="someservice"/>
        <endpoint name="someserviceSSL" address="ssl/someservice" binding="basicHttpBinding" bindingConfiguration="sslBindingConfig" contract="someservice"/>
        <endpoint address="mex" binding="mexHttpBinding" name="MetadataBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <!--Bindings-->
    <bindings>
      <basicHttpBinding>
        <binding name="soapBindingConfig" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
          <security mode="None"/>
          <readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
        </binding>
        <binding name="sslBindingConfig" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
          <security mode="Transport"/>
          <readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
        </binding>
      </basicHttpBinding>
    </bindings>
    <!--Behaviors-->
    <behaviors>
      <serviceBehaviors>
        <behavior name="webServiceBehaviorConfig">
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <serviceMetadata httpGetEnabled="true" httpGetUrl="mex" httpsGetEnabled="true" httpsGetUrl="mex" />
          <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
        </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
        <behavior name="WebHttpEndPointBehaviour">
          <webHttp/>
        </behavior>
      </endpointBehaviors>
    </behaviors>
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

  <startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/><AutoStartTerminals>false</AutoStartTerminals></startup></configuration>
Ayo I
  • 7,722
  • 5
  • 30
  • 40
  • What's strange is I don't get a certificate warning from the browser or anything. It's as if nothing is listening. I do get a http 502 from fiddler, if that helps. – Ayo I Aug 29 '13 at 16:18

1 Answers1

0

Ok, so to understand what was causing this problem I had to first turn on schannel error logging (http://support.microsoft.com/kb/260729).

Under: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL, I added a new reg DWORD: EventLogging with value 7. Then restart the machine.

Then looking at the logs, I saw error:

Event Type: Error Event Source: Schannel Event Category: None Event ID: 36870 Date: 8/29/2013 Time: 8:03:07 PM User: N/A Computer: DEVELOPMENT Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

This error led me to the following article: http://support.microsoft.com/kb/939616 after searching google for: "a fatal error 0x80090016"

I re-imported the certificate and the problem was resolved.

The key was getting logging out of Windows. It was the logging that alerted me to the certificate issue.

Ayo I
  • 7,722
  • 5
  • 30
  • 40