Firstly, let me apologise for my lack of knowledge. I am reasonably new to .Net and the wonders of Umbraco.
I have two Umbraco websites setup, one production one staging, before go live these sites were syncing with courier as expected and all was well.
Once the production site was moved live and beyond the business firewall the syncing function has stopped working, I think it might be something to do with the SSL, but as I said .. a noob.
Here is the error I now get:
Application Error The underlying connection was closed: An unexpected
error occurred on a send. Error details
System.Net.WebException: The underlying connection was closed: An
unexpected error occurred on a send. ---> System.IO.IOException:
Unable to read data from the transport connection: An existing
connection was forcibly closed by the remote host. --->
System.Net.Sockets.SocketException: An existing connection was
forcibly closed by the remote host at
System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32
size, SocketFlags socketFlags) at
System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset,
Int32 size)
--- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset,
Int32 size) at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer,
Int32 offset, Int32 count) at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst,
Byte[] buffer, AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult
lazyResult) at
System.Threading.ExecutionContext.RunInternal(ExecutionContext
executionContext, ContextCallback callback, Object state, Boolean
preserveSyncCtx) at
System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state, Boolean
preserveSyncCtx) at
System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) at
System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at
System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at
System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace --- at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest
request) at
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at
Umbraco.Courier.RepositoryProviders.CourierWebserviceRepositoryProvider.CloseSession(String
sessionKey) at
Umbraco.Courier.RepositoryProviders.CourierWebserviceRepositoryProvider.Dispose(Boolean
disposing) at
Umbraco.Courier.RepositoryProviders.CourierWebserviceRepositoryProvider.Dispose()
at Umbraco.Courier.Core.Repository.Dispose(Boolean disposing) at
Umbraco.Courier.Core.Repository.Dispose() at
Umbraco.Courier.UI.Dialogs.CommitItem.OnInit(EventArgs e) at
System.Web.UI.Control.InitRecursive(Control namingContainer) at
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Unable to read data from the transport connection: An existing
connection was forcibly closed by the remote host.
System.IO.IOException: Unable to read data from the transport
connection: An existing connection was forcibly closed by the remote
host. ---> System.Net.Sockets.SocketException: An existing connection
was forcibly closed by the remote host at
System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32
size, SocketFlags socketFlags) at
System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset,
Int32 size)
--- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset,
Int32 size) at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer,
Int32 offset, Int32 count) at
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst,
Byte[] buffer, AsyncProtocolRequest asyncRequest) at
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult
lazyResult) at
System.Threading.ExecutionContext.RunInternal(ExecutionContext
executionContext, ContextCallback callback, Object state, Boolean
preserveSyncCtx) at
System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state, Boolean
preserveSyncCtx) at
System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) at
System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at
System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at
System.Net.ConnectStream.WriteHeaders(Boolean async) An existing
connection was forcibly closed by the remote host
System.Net.Sockets.SocketException (0x80004005): An existing
connection was forcibly closed by the remote host at
System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32
size, SocketFlags socketFlags) at
System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset,
Int32 size)
It is with Umbraco 7.2.1 & Courier 2.51.4
Any thoughts or testing ideas greatly appreciated.
Thanks
J
2016/04/13 Update - It looks like it might be a problem with the SSL certificate on the server that recently upgraded to TLS/SSL1.2 and therefore courier is not able to communicate with itself. Any thoughts along that process would be helpful, but I will update with any solutions.
We are seeing this same error on an SSL secured website:
[P10828/D70/T24] ERROR Umbraco.Web.Scheduling.ScheduledPublishing - Failed (at "https://admin.domain.com/umbraco").
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed:
I'm having the same issue but with a couple of differences.
Both staging and production servers have been working for a while and suddenly we are getting these errors (we are currently investigating for changes in our network or settings but haven't found anything yet)
Also in our case all transfers are working correctly except for media files.
I checked production and the folder seems to have the right permissions and there's plenty of room in the hard drive.
The files we are transferring are small, well below the maxRequestLength and the site timeout settings are also generous.
Does anyone have any idea on the issue?
Thank you!
We are seeing this regularly occurring in the log files (every 5 minutes) and believe it is something to do with the disabling of the old SSL/TLS protocols on the server. I'm currently investigating it with the host but do not yet have a solution.
In addition to the ScheduledPublishing exception the following is also flooding the logs with a similar exception, both I'm sure are related:
2017-01-31 09:37:56,028 [P7044/D2/T48] ERROR Umbraco.Web.Scheduling.KeepAlive - Failed (at "https://www.sitename.org.uk/umbraco").
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Umbraco.Web.Scheduling.KeepAlive.<PerformRunAsync>d__4.MoveNext()
At present, I am still no further forward with this.
System.Net.Http.HttpRequestException: An error occurred while sending the request. --->
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
Finally, I have a solution for this! Over the last couple of days we have had to harden the SSL configurations on a few of our servers and as a result, this problem has become more prolific. The cause, it seems, is related to the removal of old SSL cyphers e.g. SSL3, TLS1.0, TLS1.1 and the fact that for TLS1.2 you have to opt-in by adding the following code before making any calls over a secure connection:
Like me, you may have read that TLS1.2 is the default for .Net v4.6+ but I have not found that to be the case, you still need to opt in. As an interim measure to stave off the error reports and flooding of log files I have a drop-in solution for v7 sites by means of setting the SecurityProtocol via the ApplicationStarting event in a class that inherits from ApplicationEventHandler. I then simply drop the file into the App_code folder for each site experiencing the issue which is pretty much any site using SSL on a server that has had the old SSL cyphers removed. In case it is of help to others here is the class.
namespace MyNamespace.www
{
using Umbraco.Core;
public class TlsFix : ApplicationEventHandler
{
protected override void ApplicationStarting(UmbracoApplicationBase umbracoApplication, ApplicationContext applicationContext)
{
base.ApplicationStarting(umbracoApplication, applicationContext);
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
}
}
}
Copy it into a file with a .cs extension and drop it into your App_code folder.
Disclaimer: It goes without saying that you should test this first before using it on a production site. This is also an interim measure and I will be adding this to my existing ApplicationEventHandler for each site so that it gets compiled in the next release, I will then remove the file from the App_code folder.
I'm unable to prevent that error on an 8.0.2 install. See the code block on this related ticket which does correctly force Tls1.2, but we still get ping errors on the health check (we use https:// throughout) plus the every-5-minute KeepAlive log errors.
Similar to other commentors, our site does run okay, but the recurring errors in the log file make me think it's not doing keepalives quite right, which I believe then slows down the site during slow-traffic periods because it thinks the site has to reboot after being inactive. But I'm not a pro on this stuff.
I never was able to resolve the pingback / keepalive problem, so I still get those every 5 minutes in the log view.
But in IIS I set the Process Model timeout for that application pool to 0 (essentially never timing out), and we haven't had any ill effects from that. (Site stays up non-stop without the keepalives.)
Thanks Simon, Craig and every contribution to this post. It saved me huge of time. I am new to .NET and Umbraco. I am using Umbraco 7.5 and has switch TLS version to 11 and it works for me greatly.
You're welcome Dan, glad someone else found it useful. And thanks for reminding me that I really should check back on those projects and make sure I kept my word of removing the temporary fix ;)
I just deployed two Umbraco 7.15.5 sites to two different servers. Both sites are configured to only respond to HTTPS requests. Both sites are configured the same in IIS.
Site A: The Health Checks in the CMS all run just fine. And if I look in the umbraco log I see that there are no keepalive errors.
Site B: The Health Checks in the Security section fail with this message: 'The request was aborted: Could not create SSL/TLS secure channel.' And in the umbraco log the keepalive requests are failing with the same error.
I compared the SChannel Protocols registry keys on both servers and they're the same except: Server A enables TLS 1.2 AND TLS 1.1 while Server B only enables TLS 1.2.
I modified Site B to set "ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12" in the application_starting event handler.
I remoted into Server B and opened up Google Chrome and loaded up Site B to see if perhaps the server has a DNS resolution problem. Nope, the site loaded up properly and showed as having a proper secure connection.
Both servers are Windows Server 2012. The two sites are clones of a third site where we made content changes. So code-wise they're practically identical. Configuration-wise they're practically identical.
Yet, one of them is having this security protocol issue when it's trying to talk to itself. BTW, for both I set the site URL in the umbracosettings.config file.
The only major difference between the two servers as that Server B did not have .Net Framework 4.5.2 when I moved Site B onto it. I had to install the framework and reboot the server.
Any ideas? I'm really at a loss as to what I could be missing. Thanks!
I'm brining this up as we have encountered the issue only just recently. I'm sorry about my simple question, but in Simon Dingley's solution, is the name space he provided just an example and our own name space that our project is part of should replace that?
The underlying connection was closed: An unexpected error occurred on a send.
Firstly, let me apologise for my lack of knowledge. I am reasonably new to .Net and the wonders of Umbraco.
I have two Umbraco websites setup, one production one staging, before go live these sites were syncing with courier as expected and all was well.
Once the production site was moved live and beyond the business firewall the syncing function has stopped working, I think it might be something to do with the SSL, but as I said .. a noob.
Here is the error I now get:
It is with Umbraco 7.2.1 & Courier 2.51.4
Any thoughts or testing ideas greatly appreciated.
Thanks
J
2016/04/13 Update - It looks like it might be a problem with the SSL certificate on the server that recently upgraded to TLS/SSL1.2 and therefore courier is not able to communicate with itself. Any thoughts along that process would be helpful, but I will update with any solutions.
We are seeing this same error on an SSL secured website:
Hi,
I'm having the same issue but with a couple of differences.
Both staging and production servers have been working for a while and suddenly we are getting these errors (we are currently investigating for changes in our network or settings but haven't found anything yet)
Also in our case all transfers are working correctly except for media files. I checked production and the folder seems to have the right permissions and there's plenty of room in the hard drive.
The files we are transferring are small, well below the maxRequestLength and the site timeout settings are also generous.
Does anyone have any idea on the issue? Thank you!
Did either of you manage to resolve this?
We are seeing this regularly occurring in the log files (every 5 minutes) and believe it is something to do with the disabling of the old SSL/TLS protocols on the server. I'm currently investigating it with the host but do not yet have a solution.
In addition to the
ScheduledPublishingexception the following is also flooding the logs with a similar exception, both I'm sure are related:At present, I am still no further forward with this.
Hello!
Did the Courier developers simply bail on you? Did you ever get help with this?
This is becuase most of the API providers require TLS 1.2 nowadays
Trying adding the below code to your Global.asax.cs:
Regards
Craig
Hi Craig,
Thanks for lightning-fast reply! Since we do not develop our razor views in Umbraco (among other things) I only have a Global.asax to work with.
Can the setting you list above be set in some xml .config file instead?
Thanks again! Dustin
Hi Dustin & Craig,
At the time no-one knew anything so we had to battle out what the problem was. And it is just as Craig is saying:
<script runat="server"> void Session_Start(object sender, EventArgs e){ System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12; } </script>Cheers
J
Thank you James!
Craig:
I tried to add that SecurityProtocol to the Global.asax:
and the error I see now is:
System.Net.Http.HttpRequestException: An error occurred while sending the request. --->
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
Hi Dustin,
You want to edit the codebehind file for your global.asax - global.asax.cs
Add it to the Application_Start() method.
Thanks
Craig
please use https://www.ssllabs.com/ssltest to test what algorithm is on your server and then set it in Global.asax. For example:
Did anyone find a solution to this issue? I have the same problem on a website that I'm running.
Hi Markus,
You will need to add the code that I described above.
Add it to your Gloabl.asax.cs - Application_Start() method
Thanks
Craig
Finally, I have a solution for this! Over the last couple of days we have had to harden the SSL configurations on a few of our servers and as a result, this problem has become more prolific. The cause, it seems, is related to the removal of old SSL cyphers e.g. SSL3, TLS1.0, TLS1.1 and the fact that for TLS1.2 you have to opt-in by adding the following code before making any calls over a secure connection:
Like me, you may have read that TLS1.2 is the default for .Net v4.6+ but I have not found that to be the case, you still need to opt in. As an interim measure to stave off the error reports and flooding of log files I have a drop-in solution for v7 sites by means of setting the SecurityProtocol via the
ApplicationStartingevent in a class that inherits fromApplicationEventHandler. I then simply drop the file into theApp_codefolder for each site experiencing the issue which is pretty much any site using SSL on a server that has had the old SSL cyphers removed. In case it is of help to others here is the class.Copy it into a file with a
.csextension and drop it into yourApp_codefolder.Disclaimer: It goes without saying that you should test this first before using it on a production site. This is also an interim measure and I will be adding this to my existing
ApplicationEventHandlerfor each site so that it gets compiled in the next release, I will then remove the file from the App_code folder.Cheers Simon. This has just helped me big-time. Beer coming your way next time we meet! :)
Thanks @Simon, that was so helpful we managed to sort out the issue by adding the line you suggested to the ApplicationEventHandler starting event.
Cheers
Ali
I'm unable to prevent that error on an 8.0.2 install. See the code block on this related ticket which does correctly force Tls1.2, but we still get ping errors on the health check (we use https:// throughout) plus the every-5-minute KeepAlive log errors.
Similar to other commentors, our site does run okay, but the recurring errors in the log file make me think it's not doing keepalives quite right, which I believe then slows down the site during slow-traffic periods because it thinks the site has to reboot after being inactive. But I'm not a pro on this stuff.
Same issue & same version here!!! Any luck?
I never was able to resolve the pingback / keepalive problem, so I still get those every 5 minutes in the log view.
But in IIS I set the Process Model timeout for that application pool to 0 (essentially never timing out), and we haven't had any ill effects from that. (Site stays up non-stop without the keepalives.)
Thanks Simon, Craig and every contribution to this post. It saved me huge of time. I am new to .NET and Umbraco. I am using Umbraco 7.5 and has switch TLS version to 11 and it works for me greatly.
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls11;
You're welcome Dan, glad someone else found it useful. And thanks for reminding me that I really should check back on those projects and make sure I kept my word of removing the temporary fix ;)
Thank you Simon you have saved me also. Free beers if you ever get to Brisbane!
I'd love to one day so maybe I'll get a chance to take you up on that - glad it helped ;)
Simon Dingley, is the recommended code supposed to be dropped into the API site or the front-end web site, or both?
I just deployed two Umbraco 7.15.5 sites to two different servers. Both sites are configured to only respond to HTTPS requests. Both sites are configured the same in IIS.
Site A: The Health Checks in the CMS all run just fine. And if I look in the umbraco log I see that there are no keepalive errors.
Site B: The Health Checks in the Security section fail with this message: 'The request was aborted: Could not create SSL/TLS secure channel.' And in the umbraco log the keepalive requests are failing with the same error.
I compared the SChannel Protocols registry keys on both servers and they're the same except: Server A enables TLS 1.2 AND TLS 1.1 while Server B only enables TLS 1.2.
I modified Site B to set "ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12" in the application_starting event handler.
I remoted into Server B and opened up Google Chrome and loaded up Site B to see if perhaps the server has a DNS resolution problem. Nope, the site loaded up properly and showed as having a proper secure connection.
Both servers are Windows Server 2012. The two sites are clones of a third site where we made content changes. So code-wise they're practically identical. Configuration-wise they're practically identical.
Yet, one of them is having this security protocol issue when it's trying to talk to itself. BTW, for both I set the site URL in the umbracosettings.config file.
The only major difference between the two servers as that Server B did not have .Net Framework 4.5.2 when I moved Site B onto it. I had to install the framework and reboot the server.
Any ideas? I'm really at a loss as to what I could be missing. Thanks!
In Umbraco 8 it looks like this
I'm brining this up as we have encountered the issue only just recently. I'm sorry about my simple question, but in Simon Dingley's solution, is the name space he provided just an example and our own name space that our project is part of should replace that?
namespace MyNamespace.www {
}
or does the .www part have to be there?
Thanks.
Use whatever namespace is relevant to your project.
is working on a reply...