Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Mike Ward 7 posts 85 karma points
    Sep 01, 2016 @ 09:35
    Mike Ward
    1

    Immediate KeepAlive & ScheduledPublishing log errors after TLS1.2 update

    Hi there, we turned TLS1, SSL2 and SSL3 off on our live hosting and immediately after started seeing the below two errors on overdrive. I have had a good search through the forums (this pops up a lot with varying degrees of not really sorted) and the bug tracker (often solved but for versions before the one we are using).

    I understand why they are appearing and why so frequent, but what I can’t understand is how an internal service isn't able to connect under the same security layer.

    This is a high traffic site with over 20,000 visitors per day and 4 peak times around the clock so I cant poke and prod at will, it all needs to be pre-agreed down time, plus am concerned the amount of extra file writes and log/cache growth could be a risk.

    So I have 2 questions:

    Has anyone found an actual permanent solution to this?

    Is Umbraco using top down security choice by default (.net4.5+) or is there a fix needed for TLS1.2?

    Every 5 minutes 2016-08-30 17:01:36,404 [67] ERROR Umbraco.Web.Scheduling.KeepAlive - [P3168/T65/D5] Failed (at "https://www.xxx.com/umbraco"). System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult) at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult) --- End of inner exception stack trace --- at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) --- End of inner exception stack trace --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Umbraco.Web.Scheduling.KeepAlive.

    Every minute 2016-08-30 17:01:36,404 [67] ERROR Umbraco.Web.Scheduling.ScheduledPublishing - [P3168/T65/D5] Failed (at "https://www.xxx.com/umbraco"). System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult) at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult) --- End of inner exception stack trace --- at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context) at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar) --- End of inner exception stack trace --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Umbraco.Web.Scheduling.ScheduledPublishing.

    How its setup:

    • Umbraco 7.2.8
    • dedicated hosting Win 2012 R2
    • The entire site is under a permanent URL rewrite to https. It has been since go live (12 months ago) and this error has never occurred before.
    • UmbracoUseSSL = true
    • ScheduledTask Base URL = www.xxx.com/umbraco/
    • .net frameworks fully up to date and patched (4.5+)
    • powershell scripts run automated jobs - had to update these ([Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12) to force TLS and confirmed working

    Things I have tried:

    • Some mentions of server reboots not setting the OriginalRequestUrl
      (makes it localhost) - confirmed URL is correct after app restarts
    • tried updating the URL rewrite rule to a different format, no change
    • tried moving the URL rewrite rule from web.config to /config/UrlRewriting.config, no change

    References:

    Any help or advice would be massively appreciated

    cheers, mike

  • David Peck 655 posts 1770 karma points c-trib
    Oct 03, 2016 @ 13:09
    David Peck
    1

    We got the same after turning off TLS 1.0. I'm guessing some code in their is compiled with an earlier version of .NET than 4.5. This will cause it to use TLS 1.0.

  • Sumesh KP 32 posts 104 karma points c-trib
    Jul 19, 2018 @ 05:54
    Sumesh KP
    0

    We have the same issue. Can anyone help on this?

  • David Peck 655 posts 1770 karma points c-trib
    Jul 19, 2018 @ 10:27
    David Peck
    0

    Do you know what version of .NET you're using? If you can upgrade to 4.6.2 you should be sorted.

  • organic 108 posts 157 karma points
    Aug 23, 2018 @ 18:51
    organic
    1

    I was able to fix this by forcing the site to use TLS1.2 by:

        public class PtAppEventHandler : ApplicationEventHandler
    {
        protected override void ApplicationStarted(UmbracoApplicationBase umbracoApplication, ApplicationContext applicationContext)
        {
            System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
        }
    }
    
  • Eric Schrepel 158 posts 223 karma points
    Jun 26, 2019 @ 18:06
    Eric Schrepel
    0

    We have TLS1.2 enabled on our server, but getting those 5-minute interval errors in Umbraco 8. Would that code work for Umbraco 8 maybe, and if so, where exactly does it go? In a class in AppStart or AppCode?

  • Bryna 70 posts 235 karma points
    Jun 26, 2019 @ 19:07
    Bryna
    0

    You have to make a composition something like below:

     public class MyComponent : IComponent
        {
            public void Initialize()
            {
                System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
            }
    }
    

    I think it is also covered more exhaustively at https://our.umbraco.com/documentation/Implementation/Composing/

  • Eric Schrepel 158 posts 223 karma points
    Jun 28, 2019 @ 21:56
    Eric Schrepel
    0

    Still having the 5-minute keepAlive errors, and have done all the following: 1) added code to ensure SecurityProtocolType =Tls12 (it's set in a component now, can see it's set correctly by showing that property in any view), 2) set useHttps = true in web.config, 3) sets ApplicationUrl in

    I feel like those are all the steps I've seen to correct this issue so far (again, in Umbraco v8), so will maybe wait for more info if others are having the same issue.

  • Bo Jacobsen 548 posts 2212 karma points
    Jun 29, 2019 @ 17:04
    Bo Jacobsen
    0

    Hi Eric.

    Just a wild guess. Did you append your component?

    public class InstallComposer : IUserComposer
    {
        public void Compose(Composition composition)
        {
            composition.Components().Append<MyComponent>();
        }
    }
    
  • Eric Schrepel 158 posts 223 karma points
    Jul 01, 2019 @ 18:25
    Eric Schrepel
    0

    I've got the following code running now (thanks for the tips on Compositions, which are new to me). Have verified that it runs by examining the log viewer after Umbraco starts, but still getting the KeepAlive errors every 5 minutes, so may explore whether there's something happening between Umbraco and SQL Server maybe, or an SSL certificate issue.

      using Umbraco.Core;
      using Umbraco.Core.Composing;
      using Umbraco.Core.Logging;
    
      namespace intranet.App_Start
        {
            [RuntimeLevel(MinLevel = RuntimeLevel.Run)]
            public class InstallComposer : IUserComposer
            {
                public void Compose(Composition composition)
                {
                    composition.Components().Append<TLSFix>();
                }
            }
    
            public class TLSFix : IComponent
            {
                public void Initialize()
                {
                    // Force TLS1.2 as SecurityProtocol
                    System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
                    Current.Logger.Info<TLSFix>("SecurityProtocol been set to {protocol}", System.Net.ServicePointManager.SecurityProtocol);
                }
    
                public void Terminate()
                {
                }
            }
        }
    
Please Sign in or register to post replies

Write your reply to:

Draft