RE: Security Error on WebSync

Peter,
Thank you very much. I learnt more on the replication security issues.
SSL seems working fine. I did get a warning -invalid CA name/Mismatch if I
use the ip address for the https://192.168.0.111. However if I put
https://server11 it is fine. I configured the merge agent on subscriber a
domain user of the server and local machine.
What else could be wrong?
BTW I user windows Server 2003 Standard sp1 64bit, SQL 2005 Developer 32bit
on the server. SQL 2005 Developer 32bit on a XP sp2 machine.
John

"Peter Yang [MSFT]" wrote:

Hello,

If you connect "https://Server111/SalesOrders/replisapi.dll"; from
subscriber, did you encounter any certiticate warning of remote IIS server?
If so, it seems the root CA certificate is not installed properly on
sbscriber. Please refer to the following article to install root CA
certficate by referring to the following article:

290625.KB.EN-US HOW TO: Configure SSL in a Windows 2000 IIS 5.0 Test
Environment by
http://support.microsoft.com/default.aspx?scid=KB;EN-US;290625

Since merge agent in SQL server also uses SSL to connect Web server, please
make sure the account you configured for merge agent on subscriber has the
proper permission on publisher.

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================


This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYoz8fNWhouZsx2S52qzzNyasYPag==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
References: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
<BukIYH9JGHA.3696@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Security Error on WebSync
Date: Fri, 3 Feb 2006 06:40:30 -0800
Lines: 90
Message-ID: <818D8E32-508E-4EC0-ADBD-7BEA2C7F77EB@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.replication:69013
X-Tomcat-NG: microsoft.public.sqlserver.replication

Thanks for the quick response. After I made a lot of try errors by
reconfigure the subscriber property, I think the "A security error
occurred"
is the problem. This happened before the Merge Process Web Sync Client.
Probably the SQL/Windows account passwords encrypted in the subscriber
machine (PC) were not decrypt correctly at the Publisher/Distributor
(Server111).

I don't know if these have something to do with the IIS Server CA Which
issued by server111. I did import this CA to the subscribe root trust. I
wondered if MS uses their own Encrypt/Decrypt mechanism or use the CA to
logon SQL Server.
Thank you very much.

John

"Peter Yang [MSFT]" wrote:

Hello,

It seems "Content-Type" in http header is missing due to some issues.
Did
you use the account of "merge agent" on subscriber when you access the
https://Server111/SalesOrders/replisapi.dll?

Did you select "run each agent at its subscriber(pull subscription) in
new
subscription wizard when you configure?

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================



This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYniZTpl3PRIIZxQsyrYuQrMbLhRA==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
Subject: Security Error on WebSync
Date: Wed, 1 Feb 2006 15:45:28 -0800
Lines: 19
Message-ID: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.replication:68941
X-Tomcat-NG: microsoft.public.sqlserver.replication

I am new here and trying to make SQL Server 2005merge replication
example
SalesOrders work. I made https work on Windows 2003 web server.
However
when
I tried to WebSync I got an error. The message is attached. Would
somebody
tell me how to add an http header Content-Type to the WebSync process?
Thank you in advance.

The upload message to be sent to Publisher 'Server111' is being
generated
The merge process is using Exchange ID
'93E0ACAE-1EE7-420C-BF63-F06C01D1202F' for this web synchronization
session.
A security error occurred
A security error occurred
The Merge Agent could not connect to the URL
'https://Server111/SalesOrders/replisapi.dll' during Web
synchronization.
But https://Server111/SalesOrders/replisapi.dll is show correctly in IE.

The message in the log file:
CHttpListener ERROR: Mandatory http header value is missing:
Content-Type.
ERROR: Received invalid message.







.

Relevant Pages

  • RE: Security Error on WebSync
    ... subscriber, did you encounter any certiticate warning of remote IIS server? ... proper permission on publisher. ... Subject: Security Error on WebSync ...
    (microsoft.public.sqlserver.replication)
  • RE: Security Error on WebSync
    ... Whenever change to web sync (https) the problem occurs. ... Is it required that my subscriber joins the domain? ... The CA is issued by own server -server111, ... Subject: Security Error on WebSync ...
    (microsoft.public.sqlserver.replication)
  • security-basics Digest of: get.123_145
    ... VPN to ASP a security risk? ... Re: Multiple IPSec tunnels? ... Subject: Security NT Server ... VPN to ASP a security risk? ...
    (Security-Basics)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: << SBS News of the week - Sept 26 >>
    ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
    (microsoft.public.backoffice.smallbiz2000)