RE: Security Error on WebSync

Hello John,

To narrow down the issue, you may want to test if the issue occurs with
different subsriber if possible. I suspect some third party program on the
subscriber causes this issue. You may want to troubleshoot the issue with a
selective startup on client machine. To do so:

1. Run the System Configuration Utility (msconfig.exe): Click Start->Run,
type "msconfig"(without quotation mark) in the open box, and click OK.
2. On the General tab, select "Selective Startup" and then deselect Load
Startup items, select the checks on other options.
3. On the Services tab, click Hide All Microsoft Services. Deselect all the
items left.
4. Click the Apply button.
5. Reboot your computer to test if the issue occurs at this time.

Also, if possible, pleas try to install another instance on the server to
see if the issue occurs on local machine.

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================


This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYrN7QlQrwjM/6fSWKCnW7xSq2xzw==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
References: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
<BukIYH9JGHA.3696@xxxxxxxxxxxxxxxxxxxxx>
<818D8E32-508E-4EC0-ADBD-7BEA2C7F77EB@xxxxxxxxxxxxx>
<seghpuuKGHA.3152@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Security Error on WebSync
Date: Mon, 6 Feb 2006 08:09:27 -0800
Lines: 173
Message-ID: <99200FC1-0BE8-486B-A53B-3D4AE40EE6B6@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.replication:69070
X-Tomcat-NG: microsoft.public.sqlserver.replication

Peter,
Thank you very much. I learnt more on the replication security issues.
SSL seems working fine. I did get a warning -invalid CA name/Mismatch if I
use the ip address for the https://192.168.0.111. However if I put
https://server11 it is fine. I configured the merge agent on subscriber a
domain user of the server and local machine.
What else could be wrong?
BTW I user windows Server 2003 Standard sp1 64bit, SQL 2005 Developer
32bit
on the server. SQL 2005 Developer 32bit on a XP sp2 machine.
John

"Peter Yang [MSFT]" wrote:

Hello,

If you connect "https://Server111/SalesOrders/replisapi.dll"; from
subscriber, did you encounter any certiticate warning of remote IIS
server?
If so, it seems the root CA certificate is not installed properly on
sbscriber. Please refer to the following article to install root CA
certficate by referring to the following article:

290625.KB.EN-US HOW TO: Configure SSL in a Windows 2000 IIS 5.0 Test
Environment by
http://support.microsoft.com/default.aspx?scid=KB;EN-US;290625

Since merge agent in SQL server also uses SSL to connect Web server,
please
make sure the account you configured for merge agent on subscriber has
the
proper permission on publisher.

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================


This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYoz8fNWhouZsx2S52qzzNyasYPag==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
References: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
<BukIYH9JGHA.3696@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Security Error on WebSync
Date: Fri, 3 Feb 2006 06:40:30 -0800
Lines: 90
Message-ID: <818D8E32-508E-4EC0-ADBD-7BEA2C7F77EB@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.replication:69013
X-Tomcat-NG: microsoft.public.sqlserver.replication

Thanks for the quick response. After I made a lot of try errors by
reconfigure the subscriber property, I think the "A security error
occurred"
is the problem. This happened before the Merge Process Web Sync Client.

Probably the SQL/Windows account passwords encrypted in the subscriber
machine (PC) were not decrypt correctly at the Publisher/Distributor
(Server111).

I don't know if these have something to do with the IIS Server CA Which
issued by server111. I did import this CA to the subscribe root trust.
I
wondered if MS uses their own Encrypt/Decrypt mechanism or use the CA
to
logon SQL Server.
Thank you very much.

John

"Peter Yang [MSFT]" wrote:

Hello,

It seems "Content-Type" in http header is missing due to some issues.
Did
you use the account of "merge agent" on subscriber when you access
the
https://Server111/SalesOrders/replisapi.dll?

Did you select "run each agent at its subscriber(pull subscription)
in
new
subscription wizard when you configure?

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader
so
that others may learn and benefit from your issue.

=====================================================



This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYniZTpl3PRIIZxQsyrYuQrMbLhRA==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
Subject: Security Error on WebSync
Date: Wed, 1 Feb 2006 15:45:28 -0800
Lines: 19
Message-ID: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.sqlserver.replication:68941
X-Tomcat-NG: microsoft.public.sqlserver.replication

I am new here and trying to make SQL Server 2005merge replication
example
SalesOrders work. I made https work on Windows 2003 web server.
However
when
I tried to WebSync I got an error. The message is attached. Would
somebody
tell me how to add an http header Content-Type to the WebSync
process?
Thank you in advance.

The upload message to be sent to Publisher 'Server111' is being
generated
The merge process is using Exchange ID
'93E0ACAE-1EE7-420C-BF63-F06C01D1202F' for this web synchronization
session.
A security error occurred
A security error occurred
The Merge Agent could not connect to the URL
'https://Server111/SalesOrders/replisapi.dll' during Web
synchronization.
But https://Server111/SalesOrders/replisapi.dll is show correctly in
IE.

The message in the log file:
CHttpListener ERROR: Mandatory http header value is missing:
Content-Type.
ERROR: Received invalid message.









.