RE: Security Error on WebSync

Hello John,

Thanks for your update. Going forward, please check the result of the
following link:

https://server111/salesorders/replisapi.dll?diag

Also, please provide the informaiton in salesorder\websync.log . You could
send it to me at petery@xxxxxxxxxxxxx

I'd like to know when you configure web sync wizard, how do you configure
"default domain" and "realm" of basic authentication. .

AS for Express version, you need to develop your own application to do
merge replication. Please refer to "Sales order" sample project for more
related information.

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================


This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYstOZbjow6xZFLSDKtHZzSjppLhw==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
References: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
<BukIYH9JGHA.3696@xxxxxxxxxxxxxxxxxxxxx>
<818D8E32-508E-4EC0-ADBD-7BEA2C7F77EB@xxxxxxxxxxxxx>
<seghpuuKGHA.3152@xxxxxxxxxxxxxxxxxxxxx>
<99200FC1-0BE8-486B-A53B-3D4AE40EE6B6@xxxxxxxxxxxxx>
<9pnaNE8KGHA.1240@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Security Error on WebSync
Date: Wed, 8 Feb 2006 05:38:09 -0800
Lines: 267
Message-ID: <61776F5B-39DB-48BC-96E1-B584184C868B@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.sqlserver.replication:69143
X-Tomcat-NG: microsoft.public.sqlserver.replication

Added a different database publication and subscription, the same thing.
Network sync is fine. Whenever change to web sync (https) the problem
occurs.
Am I using a correct https?
https://server111/salesorders/replisapi.dll
Is it required that my subscriber joins the domain?
More info:
The CA is issued by own server -server111, distributor also on Server111.
I
also put the CA to the trusted publisher at the subscriber

Thanks,
John

"Peter Yang [MSFT]" wrote:

Hello John,

To narrow down the issue, you may want to test if the issue occurs with
different subsriber if possible. I suspect some third party program on
the
subscriber causes this issue. You may want to troubleshoot the issue
with a
selective startup on client machine. To do so:

1. Run the System Configuration Utility (msconfig.exe): Click
Start->Run,
type "msconfig"(without quotation mark) in the open box, and click OK.
2. On the General tab, select "Selective Startup" and then deselect Load
Startup items, select the checks on other options.
3. On the Services tab, click Hide All Microsoft Services. Deselect all
the
items left.
4. Click the Apply button.
5. Reboot your computer to test if the issue occurs at this time.

Also, if possible, pleas try to install another instance on the server
to
see if the issue occurs on local machine.

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================


This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYrN7QlQrwjM/6fSWKCnW7xSq2xzw==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
References: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
<BukIYH9JGHA.3696@xxxxxxxxxxxxxxxxxxxxx>
<818D8E32-508E-4EC0-ADBD-7BEA2C7F77EB@xxxxxxxxxxxxx>
<seghpuuKGHA.3152@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Security Error on WebSync
Date: Mon, 6 Feb 2006 08:09:27 -0800
Lines: 173
Message-ID: <99200FC1-0BE8-486B-A53B-3D4AE40EE6B6@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.replication:69070
X-Tomcat-NG: microsoft.public.sqlserver.replication

Peter,
Thank you very much. I learnt more on the replication security issues.
SSL seems working fine. I did get a warning -invalid CA name/Mismatch
if I
use the ip address for the https://192.168.0.111. However if I put
https://server11 it is fine. I configured the merge agent on subscriber
a
domain user of the server and local machine.
What else could be wrong?
BTW I user windows Server 2003 Standard sp1 64bit, SQL 2005 Developer
32bit
on the server. SQL 2005 Developer 32bit on a XP sp2 machine.
John

"Peter Yang [MSFT]" wrote:

Hello,

If you connect "https://Server111/SalesOrders/replisapi.dll"; from
subscriber, did you encounter any certiticate warning of remote IIS
server?
If so, it seems the root CA certificate is not installed properly on
sbscriber. Please refer to the following article to install root CA
certficate by referring to the following article:

290625.KB.EN-US HOW TO: Configure SSL in a Windows 2000 IIS 5.0 Test
Environment by
http://support.microsoft.com/default.aspx?scid=KB;EN-US;290625

Since merge agent in SQL server also uses SSL to connect Web server,
please
make sure the account you configured for merge agent on subscriber
has
the
proper permission on publisher.

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader
so
that others may learn and benefit from your issue.

=====================================================


This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYoz8fNWhouZsx2S52qzzNyasYPag==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
References: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
<BukIYH9JGHA.3696@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Security Error on WebSync
Date: Fri, 3 Feb 2006 06:40:30 -0800
Lines: 90
Message-ID: <818D8E32-508E-4EC0-ADBD-7BEA2C7F77EB@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.sqlserver.replication:69013
X-Tomcat-NG: microsoft.public.sqlserver.replication

Thanks for the quick response. After I made a lot of try errors by
reconfigure the subscriber property, I think the "A security error
occurred"
is the problem. This happened before the Merge Process Web Sync
Client.

Probably the SQL/Windows account passwords encrypted in the
subscriber
machine (PC) were not decrypt correctly at the Publisher/Distributor
(Server111).

I don't know if these have something to do with the IIS Server CA
Which
issued by server111. I did import this CA to the subscribe root
trust.
I
wondered if MS uses their own Encrypt/Decrypt mechanism or use the
CA
to
logon SQL Server.
Thank you very much.

John

"Peter Yang [MSFT]" wrote:

Hello,

It seems "Content-Type" in http header is missing due to some
issues.
Did
you use the account of "merge agent" on subscriber when you access
the
https://Server111/SalesOrders/replisapi.dll?

Did you select "run each agent at its subscriber(pull
subscription)
in
new
subscription wizard when you configure?

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your
newsreader
so
that others may learn and benefit from your issue.

=====================================================



This posting is provided "AS IS" with no warranties, and confers
no
rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYniZTpl3PRIIZxQsyrYuQrMbLhRA==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
Subject: Security Error on WebSync
Date: Wed, 1 Feb 2006 15:45:28 -0800
Lines: 19
Message-ID: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.sqlserver.replication:68941
X-Tomcat-NG: microsoft.public.sqlserver.replication

I am new here and trying to make SQL Server 2005merge replication
example
SalesOrders work. I made https work on Windows 2003 web server.
However
when
I tried to WebSync I got an error. The message is attached. Would
somebody
tell me how to add an http header Content-Type to the WebSync
process?
Thank you in advance.

The upload message to be sent to Publisher 'Server111' is being
generated
The merge process is using Exchange ID
'93E0ACAE-1EE7-420C-BF63-F06C01D1202F' for this web
synchronization
session.
A security error occurred
A security error occurred
The Merge Agent could not connect to the URL
'https://Server111/SalesOrders/replisapi.dll' during Web
synchronization.
But https://Server111/SalesOrders/replisapi.dll is show correctly
in
IE.

The message in the log file:
CHttpListener ERROR: Mandatory http header value is missing:
Content-Type.
ERROR: Received invalid message.












.