RE: Security Error on WebSync

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi, Peter,
I think we made it work now.
The reason is:
The CA is issued by server111, I got this Security Alert
“Information you exchange with this site cannot be viewed or changed by
others. However, there is a problem with the site's security certificate.

! The security certificate was issued by a company you have not chosen to
trust. View the certificate to determine whether you want to trust the
certifying authority.

? The security certificate is valid.

? The security certificate has a valid name matching the name of the page
you are trying to view. Do you want to proceed?

Yes No View Certificate “

Although I have installed certificate to trusted root certification
authorities and it shows success message. I found out today, it never added
to the root. I imported the CA to the subscriber trust root from my other
machine. It works now.

Thank you so much for your help.
John Luo


"Peter Yang [MSFT]" wrote:

Hello John,

Thanks for your update. Going forward, please check the result of the
following link:

https://server111/salesorders/replisapi.dll?diag

Also, please provide the informaiton in salesorder\websync.log . You could
send it to me at petery@xxxxxxxxxxxxx

I'd like to know when you configure web sync wizard, how do you configure
"default domain" and "realm" of basic authentication. .

AS for Express version, you need to develop your own application to do
merge replication. Please refer to "Sales order" sample project for more
related information.

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================


This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYstOZbjow6xZFLSDKtHZzSjppLhw==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
References: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
<BukIYH9JGHA.3696@xxxxxxxxxxxxxxxxxxxxx>
<818D8E32-508E-4EC0-ADBD-7BEA2C7F77EB@xxxxxxxxxxxxx>
<seghpuuKGHA.3152@xxxxxxxxxxxxxxxxxxxxx>
<99200FC1-0BE8-486B-A53B-3D4AE40EE6B6@xxxxxxxxxxxxx>
<9pnaNE8KGHA.1240@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Security Error on WebSync
Date: Wed, 8 Feb 2006 05:38:09 -0800
Lines: 267
Message-ID: <61776F5B-39DB-48BC-96E1-B584184C868B@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.sqlserver.replication:69143
X-Tomcat-NG: microsoft.public.sqlserver.replication

Added a different database publication and subscription, the same thing.
Network sync is fine. Whenever change to web sync (https) the problem
occurs.
Am I using a correct https?
https://server111/salesorders/replisapi.dll
Is it required that my subscriber joins the domain?
More info:
The CA is issued by own server -server111, distributor also on Server111.
I
also put the CA to the trusted publisher at the subscriber

Thanks,
John

"Peter Yang [MSFT]" wrote:

Hello John,

To narrow down the issue, you may want to test if the issue occurs with
different subsriber if possible. I suspect some third party program on
the
subscriber causes this issue. You may want to troubleshoot the issue
with a
selective startup on client machine. To do so:

1. Run the System Configuration Utility (msconfig.exe): Click
Start->Run,
type "msconfig"(without quotation mark) in the open box, and click OK.
2. On the General tab, select "Selective Startup" and then deselect Load
Startup items, select the checks on other options.
3. On the Services tab, click Hide All Microsoft Services. Deselect all
the
items left.
4. Click the Apply button.
5. Reboot your computer to test if the issue occurs at this time.

Also, if possible, pleas try to install another instance on the server
to
see if the issue occurs on local machine.

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================


This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYrN7QlQrwjM/6fSWKCnW7xSq2xzw==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
References: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
<BukIYH9JGHA.3696@xxxxxxxxxxxxxxxxxxxxx>
<818D8E32-508E-4EC0-ADBD-7BEA2C7F77EB@xxxxxxxxxxxxx>
<seghpuuKGHA.3152@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Security Error on WebSync
Date: Mon, 6 Feb 2006 08:09:27 -0800
Lines: 173
Message-ID: <99200FC1-0BE8-486B-A53B-3D4AE40EE6B6@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.sqlserver.replication:69070
X-Tomcat-NG: microsoft.public.sqlserver.replication

Peter,
Thank you very much. I learnt more on the replication security issues.
SSL seems working fine. I did get a warning -invalid CA name/Mismatch
if I
use the ip address for the https://192.168.0.111. However if I put
https://server11 it is fine. I configured the merge agent on subscriber
a
domain user of the server and local machine.
What else could be wrong?
BTW I user windows Server 2003 Standard sp1 64bit, SQL 2005 Developer
32bit
on the server. SQL 2005 Developer 32bit on a XP sp2 machine.
John

"Peter Yang [MSFT]" wrote:

Hello,

If you connect "https://Server111/SalesOrders/replisapi.dll"; from
subscriber, did you encounter any certiticate warning of remote IIS
server?
If so, it seems the root CA certificate is not installed properly on
sbscriber. Please refer to the following article to install root CA
certficate by referring to the following article:

290625.KB.EN-US HOW TO: Configure SSL in a Windows 2000 IIS 5.0 Test
Environment by
http://support.microsoft.com/default.aspx?scid=KB;EN-US;290625

Since merge agent in SQL server also uses SSL to connect Web server,
please
make sure the account you configured for merge agent on subscriber
has
the
proper permission on publisher.

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader
so
that others may learn and benefit from your issue.

=====================================================


This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYoz8fNWhouZsx2S52qzzNyasYPag==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
References: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
<BukIYH9JGHA.3696@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Security Error on WebSync
Date: Fri, 3 Feb 2006 06:40:30 -0800
Lines: 90
Message-ID: <818D8E32-508E-4EC0-ADBD-7BEA2C7F77EB@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.sqlserver.replication
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.sqlserver.replication:69013
X-Tomcat-NG: microsoft.public.sqlserver.replication

Thanks for the quick response. After I made a lot of try errors by
reconfigure the subscriber property, I think the "A security error
occurred"
is the problem. This happened before the Merge Process Web Sync
Client.

Probably the SQL/Windows account passwords encrypted in the
subscriber
machine (PC) were not decrypt correctly at the Publisher/Distributor
(Server111).

I don't know if these have something to do with the IIS Server CA
Which
issued by server111. I did import this CA to the subscribe root
trust.
I
wondered if MS uses their own Encrypt/Decrypt mechanism or use the
CA
to
logon SQL Server.
Thank you very much.

John

"Peter Yang [MSFT]" wrote:

Hello,

It seems "Content-Type" in http header is missing due to some
issues.
Did
you use the account of "merge agent" on subscriber when you access
the
https://Server111/SalesOrders/replisapi.dll?

Did you select "run each agent at its subscriber(pull
subscription)
in
new
subscription wizard when you configure?

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your
newsreader
so
that others may learn and benefit from your issue.

=====================================================



This posting is provided "AS IS" with no warranties, and confers
no
rights.


--------------------
Thread-Topic: Security Error on WebSync
thread-index: AcYniZTpl3PRIIZxQsyrYuQrMbLhRA==
X-WBNR-Posting-Host: 67.191.160.93
From: "=?Utf-8?B?Sm9obiBMdW8=?=" <luoo@xxxxxxxxxxxxx>
Subject: Security Error on WebSync
Date: Wed, 1 Feb 2006 15:45:28 -0800
Lines: 19
Message-ID: <727441EC-A646-4A76-94A1-858B232FE8D9@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
.

Relevant Pages

  • RE: Autoenrollment error with Win2K3 servers - Event IDs 13 and 17
    ... After rebuilding the server from scratch and carefully ... In the Local Security Policy, ... Computer certificate from certificate authority %CA NAME% on %CA FQDN% ...
    (microsoft.public.windows.server.general)
  • Re: NPS RADIUS with Cisco wlc
    ... There is no layer 3 security assigned. ... And you must issue a certificate to the NPS server that is based on the IAS ... Connection request policy (ran through the wireless 802.1x wizard) ...
    (microsoft.public.internet.radius)
  • RE: Checkpoint smart defance as IPS
    ... "security is to increase difficulty level for an attack." ... Security is a function of survivability, ... you can validate which certificate was used is. ... intercept *any* SSL/TLS communication in the world, ...
    (Security-Basics)
  • Re: OWA - Security alert popup- SBS 2003
    ... > When I put in my OWA url which goes to my SBS 2003 server, ... there is a problem with the sites security ... >!yellow The Security certificate was issued by a company you have not ... The reason that you did not see this behaviour on other server ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS5 and certificate issue
    ... A new Security patch is available for IIS. ... I've installed a stand alone server (in order to test the implementation ... It's working great except that I can't go through the certificate install ... As I can't do otherwise I'm desperately looking for a kind help from some ...
    (microsoft.public.inetserver.iis.security)