Could not establish trust relationship for the SSL/TLS secure channel

Shaik_Ahmed · November 28, 2021, 4:34am

Getting this error message when i am trying to open Kinetic as smart client application.

Smart client is working directly in application server facing issue only when i am trying to install and access from client pc.

Unable to reach the server. Retrying…

System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority ‘kineticdrcs.dolphingroup.com’. —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
— End of inner exception stack trace —
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
— End of inner exception stack trace —

Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Ice.Contracts.SessionModSvcContract.Login()
at Ice.Proxy.Lib.SessionModImpl.Login()

MikeGross · November 28, 2021, 5:17am

I’d say your problem lies here. Double check that cert and see if it expired.

I’ve also seen trust problems happen when the server and the client device are out of synch with regards to Time, by more than 5 minutes either plus or minus.

Shaik_Ahmed · November 28, 2021, 5:41am

Hi Mike
-Cert is validate until 2032 date and timing also accurate.
i am also facing issue issue in the end user client machine smart client is working directly in application server

IbrahimAbbas · November 28, 2021, 10:16am

During installation of the server, have you selected the self-signed SSL certificate option?
If so, then you need to export the certificate (from Internet Options) and let your domain administrator install it on all machines.

Or, ask your domain administrator to create a domain SSL certificate for “kineticdrcs.dolphingroup.com” to be Trusted across your network.
You will need to install this certificate on your application server, and configure Kinetic to use it.

Shaik_Ahmed · November 28, 2021, 1:03pm

Hi Ibrahim
Thank you for your suggestion.

I have been followed this below step.
Its working now.

If using a Self-signed Certificate, the cert must be in both the “Personal” and “Trusted Root CA” stores on the local server. To verify:
• In the search window on the server, type in mmc.exe. Click on mmc.exe to launch the MMC console.
• Click on File, Add/Remove Snap-In. Select the “Certificates” Snap-in. Click on the “Add” button. In the new dialog box, select “Computer Account”, click Next, then click Finish, and then click OK.
• In the left pane, expand Certificates, then Personal, and then select Certificates. Note the certificate issued to the FQDN of the ERP server, also note the “Expiration Date”.
• Navigate to the “Trusted Root Certification Authority, Certificates” folder. Scroll through the certificates in that Store and ensure the same certificate noted in the Personal Store is present. If it’s not, navigate back to the Personal Store, right-click on the Cert, select copy, then navigate to the Trusted Root CA Store, right-click on the Certificates Folder and select Paste.

Steel-op · April 26, 2023, 12:11pm

I have tried these steps but can’t get beyond this point. Do you have any suggestions?

Steel-op · April 26, 2023, 12:31pm

I had to restart my server before it would work. Got it!! thanks for the posting guys.