More in this section

Forums / General Discussions / Unable to get to /Sitefinity with v10 on an upgraded site

Unable to get to /Sitefinity with v10 on an upgraded site

22 posts, 0 answered
  1. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    14 Mar
    Link to this post

    I just get this error, and that config URL it specifies loads just fine.  I get this just loading the page itself, not evenat the login screen.

    Are there some upgrade docs anywhere, maybe I'm missing something over what the basic upgrade applies?

     

    Server Error in '/' Application.

    The remote certificate is invalid according to the validation procedure.Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

    Exception Details: System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

    Source Error: 

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
    Stack Trace: 

    [AuthenticationException: The remote certificate is invalid according to the validation procedure.] System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) +298 System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) +150 [WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.] System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) +764 System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) +78 [HttpRequestException: An error occurred while sending the request.] [AggregateException: One or more errors occurred.] System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) +4492572 Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +208 [IOException: Unable to get document from: https://dev.sitefinitysteve.com/Sitefinity/Authenticate/OpenID/.well-known/openid-configuration] Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +664 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +14139120 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.IdentityModel.Protocols.<GetAsync>d__0.MoveNext() +290 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +14139120 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() +929 [InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://dev.sitefinitysteve.com/Sitefinity/Authenticate/OpenID/.well-known/openid-configuration'.] Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() +1287 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +14139120 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.Owin.Security.OpenIdConnect.<ApplyResponseChallengeAsync>d__c.MoveNext() +728 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +14139120

  2. Georgi
    Georgi avatar
    1 posts
    Registered:
    18 Sep 2013
    14 Mar
    Link to this post

    Hi Steve,

    How did you perform the upgrade procedure? There are quite a bit of changes to the web.config. You can try upgrading using the Project Manager. The Project Manager will apply web.config changes automatically and add new references to your .csproj.

    Regards,
    Georgi

  3. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    14 Mar
    Link to this post

    Yeah i pretty much exclusively use the project manger for updates for this exact reason :/

    Is ssl REQUIRED?  Like in a new site it wouldn't be there but an existing site using ssl pulled down local with an invalid cert?

  4. Dimitar
    Dimitar avatar
    9 posts
    Registered:
    04 Jul 2013
    15 Mar in reply to Steve
    Link to this post

    Hi Steve,

    You could take a look at the documentation about certificates.

    http://docs.sitefinity.com/authentication-flow-and-certificates

    "You must configure this certificate, by navigating to Administration » Settings » Advanced » Authentication » SecurityTokenService » IdentityServer » SigningCertificate."

    If you cannot login you should apply those changes using the config file. (e.g. you could create a new test project apply the setting and use it to the existing project). Or you could turn off the SSL and configure it and then turn it back.

    Regards,

    Dimitar

  5. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    15 Mar in reply to Dimitar
    Link to this post
    The problem isn't even I can't login, it's I can't get to /Sitefinity though... like I dont even get to the point of seeing the login page, just throws the above error
  6. Dimitar
    Dimitar avatar
    9 posts
    Registered:
    04 Jul 2013
    15 Mar in reply to Steve
    Link to this post

    Take a look at the documentation and you should register a valid certificate for dev.sitefinitysteve.com

    You could apply the changes before login in Sitefinity - by using Authentication.config file directly in AppData/Sitefinity (as I mentioned in my previous answer).

    D

  7. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    15 Mar in reply to Dimitar
    Link to this post
    Okay will try, thx!
  8. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    15 Mar in reply to Steve
    Link to this post
    Yeah that's it I guess, if I remove the HTTPS redirect in the webconfig I can get to the backend now...  guess I'll play around with trying to add the cert per your doc there, thx!
  9. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    15 Mar
    Link to this post

    Okay not sure what else to do here...

    I have a trusted cert, it's added to the Authentication.config

    <?xml version="1.0" encoding="utf-8"?>
    <authenticationConfig xmlns:config="urn:telerik:sitefinity:configuration" xmlns:type="urn:telerik:sitefinity:configuration:type" config:version="10.0.6400.0" encryptionKey="">
    <securityTokenServiceSettings>
    <identityServerSettings>
    <signingCertificate subjectName="dev.sitefinitysteve.com" />
    </identityServerSettings>
    </securityTokenServiceSettings>
    </authenticationConfig>

     

    Still get the error on login

  10. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    15 Mar
    Link to this post

    Hmm, so just trusted in chrome I think is the problem then clearly, how can it be globally trusted?  Saw this in the warmup logs

    Timestamp: 2017-03-15 5:36:36 PM

    Message: The page 'https://dev.sitefinitysteve.com/' failed to warmup with error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.. Requested URL: https://dev.sitefinitysteve.com/

  11. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    15 Mar
    Link to this post

    Eugh this is frustrating

    Okay imported the cert to the WINDOWS global trusted store, now all the errors are gone, site warmup seems okay as well (and seems to work! :D)

     

    So now the last issue is that when I try to log in with my local creds (which work on http) I get the attached Message in the Login UI

    ...turn off HTTPS, log in with those same creds, all good again.

  12. Dimitar
    Dimitar avatar
    9 posts
    Registered:
    04 Jul 2013
    16 Mar in reply to Steve
    Link to this post

    Keep in mind that enabling https requires all of the site to use it. Otherwise the cookies wont be sent.

    Take a look at - http://docs.sitefinity.com/administration-configure-http-and-https-bindings-to-work-simultaneously.

     

    Have you checked Sitefinity/Administration/Settings/Advanced/Authentication > Require Https?

    For investigation of such errors - you can turn on the IdentityServer logging

    Sitefinity/Administration/Settings/Advanced/Authentication > SecurityTokenService > IdentityServer > Enable logging and check the Authentication log. There you will find the error details.

    The reason not showing the details is that there may be a security sensitive info that the end user should not see.

    For more information http://docs.sitefinity.com/turn-on-authentication-logging

    Best,

    Dimitar

  13. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    16 Mar in reply to Dimitar
    Link to this post
    Can we get the docs updated with the XML for the .config files?  If I can't login I can't get to these pages (working on updating another site atm)... would be nice to just open the config and paste in the settings instead of needing to JustDecompile it to find the propery names (would just be more handy)
  14. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    16 Mar
    Link to this post

    Okay for anyone else, the error was

    Message: Signing certificate has not private key or private key is not accessible. Make sure the account running your application has access to the private key

    1) Open your Certificates MMC 

    2) Find your cert

    3) Right Click->All Tasks->Manage Private Keys

    4) Add your app pool to the list

  15. Francis Kienlen
    Francis Kienlen avatar
    0 posts
    Registered:
    16 Jun 2006
    27 Mar
    Link to this post

    Hi Steve and Dimitar,

    After I upgrade Sitefinity 9.2 to 10 I cannot anymore see the login backend page. I receive immediately a 401 error.

    I upgrade my development site with Project Manager and the upgrade was successfully. I launch succesfully the dev website and receive a sucessfully check for the database upgrade. I see no problem into the upgrade log.

    To be sure it's not coming of my server I create a new project with Project Manager and launch this new project website I can see the login backend page.

    I use IISexpress and Visual Studio for both. Configure in https with Visual Studio, he create for me IIS Express Developement Certificate.

    I don't know why with the new project it's ok and for the upgrade website I receive a 401 error page (see attachment).

    I look also into log of iisExpress use fiddler but don't find why this issue is coming with my upgrade website. Compare dll and also web.config. Try a lot of thing without success :-/

    Can someone give me a help?

  16. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    27 Mar in reply to Francis Kienlen
    Link to this post
    In the SecurityConfig. do you have "authenticateOnFrontendLoginPage" set to true?
  17. Francis Kienlen
    Francis Kienlen avatar
    0 posts
    Registered:
    16 Jun 2006
    27 Mar in reply to Steve
    Link to this post

    Right Steve I missed to tell that. Originally he was  set to true "authenticateOnFrontendLoginPage" into SecurityConfig.

    I test it also without this term and also with "False" but I receive always 401.

    Perhaps he record this into a DB file???

  18. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    27 Mar in reply to Francis Kienlen
    Link to this post

    You've shut the browser down, cleared cache... she's all clean that way?

     

    Are there any logs that give any details?

     

    What about enabling auth logs?

    <?xml version="1.0" encoding="utf-8"?>
    <authenticationConfig xmlns:config="urn:telerik:sitefinity:configuration" xmlns:type="urn:telerik:sitefinity:configuration:type" config:version="10.0.6400.0" encryptionKey="***">
        <relyingPartySettings authCookieExpirationTime="1140" authCookieSecureOption="Never" />
        <securityTokenServiceSettings>
            <identityServerSettings enableLogging="True">
                <signingCertificate subjectName="***" />
            </identityServerSettings>
        </securityTokenServiceSettings>
    </authenticationConfig>
  19. Francis Kienlen
    Francis Kienlen avatar
    0 posts
    Registered:
    16 Jun 2006
    27 Mar in reply to Francis Kienlen
    Link to this post

    I clear cache of the browser,

    Here the authenticationconfig:

    <?xml version="1.0" encoding="utf-8"?>
    <authenticationConfig xmlns:config="urn:telerik:sitefinity:configuration" xmlns:type="urn:telerik:sitefinity:configuration:type" config:version="10.0.6400.0" requireHttps="True" encryptionKey="***">
      <relyingPartySettings authCookieSecureOption="Never" />
      <securityTokenServiceSettings>
        <signingCertificate subjectName="localhost" />
        <identityServerSettings enableLogging="True" />
      </securityTokenServiceSettings>
    </authenticationConfig>

     

    I use visual studio to launch my dev project and he use localhost:<port> in https.

    I receive no log about authentication because he finish before. He stop immediately

    About log into IISexpress I can found this but he don't give me a solution...

    <?xml version="1.0" encoding="UTF-8" ?>
    <?xml-stylesheet type='text/xsl' href='freb.xsl'?>
    <!-- saved from url=(0014)about:internet -->
    <failedRequest url="https://localhost:44386/sitefinity"
                   siteId="2"
                   appPoolId="Clr4IntegratedAppPool"
                   processId="12244"
                   verb="GET"
                   remoteUserName=""
                   userName=""
                   tokenUserName="WEBDEV1\gs1admin"
                   authenticationType="anonymous"
                   activityId="{80000110-0000-EE00-B63F-84710C7967BB}"
                   failureReason="STATUS_CODE"
                   statusCode="401"
                   triggerStatusCode="401"
                   timeTaken="46"
                   xmlns:freb="http://schemas.microsoft.com/win/2006/06/iis/freb"
                   >

    If I use the new project into this same log I receive a status-code 200. With the same new project I can also use a "restlet Client" plugin from Chrome and get a response with this line "/Sitefinity/Authenticate/OpenID/.well-known/openid-configuration"

    With my sitefinity dev I receive 401 error.

     

     

  20. Francis Kienlen
    Francis Kienlen avatar
    0 posts
    Registered:
    16 Jun 2006
    29 Mar in reply to Francis Kienlen
    Link to this post

    Finally after a suggestion of Sitefinity support to use the web.config file of the _empty project I do a compare of my web.config and the _empty web.config file. And find which line who causes the issue.

    It was this line: "<add key="owin:AutomaticAppStartup" value="false" />" I comment this line and now I can acces to the backend login.

    Hope that can help other people.

    Regards,
  21. Vijay
    Vijay avatar
    0 posts
    Registered:
    18 Jan 2012
    03 Jul in reply to Steve
    Link to this post
    For applications with Configuration files in Azure Database, you need to manually update sf_xml_config_items table with AuthenticationConfig.config settings mentioned above 
  22. Gooya
    Gooya avatar
    23 posts
    Registered:
    11 May 2010
    07 Nov
    Link to this post

    Hello, we are using wildcard certificate and can't get this thing working.

    We try https://knowledgebase.progress.com/articles/Article/IDX10803-Unable-to-create-to-obtain-configuration-from-error-when-trying-to-authenticate and configuration sugested above.

    Our certificate has complex subject, with CN, O, L, S and C set(CN=*.domain.si,O=our company,L=city,s=city,C=US). How do we set subjectName attribute on signingCertificate element. Currently we tried "*.domain.com".

    Copy of page with same configuration but nonwildcard certificate works fine in other server.

    Regards,

22 posts, 0 answered