Exchange Server 2010 SP3.The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Hi ,

I'm using Exchange Server 2010 SP3 with EWS API 2.0 and VB.Net.

When I make the calls using the webservices, for the Exchange version I use the SP2 option for the Exchange Version.

For the Certification I use the below code which in the client side I accept everything.

  ServicePointManager.ServerCertificateValidationCallback = New  _
                    RemoteCertificateValidationCallback(AddressOf CertificateValidationCallBack)

 Private Shared Function CertificateValidationCallBack(ByVal sender As Object, ByVal certificate As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
        Return True
    End Function

I'm always returning true since I am inside my domain etc etc.

The thing is that when I try to get the inbox for example I'm getting the below errors

The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

-2146233088

The remote certificate is invalid according to the validation procedure

I have checked the user name and passwords and also I am ABLE to connect from OWA.

Why am I getting these errors and what should I need to check  ???

Is it something that I need to do in the client side ? Exchange server side ?

Exchange server in is different IPs-machines from the client who makes the calls but they both belongs at the same domain.

Appreciate any help you could give me.

thank you

November 25th, 2013 6:19am

Hi ,

I'm using Exchange Server 2010 SP3 with EWS API 2.0 and VB.Net.

When I make the calls using the webservices, for the Exchange version I use the SP2 option for the Exchange Version.

For the Certification I use the below code which in the client side I accept everything.

  ServicePointManager.ServerCertificateValidationCallback = New  _
                    RemoteCertificateValidationCallback(AddressOf CertificateValidationCallBack)

 Private Shared Function CertificateValidationCallBack(ByVal sender As Object, ByVal certificate As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
        Return True
    End Function

I'm always returning true since I am inside my domain etc etc.

The thing is that when I try to get the inbox for example I'm getting the below errors

The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

-2146233088

The remote certificate is invalid according to the validation procedure

I have checked the user name and passwords and also I am ABLE to connect from OWA.

Why am I getting these errors and what should I need to check  ???

Is it something that I need to do in the client side ? Exchange server side ?

Exchange server in is different IPs-machines from the client who makes the calls but they both belongs at the same domain.

Appreciate any help you could give me.

thank you

I don't know if it is much of a help but the client has Windows XP OS with SP3
Free Windows Admin Tool Kit Click here and download it now
November 25th, 2013 7:11am

If you run your code in a debugger and step through each line do you see your ServerCertificateValidationCallback being called ? are you multi threading your code ?

  It should work okay the only alternative to the call-back is to use the other method http://support.microsoft.com/kb/823177 (I've found in PowerShell with version 2.0 of the Managed API this is the only method that works).

Cheers
Glen

November 25th, 2013 11:30pm

Hi Glen ,

Yes it is being called. About the multi threading. Now that you are mentioning , I have developed two objects with two different calls.

I have the one to retrieve Inbox , SentItems and the other object does all the "Calendar" things.

There are two separate object and TWO different connects with the same user credentials though.

I think that Exchange can afford that . Correct ? It allows by default until 5 connections each time with the same user ? Also when the objects do their jobs I'm "destroying" them.  Is Exchange still have them (their connections) in memory so this is why I cannot get access ?

I will use the other method you have suggested and revert.

thank you Glen

Free Windows Admin Tool Kit Click here and download it now
November 26th, 2013 12:26am

Hi Glen ,

I try to use this

System.Net.ServicePointManager.CertificatePolicy = New MyPolicy()

and it says that it is obsolete and  I should use the ServerCertificateValidationCallback

Suggestions ?

thank you

November 26th, 2013 2:09am

If you run your code in a debugger and step through each line do you see your ServerCertificateValidationCallback being called ? are you multi threading your code ?

  It should work okay the only alternative to the call-back is to use the other method http://support.microsoft.com/kb/823177 (I've found in PowerShell with version 2.0 of the Managed API this is the only method that works).

Cheers
Glen

  • Marked as answer by zakkar 1 hour 56 minutes ago
Free Windows Admin Tool Kit Click here and download it now
November 26th, 2013 7:25am

It's been depreciated but will should still work fine (what version of the framework are you using) , if you ignore the warning have you tried it ?

Its sounds like a issue in your code somewhere but its hard to say without seeing the full code.  eg maybe its the order of your requests.  You might want to try just creating a very simple console app that that connects to one folder to see if that works and then work back from there.

Another thing you can try is the ewsEditor if you use the option menu there is some extra SSL debug options http://ewseditor.codeplex.com/ 

Cheers
Glen

  • Marked as answer by zakkar 1 hour 56 minutes ago
November 26th, 2013 9:23pm

Hi Glen ,

I have already installed my app in other companies and works fine. 

I have tested EWSeditor and it can connect. That was weird because I used the same credentials . 

I'm using .NET framework 4.0.

Today I will go to their premises and give it a try with the new code. I will debug from inside their domain and see if I can find something. I have a feeling that using two objects with two different connects doesn't work in my case and I'm being blocked from Exchange.

I will revert 

thank you

Free Windows Admin Tool Kit Click here and download it now
November 27th, 2013 12:24am

Hi Glen ,

I have reverted the code as it was. The problem was that in my connection I used as domain name for the login ,the IP but it wanted the resolved name.

  MyCredentialCache.Add(New System.Uri(Me.WebServiceUrl), _
                                    Authentication_Type, _
                                    New System.Net.NetworkCredential(UserName, PassWord, Domain) _
                                    )

The domain variable wanted the alias. 

Anyway .

Thank you Glen for all your help

  • Marked as answer by zakkar 1 hour 56 minutes ago
November 27th, 2013 5:01am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics