Hi -
I have CM 2012 all set-up. Everything seems to be working as expected, except for the application catalog site (https://sccm.domain.com/CMApplicationCatalog/#/SoftwareCatalog/FullRefresh/true.
When I visit this url from a client I receive a 'Cannot Connect to the Application Server' error in the silverlight app.
The 'C:\Program Files\SMS_CCM\CMApplicationCatalog\Logs\ServicePortalWebSite.log' file is logging this error.
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - cannot find certificate 12D46679000000000A84 in trusted people store
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - Validating certificate 12D46679000000000A84
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - cannot find certificate 12D46679000000000A84 in trusted people store
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - Validating certificate 12D46679000000000A84
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - cannot find certificate 12D46679000000000A84 in trusted people store
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - Validating certificate 12D46679000000000A84
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - cannot find certificate 12D46679000000000A84 in trusted people store
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - Validating certificate 12D46679000000000A84
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - cannot find certificate 12D46679000000000A84 in trusted people store
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - Validating certificate 12D46679000000000A84
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - cannot find certificate 12D46679000000000A84 in trusted people store
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - Validating certificate 12D46679000000000A84
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - cannot find certificate 12D46679000000000A84 in trusted people store
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - Validating certificate 12D46679000000000A84
[13, PID:3128][04/26/2012 14:40:40] :ValidateServerCert - cannot find certificate 12D46679000000000A84 in trusted people store
[13, PID:3128][04/26/2012 14:40:40] :System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'sccm.domain.com'.
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.ICommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ClientBase`1.System.ServiceModel.ICommunicationObject.Open(TimeSpan timeout)
at Microsoft.ConfigurationManager.SoftwareCatalog.Website.PortalClasses.Connection.DefaultApplicationOfferService.Open()
at Microsoft.ConfigurationManager.SoftwareCatalog.Website.PortalClasses.AppView.GetApplicationValuesForProperty(ApplicationProperty propertyName)
at Microsoft.ConfigurationManager.SoftwareCatalog.Website.ApplicationViewService.GetApplicationValuesForProperty(ApplicationProperty propertyName, String reserved)System.Net.WebException: The underlying connection was closed: Could not establish
trust relationship for the SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
[20, PID:3128][04/26/2012 14:41:29] :SoftwareCatalog website - application instance dispose ...
[15, PID:3128][04/26/2012 14:41:59] :SoftwareCatalog website - application instance dispose ....
And likewise, in IE I can see this ..........
URL Method Result Type Received Taken Initiator Wait Start Request Response Cache read Gap
/CMApplicationCatalog/ApplicationViewService.asmx POST 500 text/xml 0.93 KB 234 ms 1046 0 15 219 0 0"
<?
xmlversion="1.0"encoding="utf-8"?><soap:Envelopexmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>Server was unable to process request. ---> Could not establish trust relationship for the SSL/TLS secure channel with authority 'sccm.domain.com'. ---> The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> The remote certificate is invalid according to the validation procedure.</faultstring><detail/></soap:Fault></soap:Body></soap:Envelope>
Any idea how this can be fixed? I've verified that the rest of the applications under the 'default web site' are working as expected..... and the CM cert on that site also looks fine.