Solved

WCF and No Listening EndPoint with Load Balancer and SSL

Posted on 2013-11-01
15
1,745 Views
Last Modified: 2016-02-26
Hi,

I am having an issue where I have a machine with a load balancer and SSL.

It seems that everything appears to be deployed to that server under IIS. I can even "Add Service Reference" from a client app.

However, when I execute it I get a problem when I attempt to process the operation contract. I get a:

"There was no endpoint listening at https://my.test.com/TestService/Service1.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details."

When I look at the InnerException I see:

"The remote server returned an error: (404) Not Found."

Attached is my server web.config.

What could be the cause and how could I resolve that?

Any information would be greatly appreciated as this has stumped me.

Thanks
Web.config
0
Comment
Question by:davism
  • 8
  • 5
  • 2
15 Comments
 
LVL 1

Author Comment

by:davism
ID: 39617962
Anybody have any possible resolutions. I am stumped on this one.
0
 
LVL 25

Expert Comment

by:apeter
ID: 39618707
Enable tracing to see exact error. http://msdn.microsoft.com/en-us/library/ms733025(v=vs.110).aspx


Also can we have your client config file please ? It should match your server config.
0
 
LVL 12

Expert Comment

by:deanvanrooyen
ID: 39619990
try it without https, make sure everything up to the server is working, you might need secure binding on the server side...

http://www.codeproject.com/Articles/36705/7-simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi
0
 
LVL 1

Author Comment

by:davism
ID: 39620729
deanvanrooyen, the configuration of the IIS on the server supports multiple sites already. It has a server certificate.  So, I cannot really disable HTTPS because it's not a site cert.

I am already aware of the link you provided. But the security of transport and the clientCertificate of none identifies that an SSL connection is necessary.

If there is any other info you have that would be greatly appreciated.

apete, I have previously done the trace with the listener, it did not show anything different than the message I mentioned about no listening endpoint and the 404. I will do it again though and post the trace file, as soon as I get a chance.

I can say this though, I tried to simulate as much as possible on with another site and another computer pointing service on the computer I developed the service on. The bottom line, the main difference is not only the certicate (I used a self cert) but the client app I have trusted all certs for this anyway and the other difference was the load balancer - the results: it worked.  So, this to me is pointing at the load balancer. Would that be a fair assessment? Or could there be something I'm else I'm missing with the use of a load balancer?
0
 
LVL 25

Expert Comment

by:apeter
ID: 39621337
In the production are you pointing to your load balancer from client or pointing to your actual servers behind it ? I think you are doing the later.
0
 
LVL 1

Author Comment

by:davism
ID: 39621454
You are correct. It's the later. The web service is deployed on all the servers comprising the servers that the load balancer utilizes.
0
 
LVL 25

Expert Comment

by:apeter
ID: 39621464
Can you access this in IE browser ? https://my.test.com/TestService/Service1.svc.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Author Comment

by:davism
ID: 39622094
My bad, sorry for the delayed response. Yes, I am able to access it from the web browser. In fact, that is the only way I am even able to do the "Add Service Reference" in VS as well. It is a simple test whereas the OperationContract would only return back the string "Hello World".

The client app will connect to it but as soon as I execute the method that is when I get the endpoint issue.

I am working to get that listener information ASAP to you.
0
 
LVL 1

Author Comment

by:davism
ID: 39622182
apeter,

Here is the Traces.svclog that I produced from the client. Maybe I am missing something but I do not see anything significant; it even lists the endpoint not listening. But in fact, I had use same URL to even to the "Add service reference".

Rename the .txt to .svclog.

Does this tell you much?
Traces.txt
0
 
LVL 25

Accepted Solution

by:
apeter earned 500 total points
ID: 39623743
I think your problem maybe due to https. Please verify whether you have configured as given here, http://www.codeproject.com/Articles/24027/SSL-with-Self-hosted-WCF-Service
0
 
LVL 1

Author Comment

by:davism
ID: 39624461
That is essentially what is there. Obviously specific to the service though for the contract and all.

However, the one thing that is not there is the <Host> with the baseAddresses:
<host>
          <baseAddresses>
            <add baseAddress="https://chrise:10081/TestWCFService" />
          </baseAddresses
</host>


What is the significance of that and would/could it resolve the load balancer issue? I am thinking not because I haven't seen any reference specific to that. BUT I could be wrong.
0
 
LVL 25

Expert Comment

by:apeter
ID: 39624764
This should not cause any problem.

when you use base address, you don't need to provide absolute URI for your endpoints. When you host the WCF service on IIS, the base address can only be the URL to the .svc file. If you specify any other base address, it's ignored. You can still specify the relative URI for your endpoints, such as address="basic" or address = "ws". Then the address on the endpoint becomes <URL to the .svc file>/basic and <URL to the .svc file>/ws in this case.

Is it possible to test the service with http instead of https.
0
 
LVL 1

Author Closing Comment

by:davism
ID: 39625602
apeter, we finally got it but this posting that you did make us think more on it. We have a server side cert on the server...not on the site. What we going on was that there was the connection with the server to get to the web service but then we also had cert attempts going on when it was already on our server.

We finally got it by using the SSL to get to the server but once at the server in internally we had to have the straight HTTP.

We did have to do a slight variation on the client side as that endpoint reference still needed the SSL on the URL.

It all appears good, for now, that we can tell.

Thanks for the insight about the SSL! Apprecaite it!
0
 
LVL 12

Expert Comment

by:deanvanrooyen
ID: 39631972
a lot of big organisations that run their own infrastructure will ssl to an intermediately before hitting the web server, this allows you to run specialized hardware to manage the ssl, but technically in this case your transport level is not 100% true, even if the non secure is internal.
0
 
LVL 1

Author Comment

by:davism
ID: 39635174
That is correct. In may and likely will have an impact on two-way authentication as well. Thx for the info!
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
LINQ question 7 21
index Out OF Range Exception error 4 28
Handle null when using linq in this line 1 20
COnsume rest client 6 8
ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now