WCF and No Listening EndPoint with Load Balancer and SSL
Hi,
I am having an issue where I have a machine with a load balancer and SSL.
It seems that everything appears to be deployed to that server under IIS. I can even "Add Service Reference" from a client app.
However, when I execute it I get a problem when I attempt to process the operation contract. I get a:
"There was no endpoint listening at https://my.test.com/TestService/Service1.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details."
When I look at the InnerException I see:
"The remote server returned an error: (404) Not Found."
Attached is my server web.config.
What could be the cause and how could I resolve that?
Any information would be greatly appreciated as this has stumped me.
Thanks
Web.config
I am having an issue where I have a machine with a load balancer and SSL.
It seems that everything appears to be deployed to that server under IIS. I can even "Add Service Reference" from a client app.
However, when I execute it I get a problem when I attempt to process the operation contract. I get a:
"There was no endpoint listening at https://my.test.com/TestService/Service1.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details."
When I look at the InnerException I see:
"The remote server returned an error: (404) Not Found."
Attached is my server web.config.
What could be the cause and how could I resolve that?
Any information would be greatly appreciated as this has stumped me.
Thanks
Web.config
Enable tracing to see exact error. http://msdn.microsoft.com/en-us/library/ms733025(v=vs.110).aspx
Also can we have your client config file please ? It should match your server config.
Also can we have your client config file please ? It should match your server config.
try it without https, make sure everything up to the server is working, you might need secure binding on the server side...
http://www.codeproject.com/Articles/36705/7-simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi
http://www.codeproject.com/Articles/36705/7-simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi
ASKER
deanvanrooyen, the configuration of the IIS on the server supports multiple sites already. It has a server certificate. So, I cannot really disable HTTPS because it's not a site cert.
I am already aware of the link you provided. But the security of transport and the clientCertificate of none identifies that an SSL connection is necessary.
If there is any other info you have that would be greatly appreciated.
apete, I have previously done the trace with the listener, it did not show anything different than the message I mentioned about no listening endpoint and the 404. I will do it again though and post the trace file, as soon as I get a chance.
I can say this though, I tried to simulate as much as possible on with another site and another computer pointing service on the computer I developed the service on. The bottom line, the main difference is not only the certicate (I used a self cert) but the client app I have trusted all certs for this anyway and the other difference was the load balancer - the results: it worked. So, this to me is pointing at the load balancer. Would that be a fair assessment? Or could there be something I'm else I'm missing with the use of a load balancer?
I am already aware of the link you provided. But the security of transport and the clientCertificate of none identifies that an SSL connection is necessary.
If there is any other info you have that would be greatly appreciated.
apete, I have previously done the trace with the listener, it did not show anything different than the message I mentioned about no listening endpoint and the 404. I will do it again though and post the trace file, as soon as I get a chance.
I can say this though, I tried to simulate as much as possible on with another site and another computer pointing service on the computer I developed the service on. The bottom line, the main difference is not only the certicate (I used a self cert) but the client app I have trusted all certs for this anyway and the other difference was the load balancer - the results: it worked. So, this to me is pointing at the load balancer. Would that be a fair assessment? Or could there be something I'm else I'm missing with the use of a load balancer?
In the production are you pointing to your load balancer from client or pointing to your actual servers behind it ? I think you are doing the later.
ASKER
You are correct. It's the later. The web service is deployed on all the servers comprising the servers that the load balancer utilizes.
Can you access this in IE browser ? https://my.test.com/TestService/Service1.svc.
ASKER
My bad, sorry for the delayed response. Yes, I am able to access it from the web browser. In fact, that is the only way I am even able to do the "Add Service Reference" in VS as well. It is a simple test whereas the OperationContract would only return back the string "Hello World".
The client app will connect to it but as soon as I execute the method that is when I get the endpoint issue.
I am working to get that listener information ASAP to you.
The client app will connect to it but as soon as I execute the method that is when I get the endpoint issue.
I am working to get that listener information ASAP to you.
ASKER
apeter,
Here is the Traces.svclog that I produced from the client. Maybe I am missing something but I do not see anything significant; it even lists the endpoint not listening. But in fact, I had use same URL to even to the "Add service reference".
Rename the .txt to .svclog.
Does this tell you much?
Traces.txt
Here is the Traces.svclog that I produced from the client. Maybe I am missing something but I do not see anything significant; it even lists the endpoint not listening. But in fact, I had use same URL to even to the "Add service reference".
Rename the .txt to .svclog.
Does this tell you much?
Traces.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That is essentially what is there. Obviously specific to the service though for the contract and all.
However, the one thing that is not there is the <Host> with the baseAddresses:
<host>
<baseAddresses>
<add baseAddress="https://chrise:10081/TestWCFService" />
</baseAddresses
</host>
What is the significance of that and would/could it resolve the load balancer issue? I am thinking not because I haven't seen any reference specific to that. BUT I could be wrong.
However, the one thing that is not there is the <Host> with the baseAddresses:
<host>
<baseAddresses>
<add baseAddress="https://chrise:10081/TestWCFService" />
</baseAddresses
</host>
What is the significance of that and would/could it resolve the load balancer issue? I am thinking not because I haven't seen any reference specific to that. BUT I could be wrong.
This should not cause any problem.
when you use base address, you don't need to provide absolute URI for your endpoints. When you host the WCF service on IIS, the base address can only be the URL to the .svc file. If you specify any other base address, it's ignored. You can still specify the relative URI for your endpoints, such as address="basic" or address = "ws". Then the address on the endpoint becomes <URL to the .svc file>/basic and <URL to the .svc file>/ws in this case.
Is it possible to test the service with http instead of https.
when you use base address, you don't need to provide absolute URI for your endpoints. When you host the WCF service on IIS, the base address can only be the URL to the .svc file. If you specify any other base address, it's ignored. You can still specify the relative URI for your endpoints, such as address="basic" or address = "ws". Then the address on the endpoint becomes <URL to the .svc file>/basic and <URL to the .svc file>/ws in this case.
Is it possible to test the service with http instead of https.
ASKER
apeter, we finally got it but this posting that you did make us think more on it. We have a server side cert on the server...not on the site. What we going on was that there was the connection with the server to get to the web service but then we also had cert attempts going on when it was already on our server.
We finally got it by using the SSL to get to the server but once at the server in internally we had to have the straight HTTP.
We did have to do a slight variation on the client side as that endpoint reference still needed the SSL on the URL.
It all appears good, for now, that we can tell.
Thanks for the insight about the SSL! Apprecaite it!
We finally got it by using the SSL to get to the server but once at the server in internally we had to have the straight HTTP.
We did have to do a slight variation on the client side as that endpoint reference still needed the SSL on the URL.
It all appears good, for now, that we can tell.
Thanks for the insight about the SSL! Apprecaite it!
a lot of big organisations that run their own infrastructure will ssl to an intermediately before hitting the web server, this allows you to run specialized hardware to manage the ssl, but technically in this case your transport level is not 100% true, even if the non secure is internal.
ASKER
That is correct. In may and likely will have an impact on two-way authentication as well. Thx for the info!
ASKER