Solved

WCF and No Listening EndPoint with Load Balancer and SSL

Posted on 2013-11-01
15
1,806 Views
Last Modified: 2016-02-26
Hi,

I am having an issue where I have a machine with a load balancer and SSL.

It seems that everything appears to be deployed to that server under IIS. I can even "Add Service Reference" from a client app.

However, when I execute it I get a problem when I attempt to process the operation contract. I get a:

"There was no endpoint listening at https://my.test.com/TestService/Service1.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details."

When I look at the InnerException I see:

"The remote server returned an error: (404) Not Found."

Attached is my server web.config.

What could be the cause and how could I resolve that?

Any information would be greatly appreciated as this has stumped me.

Thanks
Web.config
0
Comment
Question by:davism
  • 8
  • 5
  • 2
15 Comments
 
LVL 1

Author Comment

by:davism
ID: 39617962
Anybody have any possible resolutions. I am stumped on this one.
0
 
LVL 25

Expert Comment

by:apeter
ID: 39618707
Enable tracing to see exact error. http://msdn.microsoft.com/en-us/library/ms733025(v=vs.110).aspx


Also can we have your client config file please ? It should match your server config.
0
 
LVL 12

Expert Comment

by:deanvanrooyen
ID: 39619990
try it without https, make sure everything up to the server is working, you might need secure binding on the server side...

http://www.codeproject.com/Articles/36705/7-simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:davism
ID: 39620729
deanvanrooyen, the configuration of the IIS on the server supports multiple sites already. It has a server certificate.  So, I cannot really disable HTTPS because it's not a site cert.

I am already aware of the link you provided. But the security of transport and the clientCertificate of none identifies that an SSL connection is necessary.

If there is any other info you have that would be greatly appreciated.

apete, I have previously done the trace with the listener, it did not show anything different than the message I mentioned about no listening endpoint and the 404. I will do it again though and post the trace file, as soon as I get a chance.

I can say this though, I tried to simulate as much as possible on with another site and another computer pointing service on the computer I developed the service on. The bottom line, the main difference is not only the certicate (I used a self cert) but the client app I have trusted all certs for this anyway and the other difference was the load balancer - the results: it worked.  So, this to me is pointing at the load balancer. Would that be a fair assessment? Or could there be something I'm else I'm missing with the use of a load balancer?
0
 
LVL 25

Expert Comment

by:apeter
ID: 39621337
In the production are you pointing to your load balancer from client or pointing to your actual servers behind it ? I think you are doing the later.
0
 
LVL 1

Author Comment

by:davism
ID: 39621454
You are correct. It's the later. The web service is deployed on all the servers comprising the servers that the load balancer utilizes.
0
 
LVL 25

Expert Comment

by:apeter
ID: 39621464
Can you access this in IE browser ? https://my.test.com/TestService/Service1.svc.
0
 
LVL 1

Author Comment

by:davism
ID: 39622094
My bad, sorry for the delayed response. Yes, I am able to access it from the web browser. In fact, that is the only way I am even able to do the "Add Service Reference" in VS as well. It is a simple test whereas the OperationContract would only return back the string "Hello World".

The client app will connect to it but as soon as I execute the method that is when I get the endpoint issue.

I am working to get that listener information ASAP to you.
0
 
LVL 1

Author Comment

by:davism
ID: 39622182
apeter,

Here is the Traces.svclog that I produced from the client. Maybe I am missing something but I do not see anything significant; it even lists the endpoint not listening. But in fact, I had use same URL to even to the "Add service reference".

Rename the .txt to .svclog.

Does this tell you much?
Traces.txt
0
 
LVL 25

Accepted Solution

by:
apeter earned 500 total points
ID: 39623743
I think your problem maybe due to https. Please verify whether you have configured as given here, http://www.codeproject.com/Articles/24027/SSL-with-Self-hosted-WCF-Service
0
 
LVL 1

Author Comment

by:davism
ID: 39624461
That is essentially what is there. Obviously specific to the service though for the contract and all.

However, the one thing that is not there is the <Host> with the baseAddresses:
<host>
          <baseAddresses>
            <add baseAddress="https://chrise:10081/TestWCFService" />
          </baseAddresses
</host>


What is the significance of that and would/could it resolve the load balancer issue? I am thinking not because I haven't seen any reference specific to that. BUT I could be wrong.
0
 
LVL 25

Expert Comment

by:apeter
ID: 39624764
This should not cause any problem.

when you use base address, you don't need to provide absolute URI for your endpoints. When you host the WCF service on IIS, the base address can only be the URL to the .svc file. If you specify any other base address, it's ignored. You can still specify the relative URI for your endpoints, such as address="basic" or address = "ws". Then the address on the endpoint becomes <URL to the .svc file>/basic and <URL to the .svc file>/ws in this case.

Is it possible to test the service with http instead of https.
0
 
LVL 1

Author Closing Comment

by:davism
ID: 39625602
apeter, we finally got it but this posting that you did make us think more on it. We have a server side cert on the server...not on the site. What we going on was that there was the connection with the server to get to the web service but then we also had cert attempts going on when it was already on our server.

We finally got it by using the SSL to get to the server but once at the server in internally we had to have the straight HTTP.

We did have to do a slight variation on the client side as that endpoint reference still needed the SSL on the URL.

It all appears good, for now, that we can tell.

Thanks for the insight about the SSL! Apprecaite it!
0
 
LVL 12

Expert Comment

by:deanvanrooyen
ID: 39631972
a lot of big organisations that run their own infrastructure will ssl to an intermediately before hitting the web server, this allows you to run specialized hardware to manage the ssl, but technically in this case your transport level is not 100% true, even if the non secure is internal.
0
 
LVL 1

Author Comment

by:davism
ID: 39635174
That is correct. In may and likely will have an impact on two-way authentication as well. Thx for the info!
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question