6

I am using an evaluation subscription to Windows Azure.

Occasionally when I try to access methods on a CloudBlobContainer such as GetPermissions() the web service hangs. After adding some logging I see "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure." in my log.

I have also had this happen when using CreateIfNotExists().

What might be causing this?

I have recently upgraded from version 1.7 to version 2 of the storage client library but still see this behavior.

David Hall
  • 32,624
  • 10
  • 90
  • 127
Nick Williamson
  • 205
  • 3
  • 11
  • Are you talking to the development storage or an actual storage account? – knightpfhor Feb 20 '13 at 21:01
  • I'm talking to an actual storage account from within a web role. I have seen this behavior when both are running in the emulators and when both are running in the cloud. – Nick Williamson Feb 21 '13 at 07:41
  • I've seen this problem as well – Paul Keister Feb 22 '13 at 22:21
  • Same here. Azure has been, let's just say, less than reliable since I've been using it now for a few months. I'd like to use some more colorful metaphors to describe this service, but I'll forgo that. – AlexPi Feb 22 '13 at 22:55
  • I see on the service dashboard that there was a huge storage outage today because of an expired SSL certificate. – Paul Keister Feb 23 '13 at 07:16

2 Answers2

1

This is not a problem that I've encountered before, but if the error message is accurate then there is something funky going on with the SSL certificate in storage. A possible work around is to just not use SSL. If your talking to a storage account in the same data centre, I don't think this will adversely affect security. You should be able to do this by just changing the https to http in your connection string.

If this does work, it might pay to contact MS support, it might point to a problem on their end.

knightpfhor
  • 9,299
  • 3
  • 29
  • 42
  • This was spot on for me I have been using DefaultEndpointsProtocol=https; for years until s few days ago it just stopped working and all I did was to change from https to http – Robert Peter Bronstein Jun 06 '19 at 02:00
1

I'm going to answer my own question in the hope that it is useful to someone else.

The issue was the scope of ServicePointManager.ServerCertificateValidationCallback.

It is static and effects CloudBlobContainer methods encountered after it is set.

Nick Williamson
  • 205
  • 3
  • 11
  • so how does one go about "unsetting" the ServerCertificateValidationCallback after it has served its purpose, so that it does not affect later CloudBlobContainer methods? – Shawn de Wet Oct 19 '16 at 08:03
  • I haven't tested this thoroughly but you can remove the validation callback with `ServicePointManager.ServerCertificateValidationCallback -= new RemoteCertificateValidationCallback(yourCallbackMehod)` or - according to this answer [Best practices for using ServerCertificateValidationCallback](http://stackoverflow.com/questions/20914305/best-practices-for-using-servercertificatevalidationcallback) - .NET Framework 4.5 introduced a `ServerCertificateValidationCallback` property on the `HttpWebRequest` class. – Nick Williamson Oct 20 '16 at 07:52