4

I'm building a wcf client which consumes a service from a brazilian government institution. This connection uses Soap 1.2 and it needs to be signed with a digital certificate.

The code used for this example is a Console Application using .Net 4.6.1. The main application is a WPF application (I'm not using IIS). This code works without a problem on Windows 10 but when I try to run it on Windows 7 it gives me the following error:

System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://nfce-homologacao.svrs.rs.gov.br/ws/NfeStatusServico/NfeStatusServico2.asmx. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host.

This is the client call code:

XmlNode node = null;

var parametro = new TConsStatServ();
parametro.cUF = NFeAPI.XMLSchemas.NfeStatusServico2.Envio.TCodUfIBGE.Item53;
parametro.tpAmb = NFeAPI.XMLSchemas.NfeStatusServico2.Envio.TAmb.Item2;
parametro.versao = "3.10";
parametro.xServ = TConsStatServXServ.STATUS;

var certificate = GetCertificateByName("Certificate Name", false);

string nFeNamespaceName = "http://www.portalfiscal.inf.br/nfe";
string parametroXML = XmlUtil.Serialize(parametro, nFeNamespaceName);

XmlDocument doc = new XmlDocument();
XmlReader reader = XmlReader.Create(new StringReader(parametroXML));
reader.MoveToContent();

node = doc.ReadNode(reader);

nfeCabecMsg soapHeader = new nfeCabecMsg();
soapHeader.cUF = parametro.cUF.ToString().Replace("Item", "");
soapHeader.versaoDados = "3.10";

var soapClient = new NfeStatusServico2SoapClient("NfeStatusServico2Soap");
soapClient.ClientCredentials.ClientCertificate.Certificate = certificate;

XmlNode result = soapClient.nfeStatusServicoNF2(ref soapHeader, node);

Here is my App.config:

<system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="NfeStatusServico2Soap">
              <security mode="Transport">
                <transport clientCredentialType="Certificate"/>
              </security>
            </binding>
            <binding name="NfeStatusServico2Soap1" />
        </basicHttpBinding>
    </bindings>
    <client>
        <endpoint address="https://nfce-homologacao.svrs.rs.gov.br/ws/NfeStatusServico/NfeStatusServico2.asmx"
            binding="basicHttpBinding" bindingConfiguration="NfeStatusServico2Soap"
            contract="NfeStatusServico2.NfeStatusServico2Soap" name="NfeStatusServico2Soap" />
    </client>
</system.serviceModel>

The GetCertificateByName is helper method I've created to return the X509Certificate2 need by the service.

I've already tried disabling Windows 7 firewall and I went to Programs and Features -> Turn Windows features on or off and enabled the .net 3 framework node for wcf calls.

I have also tried to use a WebReference with a .NET 2.0 application and it gave the same error. I upgraded the code to use wcf in .net 4.6.1 in hope for it to work.

I tried to use fiddler to track the problem and it returns the code 200 but not much help with that.

It's been 5 days and I can't manage to get around this issue. I'm about to drop Windows 7 support on my application because of that.

  • It will be better to enable logs and trace in your wcf client code and check the soap request passed and exact response/error message being received from the wcf service. – Hameed Syed Aug 03 '17 at 04:36
  • I'll try that. By enabling logs, do you mean writing the code using tracelogs of .net framework or is there any tool I can use out of the box? –  Aug 03 '17 at 13:23
  • YOu have specific tracer and loger wizard for WCF.Check out this http://csharp-video-tutorials.blogspot.in/2013/11/part-9-how-to-enable-tracing-and_26.html. – Hameed Syed Aug 03 '17 at 14:04
  • Thank you for pointing that. I'll give it a try for learning purposes. For this problem, a windows update fixed the problem. –  Aug 03 '17 at 21:10

3 Answers3

10

In my case, the problem was that my project was still using .Net Framework 4.0, which does not support TLS 1.1 or 1.2, and the service I was connecting to had turned off support for TLS 1.0 as of Jan 1, 2018. Once I upgraded the project to .Net Framework 4.5 and forced TLS 1.2, everything worked fine.

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
Ricky
  • 1,587
  • 2
  • 12
  • 20
  • 1
    Forcing TLS 1.2 works for some people but it's good to know the reason. Most people were saying forcing TLS 1.2 was the solution but without saying why. In my case, I've already tried that and it didn't work. I was using .NET 4.6 from the beginning. Only the Windows 7 Update fixed that. Thank you for sharing your solution. –  Jan 06 '18 at 10:52
  • 1
    Yes I upgraded to 4.5 framework and forced Tls12 it worked like a charm! :) – user2060571 May 17 '19 at 15:50
  • Nice! So happy this has helped others. I was so screwed the day I had this happen to me and the company of the service I was connecting to had absolutely no idea how to correct the issue. – Ricky Feb 05 '21 at 18:08
3

In my case activating Windows Update and letting it install all the important updates fixed the problem.

After some research on the HTTP.SYS I've found a Microsoft website saying that HTTP.SYS had some "known issues" and I thought it could've been fixed in some update. For my luck it was the case.

  • You don't know which specific update solved the problem, do you? I have several customers with the same problem. Forcing the protocol to use TLS 1.2 didn't work in this case also. – Pedro Gaspar May 24 '18 at 15:45
  • Our program woks on the majority of our customers, but it gives the message `An error occurred while making the HTTP request to ‘https://webservices.producaorestrita.esocial.gov.br/servicos/empregador/enviarloteeventos/WsEnviarLoteEventos.svc’. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.` on some customers machines. – Pedro Gaspar May 24 '18 at 15:45
  • I will check the one I used. Microsoft had it on their website. I'll come back later and tell you. –  May 25 '18 at 14:13
  • This was the page I've found back in the day: https://support.microsoft.com/en-us/help/2624534/list-of-currently-available-hotfixes-for-http-sys-in-windows-vista-in –  May 25 '18 at 14:16
  • Thank you lamDOM. I've seen that article, but there are some updates mentioned there, and I was hoping to find something more like *"install this update only and solve the problem"*, but I'm asking for our customers to install all important updates via Windows Update by now, but still have no answer if that solved the problem to any of them. – Pedro Gaspar May 28 '18 at 17:24
  • @PedroGaspar, I see. I didn't have the time to check update by update until it worked. I'd advise to install all important updates since they fix security roles and etc. You could use that as argument to convince them. –  May 31 '18 at 10:40
0

Download IIS Crypto and set suggested changes. While calling set tls 1.2

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
vikky MCTS
  • 162
  • 1
  • 6