2

We have two Azure apps that run an MVC website in one and a continuous webjob in the other. Both suddenly yesterday around midday started giving the error below when sending emails using smtpclient.

The remote certificate is invalid according to the validation procedure

No changes have been made in the code or in the mail server. We had this issue in February 2017 with no solution then (https://social.msdn.microsoft.com/Forums/en-US/f2f35ab9-3d0a-490f-b639-8ea5abda92d5/intermittent-the-remote-certificate-is-invalid-according-to-the-validation-procedure?forum=windowsazurewebsitespreview) and again the same issue around September 2016.

Same code sends the email fine locally and it also works from one of our VMs. 

using (var smtp = new SmtpClient("mail.server.com", 25))
{
    smtp.EnableSsl = true;
    smtp.Credentials = new NetworkCredential(username, password);
    smtp.Send(message);
}

Tried https://twitter.com/AzureSupport but they are not replying. We don't have Azure support plan but why would we have to pay for something we didn't break or wait 8 hours or even an 1 hour for such critical part of any business like sending an email?

We've started rolling most of our web apps to Azure but we've been moving them back to a server since it's one problem after another... Those two Azure apps were the last ones and now only one left and only because it uses webjobs and the code relies on being a webjob.

UPDATE: Both certificates thumbprints in Azure app and mail server match.

David Aleu
  • 3,922
  • 3
  • 27
  • 48

1 Answers1

1

The error message means that the your application has determined that the remote certificate is invalid. This is likely due to the machine not having the necessary certification link. You may already be aware of the reasons for this exception.

We have seen that this error occurring in some of the so called, locked down environments. i.e., there is some group policy or domain setting applied which will remove all certificates and selectively add the necessary "corporate approved" certificates. During this process, certification related calls may fail.

One "work-around", is to have your own certification callback handler and ignore the certification errors. This is VERY BAD from a security perspective ! BUT, commonly used to get away with certificate errors !

One way is to have a global certification callback is to use: Server​Certificate​Validation​Callback

There is an SO Post for any query

Subbu
  • 2,130
  • 1
  • 19
  • 28
  • 1
    thanks for this @Subbu, indeed ignoring the certification is bad and I'm not going to do that. This is on a Azure app service therefore changes in group policies or server settings are a no no go. Anything related to that certificate is administered from Azure portal and works fine for other functionality... is only sending emails that we get this. – David Aleu Aug 16 '17 at 08:01
  • @DavidAleu Were you able to resolve this issue? we are running into the same issue on a Azure Cloud Service and happens intermittently. – udayr Jul 20 '20 at 20:31