cancel
Showing results for 
Search instead for 
Did you mean: 

Timeouts posting XML after certificate upgrade

Having a bugger of a time here. We had a windows 2000 server with IIS5.0 working like a champ for a decade...then the A.N certificate updrade killed it. Upgraded our server to 2008 r2 with IIS7.5. We're using classic asp. I'm trying to use XML post and the thing keeps timing out on me. Posting to the test server works sweet...comes back fast, but in production I get the following:

 

using Msxml2.ServerXMLHTTP.6.0:

 

msxml6.dll error '80072ee2'

The operation timed out

 

using Microsoft.XMLHTTP:

 

msxml3.dll error '800c000b'

The operation was timed out.

 

Server has all the new certificates and got an A from www.ssllabs.com test (happy about that at least)

Clearly something is not right and it's likely very easy, but I'm stumped

 

Here's the post code

 

Dim xml
Dim strStatus
Dim strRetval
Set xml = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0")

xml.Open "POST","https://secure.authorize.net/gateway/transact.dll?" & vPostData & "",false

xml.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"

xml.send ""

strStatus = xml.Status
strRetval = xml.responseText
Set xml = nothing

 

Someone must know the easy answer.  My small brain cannot find it.

jayada
Contributor
28 REPLIES 28

I checked with the ISP and there was indeed a duplexing issue which was causing major data transmission problems.I thought finally the problem has been solved. After resetting the ports to match duplex and a restart, plus a reboot of the PIX firewall that has not been restarted in years I had my fingers crossed.  Still no joy.

 

What should the DNS settings be on the soo8 r2 server?  DNS settings within the TCP/IP configuration are set properly. The server is a stand alnoe server and not part of the domain.

 

I'll try anything now.

Thoughts.

 

1) You can increase the timeout in ASP with ServerXMLHTTP.  Maybe try that since you say everything is slow.

 (a) Auth.net servers are in Florida.  Don't know where your are or routing to get there.

 

2) Check your DNS entries for your server contacting Auth.net.  Make sure everything is ok include Reverse.

 (a) If static see if you can change the IP for temporary testing if it won't disturb customers.

 (b) Check PIX for any entries specific to your server IP.

 

3) add -msg or even -debug to your openssl command line to get more info.

 

kabutotx
Regular Contributor

This server is STILL not able to navigate https://secure.authorize.net and other higher secure sites.. Per your recommendations...and I really appreciate your help...here's what I have found.

 

The mismatched duplex issues between the ISP switch and our PIX firewall completely resolved the slow browsing issue, but didn't sole the secure site problems.  All sites are running fast and smooth except the secure ones I really want.

 

DNS checks out, unless I'm mossing something. No other weird behavior is being experienced. Changed the DNS to some other public DNS servers with same behavior

 

But I think you're on to something thought...doing the openssl -msg switch shows SSL 2.0 handshar initiation which might have something to do with it...but maybe not too... here is the affected machine:

 

OpenSSL> s_client -connect www.geotrust.com:443 -state -msg
Loading 'screen' into random state - done
CONNECTED(0000011C)
SSL_connect:before/connect initialization
>>> SSL 2.0 [length 007a], CLIENT-HELLO
01 03 01 00 51 00 00 00 20 00 00 39 00 00 38 00
00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00
33 00 00 32 00 00 2f 00 00 07 05 00 80 03 00 80
00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 00
00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 00
06 04 00 80 00 00 03 02 00 80 92 62 29 4f aa 59
ad b2 5b 8a 87 cc 6b 61 e3 fb f2 5d 76 76 81 09
2a 7a e5 e0 91 db 36 97 ae 95
SSL_connect: SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write:errno=10060

 

And here is from a working connection to compare:

OpenSSL> s_client -connect www.geotrust.com:443 -state -msg
Loading 'screen' into random state - done
CONNECTED(000000C8)
SSL_connect:before/connect initialization
>>> SSL 2.0 [length 007a], CLIENT-HELLO
01 03 01 00 51 00 00 00 20 00 00 39 00 00 38 00
00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00
33 00 00 32 00 00 2f 00 00 07 05 00 80 03 00 80
00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 00
00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 00
06 04 00 80 00 00 03 02 00 80 0a a7 b7 c6 86 9d
37 ad 31 20 b9 11 76 15 1e c6 62 cb 04 f0 4e 8c
5b 8e ee 28 43 30 6d 69 de f4
SSL_connect: SSLv2/v3 write client hello A
<<< TLS 1.0 Handshake [length 004a], ServerHello
02 00 00 46 03 01 55 7a 82 30 f7 ff 85 c3 c0 43
d9 e9 86 15 f2 ae 5e 30 d2 15 c6 4f e2 ca 3a 6b
4c 52 4d b0 35 76 20 14 7e 69 6b e6 df 7a e5 f1
fc 0c a2 4b e4 01 e2 74 b4 3b 05 e9 09 5e 6e 1c
a9 d9 c9 0f 6a 73 4d 00 39 00
SSL_connect: SSLv3 read server hello A
<<< TLS 1.0 Handshake [length 0c0c], Certificate
0b 00 0c 08 00 0c 05 00 07 25 30 82 07 21 30 82
06 09 a0 03 02 01 02 02 10 03 d6 8f 46 a3 c6 a4
60 1a a2 c1 0b 90 33 df 94 30 0d 06 09 2a 86 48
86 f7 0d 01 01 0b 05 00 30 5a 31 0b 30 09 06 03
55 04 06 13 02 55 53 31 16 30 14 06 03 55 04 0a

etc etcc etc ..........

 

So they both use SSL 2.0 to start the handshake, but the affected machine times out.

 

And here it is with the debug command...

OpenSSL> s_client -connect www.geotrust.com:443 -state -msg -debug
Loading 'screen' into random state - done
CONNECTED(00000114)
SSL_connect:before/connect initialization
write to 0x1ec5ca0 [0x1f113c0] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 39 00 00 .z....Q... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../.......
0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00 ................
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
0050 - 00 00 06 04 00 80 00 00-03 02 00 80 27 da 21 9a ............'.!.
0060 - 4f 10 1c a6 d6 3d f8 6d-43 fc e9 03 a1 4e d0 55 O....=.mC....N.U
0070 - 57 eb 9a 98 9f 76 a5 4c-ef fb 32 11 W....v.L..2.
>>> SSL 2.0 [length 007a], CLIENT-HELLO
01 03 01 00 51 00 00 00 20 00 00 39 00 00 38 00
00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00
33 00 00 32 00 00 2f 00 00 07 05 00 80 03 00 80
00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 00
00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 00
06 04 00 80 00 00 03 02 00 80 27 da 21 9a 4f 10
1c a6 d6 3d f8 6d 43 fc e9 03 a1 4e d0 55 57 eb
9a 98 9f 76 a5 4c ef fb 32 11
SSL_connect: SSLv2/v3 write client hello A
read from 0x1ec5ca0 [0x1f16920] (7 bytes => -1 (0xFFFFFFFF))
SSL_connect:error in SSLv2/v3 read server hello A
write:errno=10060

 

Anything to solve this, the beers are on me!

 

 

Mine starts with tlsv1.2 by default instead of SSL 2.0 on my Windows 2003 server.

 

Try openssl ciphers -v and see what you get.

 

Try adding the -tls1 to your s_client test.

 

I don't know where openssl on windows gets it list.  I know in Windows, IIS uses the SCHANNEL registery settings.  Google windows schannel tls and you  should find it.  Maybe see what is enabled.

 

I will be off for a week.  Good luck.

kabutotx
Regular Contributor

kabutotx,

 

Thanks for all of your help with these Authorize.net issues. Can I ask you another general question not related to this particular thread? Is there a way to contact you?

 

Hello,

Thank you for the updated status of the issue. Let us try the best we can to resolve your issue.

  

We understand that you are getting an error message (This webpage is not available) when you try to access website. We also noted that this issue also persists with other internet browsers.

Share this information to assist you further.

--Have you installed a new application (firewall or antivirus) on your computer?

If you use a proxy server, check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don’t believe you should be using a proxy server, adjust your proxy settings: Go to the Chrome menu > Settings > + Show advanced settings > Change proxy settings… > LAN Settings and deselect the “Use a proxy server for your LAN” checkbox.

ERR_CONNECTION_TIMED_OUT – Solutions Encyclopedia

 

 

 

 

 

 

 

john012
Member

 

Hello,

Thank you for the updated status of the issue. Let us try the best we can to resolve your issue.

  

We understand that you are getting an error message (This webpage is not available) when you try to access website. We also noted that this issue also persists with other internet browsers.

Share this information to assist you further.

--Have you installed a new application (firewall or antivirus) on your computer?

If you use a proxy server, check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don’t believe you should be using a proxy server, adjust your proxy settings: Go to the Chrome menu > Settings > + Show advanced settings > Change proxy settings… > LAN Settings and deselect the “Use a proxy server for your LAN” checkbox.

ERR_CONNECTION_TIMED_OUT – Solutions Encyclopedia

 

 

 

 

 

 

john012
Member

I am in essence astonished by the way you certain out almost every single little detail.

Movavi video editor crack

AVG TuneUp Utilities 2019 Crack is a PC tune-up tool that optimizes the performance of your system. It consists of tools which make your PC protected and speedy. The software checks your systems entirely by digging down and fixes all the mistakes and troubles. All of these are optimization tools. These tools make your PC’s live longer and faster. TuneUp Utilities 2019 License Key includes a secure and user-friendly interface, that’s so much easy to understand. This tool can put the programs into the sleeping mood, and then they can’t affect the battery lifetime and the computer’s performance. Novel Crack