I have an WPF app, which uses SSLStream to connect to server and send/receive some messages. My code is largerly based on this example (SslTcpClient): (v=vs.110).aspx.

This worked fine for months. However, after getting this windows update (Cumulative Update for Windows 10 version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016 - ). My app started to report this exception:

System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The Local Security Authority cannot be contacted --- End of inner exception stack trace --- at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at MyAPP.Core.Services.Network.Impl.SslTcpClient.ClientSideHandshake() at MyAPP.Core.Services.Network.Impl.SslTcpClient.Connect() at MyAPP.Core.Services.Impl.MessageService.SendMessage(String message) 

What can I do ?

2

5 Answers

This means the other side is using another version of TLS and you are using an older version.
Set up security attribute to TLS12 before making the connection. This is a widely known problem, as many providers start using TLS12 (e.g. paypal,amazon and so on).

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; 
1

Here is the solution, set in the registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman] "ClientMinKeyBitLength"=dword:00000200 

as noted here

1

If you are using SslStream, then you need to explicitly set the TLS version in the AuthenticateAsClient call, for example:

ssl.AuthenticateAsClient(url, null, SslProtocols.Tls12, false); 
1

I got this exception when using C# connect to Oracle database using Oracle.ManagedDataAccess.dll,

"Oracle.ManagedDataAccess.Client.OracleException (0x80004005): Oracle Cannot connect to Server or cannot parse connection string ---> OracleInternal.Network.NetworkException (0x80004005): Oracle : Oracle Cannot connect to Server or cannot parse connection string ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: No credentials are available in the security package\r\n --- End of inner exception stack trace ---\r\n at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)\r\n at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)\r\n at ............

and after a long time finding and try, finally I find This Answer works, add settings section and set name="SQLNET.AUTHENTICATION_SERVICES" value="" in the app.config:

<oracle.manageddataaccess.client> <version number="*"> <dataSources> <dataSource alias="SampleDataSource" descriptor="(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ORCL))) "/> </dataSources> <settings> <setting name="SQLNET.AUTHENTICATION_SERVICES" value=""/> </settings> </version> </oracle.manageddataaccess.client> 

In the reference link in answer above, you can try one step further, set:

SQLNET.AUTHENTICATION_SERVICES= ()

in your sqlnet.ora in Oracle Client folder also works.

1

try adding servicePrincipalName to your client App.config file

<client> <endpoint ............................ <identity> <servicePrincipalName/> </identity> </endpoint> </client> 

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy