Http Client Protocol Issues

If you use any of these solutions, Please let me know so I can track if any of this is useful to you! Thanks! This is an area to share observations I have made working with Http Client Protocols and the associated technologies. I currently work for the Microsoft team that supports the WinInet, WinHTTP and System.Net API's and classes associated with these technologies. This is not a replacement for Microsoft Support, but an area to discuss these technologies. These postings are provided "AS IS" with no warranties, and confer no rights. Use of included code samples are subject to the terms specified at Microsoft - Information on Terms of Use

You receive one or more error messages when you try to make an HTTP request in an application that is built on the .NET Framework 2.0

Please send me a message or leave a comment to let me know if this Post helped you! 

When you try to make an HTTP request in an application that is built on the .NET Framework, you may receive one or more of the following error messages or Exceptions.

One of the first things you should do is see what the framework is doing.  Get a System.Net trace: http://blogs.msdn.com/jpsanders/archive/2009/03/24/my-favorite-system-net-trace-configuration-file-dumps-process-id-and-date-time-information.aspx

Then you can get a description of the errors here (note this is an enumeration which is the status member of the WebException):
http://msdn.microsoft.com/en-us/library/system.net.webexceptionstatus(VS.80).aspx

Many of these errors are the same in the 1.1 .NET framework:
http://support.microsoft.com/kb/915599

Some of these errors can be trapped and immediately retried such as:

System.Net.WebExceptionStatus.ConnectFailure:
System.Net.WebExceptionStatus.KeepAliveFailure:
System.Net.WebExceptionStatus.RequestCanceled:
System.Net.WebExceptionStatus.ConnectionClosed:
System.Net.WebExceptionStatus.SendFailure:
System.Net.WebExceptionStatus.PipelineFailure:
System.Net.WebExceptionStatus.UnknownError:
 
Errors: 
 
The underlying connection was closed: The remote name could not be resolved
 
This is a DNS error.  For some reason the server name cannot be resolved.  Do you have permissions to the HOST file?  Is this a service such as ASP.NET?  See this article for help: The underlying connection was closed: The remote name could not be resolved.  Also look at this KB: http://support.microsoft.com/kb/330221
 
 
The underlying connection was closed: Unable to connect to the remote server
 
This is a connection issue.  The DNS resolved the server name but something is preventing the client from connecting to the server.  Lookup the error in this article http://support.microsoft.com/kb/915599
 
 
The underlying connection was closed: An unexpected error occurred on a receive
 
This problem occurs when the server or another network device unexpectedly closes an existing Transmission Control Protocol (TCP) connection.  Lookup the error in this article http://support.microsoft.com/kb/915599
 
 
The underlying connection was closed: An unexpected error occurred on a send
 
This problem occurs when the client computer cannot send an HTTP request. The client computer cannot send the HTTP request because the connection has been closed or is unavailable.  Lookup the error in this article http://support.microsoft.com/kb/915599.  Antivirus software can interfere with the send as well.  If the stack from the exception includes something similar to this:
System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
It is possible that the server is an older server does not understand TLS and so you need to change this as specified in the 915599 kb to something like this:
ServicePointManager.SecurityProtocol= SecurityProtocolType.Ssl3;
Before you make any HTTPS calls in your application.
The underlying connection was closed: A pipeline failure occurred
 
Pipelined requests are requests sent out on the same socket without waiting for a reply (http://search.live.com/search?q=http+pipelined+request).  All HTTP 1.1 servers are required to support pipelining.  In general if you see this error it is probable related to a network related failure.  You could turn off pipelining and try to see what the underlying issue is but pipelining itself is rarely the cause of this error message.  You should retry the request if you get this error but if you get this exception multiple times, you should troubleshoot the root cause.
 
The underlying connection was closed: The request was canceled
The underlying connection was closed: The connection was closed unexpectedly
 
This occurs with the server cancels the request with a TCP RST (reset).  The server may do this because of the thread Execution Timeout Setting being too low and it is tearing down the thread that is processing the request (Thread Abort Exceptions may be logged):  http://msdn.microsoft.com/en-us/library/e1f13641.aspx
Also check and ensure the Keep-Alive timeouts on the server, load balancer and client (.NET) are set so that the client is set to less than the load balancer, which in turn is set less than the server.  See this article as well:
 
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
 
For a service application the whole certificate chain needs to be in the LOCAL_MACHINE store.  This means the Root in the Trusted Root Certificate and all the Intermediate Certificates in the Trusted Intermedeate store.  For applications that run in the context of the logged on user, If Internet Explorer does not have any Certificate problems, then the .NET application should work fine.  Often people will find that Internet Explorer is fine and only the ASP.NET or Service application fails.  This is because the root and intermediate certificates are installed correctly in the user store but not the local machine store.
You can dump out what the failure is by using this delegate: http://msdn.microsoft.com/en-us/library/system.net.security.remotecertificatevalidationcallback.aspx.  Finally you could use process monitor and verify that there are no access denied errors when trying to access the certificate store which would prevent reading the certificates.
 
The request was aborted: Could not create SSL/TLS secure channel
 
Lookup the error in this article http://support.microsoft.com/kb/915599  Resolution J.  It also may be that you are not supplying a client certificate.  Most likely this is an issue with TLS or SSL3 being used and the server not understanding it.
 
Error: The server committed a protocol violation
 
The Exception will tell what the HTTP protocol violation is: 
"The server committed a protocol violation. Section=ResponseHeader Detail=Header
name is invalid"
Fix the server to conform to the HTTP RFCs to avoid this error.  .NET is a stickler that the HTTP Protocol be followed.
 
The underlying connection was closed: A connection that was expected to be kept alive was closed by the server
 
Specifically a Keep-Alive connection was torn down before it should have been.  This is often caused because the MaxIdleTimeout setting in the client is greater than that of the server or intermediate network device (load balancer or proxy).
http://support.microsoft.com/?id=941633 and http://support.microsoft.com/kb/915599 Resolution E
 
The operation has timed out
 
This could be caused by a stale DNS entry for a proxy or if a request is not received before the socket times out.
An example of this Exception is when for example a server returns information but does not correctly set the content-length header.  The call will wait for the rest of the data (which will never come) until it throws this message.  It could be that the server takes a long time to respond (which is a different issue) and you could increase System.Net.ServicePointManager.DefaultConnectionLimit.  This could also be because you are issuing a lot of request and have not increased the DefaultMaxConnections for your application and the timeout happens waiting for a connection thread to process your request.  MaxConnections can be set in the application.config file or in code.
 
The proxy name could not be resolved
 
This is a DNS issue.  Find out what proxy it is looking for (from the System.Net trace) and find why this does not resolve in your network.
 
The request was aborted: The request cache-only policy does not allow a network request and the response is not found in cache
The request was aborted: The request could not be satisfied using a cache-only policy 
 
The request was not permitted by the cache policy. In general, this occurs when a request is not cacheable and the effective policy prohibits sending the request to the server. You might receive this status if a request method implies the presence of a request body, a request method requires direct interaction with the server, or a request contains a conditional header. 
You can control if the request should use only the cache: http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.defaultcachepolicy.aspx
If you do this and the file in not cached, then you will get this error.
Also see: http://msdn.microsoft.com/en-us/library/system.net.cache.httprequestcachepolicy(VS.80).aspx 

 
 
Published Wednesday, January 07, 2009 3:46 PM by jpsanders

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

Stefan said:

Very useful, thanks! I've been having a lot of issues hunting down some unhelpful exceptions in a .NET CF application - this post is a huge help towards understanding and diagnosing them.

July 10, 2009 2:49 PM
 

jpsanders said:

Thanks for the comment.  I am glad this helped you out!

July 10, 2009 9:40 PM
 

Doug Collier said:

Hi,

Great info here - many thanks.  I have an issue here that's interesting.  IIS7 asp.net web site that make calls out to several different types of web services.  One of them requires SSL (not TLS).  So...I set the ServicePointManager.SecurityProtocolType = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls

Still doesn't work.  Perhaps the remote server isn't negotiating well.  So....I force it to Ssl3 by just doing this:  ServicePointManager.SecurityProtocolType = SecurityProtocolType.Ssl3

Now it works.  However, I don't want to set this setting system wide, I would much prefer to set this on a per service point basis so that I don't affect all the other outbound web service calls we make.

Right now, I'm using the setting above that works and immediately returning to the previous value after the call.  But, this isn't ideal.

Any advice?

thanks much

-doug

doug.collier <at> support <dot> com

August 22, 2009 7:15 PM
 

jpsanders said:

Hi Doug,

You should be able to do this (but I have not tried it yet).  Since there is only one site you are having difficulty with you can simply change the ServicePointManager.SecurityProtocolType, then call FindServicePoint (http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.findservicepoint(VS.80).aspx) and then set it back to the previous value.

Note that you would want to do this on startup because once the ServicePoint is created, it will be used for the lifetime of your app and you cannot change this value.  Global.asax would be a good place.

Please let me know how this works out for you!

-Jeff

August 24, 2009 9:22 AM

Leave a Comment

(required) 
(optional)
(required) 

  
Enter Code Here: Required
Submit

This Blog

Syndication

© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Microsoft
Page view tracker