Unable to get to /Sitefinity with v10 on an upgraded site - General Discussions - General Discussions - Progress Community
 General Discussions

Unable to get to /Sitefinity with v10 on an upgraded site

  • Unable to get to /Sitefinity with v10 on an upgraded site
  • I just get this error, and that config URL it specifies loads just fine.  I get this just loading the page itself, not evenat the login screen.

    Are there some upgrade docs anywhere, maybe I'm missing something over what the basic upgrade applies?

     

    Server Error in '/' Application.

    The remote certificate is invalid according to the validation procedure.Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

    Exception Details: System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

    Source Error: 

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
    Stack Trace: 

    [AuthenticationException: The remote certificate is invalid according to the validation procedure.] System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) +298 System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) +150 [WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.] System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) +764 System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) +78 [HttpRequestException: An error occurred while sending the request.] [AggregateException: One or more errors occurred.] System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) +4492572 Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +208 [IOException: Unable to get document from: https://dev.sitefinitysteve.com/Sitefinity/Authenticate/OpenID/.well-known/openid-configuration] Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +664 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +14139120 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.IdentityModel.Protocols.<GetAsync>d__0.MoveNext() +290 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +14139120 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() +929 [InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://dev.sitefinitysteve.com/Sitefinity/Authenticate/OpenID/.well-known/openid-configuration'.] Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() +1287 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +14139120 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.Owin.Security.OpenIdConnect.<ApplyResponseChallengeAsync>d__c.MoveNext() +728 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +14139120

  • Hi Steve,

    How did you perform the upgrade procedure? There are quite a bit of changes to the web.config. You can try upgrading using the Project Manager. The Project Manager will apply web.config changes automatically and add new references to your .csproj.

    Regards,
    Georgi

  • Yeah i pretty much exclusively use the project manger for updates for this exact reason :/

    Is ssl REQUIRED?  Like in a new site it wouldn't be there but an existing site using ssl pulled down local with an invalid cert?

  • e003561e-37c1-6deb-a958-ff0000446526_cert.png

    Okay not sure what else to do here...

    I have a trusted cert, it's added to the Authentication.config

    <?xml version="1.0" encoding="utf-8"?>
    <authenticationConfig xmlns:config="urn:telerik:sitefinity:configuration" xmlns:type="urn:telerik:sitefinity:configuration:type" config:version="10.0.6400.0" encryptionKey="">
    <securityTokenServiceSettings>
    <identityServerSettings>
    <signingCertificate subjectName="dev.sitefinitysteve.com" />
    </identityServerSettings>
    </securityTokenServiceSettings>
    </authenticationConfig>

     

    Still get the error on login

  • Hmm, so just trusted in chrome I think is the problem then clearly, how can it be globally trusted?  Saw this in the warmup logs

    Timestamp: 2017-03-15 5:36:36 PM

    Message: The page 'dev.sitefinitysteve.com/' failed to warmup with error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.. Requested URL: dev.sitefinitysteve.com/

  • 1d04561e-37c1-6deb-a958-ff0000446526_somethingwentwrong.png

    Eugh this is frustrating

    Okay imported the cert to the WINDOWS global trusted store, now all the errors are gone, site warmup seems okay as well (and seems to work! :D)

     

    So now the last issue is that when I try to log in with my local creds (which work on http) I get the attached Message in the Login UI

    ...turn off HTTPS, log in with those same creds, all good again.

  • Hi Steve,

    You could take a look at the documentation about certificates.

    docs.sitefinity.com/authentication-flow-and-certificates

    "You must configure this certificate, by navigating to Administration » Settings » Advanced » Authentication » SecurityTokenService » IdentityServer » SigningCertificate."

    If you cannot login you should apply those changes using the config file. (e.g. you could create a new test project apply the setting and use it to the existing project). Or you could turn off the SSL and configure it and then turn it back.

    Regards,

    Dimitar

  • The problem isn't even I can't login, it's I can't get to /Sitefinity though... like I dont even get to the point of seeing the login page, just throws the above error
  • Take a look at the documentation and you should register a valid certificate for dev.sitefinitysteve.com

    You could apply the changes before login in Sitefinity - by using Authentication.config file directly in AppData/Sitefinity (as I mentioned in my previous answer).

    D

  • Okay will try, thx!
  • Yeah that's it I guess, if I remove the HTTPS redirect in the webconfig I can get to the backend now...  guess I'll play around with trying to add the cert per your doc there, thx!
  • Can we get the docs updated with the XML for the .config files?  If I can't login I can't get to these pages (working on updating another site atm)... would be nice to just open the config and paste in the settings instead of needing to JustDecompile it to find the propery names (would just be more handy)
  • Keep in mind that enabling https requires all of the site to use it. Otherwise the cookies wont be sent.

    Take a look at - docs.sitefinity.com/administration-configure-http-and-https-bindings-to-work-simultaneously.

     

    Have you checked Sitefinity/Administration/Settings/Advanced/Authentication > Require Https?

    For investigation of such errors - you can turn on the IdentityServer logging

    Sitefinity/Administration/Settings/Advanced/Authentication > SecurityTokenService > IdentityServer > Enable logging and check the Authentication log. There you will find the error details.

    The reason not showing the details is that there may be a security sensitive info that the end user should not see.

    For more information docs.sitefinity.com/turn-on-authentication-logging

    Best,

    Dimitar

  • Okay for anyone else, the error was

    Message: Signing certificate has not private key or private key is not accessible. Make sure the account running your application has access to the private key

    1) Open your Certificates MMC 

    2) Find your cert

    3) Right Click->All Tasks->Manage Private Keys

    4) Add your app pool to the list