Gravatar for paldrich@ascedia.com

Question by Paul Aldrich, May 23, 2016 2:35 PM

Coveo Search Web Service - Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost:52810'.

Hello,

Coveo search on our QA server has stopped working. We are seeing the following errors on the diagnostic page:

Coveo Search REST Endpoint () : System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
   at System.Net.HttpWebRequest.GetResponse()
   at Coveo.SearchProvider.Applications.StateVerifier.<>c__DisplayClassd.<GetRestEndpointState>b__c()
   at Coveo.SearchProvider.Applications.BaseVerifier.VerifyComponent(Func`1 p_VerifyMethod, String p_ComponentName)

Coveo Search Web Service: System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost:52810'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --->

When I browse to our REST endpoint page at http://[instancename]/coveo/rest I see this error:

There was an error in the Coveo Index Configuration.: Either the SitecoreUsername or SitecorePassword configuration value is invalid. Please enter valid credentials.

However I have entered the correct creds several times and checked with co-workers. Even after entering the right creds we still see this error.

What could be causing this?

Thank you, Paul

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, May 23, 2016 2:51 PM

Have you upgraded any of the software (Coveo for Sitecore, Coveo Search API or CES) recently? Also, have you modified the SSL/TLS security protocols on the servers?

Gravatar for paldrich@ascedia.com

Comment by Paul Aldrich, May 23, 2016 2:55 PM

Hi Jean François,

To our knowledge, no changes have been made to any of the Coveo services or software, or SSL/TLS security protocols.

Paul

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, May 23, 2016 3:06 PM

What are your versions (including build numbers) of:

  • Sitecore
  • Coveo for Sitecore
  • Coveo Enterprise Search
  • Coveo Search API
Gravatar for paldrich@ascedia.com

Comment by Paul Aldrich, May 23, 2016 3:28 PM

  1. Sitecore.NET 7.0 (rev. 130918)
  2. (No idea, how would I check?)
  3. CES 7.0 x64 Build 7711.0
  4. Coveo Search API 8 - FileVersion=8.0.543.0 - SearchApiLibVersion=8.0.396.13
Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, May 23, 2016 3:47 PM

For Coveo for Sitecore, check the file version of Coveo.SearchProvider.dll in your Sitecore instance bin folder.

Gravatar for paldrich@ascedia.com

Comment by Paul Aldrich, May 23, 2016 4:21 PM

Coveo for Sitecore v 3.0.1055.0

1 Reply
Gravatar for jflheureux@coveo.com

Answer by Jean-François L'Heureux, May 24, 2016 9:30 AM

Hi Paul,

Thank you for the version numbers. You are running the June 2015 release of all the components.

You mentioned it is your QA server. I have more questions for you:

  1. Is it a Content Management (CM) or Content Delivery (CD) Sitecore instance?
  2. Is it alone or is it part of a load-balanced setup of multiple servers?
  3. If load-balanced, how many CM and CD servers are part of the setup?

Also, what did you exactly do to "enter the correct creds several times"? Did you follow the procedure on that page?: https://developers.coveo.com/display/SitecoreV3/Configuring+the+Sitecore+Credentials

Gravatar for paldrich@ascedia.com

Comment by Paul Aldrich, May 24, 2016 10:14 AM

Hi JF,

It is a CM and CD, one server only, no load balancing. This one server runs both Sitecore and Coveo.

I entered the credentials just as that page dictates - by going to Control Panel, Coveo, Configuration and changing the Sitecore username and password.

Thanks, Paul

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, May 24, 2016 11:35 AM

Hi Paul,

I still think a change in SSL/TLS protocols configuration occurred on your QA server. Maybe pushed by an IT policy to the server.

May I ask you to give me all the registry keys and their values in the HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/ folder of your QA server registry please?

An example of the result is:

  • SSL 2.0
    • Client
      • DisabledByDefault = 1

Thanks,

Jeff

Gravatar for paldrich@ascedia.com

Comment by Paul Aldrich, May 24, 2016 11:59 AM

Hi Jeff,

Here you are:

  • SSL 2.0
    • Client
      • DisabledByDefault = 1
  • SSL 3.0
    • Client
      • DisabledByDefault = 1
    • Server
      • Enabled = 0
Gravatar for lbergeron@coveo.com

Comment by Luc Bergeron, May 24, 2016 2:00 PM

Hi Paul,

I experienced issues when attempting to specify only the DisabledByDefault or Enabled registry keys for a protocol. I got better results by specifying both DisabledByDefault and Enabled on the Client and Server keys.

  • SSL 3.0
    • Client
      • DisabledByDefault = 1
      • Enabled = 0
    • Server
      • DisabledByDefault = 1
      • Enabled = 0

Make sure to restart the server after changing the registry keys.

Luc

As a side-note, the June 2015 release of Coveo for Sitecore does not support TLS 1.1/1.2. Please see this page for information about TLS 1.1/1.2 support.

Gravatar for paldrich@ascedia.com

Comment by Paul Aldrich, May 24, 2016 9:17 PM

Hi Guys,

I neglected to mention that we have multiple Sitecore instances running on this one server. A regular QA site and an international QA site. The int'l site (also running Sitecore.NET 7.0 (rev. 130918)) has Coveo running but does not have these issues, only the regular QA site.

So I don't think making those registry value changes is worth it?

Paul

Gravatar for lbergeron@coveo.com

Comment by Luc Bergeron, May 25, 2016 8:45 AM

I agree with you. Knowing that another Sitecore instance is working fine on the same server, the registry keys are not causing the issue.

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, May 25, 2016 8:45 AM

Hi Paul,

You are right. If the other instance is working correctly, we may discard the SSL/TLS configuration problem.

  • Are the 2 Sitecore instances indexing in the same CES7 index, so you have sources for both of them?
  • Are they using the same Coveo Search API endpoint? http://localhost:8080
  • Is the <SearchCertificatePath> element have the same value in both Sitecore instances configuration?
Gravatar for paldrich@ascedia.com

Comment by Paul Aldrich, May 25, 2016 1:05 PM

Hi Guys,

I have some news. International went live yesterday and the team decided to delete the QA folder and rename the international QA folder. So now our new QA site does not have any Coveo issues. This all happened very quickly, before I checked for replies to this post.

It's a shame we didn't figure out the root cause of the issue on the original QA site. If you need any additional information let me know. In any case I'm happy Coveo is working now.

Thanks, Paul

Ask a question