Logos 4/Windows XP remote certificate issue?

There are a couple of threads [1, 2] reporting problems with Logos 4 logging in to the server.

One user's log shows:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

Did a server certificate recently change or expire? I imagine that XP can't recognize something about a new certificate that a recent OS wouldn't have an issue with.

I realize there's no support for Logos 4 or Windows XP, but it would be helpful to know if the problem is on the server side, or the client side.

Find more posts tagged with

Comments

Mark Barnes

I checked the error log, and the site that's causing the problems (resourcetracking.logos.com) is unlikely to be accessible on Windows XP (certainly it wouldn't be accessible through Internet Explorer), because it's certificate uses SNI.

However, I don't think that matters particularly, as I don't think its a vital service. The only error logs we've had so might suggest a different error being the culprit (an OutOfMemory error when applying Visual Filters and indexing notes). I'll reply with the details on that thread.

Bradley Grainger (Logos)

I checked the error log, and the site that's causing the problems (resourcetracking.logos.com) is unlikely to be accessible on Windows XP (certainly it wouldn't be accessible through Internet Explorer), because it's certificate uses SNI.

FWIW, that certificate has been a problem (for some Windows XP users) since at least 2014: see https://community.logos.com/forums/p/136286/882548.aspx#882548 and https://community.logos.com/forums/t/92435.aspx.

Bradley Grainger (Logos)

There are a couple of threads [1, 2] reporting problems with Logos 4 logging in to the server.

One user's log shows:

...

I realize there's no support for Logos 4 or Windows XP, but it would be helpful to know if the problem is on the server side, or the client side.

We'd need to see a complete Logos.log file to figure this out.

Bradley Grainger (Logos)

Did a server certificate recently change or expire?

Not as far as I know. https://www.ssllabs.com/ssltest/analyze.html?d=auth.logos.com&latest shows that it was issued in January 2015.

Jose

I've researched about doing an OFFLINE installation however One thing i didn't back up was the group of folders:

\Logos\Data
\Logos\Documents
\Logos\Users
these are the only Logos folders that you need from backup

I only backed up the resources. I tried to still execute the "scan F:\Logos4-resources\resources" and restarted the application and did not work. I notice the 'scan' commond is executed but it does not say any information regarding of why it is not loading the licensed resources.

4606.Logos4.log

Thomas Ball

The posts are of the same logs.

2017-03-03 10:54:19.0582 4 Error WebServiceClient CommunicationException for Boolean: System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://services.logos.com/v1/AuthenticationService.svc. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Received an unexpected EOF or 0 bytes from the transport stream. ~ at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) ~ at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) ~ at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) ~ --- End of inner exception stack trace --- ~ at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) ~ at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result) ~ --- End of inner exception stack trace --- ~ ~Server stack trace: ~ at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result) ~ at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result) ~ at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result) ~ at System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) ~ at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) ~ ~Exception rethrown at [0]: ~ at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) ~ at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) ~ at LDLS4.WebServices.AuthenticationServices.AuthenticationService.EndIsLoggedIn(IAsyncResult result) ~ at LDLS4.WebServices.AuthenticationServices.AuthenticationServiceClient.EndIsLoggedIn(IAsyncResult result) ~ at Libronix.Utility.Threading.AsyncMethodAsyncAction`1.Callback(IAsyncResult ar) ~ at Libronix.Utility.Threading.AsyncMethodAsyncAction`1.get_Result() ~ at LDLS4.WebServiceClient.GetResult[T](AsyncMethodAsyncAction`1 action)

Bradley Grainger (Logos)

Cross-referencing https://www.ssllabs.com/ssltest/analyze.html?d=services.logos.com with https://msdn.microsoft.com/en-us/library/windows/desktop/aa380512.aspx makes me think that there is no TLS 1.0 cipher suite that the server and Windows XP can agree on using. (And according to https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=8&platform=XP almost all the XP cipher suites are regarded as insecure; the two that aren't also aren't supported by our server.) This would mean that a secure connection can't be established, so logging in would fail.

I'm not aware of any TLS cipher configuration changes that have happened recently on our end, so it's not immediately obvious to me what might have changed here.